From 8c32c41c28694667edf02bf6f0d1bcee17b5a7bc Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Thu, 9 May 2019 18:35:25 +1000 Subject: [PATCH 1/8] Decouple lifecycle of GitLab CRD from the Chart The following changes are included: - GitLab CRD is created in pre-install/upgrade hooks using a script - GitLab resource is hooked to post-install/upgrade - As a result Operator bootstrap mode is removed. Now Chart can be installed with one command. --- .../templates/{crd.yaml => _crd.yaml} | 2 - .../charts/operator/templates/_verify_crd.sh | 3 + .../charts/operator/templates/crd_job.yaml | 105 ++++++++++++++++++ ...erator_deployment.yaml => deployment.yaml} | 2 +- .../charts/operator/templates/gitlab.yaml | 4 +- .../templates/{crd_rbac.yaml => rbac.yaml} | 0 6 files changed, 112 insertions(+), 4 deletions(-) rename charts/gitlab/charts/operator/templates/{crd.yaml => _crd.yaml} (97%) create mode 100644 charts/gitlab/charts/operator/templates/_verify_crd.sh create mode 100644 charts/gitlab/charts/operator/templates/crd_job.yaml rename charts/gitlab/charts/operator/templates/{operator_deployment.yaml => deployment.yaml} (92%) rename charts/gitlab/charts/operator/templates/{crd_rbac.yaml => rbac.yaml} (100%) diff --git a/charts/gitlab/charts/operator/templates/crd.yaml b/charts/gitlab/charts/operator/templates/_crd.yaml similarity index 97% rename from charts/gitlab/charts/operator/templates/crd.yaml rename to charts/gitlab/charts/operator/templates/_crd.yaml index ee23e5fbbe..67338a9cff 100644 --- a/charts/gitlab/charts/operator/templates/crd.yaml +++ b/charts/gitlab/charts/operator/templates/_crd.yaml @@ -1,4 +1,3 @@ -{{- if .Values.global.operator.enabled }} apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: @@ -69,4 +68,3 @@ spec: status: type: object version: v1beta1 -{{- end }} diff --git a/charts/gitlab/charts/operator/templates/_verify_crd.sh b/charts/gitlab/charts/operator/templates/_verify_crd.sh new file mode 100644 index 0000000000..aab223bb95 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/_verify_crd.sh @@ -0,0 +1,3 @@ +# This is a placeholder for a more complicated logic around CRD if needs be. + +kubectl apply -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/crd.yaml" diff --git a/charts/gitlab/charts/operator/templates/crd_job.yaml b/charts/gitlab/charts/operator/templates/crd_job.yaml new file mode 100644 index 0000000000..cb9ad568ba --- /dev/null +++ b/charts/gitlab/charts/operator/templates/crd_job.yaml @@ -0,0 +1,105 @@ +{{- if .Values.global.operator.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "fullname" . }}-crd + namespace: {{ .Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "fullname" . }}-crd + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "fullname" . }}-crd + labels: +{{ include "gitlab.standardLabels" $ | indent 4 }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "fullname" . }}-crd +subjects: +- kind: ServiceAccount + name: {{ template "fullname" . }}-crd + namespace: {{ .Release.Namespace }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }}-crd + namespace: {{ .Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-4" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +data: + crd.yaml: |- +{{ include (print $.Template.BasePath "/_crd.yaml") . | indent 4 }} + verify-crd.sh: | +{{ include (print $.Template.BasePath "/_verify_crd.sh") . | indent 4 }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-crd + namespace: {{ .Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-4" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +spec: + template: + metadata: + name: {{ template "fullname" . }}-crd-verifier + labels: + release: {{ .Release.Name }} + spec: + restartPolicy: Never + serviceAccountName: {{ template "fullname" . }}-crd + containers: + - name: verify-crd + image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:v1.9.3" + command: ["/bin/bash", "/scripts/verify-crd.sh"] + volumeMounts: + - name: scripts + mountPath: /scripts + volumes: + - name: scripts + configMap: + name: {{ template "fullname" . }}-crd +{{- end }} diff --git a/charts/gitlab/charts/operator/templates/operator_deployment.yaml b/charts/gitlab/charts/operator/templates/deployment.yaml similarity index 92% rename from charts/gitlab/charts/operator/templates/operator_deployment.yaml rename to charts/gitlab/charts/operator/templates/deployment.yaml index 8dd93b79f1..2c6ae6b4c7 100644 --- a/charts/gitlab/charts/operator/templates/operator_deployment.yaml +++ b/charts/gitlab/charts/operator/templates/deployment.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.global.operator.enabled (not .Values.global.operator.bootstrap) }} +{{- if .Values.global.operator.enabled }} apiVersion: apps/v1beta2 kind: Deployment metadata: diff --git a/charts/gitlab/charts/operator/templates/gitlab.yaml b/charts/gitlab/charts/operator/templates/gitlab.yaml index 187dd5ac3e..6458c44033 100644 --- a/charts/gitlab/charts/operator/templates/gitlab.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.global.operator.enabled (not .Values.global.operator.bootstrap) }} +{{- if .Values.global.operator.enabled }} apiVersion: {{ printf "%s/v1beta1" (include "gitlab.operator.groupName" .) }} kind: GitLab metadata: @@ -8,6 +8,8 @@ metadata: revision: "{{ .Release.Revision }}" annotations: gitlab.com/class: {{ .Release.Name }} + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation {{ include "gitlab.standardLabels" $ | indent 4 }} name: {{ template "fullname" . }} spec: diff --git a/charts/gitlab/charts/operator/templates/crd_rbac.yaml b/charts/gitlab/charts/operator/templates/rbac.yaml similarity index 100% rename from charts/gitlab/charts/operator/templates/crd_rbac.yaml rename to charts/gitlab/charts/operator/templates/rbac.yaml -- GitLab From a44c8be3ae4ea1130662cdf1872c806a7e2670c9 Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Mon, 13 May 2019 11:56:07 +1000 Subject: [PATCH 2/8] Wait for CRD to become available in pre hook --- .../charts/operator/templates/_verify_crd.sh | 23 ++++++++++++++++++- .../charts/operator/templates/gitlab.yaml | 2 -- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/_verify_crd.sh b/charts/gitlab/charts/operator/templates/_verify_crd.sh index aab223bb95..554dcde3cc 100644 --- a/charts/gitlab/charts/operator/templates/_verify_crd.sh +++ b/charts/gitlab/charts/operator/templates/_verify_crd.sh @@ -1,3 +1,24 @@ -# This is a placeholder for a more complicated logic around CRD if needs be. +_CRD_NAME='{{ template "gitlab.operator.crdName" . }}' +printf 'Creating CRD `%s` ...\n' "$_CRD_NAME" kubectl apply -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/crd.yaml" + +printf 'Waiting for CRD `%s` to become available ...\n' "$_CRD_NAME" +_cnt=0 +_max=10 # 10ms +while [ $_cnt -lt $_max ]; do + _out="$( kubectl get crd $_CRD_NAME 2>&1 )" + [ "$?" = "0" ] && { + printf 'CRD `%s` is available and ready to use.\n' "$_CRD_NAME" + exit 0 + } + [[ ! "$_out" =~ \(NotFound\) ]] && { + printf 'Premature failure in CRD lookup. Reason: \n\t[kubectl] %s\n' "$_out" + exit 2 + } + let _cnt=_cnt+1 + sleep 1 +done + +printf 'Timed out. CRD `%s` did not become available in time' "$_CRD_NAME" +exit 1 \ No newline at end of file diff --git a/charts/gitlab/charts/operator/templates/gitlab.yaml b/charts/gitlab/charts/operator/templates/gitlab.yaml index 6458c44033..254bbe1470 100644 --- a/charts/gitlab/charts/operator/templates/gitlab.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab.yaml @@ -8,8 +8,6 @@ metadata: revision: "{{ .Release.Revision }}" annotations: gitlab.com/class: {{ .Release.Name }} - helm.sh/hook: post-install,post-upgrade - helm.sh/hook-delete-policy: before-hook-creation {{ include "gitlab.standardLabels" $ | indent 4 }} name: {{ template "fullname" . }} spec: -- GitLab From b60ca92b4f900f73f2a6034fe303d0ebc1bd26f4 Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Mon, 13 May 2019 12:20:01 +1000 Subject: [PATCH 3/8] Change CI configuration for one-step installation Bootsraping has been removed. --- .gitlab-ci.