From 45b0d25feffe51340c9a579dd794592fce55e5da Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Thu, 15 Sep 2022 09:25:03 +0000 Subject: [PATCH 1/2] [installer]: add shiftfs config to the mirror generation list --- install/installer/cmd/mirror_list.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/install/installer/cmd/mirror_list.go b/install/installer/cmd/mirror_list.go index f282f738256495..9e204d2aea3c1d 100644 --- a/install/installer/cmd/mirror_list.go +++ b/install/installer/cmd/mirror_list.go @@ -182,6 +182,12 @@ func renderAllKubernetesObject(cfgVersion string, cfg *configv1.Config) ([]strin }, } + return renderKubernetesObjects(cfgVersion, cfg) + }, + func() ([]string, error) { + // Render for ShiftFS + cfg.Workspace.Runtime.FSShiftMethod = configv1.FSShiftShiftFS + return renderKubernetesObjects(cfgVersion, cfg) }, } From 9e25b5bdbb56dc9efacb49e1e026122e8e832bf7 Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Wed, 24 Aug 2022 16:25:51 +0000 Subject: [PATCH 2/2] [installer]: refactor the install bash script with the new installer cli --- .werft/jobs/build/build-and-publish.ts | 13 - install/installer/scripts/kots-install.sh | 268 ++---------------- .../kots/manifests/gitpod-config-patch.yaml | 14 - .../manifests/gitpod-installation-status.yaml | 2 +- .../kots/manifests/gitpod-installer-job.yaml | 44 ++- .../kots/manifests/gitpod-kots-config.yaml | 22 +- .../gitpod-shiftfs-module-loader.yaml | 39 --- .../manifests/gitpod-ssh-gateway-key.yaml | 14 + 8 files changed, 88 insertions(+), 328 deletions(-) delete mode 100644 install/kots/manifests/gitpod-config-patch.yaml delete mode 100644 install/kots/manifests/gitpod-shiftfs-module-loader.yaml create mode 100644 install/kots/manifests/gitpod-ssh-gateway-key.yaml diff --git a/.werft/jobs/build/build-and-publish.ts b/.werft/jobs/build/build-and-publish.ts index 10133ca52cd94a..3ac770f745e3e6 100644 --- a/.werft/jobs/build/build-and-publish.ts +++ b/.werft/jobs/build/build-and-publish.ts @@ -153,19 +153,6 @@ function publishKots(werft: Werft, jobConfig: JobConfig) { { slice: phases.PUBLISH_KOTS }, ); - // Set the ShiftFS Module Loader tag to version defined in Installer - const shiftFsImageAndTag = exec( - `yq r ${REPLICATED_YAML_DIR}/gitpod-shiftfs-module-loader.yaml ${INSTALLER_JOB_IMAGE}`, - ); - const [shiftFsImage] = shiftFsImageAndTag.split(":"); - const shiftfsModuleLoaderVersion = exec( - `/tmp/installer version | yq r - 'components.wsDaemon.userNamespaces.shiftfsModuleLoader.version'`, - ); - exec( - `yq w -i ${REPLICATED_YAML_DIR}/gitpod-shiftfs-module-loader.yaml ${INSTALLER_JOB_IMAGE} ${shiftFsImage}:${shiftfsModuleLoaderVersion}`, - { slice: phases.PUBLISH_KOTS }, - ); - // Generate the logo and pull any Helm charts exec(`make logo helm -C ${REPLICATED_DIR}`, { slice: phases.PUBLISH_KOTS }); diff --git a/install/installer/scripts/kots-install.sh b/install/installer/scripts/kots-install.sh index 9de31e2fe0b850..adf697dae1b1e0 100755 --- a/install/installer/scripts/kots-install.sh +++ b/install/installer/scripts/kots-install.sh @@ -2,8 +2,6 @@ # Copyright (c) 2022 Gitpod GmbH. All rights reserved. # Licensed under the MIT License. See License-MIT.txt in the project root for license information. -# shellcheck disable=SC2050,SC2153 - set -e echo "Gitpod: Killing any in-progress installations" @@ -38,247 +36,31 @@ appVersion: "$(/app/installer version | yq e '.version' -)" EOF echo "Gitpod: Generate the base Installer config" -/app/installer init > "${CONFIG_FILE}" +/app/installer config init echo "Gitpod: auto-detecting ShiftFS support on host