| ... | @@ -52,11 +52,14 @@ module Clusters |
... | @@ -52,11 +52,14 @@ module Clusters |
|
|
|
|
|
|
|
alias_attribute :ca_pem, :ca_cert
|
|
alias_attribute :ca_pem, :ca_cert
|
|
|
|
|
|
|
|
delegate :project, to: :cluster, allow_nil: true
|
|
|
|
|
delegate :enabled?, to: :cluster, allow_nil: true
|
|
delegate :enabled?, to: :cluster, allow_nil: true
|
|
|
delegate :provided_by_user?, to: :cluster, allow_nil: true
|
|
delegate :provided_by_user?, to: :cluster, allow_nil: true
|
|
|
delegate :allow_user_defined_namespace?, to: :cluster, allow_nil: true
|
|
delegate :allow_user_defined_namespace?, to: :cluster, allow_nil: true
|
|
|
delegate :kubernetes_namespace, to: :cluster
|
|
|
|
|
|
# This is just to maintain compatibility with KubernetesService, which
|
|
|
|
# will be removed in https://gitlab.com/gitlab-org/gitlab-ce/issues/39217.
|
|
|
|
# It can be removed once KubernetesService is gone.
|
|
|
|
delegate :kubernetes_namespace_for, to: :cluster, allow_nil: true
|
|
|
|
|
|
|
|
alias_method :active?, :enabled?
|
|
alias_method :active?, :enabled?
|
|
|
|
|
|
| ... | @@ -68,18 +71,6 @@ module Clusters |
... | @@ -68,18 +71,6 @@ module Clusters |
|
|
|
|
|
|
|
default_value_for :authorization_type, :rbac
|
|
default_value_for :authorization_type, :rbac
|
|
|
|
|
|
|
|
def actual_namespace
|
|
|
|
|
if namespace.present?
|
|
|
|
|
namespace
|
|
|
|
|
else
|
|
|
|
|
default_namespace
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def namespace_for(project)
|
|
|
|
|
cluster.find_or_initialize_kubernetes_namespace_for_project(project).namespace
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def predefined_variables(project:)
|
|
def predefined_variables(project:)
|
|
|
Gitlab::Ci::Variables::Collection.new.tap do |variables|
|
|
Gitlab::Ci::Variables::Collection.new.tap do |variables|
|
|
|
variables.append(key: 'KUBE_URL', value: api_url)
|
|
variables.append(key: 'KUBE_URL', value: api_url)
|
| ... | @@ -98,11 +89,13 @@ module Clusters |
... | @@ -98,11 +89,13 @@ module Clusters |
|
|
# Once we have marked all project-level clusters that make use of this
|
|
# Once we have marked all project-level clusters that make use of this
|
|
|
# behaviour as "unmanaged", we can remove the `cluster.project_type?`
|
|
# behaviour as "unmanaged", we can remove the `cluster.project_type?`
|
|
|
# check here.
|
|
# check here.
|
|
|
|
project_namespace = cluster.kubernetes_namespace_for(project)
|
|
|
|
|
|
|
variables
|
|
variables
|
|
|
.append(key: 'KUBE_URL', value: api_url)
|
|
.append(key: 'KUBE_URL', value: api_url)
|
|
|
.append(key: 'KUBE_TOKEN', value: token, public: false, masked: true)
|
|
.append(key: 'KUBE_TOKEN', value: token, public: false, masked: true)
|
|
|
.append(key: 'KUBE_NAMESPACE', value: actual_namespace)
|
|
.append(key: 'KUBE_NAMESPACE', value: project_namespace)
|
|
|
.append(key: 'KUBECONFIG', value: kubeconfig, public: false, file: true)
|
|
.append(key: 'KUBECONFIG', value: kubeconfig(project_namespace), public: false, file: true)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
variables.concat(cluster.predefined_variables)
|
|
variables.concat(cluster.predefined_variables)
|
| ... | @@ -115,8 +108,10 @@ module Clusters |
... | @@ -115,8 +108,10 @@ module Clusters |
|
|
# short time later
|
|
# short time later
|
|
|
def terminals(environment)
|
|
def terminals(environment)
|
|
|
with_reactive_cache do |data|
|
|
with_reactive_cache do |data|
|
|
|
|
project = environment.project
|
|
|
|
|
|
|
pods = filter_by_project_environment(data[:pods], project.full_path_slug, environment.slug)
|
|
pods = filter_by_project_environment(data[:pods], project.full_path_slug, environment.slug)
|
|
|
terminals = pods.flat_map { |pod| terminals_for_pod(api_url, actual_namespace, pod) }.compact
|
|
terminals = pods.flat_map { |pod| terminals_for_pod(api_url, cluster.kubernetes_namespace_for(project), pod) }.compact
|
|
|
terminals.each { |terminal| add_terminal_auth(terminal, terminal_auth) }
|
|
terminals.each { |terminal| add_terminal_auth(terminal, terminal_auth) }
|
|
|
end
|
|
end
|
|
|
end
|
|
end
|
| ... | @@ -124,7 +119,7 @@ module Clusters |
... | @@ -124,7 +119,7 @@ module Clusters |
|
|
# Caches resources in the namespace so other calls don't need to block on
|
|
# Caches resources in the namespace so other calls don't need to block on
|
|
|
# network access
|
|
# network access
|
|
|
def calculate_reactive_cache
|
|
def calculate_reactive_cache
|
|
|
return unless enabled? && project && !project.pending_delete?