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f3850b6615..75065a0115 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -77,7 +77,6 @@ lint_package: - install_tiller - create_secret - install_external_dns "${DNS_PROVIDER}" "${KUBE_INGRESS_BASE_DOMAIN}" - - if ! crdExists || previousDeployFailed ; then OPERATOR_BOOTSTRAP=true deploy ; fi - deploy - add_license - echo "export QA_ENVIRONMENT_URL=gitlab-$CI_ENVIRONMENT_SLUG.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" @@ -217,7 +216,6 @@ stop_review_eks: - ensure_namespace - install_tiller - create_secret - - if ! crdExists || previousDeployFailed ; then OPERATOR_BOOTSTRAP=true deploy ; fi - deploy - delete canary - echo "export QA_ENVIRONMENT_URL=gitlab.$KUBE_INGRESS_BASE_DOMAIN" >> "${VARIABLES_FILE}" @@ -430,9 +428,6 @@ check_docs_internal_links: # If OPERATOR_BOOTSTRAP is set, we _do not_ want to use --wait / --timeout WAIT="--wait --timeout 600" - if [ -n "${OPERATOR_BOOTSTRAP}" ]; then - WAIT="" - fi helm upgrade --install \ $WAIT \ @@ -450,7 +445,6 @@ check_docs_internal_links: --set redis.resources.requests.cpu=100m \ --set minio.resources.requests.cpu=100m \ --set global.operator.enabled=true \ - --set global.operator.bootstrap=${OPERATOR_BOOTSTRAP-false} \ --set gitlab.operator.crdPrefix="$CI_ENVIRONMENT_SLUG" \ --namespace="$KUBE_NAMESPACE" \ --version="$CI_PIPELINE_ID-$CI_JOB_ID" \ -- GitLab From bf1f479baa34142eb1fb6d8c2c16962edb3ea9fa Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Mon, 13 May 2019 13:31:29 +1000 Subject: [PATCH 4/8] Add changelog entry for one-step operator installation --- changelogs/unreleased/1234-crd-hook.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/unreleased/1234-crd-hook.yml diff --git a/changelogs/unreleased/1234-crd-hook.yml b/changelogs/unreleased/1234-crd-hook.yml new file mode 100644 index 0000000000..09558b992f --- /dev/null +++ b/changelogs/unreleased/1234-crd-hook.yml @@ -0,0 +1,5 @@ +--- +title: Reduce the install steps for the Operator to a single command +merge_request: 784 +author: +type: performance -- GitLab From df68d5b13004d211fcaaa01362cf4c65199c3e39 Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Wed, 22 May 2019 13:42:09 +1000 Subject: [PATCH 5/8] Fix CRD lifecycle management CRD deletion is added to the post-delete hook. To ensure the validation GitLab resource is hooked to post-install/upgrade. Also, the automatic CRD lifecycle management can be turned off by passing a value. --- .../charts/operator/templates/_manage_crd.sh | 43 +++++++++++++++ .../charts/operator/templates/_verify_crd.sh | 24 --------- .../templates/{crd_job.yaml => crd_jobs.yaml} | 54 +++++++++++++++---- .../charts/operator/templates/gitlab.yaml | 4 ++ charts/gitlab/charts/operator/values.yaml | 7 ++- 5 files changed, 96 insertions(+), 36 deletions(-) create mode 100644 charts/gitlab/charts/operator/templates/_manage_crd.sh delete mode 100644 charts/gitlab/charts/operator/templates/_verify_crd.sh rename charts/gitlab/charts/operator/templates/{crd_job.yaml => crd_jobs.yaml} (63%) diff --git a/charts/gitlab/charts/operator/templates/_manage_crd.sh b/charts/gitlab/charts/operator/templates/_manage_crd.sh new file mode 100644 index 0000000000..4fa2408353 --- /dev/null +++ b/charts/gitlab/charts/operator/templates/_manage_crd.sh @@ -0,0 +1,43 @@ +_CRD_NAME='{{ template "gitlab.operator.crdName" . }}' + +createCRD() { + kubectl apply -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/crd.yaml" + + printf 'Waiting for CRD `%s` to become available ...\n' "$_CRD_NAME" + _cnt=0 + _max=10 # roughly 10ms + while [ $_cnt -lt $_max ]; do + _out="$( kubectl get crd $_CRD_NAME 2>&1 )" + [ "$?" = "0" ] && { + printf 'CRD `%s` is available and ready to use.