machine" -kubectl wait job -n "${NAMESPACE}" --for=condition=complete -l component=shiftfs-module-loader --timeout=30s || true -ENABLE_SHIFTFS=$(kubectl get jobs.batch -n "${NAMESPACE}" -l component=shiftfs-module-loader -o jsonpath='{.items[0].status.succeeded}') - -if [ "${ENABLE_SHIFTFS}" = "1" ]; then - echo "Gitpod: enabling ShiftFS support" - - yq e -i '.workspace.runtime.fsShiftMethod = "shiftfs"' "${CONFIG_FILE}" -fi - -echo "Gitpod: auto-detecting containerd location on host machine" -if [ -d "/mnt/node0${CONTAINERD_DIR_K3S}" ]; then - echo "Gitpod: containerd dir detected as k3s" - - yq e -i ".workspace.runtime.containerdRuntimeDir = \"${CONTAINERD_DIR_K3S}\"" "${CONFIG_FILE}" -elif [ -d "/mnt/node0${CONTAINERD_DIR_AL}" ]; then - echo "Gitpod: containerd dir detected as ${CONTAINERD_DIR_AL}" - - yq e -i ".workspace.runtime.containerdRuntimeDir = \"${CONTAINERD_DIR_AL}\"" "${CONFIG_FILE}" -fi - -if [ -S "/mnt/node0${CONTAINERD_SOCKET_K3S}" ]; then - echo "Gitpod: containerd socket detected as k3s" - - yq e -i ".workspace.runtime.containerdSocket = \"${CONTAINERD_SOCKET_K3S}\"" "${CONFIG_FILE}" -elif [ -S "/mnt/node0${CONTAINERD_SOCKET_AL}" ]; then - echo "Gitpod: containerd socket detected as ${CONTAINERD_SOCKET_AL}" - - yq e -i ".workspace.runtime.containerdSocket = \"${CONTAINERD_SOCKET_AL}\"" "${CONFIG_FILE}" -fi - -echo "Gitpod: Inject the Replicated variables into the config" -yq e -i ".domain = \"${DOMAIN}\"" "${CONFIG_FILE}" -yq e -i '.license.kind = "secret"' "${CONFIG_FILE}" -yq e -i '.license.name = "gitpod-license"' "${CONFIG_FILE}" - -echo "Gitpod: Inject the HTTP_PROXY settings secret" -yq e -i '.httpProxy.kind = "secret"' "${CONFIG_FILE}" -yq e -i '.httpProxy.name = "http-proxy-settings"' "${CONFIG_FILE}" - -if [ "${OPEN_VSX_URL}" != "" ]; -then - echo "Gitpod: Setting Open VSX Registry URL" - yq e -i ".openVSX.url = \"${OPEN_VSX_URL}\"" "${CONFIG_FILE}" -fi - -if [ "${DB_INCLUSTER_ENABLED}" = "0" ] && [ "${DB_CLOUDSQL_INSTANCE}" != "" ]; -then - echo "Gitpod: configuring CloudSQLProxy" - - yq e -i ".database.inCluster = false" "${CONFIG_FILE}" - yq e -i ".database.cloudSQL.instance = \"${DB_CLOUDSQL_INSTANCE}\"" "${CONFIG_FILE}" - yq e -i ".database.cloudSQL.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".database.cloudSQL.serviceAccount.name = \"cloudsql\"" "${CONFIG_FILE}" -fi - -if [ "${DB_INCLUSTER_ENABLED}" = "0" ] && [ "${DB_CLOUDSQL_INSTANCE}" = "" ]; -then - echo "Gitpod: configuring external database" - - yq e -i ".database.inCluster = false" "${CONFIG_FILE}" - yq e -i ".database.external.certificate.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".database.external.certificate.name = \"database\"" "${CONFIG_FILE}" -fi - -if [ "${HAS_LOCAL_REGISTRY}" = "true" ]; -then - echo "Gitpod: configuring mirrored container registry for airgapped installation" - - yq e -i ".repository = \"${LOCAL_REGISTRY_ADDRESS}\"" "${CONFIG_FILE}" - yq e -i ".imagePullSecrets[0].kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".imagePullSecrets[0].name = \"${IMAGE_PULL_SECRET_NAME}\"" "${CONFIG_FILE}" - yq e -i '.dropImageRepo = true' "${CONFIG_FILE}" - - # Add the registry to the server allowlist - keep docker.io in case it's just using the mirrored registry functionality without being airgapped - yq e -i ".containerRegistry.privateBaseImageAllowList += \"${LOCAL_REGISTRY_HOST}\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}" -fi - -if [ "${REG_DOCKER_CONFIG_ENABLED}" = "1" ]; -then - echo "Gitpod: extracting servers from the custom registry authentication" - - kubectl get secret \ - -n "${NAMESPACE}" \ - custom-registry-credentials \ - -o jsonpath="{.data.