root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity
83,511 Commits 9,131 Branches 1,640 Tags 2 GiB
Commit Graph

7 Commits

Author SHA1 Message Date
Thong Kuah 5ede567d71 Incorporates Kubernetes Namespace into Cluster's flow 2018-11-02 15:46:15 +00:00
Thong Kuah fd9d2f4914 Kubernetes secret are namespaced, so must always pass a namespace arg. 
In our case it's 'default'.
 2018-09-14 16:26:51 +12:00
Thong Kuah a02e35308b Always create `gitlab` service account and service account token regardless of ABAC/RBAC 
This also solves the async nature of the automatic creation of default
service tokens for service accounts. It also makes explicit which
service account token we always use.

create cluster role binding only if the provider has legacy_abac
disabled.
 2018-09-14 16:26:51 +12:00
Thong Kuah 577c79bb58 ABAC: fetch default service account token; RBAC: fetch gitlab service acount token 
Keeps existing behaviour for ABAC cluster
 2018-09-14 16:26:51 +12:00
Thong Kuah 3eec327d50 Refactor to DRY out building of kube_client into originator service 2018-09-14 16:26:50 +12:00
Thong Kuah 7ebc18d1b3 When provisioning a new cluster, create gitlab service account so that GitLab can perform operations in a RBAC-enabled cluster. 
Correspondingly, use the token of the gitlab service account, vs the
default service account token which will have no privs.
 2018-09-14 16:26:50 +12:00
Thong Kuah fe450ebf51 Move FetchKubernetesTokenService to under the Clusters::Gcp::Kubernetes namespace 
This is in preparation to share some common code with another service
which will also need a kubeclient utilizing master username and password
 2018-09-14 16:26:50 +12:00