\n' "$_CRD_NAME" + exit 0 + } + [[ ! "$_out" =~ \(NotFound\) ]] && { + printf 'Premature failure in CRD lookup. Reason: \n\t[kubectl] %s\n' "$_out" + exit 2 + } + let _cnt=_cnt+1 + sleep 1 + done + + printf 'Timed out. CRD `%s` did not become available in time' "$_CRD_NAME" + exit 1 +} + +deleteCRD() { + _out="$( kubectl delete crd $_CRD_NAME 2>&1 )" + [ "$?" = "0" ] && { + printf 'CRD `%s` is deleted.\n' "$_CRD_NAME" + exit 0 + } + printf 'WARNING: Failed to delete CRD. Reason: \n\t[kubectl] %s\n' "$_out" + exit 2 +} + +if [ "$1" == "delete" ]; then + printf 'Deleting CRD `%s` ...\n' "$_CRD_NAME" + deleteCRD +else + printf 'Creating CRD `%s` ...\n' "$_CRD_NAME" + createCRD +fi \ No newline at end of file diff --git a/charts/gitlab/charts/operator/templates/_verify_crd.sh b/charts/gitlab/charts/operator/templates/_verify_crd.sh deleted file mode 100644 index 554dcde3cc..0000000000 --- a/charts/gitlab/charts/operator/templates/_verify_crd.sh +++ /dev/null @@ -1,24 +0,0 @@ -_CRD_NAME='{{ template "gitlab.operator.crdName" . }}' - -printf 'Creating CRD `%s` ...\n' "$_CRD_NAME" -kubectl apply -f "$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )/crd.yaml" - -printf 'Waiting for CRD `%s` to become available ...\n' "$_CRD_NAME" -_cnt=0 -_max=10 # 10ms -while [ $_cnt -lt $_max ]; do - _out="$( kubectl get crd $_CRD_NAME 2>&1 )" - [ "$?" = "0" ] && { - printf 'CRD `%s` is available and ready to use.\n' "$_CRD_NAME" - exit 0 - } - [[ ! "$_out" =~ \(NotFound\) ]] && { - printf 'Premature failure in CRD lookup. Reason: \n\t[kubectl] %s\n' "$_out" - exit 2 - } - let _cnt=_cnt+1 - sleep 1 -done - -printf 'Timed out. CRD `%s` did not become available in time' "$_CRD_NAME" -exit 1 \ No newline at end of file diff --git a/charts/gitlab/charts/operator/templates/crd_job.yaml b/charts/gitlab/charts/operator/templates/crd_jobs.yaml similarity index 63% rename from charts/gitlab/charts/operator/templates/crd_job.yaml rename to charts/gitlab/charts/operator/templates/crd_jobs.yaml index cb9ad568ba..772408f7e7 100644 --- a/charts/gitlab/charts/operator/templates/crd_job.yaml +++ b/charts/gitlab/charts/operator/templates/crd_jobs.yaml @@ -1,4 +1,4 @@ -{{- if .Values.global.operator.enabled }} +{{- if and .Values.global.operator.enabled .Values.crdManagerEnabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -7,7 +7,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook: pre-install,pre-upgrade,post-delete helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation --- @@ -18,7 +18,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook: pre-install,pre-upgrade,post-delete helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation rules: @@ -42,7 +42,7 @@ metadata: labels: {{ include "gitlab.standardLabels" $ | indent 4 }} annotations: - helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook: pre-install,pre-upgrade,post-delete helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation roleRef: @@ -62,14 +62,14 @@ metadata: labels: {{ include "gitlab.standardLabels" . | indent 4 }} annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-weight: "-4" + helm.sh/hook: pre-install,pre-upgrade,post-delete + helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation data: crd.yaml: |- {{ include (print $.Template.BasePath "/_crd.yaml") . | indent 4 }} - verify-crd.sh: | -{{ include (print $.Template.BasePath "/_verify_crd.sh") . | indent 4 }} + manage-crd.sh: | +{{ include (print $.Template.BasePath "/_manage_crd.sh") . | indent 4 }} --- apiVersion: batch/v1 kind: Job @@ -85,16 +85,48 @@ metadata: spec: template: metadata: - name: {{ template "fullname" . }}-crd-verifier + name: {{ template "fullname" . }}-crd-manager + labels: + release: {{ .Release.Name }} + spec: + restartPolicy: Never + serviceAccountName: {{ template "fullname" . }}-crd + containers: + - name: manage-crd + image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:v1.9.3" + command: ["/bin/bash", "/scripts/manage-crd.sh"] + volumeMounts: + - name: scripts + mountPath: /scripts + volumes: + - name: scripts + configMap: + name: {{ template "fullname" . }}-crd +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "fullname" . }}-delete-crd + namespace: {{ .Release.Namespace }} + labels: +{{ include "gitlab.standardLabels" . | indent 4 }} + annotations: + helm.sh/hook: post-delete + helm.sh/hook-weight: "-4" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +spec: + template: + metadata: + name: {{ template "fullname" . }}-crd-manager labels: release: {{ .Release.Name }} spec: restartPolicy: Never serviceAccountName: {{ template "fullname" . }}-crd containers: - - name: verify-crd + - name: manage-crd image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:v1.9.3" - command: ["/bin/bash", "/scripts/verify-crd.sh"] + command: ["/bin/bash", "/scripts/manage-crd.sh", "delete"] volumeMounts: - name: scripts mountPath: /scripts diff --git a/charts/gitlab/charts/operator/templates/gitlab.yaml b/charts/gitlab/charts/operator/templates/gitlab.yaml index 254bbe1470..b0124032fe 100644 --- a/charts/gitlab/charts/operator/templates/gitlab.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab.yaml @@ -8,6 +8,10 @@ metadata: revision: "{{ .Release.Revision }}" annotations: gitlab.com/class: {{ .Release.Name }} + {{- if .Values.crdManagerEnabled }} + helm.sh/hook: post-install,post-upgrade + helm.sh/hook-delete-policy: before-hook-creation + {{- end }} {{ include "gitlab.standardLabels" $ | indent 4 }} name: {{ template "fullname" . }} spec: diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index 234067943f..edb0f04fa8 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -34,4 +34,9 @@ resources: # A prefix for group name of GitLab CRD. It can be used for distinguishing # different CRDs in a cluster, e.g. for development purposes such GitLab CI. -#crdPrefix: \ No newline at end of file +#crdPrefix: + +# Enables/disables automatic CRD management. By default the it is enabled. +# Disable it if you need/want to manage CRD lifecycle outside the Chart, e.g. +# due to restrictions on cluster-level roles. +crdManagerEnabled: true \ No newline at end of file -- GitLab From b7ff00f8d3f0bf9e803eda79d4e2ed9e0861be01 Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Fri, 24 May 2019 13:20:37 +1000 Subject: [PATCH 6/8] Parameterize CRD manager image and drop Helm wait in CI config --- .gitlab-ci.yml | 4 ++-- .../gitlab/charts/operator/templates/crd_jobs.yaml | 8 +++++--- charts/gitlab/charts/operator/templates/gitlab.yaml | 2 +- charts/gitlab/charts/operator/values.yaml | 13 +++++++++---- 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 75065a0115..a80ee75f83 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -426,8 +426,8 @@ check_docs_internal_links: helm repo add gitlab https://charts.gitlab.io/ helm dep update . - # If OPERATOR_BOOTSTRAP is set, we _do not_ want to use --wait / --timeout - WAIT="--wait --timeout 600" + # If CRD manager is enabled (which is by default), we _do not_ use --wait + WAIT="--timeout 600" helm upgrade --install \ $WAIT \ diff --git a/charts/gitlab/charts/operator/templates/crd_jobs.yaml b/charts/gitlab/charts/operator/templates/crd_jobs.yaml index 772408f7e7..af426c138d 100644 --- a/charts/gitlab/charts/operator/templates/crd_jobs.yaml +++ b/charts/gitlab/charts/operator/templates/crd_jobs.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.global.operator.enabled .Values.crdManagerEnabled }} +{{- if and .Values.global.operator.enabled .Values.crdManager.enabled }} apiVersion: v1 kind: ServiceAccount metadata: @@ -93,7 +93,8 @@ spec: serviceAccountName: {{ template "fullname" . }}-crd containers: - name: manage-crd - image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:v1.9.3" + image: "{{ .Values.crdManager.image.repository }}:{{ .Values.crdManager.image.tag }}" + {{ template "gitlab.imagePullPolicy" .Values.crdManager }} command: ["/bin/bash", "/scripts/manage-crd.sh"] volumeMounts: - name: scripts @@ -125,7 +126,8 @@ spec: serviceAccountName: {{ template "fullname" . }}-crd containers: - name: manage-crd - image: "registry.gitlab.com/gitlab-org/build/cng/kubectl:v1.9.3" + image: "{{ .Values.crdManager.image.repository }}:{{ .Values.crdManager.image.tag }}" + {{ template "gitlab.imagePullPolicy" .Values.crdManager }} command: ["/bin/bash", "/scripts/manage-crd.sh", "delete"] volumeMounts: - name: scripts diff --git a/charts/gitlab/charts/operator/templates/gitlab.yaml b/charts/gitlab/charts/operator/templates/gitlab.yaml index b0124032fe..e5f695fb6f 100644 --- a/charts/gitlab/charts/operator/templates/gitlab.yaml +++ b/charts/gitlab/charts/operator/templates/gitlab.yaml @@ -8,7 +8,7 @@ metadata: revision: "{{ .Release.Revision }}" annotations: gitlab.com/class: {{ .Release.Name }} - {{- if .Values.crdManagerEnabled }} + {{- if .Values.crdManager.enabled }} helm.sh/hook: post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation {{- end }} diff --git a/charts/gitlab/charts/operator/values.yaml b/charts/gitlab/charts/operator/values.yaml index edb0f04fa8..f05dce7592 100644 --- a/charts/gitlab/charts/operator/values.yaml +++ b/charts/gitlab/charts/operator/values.yaml @@ -36,7 +36,12 @@ resources: # different CRDs in a cluster, e.g. for development purposes such GitLab CI. #crdPrefix: -# Enables/disables automatic CRD management. By default the it is enabled. -# Disable it if you need/want to manage CRD lifecycle outside the Chart, e.g. -# due to restrictions on cluster-level roles. -crdManagerEnabled: true \ No newline at end of file +crdManager: + # Enables/disables automatic CRD management. By default the it is enabled. + # Disable it if you need/want to manage CRD lifecycle outside the Chart, e.g. + # due to restrictions on cluster-level roles. + enabled: true + image: + repository: registry.gitlab.com/gitlab-org/build/cng/kubectl + tag: v1.9.3 + # pullPolicy: IfNotPresent -- GitLab From 875981892ac3802473eb759620b621727163e706 Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Fri, 24 May 2019 13:37:03 +1000 Subject: [PATCH 7/8] Document one-step installation of GitLab Operator --- .gitlab-ci.yml | 2 +- .../gitlab/charts/operator/templates/crd_jobs.yaml | 4 ++-- doc/installation/operator.md | 13 +++++++------ 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a80ee75f83..aeab6f3a41 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -426,7 +426,7 @@ check_docs_internal_links: helm repo add gitlab https://charts.gitlab.io/ helm dep update . - # If CRD manager is enabled (which is by default), we _do not_ use --wait + # When CRD manager is enabled, we _do not_ use --wait WAIT="--timeout 600" helm upgrade --install \ diff --git a/charts/gitlab/charts/operator/templates/crd_jobs.yaml b/charts/gitlab/charts/operator/templates/crd_jobs.yaml index af426c138d..a12a589a05 100644 --- a/charts/gitlab/charts/operator/templates/crd_jobs.yaml +++ b/charts/gitlab/charts/operator/templates/crd_jobs.yaml @@ -94,7 +94,7 @@ spec: containers: - name: manage-crd image: "{{ .Values.crdManager.image.repository }}:{{ .Values.crdManager.image.tag }}" - {{ template "gitlab.imagePullPolicy" .Values.crdManager }} + {{ template "gitlab.imagePullPolicy" . }} command: ["/bin/bash", "/scripts/manage-crd.sh"] volumeMounts: - name: scripts @@ -127,7 +127,7 @@ spec: containers: - name: manage-crd image: "{{ .Values.crdManager.image.repository }}:{{ .Values.crdManager.image.tag }}" - {{ template "gitlab.imagePullPolicy" .Values.crdManager }} + {{ template "gitlab.imagePullPolicy" . }} command: ["/bin/bash", "/scripts/manage-crd.sh", "delete"] volumeMounts: - name: scripts diff --git a/doc/installation/operator.md b/doc/installation/operator.md index cbed2dc78e..f202ca7ca3 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -12,15 +12,16 @@ We provide the flag `global.operator.enabled`, when set to true it enables the o ## Installing using the operator -The operator makes use of Kubernetes CustomResourceDefinitions (CRD). Since Helm will be used for the installation, we need to ensure that this CRD is in place prior to attempting to use it. In order to do this, we have to run an additional command prior to use. +The operator makes use of Kubernetes CustomResourceDefinitions (CRD). Therefor, you need cluster level privilege to install +it. Please note that this privilege is only required for CRD installation. The operator itself does not mandate it. -1. `helm upgrade --install . --set global.operator.enabled=true --set global.operator.bootstrap=true ... ` where `...