Changes

Both the development cluster and the production cluster Kubernetes versions have been updated. Also cert-manager and ingress-nginx have been updated. The legacy GitLab integration has been replaced with the new GitLab Kubernetes agent. The GitLab integrations for Prometheus and Elastic Stack have been removed, as they rely on the deprecated Kubernetes integration. Refs #17
Remco Haszing · 78ddd02e
--- a/setup/development.md
+++ b/setup/development.md
@@ -6,15 +6,22 @@ This guide assumes any commands are run from a cloned version of this wiki.
 The review cluster was created with the following settings
- **Kubernetes version**: 1.21.2.do.0 (latest)
+- **Kubernetes version**: 1.22.8.do.1
 - **Datacenter region**: Amsterdam 3
 - **Cluster capacity**:
  - **Node pool name**: development
  - **Machine type**: Basic nodes
  - **Node plan**: \$20/Month per node
  - **Number nodes**: 3
- **Tags**: `review`, `staging`
 - **Name**: development
+- **Tags**: `review`, `staging`
+In the step screen _Patch & minor upgrades_
+- **Automatically install minor version patches**: ☑️
+- **Select day**: Saturday
+- **Select time**: 4AM
+- **Enable surge upgrades**: ☑️
 ## Connecting to the Cluster
@@ -54,7 +61,7 @@ helm repo update
 helm install ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace ingress-nginx \
-  --version 3.34.0 \
+  --version 4.1.0 \
  --set-string 'controller.config.compute-full-forwarded-for=true' \
  --set-string 'controller.config.enable-real-ip=true' \
  --set-string 'controller.config.use-forwarded-headers=true' \
@@ -75,7 +82,7 @@ helm repo update
 helm install cert-manager jetstack/cert-manager \
  --create-namespace \
  --namespace cert-manager \
-  --version 1.4.0 \
+  --version v1.8.0 \
  --set 'installCRDs=true'
 ```
@@ -98,25 +105,64 @@ kubectl apply -f https://gitlab.com/appsemble/infra/wikis/config/development/clu
 Follow
 [instructions](https://gitlab.com/appsemble/appsemble/tree/master/config/charts/appsemble#new-installation)
-from the Appsemble Helm chart to set up secrets for both the `review` and `staging` namespace. For
+from the Appsemble Helm chart to set up secrets for both the `review` and `staging` namespace.
-generating passwords, the following command was used
+An app password for GMail SMTP can be created [here](https://myaccount.google.com/u/1/apppasswords).
+The Sentry DSNs can be found
+[here](https://sentry.io/settings/d-centralize/projects/appsemble/keys/).
+Last time the following commands were used for review:
 ```sh
+kubectl create secret generic appsemble \
+  --namespace review \
+  --from-literal "secret=$(openssl rand -base64 30)"
+kubectl create secret generic smtp \
+  --namespace review
+  --from-literal 'host=smtp.gmail.com' \
+  --from-literal 'port=465' \
+  --from-literal 'secure=true' \
+  --from-literal 'user=admin@appsemble.com' \
+  --from-literal "pass=$GMAIL_APP_PASSWORD" \
+  --from-literal 'from=Appsemble (review) <noreply@appsemble.com>'
 kubectl create secret generic postgresql-secret \
+  --namespace review \
  --from-literal "postgresql-password=$(uuidgen)" \
  --from-literal "postgresql-postgres-password=$(uuidgen)" \
-  --from-literal "postgresql-replication-password=$(uuidgen)" \
+  --from-literal "postgresql-replication-password=$(uuidgen)"
-  --namespace review
+kubectl create secret generic sentry \
+  --namespace review \
+  --from-literal "dsn=$SENTRY_DSN"
+```
+and the following for staging:
+```sh
+kubectl create secret generic appsemble \
+  --namespace staging \
+  --from-literal "secret=$(openssl rand -base64 30)"
+kubectl create secret generic smtp \
+  --namespace staging \
+  --from-literal 'host=smtp.gmail.com' \
+  --from-literal 'port=465' \
+  --from-literal 'secure=true' \
+  --from-literal 'user=admin@appsemble.com' \
+  --from-literal "pass=$GMAIL_APP_PASSWORD" \
+  --from-literal 'from=Appsemble (staging) <noreply@appsemble.com>'
 kubectl create secret generic postgresql-secret \
+  --namespace staging \
  --from-literal "postgresql-password=$(uuidgen)" \
  --from-literal "postgresql-postgres-password=$(uuidgen)" \
-  --from-literal "postgresql-replication-password=$(uuidgen)" \
+  --from-literal "postgresql-replication-password=$(uuidgen)"
-  --namespace staging
+kubectl create secret generic sentry \
+  --namespace staging \
+  --from-literal "dsn=$SENTRY_DSN"
 ```
 For staging, also setup OAuth2. The client credentials for GitHub found
 [here](https://github.com/organizations/appsemble/settings/applications). The client credentials for
-GitLab can be found [here](https://gitlab.com/oauth/applications) when logged in as Appsemble bot.