\.dockerconfigjson}" | base64 -d > /tmp/userconfig.json - - # Add the registries to the server allowlist - yq e -i ".containerRegistry.privateBaseImageAllowList += $(jq '.auths' /tmp/userconfig.json | jq -rc 'keys')" "${CONFIG_FILE}" - yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}" -fi - -# Output the local registry secret - this is proxy.replicated.com if user hasn't set their own -echo "${LOCAL_REGISTRY_IMAGE_PULL_SECRET}" | base64 -d > /tmp/kotsregistry.json - -if [ "${REG_INCLUSTER_ENABLED}" = "0" ]; -then - echo "Gitpod: configuring external container registry" +/app/installer config cluster shiftfs - # Get the external-container-registry secret so we can merge the external registry and KOTS registry keys - kubectl get secret external-container-registry \ - --namespace "${NAMESPACE}" \ - -o jsonpath='{.data.\.dockerconfigjson}' | base64 -d > /tmp/gitpodregistry.json +echo "Gitpod: auto-detecting containerd settings on host machine" +/app/installer config files containerd - cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret +echo "Gitpod: auto-detecting settings" +/app/installer config build-from-envvars - echo "Gitpod: create the container-registry secret" - kubectl create secret docker-registry container-registry \ - --namespace "${NAMESPACE}" \ - --from-file=.dockerconfigjson=/tmp/container-registry-secret \ - -o yaml --dry-run=client > "${GITPOD_OBJECTS}/templates/gitpod.yaml" +echo "Gitpod: Validate config" +/app/installer validate config - yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}" - yq e -i ".containerRegistry.external.url = \"${REG_URL}\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.external.certificate.name = \"container-registry\"" "${CONFIG_FILE}" -else - if [ "${REG_INCLUSTER_STORAGE}" = "s3" ]; - then - echo "Gitpod: configuring container registry S3 backend" - - yq e -i ".containerRegistry.s3storage.region = \"${REG_INCLUSTER_STORAGE_S3_REGION}\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.s3storage.endpoint = \"${REG_INCLUSTER_STORAGE_S3_ENDPOINT}\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.s3storage.bucket = \"${REG_INCLUSTER_STORAGE_S3_BUCKETNAME}\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.s3storage.certificate.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".containerRegistry.s3storage.certificate.name = \"container-registry-s3-backend\"" "${CONFIG_FILE}" - fi -fi - -if [ "${STORE_PROVIDER}" != "incluster" ]; -then - echo "Gitpod: configuring the storage" - - yq e -i ".metadata.region = \"${STORE_REGION}\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.inCluster = false" "${CONFIG_FILE}" - - if [ "${STORE_PROVIDER}" = "azure" ]; - then - echo "Gitpod: configuring storage for Azure" - - yq e -i ".objectStorage.azure.credentials.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.azure.credentials.name = \"storage-azure\"" "${CONFIG_FILE}" - fi - - if [ "${STORE_PROVIDER}" = "gcp" ]; - then - echo "Gitpod: configuring storage for GCP" - - yq e -i ".objectStorage.cloudStorage.project = \"${STORE_GCP_PROJECT}\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.cloudStorage.