|
|
return unless enabled?
|
|
|
|
|
|
|
|
# We may want to cache extra things in the future
|
|
# We may want to cache extra things in the future
|
|
|
{ pods: read_pods }
|
|
{ pods: read_pods }
|
| ... | @@ -136,33 +131,16 @@ module Clusters |
... | @@ -136,33 +131,16 @@ module Clusters |
|
|
|
|
|
|
|
private
|
|
private
|
|
|
|
|
|
|
|
def kubeconfig
|
|
def kubeconfig(namespace)
|
|
|
to_kubeconfig(
|
|
to_kubeconfig(
|
|
|
url: api_url,
|
|
url: api_url,
|
|
|
namespace: actual_namespace,
|
|
namespace: namespace,
|
|
|
token: token,
|
|
token: token,
|
|
|
ca_pem: ca_pem)
|
|
ca_pem: ca_pem)
|
|
|
end
|
|
end
|
|
|
|
|
|
|
|
def default_namespace
|
|
|
|
|
kubernetes_namespace&.namespace.presence || fallback_default_namespace
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# DEPRECATED
|
|
|
|
|
#
|
|
|
|
|
# On 11.4 Clusters::KubernetesNamespace was introduced, this model will allow to
|
|
|
|
|
# have multiple namespaces per project. This method will be removed after migration
|
|
|
|
|
# has been completed.
|
|
|
|
|
def fallback_default_namespace
|
|
|
|
|
return unless project
|
|
|
|
|
|
|
|
|
|
slug = "#{project.path}-#{project.id}".downcase
|
|
|
|
|
Gitlab::NamespaceSanitizer.sanitize(slug)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def build_kube_client!
|
|
def build_kube_client!
|
|
|
raise "Incomplete settings" unless api_url
|
|
raise "Incomplete settings" unless api_url
|
|
|
raise "No namespace" if cluster.project_type? && actual_namespace.empty? # can probably remove this line once we remove #actual_namespace
|
|
|
|
|
|
|
|
|
|
unless (username && password) || token
|
|
unless (username && password) || token
|
|
|
raise "Either username/password or token is required to access API"
|
|
raise "Either username/password or token is required to access API"
|
| ... | @@ -178,9 +156,13 @@ module Clusters |
... | @@ -178,9 +156,13 @@ module Clusters |
|
|
|
|
|
|
|
# Returns a hash of all pods in the namespace
|
|
# Returns a hash of all pods in the namespace
|
|
|
def read_pods
|
|
def read_pods
|
|
|
kubeclient = build_kube_client!
|
|
# TODO: The project lookup here should be moved (to environment?),
|
|
|
|
# which will enable reading pods from the correct namespace for group
|
|
|
|
# and instance clusters.
|
|
|
|
# This will be done in https://gitlab.com/gitlab-org/gitlab-ce/issues/61156
|
|
|
|
return [] unless cluster.project_type?
|
|
|
|
|
|
|
|
kubeclient.get_pods(namespace: actual_namespace).as_json
|
|
kubeclient.get_pods(namespace: cluster.kubernetes_namespace_for(cluster.first_project)).as_json
|
|
|
rescue Kubeclient::ResourceNotFoundError
|
|
rescue Kubeclient::ResourceNotFoundError
|
|
|
[]
|
|
[]
|
|
|
end
|
|
end
|
| ... | |
... | |
| ... | | ... | |