` shall be replaced by the rest of the values you would like to set. -2. `helm upgrade . --set global.operator.enabled=true --set global.operator.bootstrap=false ...`. +Simply run `helm upgrade --install . --set global.operator.enabled=true ... ` where `...` shall be replaced by the rest of the values you would like to set. Along with everything else, this command will install the CRD, GitLab custom resource, and the operator. -The first command will install only the `CRD` but will not actually attempt to deploy the operator. The second command will deploy the operator itself, now that the CRD is in place. - -**NOTE:** This needs done only the first time you install the operator, further upgrades will follow the normal [upgrade procedures](./upgrade.md) +**NOTE:** When the operator is enabled you can not use `--no-hooks` and `--wait` flags. Otherwise it will fail the installation. **NOTE:** Test new versions of the operator by setting `gitlab.operator.image.tag` to either the branch name of a gitlab-operator container build or a specific tagged release number. **NOTE:** The operator is transitioning from a ClusterRole to a regular Role that operates within a namespace. Operator containers after version 0.4 will have this new behavior by default. + +**NOTE:** When the operator is enabled the CRD is managed automatically. It's this particular piece that requires cluster-level privileges. If you need/want to manage CRD installation without Helm, e.g. due to restrictions on cluster-level roles, you can disable automatic CRD management by setting `gitlab.operator.crdManager.enabled` to +`false`. \ No newline at end of file -- GitLab From ff323ecd80799e6a7b1c3014eed4efe7162ce155 Mon Sep 17 00:00:00 2001 From: Hossein Pursultani Date: Thu, 30 May 2019 11:47:02 +1000 Subject: [PATCH 8/8] Fix minor typos --- charts/gitlab/charts/operator/templates/_manage_crd.sh | 4 +++- doc/installation/operator.md | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/gitlab/charts/operator/templates/_manage_crd.sh b/charts/gitlab/charts/operator/templates/_manage_crd.sh index 4fa2408353..12a30afd98 100644 --- a/charts/gitlab/charts/operator/templates/_manage_crd.sh +++ b/charts/gitlab/charts/operator/templates/_manage_crd.sh @@ -1,3 +1,5 @@ +#!/bin/bash + _CRD_NAME='{{ template "gitlab.operator.crdName" . }}' createCRD() { @@ -5,7 +7,7 @@ createCRD() { printf 'Waiting for CRD `%s` to become available ...\n' "$_CRD_NAME" _cnt=0 - _max=10 # roughly 10ms + _max=10 # roughly 10s while [ $_cnt -lt $_max ]; do _out="$( kubectl get crd $_CRD_NAME 2>&1 )" [ "$?" = "0" ] && { diff --git a/doc/installation/operator.md b/doc/installation/operator.md index f202ca7ca3..4aa0ba8493 100644 --- a/doc/installation/operator.md +++ b/doc/installation/operator.md @@ -12,7 +12,7 @@ We provide the flag `global.operator.enabled`, when set to true it enables the o ## Installing using the operator -The operator makes use of Kubernetes CustomResourceDefinitions (CRD). Therefor, you need cluster level privilege to install +The operator makes use of Kubernetes CustomResourceDefinitions (CRD). Therefore, you need cluster level privilege to install it. Please note that this privilege is only required for CRD installation. The operator itself does not mandate it. Simply run `helm upgrade --install . --set global.operator.enabled=true ... ` where `...` shall be replaced by the rest of the values you would like to set. Along with everything else, this command will install the CRD, GitLab custom resource, and the operator. -- GitLab