+GitLab can be found [here](https://gitlab.com/groups/appsemble/-/settings/applications).
 ```sh
 kubectl create secret generic oauth2 \
@@ -129,87 +175,8 @@ kubectl create secret generic oauth2 \
 ## GitLab Integration
-Create a service account so GitLab can deploy into the cluster.
+1. Go to [Kubernetes clusters page](https://gitlab.com/appsemble/appsemble/-/clusters) in the
+   appsemble/appsemble> project.
-```sh
+2. Click _Connect a cluster (agent)_.
-kubectl apply -f config/gitlab-admin-service-account.yaml
+3. Select the _development_ agent and click _Register_.
-```
+4. Copy and run the install command in the prompt.
-Create a namespace for Prometheus and Elastic Stack.
-```sh
-kubectl create namespace gitlab-managed-apps
-```
-### Prometheus
-```sh
-helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-helm repo update
-helm install prometheus prometheus-community/prometheus \
-  --namespace gitlab-managed-apps \
-  --values config/prometheus-values.yaml \
-  --version 14.4.0
-```
-### Elastic Stack
-```sh
-helm repo add gitlab https://charts.gitlab.io
-helm repo update
-helm install elastic-stack gitlab/elastic-stack \
-  --namespace gitlab-managed-apps \
-  --values config/elastic-stack-values.yaml \
-  --version 3.0.0
-```
-### Staging
-[Add an existing cluster ingration](https://gitlab.com/appsemble/appsemble/clusters/new) using the
-following variables:
- **Kubernetes cluster name**: staging
- **Environment scope**: staging
- **API URL**
-  > Retrieved by running:
-  >
-  > ```sh
-  > kubectl cluster-info | grep 'Kubernetes master'
-  > ```
- **CA certificate**
-  > First get the token name by running
-  >
-  > ```sh
-  > kubectl get secrets -n default
-  > ```
-  >
-  > The token should be in the form `default-token-*****`. Now run the following command,
-  > substituting `<token>`
-  >
-  > ```sh
-  > kubectl get secrets <token>  -o jsonpath="{['data']['ca\.crt']}" | base64 --decode
-  > ```
- **Service token**:
-  > Get the GitLab service account token by running
-  >
-  > ```sh
-  > kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep gitlab-admin | awk '{print $1}')
-  > ```
- **RBAC-enabled cluster**: ☑
- **GitLab-managed cluster**: ☐
- **Project namespace prefix**: staging
-### Review
-[Add an existing cluster ingration](https://gitlab.com/appsemble/appsemble/clusters/new) using the
-same variables variables as for staging, except for the following overrides:
- **Kubernetes cluster name**: review
- **Environment scope**: review/\*
- **Project namespace prefix**: review