debian-mirror-gitlab/app/services/clusters/gcp/finalize_creation_service.rb

128 lines
3.9 KiB
Ruby
Raw Normal View History

2018-11-18 11:00:15 +05:30
# frozen_string_literal: true
2018-03-17 18:26:18 +05:30
module Clusters
module Gcp
class FinalizeCreationService
attr_reader :provider
def execute(provider)
@provider = provider
configure_provider
2018-12-05 23:21:45 +05:30
create_gitlab_service_account!
2018-03-17 18:26:18 +05:30
configure_kubernetes
2019-12-21 20:55:43 +05:30
configure_pre_installed_knative if provider.knative_pre_installed?
2018-03-17 18:26:18 +05:30
cluster.save!
rescue Google::Apis::ServerError, Google::Apis::ClientError, Google::Apis::AuthorizationError => e
2019-02-15 15:39:39 +05:30
log_service_error(e.class.name, provider.id, e.message)
provider.make_errored!(s_('ClusterIntegration|Failed to request to Google Cloud Platform: %{message}') % { message: e.message })
2018-12-05 23:21:45 +05:30
rescue Kubeclient::HttpError => e
2019-02-15 15:39:39 +05:30
log_service_error(e.class.name, provider.id, e.message)
provider.make_errored!(s_('ClusterIntegration|Failed to run Kubeclient: %{message}') % { message: e.message })
2018-03-17 18:26:18 +05:30
rescue ActiveRecord::RecordInvalid => e
2019-02-15 15:39:39 +05:30
log_service_error(e.class.name, provider.id, e.message)
provider.make_errored!(s_('ClusterIntegration|Failed to configure Google Kubernetes Engine Cluster: %{message}') % { message: e.message })
2018-03-17 18:26:18 +05:30
end
private
2018-12-05 23:21:45 +05:30
def create_gitlab_service_account!
2019-12-04 20:38:33 +05:30
Clusters::Kubernetes::CreateOrUpdateServiceAccountService.gitlab_creator(
2018-12-13 13:39:08 +05:30
kube_client,
rbac: create_rbac_cluster?
).execute
2018-12-05 23:21:45 +05:30
end
2018-03-17 18:26:18 +05:30
def configure_provider
provider.endpoint = gke_cluster.endpoint
provider.status_event = :make_created
end
def configure_kubernetes
cluster.platform_type = :kubernetes
cluster.build_platform_kubernetes(
api_url: 'https://' + gke_cluster.endpoint,
ca_cert: Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate),
2018-12-05 23:21:45 +05:30
authorization_type: authorization_type,
2018-03-17 18:26:18 +05:30
token: request_kubernetes_token)
end
2019-12-21 20:55:43 +05:30
def configure_pre_installed_knative
knative = cluster.build_application_knative(
hostname: 'example.com'
)
knative.make_pre_installed!
end
2018-03-17 18:26:18 +05:30
def request_kubernetes_token
2019-12-04 20:38:33 +05:30
Clusters::Kubernetes::FetchKubernetesTokenService.new(
2018-12-13 13:39:08 +05:30
kube_client,
2019-12-04 20:38:33 +05:30
Clusters::Kubernetes::GITLAB_ADMIN_TOKEN_NAME,
Clusters::Kubernetes::GITLAB_SERVICE_ACCOUNT_NAMESPACE
2018-12-13 13:39:08 +05:30
).execute
end
2018-12-05 23:21:45 +05:30
def authorization_type
create_rbac_cluster? ? 'rbac' : 'abac'
end
def create_rbac_cluster?
!provider.legacy_abac?
end
def kube_client
@kube_client ||= build_kube_client!(
2018-03-17 18:26:18 +05:30
'https://' + gke_cluster.endpoint,
2021-09-04 01:27:46 +05:30
Base64.decode64(gke_cluster.master_auth.cluster_ca_certificate)
2018-12-05 23:21:45 +05:30
)
end
2021-09-04 01:27:46 +05:30
def build_kube_client!(api_url, ca_pem)
raise "Incomplete settings" unless api_url
2018-12-05 23:21:45 +05:30
Gitlab::Kubernetes::KubeClient.new(
api_url,
2021-09-04 01:27:46 +05:30
auth_options: { bearer_token: provider.access_token },
2018-12-05 23:21:45 +05:30
ssl_options: kubeclient_ssl_options(ca_pem),
http_proxy_uri: ENV['http_proxy']
)
end
def kubeclient_ssl_options(ca_pem)
opts = { verify_ssl: OpenSSL::SSL::VERIFY_PEER }
if ca_pem.present?
opts[:cert_store] = OpenSSL::X509::Store.new
opts[:cert_store].add_cert(OpenSSL::X509::Certificate.new(ca_pem))
end
opts
2018-03-17 18:26:18 +05:30
end
def gke_cluster
@gke_cluster ||= provider.api_client.projects_zones_clusters_get(
provider.gcp_project_id,
provider.zone,
cluster.name)
end
def cluster
@cluster ||= provider.cluster
end
2019-02-15 15:39:39 +05:30
def logger
@logger ||= Gitlab::Kubernetes::Logger.build
end
def log_service_error(exception, provider_id, message)
logger.error(
exception: exception.class.name,
service: self.class.name,
provider_id: provider_id,
message: message
)
end
2018-03-17 18:26:18 +05:30
end
end
end