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.cloudStorage.serviceAccount.name = \"storage-gcp\"" "${CONFIG_FILE}" - fi - - if [ "${STORE_PROVIDER}" = "s3" ]; - then - echo "Gitpod: configuring storage for S3" - - yq e -i ".objectStorage.s3.endpoint = \"${STORE_S3_ENDPOINT}\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.s3.bucket = \"${STORE_S3_BUCKET}\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.s3.credentials.kind = \"secret\"" "${CONFIG_FILE}" - yq e -i ".objectStorage.s3.credentials.name = \"storage-s3\"" "${CONFIG_FILE}" - fi -fi - -if [ "${SSH_GATEWAY}" = "1" ]; -then - echo "Gitpod: Generate SSH host key" - ssh-keygen -t rsa -q -N "" -f host.key - kubectl create secret generic ssh-gateway-host-key --from-file=host.key -n "${NAMESPACE}" || echo "SSH Gateway Host Key secret has not been created. Does it exist already?" - yq e -i '.sshGatewayHostKey.kind = "secret"' "${CONFIG_FILE}" - yq e -i '.sshGatewayHostKey.name = "ssh-gateway-host-key"' "${CONFIG_FILE}" -fi - -if [ "${TLS_SELF_SIGNED_ENABLED}" = "1" ]; -then - echo "Gitpod: Generating a self-signed certificate with the internal CA" - yq e -i '.customCACert.kind = "secret"' "${CONFIG_FILE}" - yq e -i '.customCACert.name = "ca-issuer-ca"' "${CONFIG_FILE}" -elif [ "${TLS_SELF_SIGNED_ENABLED}" = "0" ] && [ "${CERT_MANAGER_ENABLED}" = "0" ] && [ "${TLS_CUSTOM_CA_CRT_ENABLED}" = "true" ]; -then - echo "Gitpod: Setting CA to be used for certificate" - yq e -i '.customCACert.kind = "secret"' "${CONFIG_FILE}" - yq e -i '.customCACert.name = "ca-certificate"' "${CONFIG_FILE}" -fi - -if [ "${USER_MANAGEMENT_BLOCK_ENABLED}" = "1" ]; -then - echo "Gitpod: Adding blockNewUsers to config" - yq e -i '.blockNewUsers.enabled = true' "${CONFIG_FILE}" - - for domain in ${USER_MANAGEMENT_BLOCK_PASSLIST} - do - echo "Gitpod: Adding domain \"${domain}\" to blockNewUsers config" - yq e -i ".blockNewUsers.passlist += \"${domain}\"" "${CONFIG_FILE}" - done -fi - -if [ "${ADVANCED_MODE_ENABLED}" = "1" ]; -then - echo "Gitpod: Applying advanced configuration" - - if [ "${COMPONENT_PROXY_SERVICE_SERVICETYPE}" != "" ]; - then - # Empty string defaults to LoadBalancer. This maintains backwards compatibility with the deprecated experimental value - echo "Gitpod: Applying Proxy service type" - yq e -i ".components.proxy.service.serviceType = \"${COMPONENT_PROXY_SERVICE_SERVICETYPE}\"" "${CONFIG_FILE}" - fi - - if [ -s "${CUSTOMIZATION_PATCH_FILE}" ]; - then - CUSTOMIZATION="$(base64 "${CUSTOMIZATION_PATCH_FILE}" -w 0)" - echo "Gitpod: Applying customization patch ${CUSTOMIZATION}" +echo "Gitpod: render Kubernetes manifests" +/app/installer render --use-experimental-config > "${GITPOD_OBJECTS}/templates/gitpod.yaml" - # Apply the customization property - if something else is set, this will be ignored - yq e -i ".customization = $(echo "${CUSTOMIZATION}" | base64 -d | yq e -o json '.customization' - | jq -rc) // []" "${CONFIG_FILE}" - fi -else - echo "Gitpod: No advanced configuration applied" +if [ "${INSTALLER_DRY_RUN}" = "true" ]; then + echo "Gitpod: dry-run set to true, no installation will be performed" + exit fi -echo "Gitpod: Update platform telemetry value" -yq eval-all --inplace ".experimental.telemetry.data.platform = \"${DISTRIBUTION}\"" "${CONFIG_FILE}" - -echo "Gitpod: Patch Gitpod config" -base64 -d "${CONFIG_PATCH_FILE}" > /tmp/patch.yaml -config_patch=$(cat /tmp/patch.yaml) -echo "Gitpod: ${CONFIG_PATCH_FILE}=${config_patch}" -yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' "${CONFIG_FILE}" /tmp/patch.yaml - -echo "Gitpod: Generate the Kubernetes objects" -config=$(cat "${CONFIG_FILE}") -echo "Gitpod: ${CONFIG_FILE}=${config}" - -echo "Gitpod: render Kubernetes manifests" -/app/installer render -c "${CONFIG_FILE}" --namespace "${NAMESPACE}" --use-experimental-config >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" - -if [ "${REG_INCLUSTER_ENABLED}" = "1" ]; -then +# Combine the pull secrets +echo "${LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON}" > /tmp/kotsregistry.json +if [ "${REG_INCLUSTER_ENABLED}" = "1" ]; then echo "Gitpod: Add the local registry secret to the in-cluster registry secret" # Get the in-cluster registry secret @@ -293,6 +75,20 @@ then echo "Gitpod: update the in-cluster registry secret" yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \ "${GITPOD_OBJECTS}/templates/gitpod.yaml" +else + echo "Gitpod: configuring external container registry" + + # Get the external-container-registry secret so we can merge the external registry and KOTS registry keys + echo "${EXTERNAL_DOCKER_CONFIG_JSON}" > /tmp/gitpodregistry.json + + cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret + + echo "Gitpod: append the container-registry secret" + echo "---" >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" + kubectl create secret docker-registry "${REG_EXTERNAL_CERTIFICATE_NAME}" \ + --namespace "${NAMESPACE}" \ + --from-file=.dockerconfigjson=/tmp/container-registry-secret \ + -o yaml --dry-run=client >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" fi if [ "${REG_DOCKER_CONFIG_ENABLED}" = "1" ]; @@ -300,7 +96,7 @@ then # Work out the registry secret to use if [ "${REG_INCLUSTER_ENABLED}" = "0" ]; then - export REGISTRY_SECRET_NAME="container-registry" + export REGISTRY_SECRET_NAME="${REG_EXTERNAL_CERTIFICATE_NAME}" else export REGISTRY_SECRET_NAME="builtin-registry-auth" fi @@ -345,5 +141,3 @@ helm upgrade \ echo "Gitpod: Restarting installation status job" kubectl delete pod -n "${NAMESPACE}" -l component=gitpod-installer-status || true - -echo "Gitpod: Installer job finished - goodbye" diff --git a/install/kots/manifests/gitpod-config-patch.yaml b/install/kots/manifests/gitpod-config-patch.yaml deleted file mode 100644 index fd41df87627b63..00000000000000 --- a/install/kots/manifests/gitpod-config-patch.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Copyright (c) 2022 Gitpod GmbH. All rights reserved. -# Licensed under the MIT License. See License-MIT.txt in the project root for license information. - -apiVersion: v1 -kind: ConfigMap -metadata: - name: gitpod-config-patch - labels: - app: gitpod - component: gitpod-installer -data: - gitpod-config-patch.yaml: '{{repl if and (ConfigOptionEquals "advanced_mode_enabled" "1") (ConfigOptionNotEquals "config_patch" "") }}{{repl ConfigOption "config_patch" }}{{repl else }}{{repl printf "{}" | Base64Encode }}{{repl end }}' - customization-patch.yaml: | - repl{{ ConfigOptionData "customization_patch" | default "" | nindent 4 }} diff --git a/install/kots/manifests/gitpod-installation-status.yaml b/install/kots/manifests/gitpod-installation-status.yaml index ad1e64674cc888..afc82ff7210ddd 100644 --- a/install/kots/manifests/gitpod-installation-status.yaml +++ b/install/kots/manifests/gitpod-installation-status.yaml @@ -30,7 +30,7 @@ spec: containers: - name: installation-status # This will normally be the release tag - image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-move-kots-bash-script.28" + image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-refactoring.6" envFrom: - configMapRef: name: gitpod-kots-config diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index daee886cb8e434..bcb2febbc651b5 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -39,40 +39,38 @@ spec: containers: - name: installer # This will normally be the release tag - image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-config.23" + image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-refactoring.6" volumeMounts: - - mountPath: /config-patch - name: config-patch - readOnly: true - mountPath: /mnt/node0 name: node-fs0 readOnly: true env: - - name: CONFIG_FILE - value: /tmp/gitpod-config.yaml - - name: CONFIG_PATCH_FILE - value: /config-patch/gitpod-config-patch.yaml - - name: CUSTOMIZATION_PATCH_FILE - value: /config-patch/customization-patch.yaml - - name: CONTAINERD_DIR_K3S - value: /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io - - name: CONTAINERD_SOCKET_K3S - value: /run/k3s/containerd/containerd.sock - - name: CONTAINERD_DIR_AL - value: /run/containerd/io.containerd.runtime.v2.task/k8s.io - - name: CONTAINERD_SOCKET_AL - value: /run/containerd/containerd.sock - - name: GITPOD_OBJECTS - value: /tmp/gitpod + - name: MOUNT_PATH + value: /mnt/node0 + - name: REG_DOCKER_CONFIG_JSON + valueFrom: + secretKeyRef: + name: custom-registry-credentials + key: .dockerconfigjson + optional: true + - name: EXTERNAL_DOCKER_CONFIG_JSON + valueFrom: + secretKeyRef: + name: external-container-registry + key: .dockerconfigjson + optional: true + - name: LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON + valueFrom: + secretKeyRef: + name: repl{{ ImagePullSecretName | quote }} + key: .dockerconfigjson + optional: true envFrom: - configMapRef: name: gitpod-kots-config command: - /app/scripts/kots-install.sh volumes: - - name: config-patch - configMap: - name: gitpod-config-patch - name: node-fs0 hostPath: path: / diff --git a/install/kots/manifests/gitpod-kots-config.yaml b/install/kots/manifests/gitpod-kots-config.yaml index f64e1b900c2ace..b0f1f7d5e4b19f 100644 --- a/install/kots/manifests/gitpod-kots-config.yaml +++ b/install/kots/manifests/gitpod-kots-config.yaml @@ -9,6 +9,10 @@ metadata: app: gitpod component: gitpod-installer data: + # KOTS settings + GITPOD_INSTALLER_CONFIG: /tmp/gitpod-config.yaml + GITPOD_OBJECTS: /tmp/gitpod + # General settings CURSOR: repl{{ Cursor | quote }} DISTRIBUTION: repl{{ Distribution | quote }} @@ -17,16 +21,22 @@ data: OPEN_VSX_URL: repl{{ ConfigOption "openVsxUrl" | quote }} SSH_GATEWAY: repl{{ ConfigOption "ssh_gateway" | quote }} + # Secret names + HTTP_PROXY_NAME: http-proxy-settings + LICENSE_NAME: gitpod-license + SSH_GATEWAY_HOST_KEY_NAME: ssh-gateway-host-key + # Database settings DB_INCLUSTER_ENABLED: repl{{ ConfigOption "db_incluster" | quote }} DB_CLOUDSQL_ENABLED: repl{{ ConfigOption "db_cloudsql_enabled" | quote }} DB_CLOUDSQL_INSTANCE: repl{{ ConfigOption "db_cloudsql_instance" | quote }} + DB_CLOUDSQL_SERVICE_ACCOUNT_NAME: cloudsql + DB_EXTERNAL_CERTIFICATE_NAME: database # Airgap settings HAS_LOCAL_REGISTRY: repl{{ HasLocalRegistry | quote }} LOCAL_REGISTRY_ADDRESS: repl{{ LocalRegistryAddress | quote }} LOCAL_REGISTRY_HOST: repl{{ LocalRegistryHost | quote }} - LOCAL_REGISTRY_IMAGE_PULL_SECRET: repl{{ LocalRegistryImagePullSecret | quote }} IMAGE_PULL_SECRET_NAME: repl{{ ImagePullSecretName | quote }} # Registry settings @@ -36,7 +46,9 @@ data: REG_INCLUSTER_STORAGE_S3_REGION: repl{{ ConfigOption "reg_incluster_storage_s3_region" | quote }} REG_INCLUSTER_STORAGE_S3_ENDPOINT: repl{{ ConfigOption "reg_incluster_storage_s3_endpoint" | quote }} REG_INCLUSTER_STORAGE_S3_BUCKETNAME: repl{{ ConfigOption "reg_incluster_storage_s3_bucketname" | quote }} + REG_INCLUSTER_STORAGE_S3_CERTIFICATE_NAME: container-registry-s3-backend REG_DOCKER_CONFIG_ENABLED: repl{{ ConfigOption "reg_docker_config_enable" | quote }} + REG_EXTERNAL_CERTIFICATE_NAME: container-registry # Storage settings STORE_PROVIDER: repl{{ ConfigOption "store_provider" | quote }} @@ -44,11 +56,15 @@ data: STORE_GCP_PROJECT: repl{{ ConfigOption "store_gcp_project" | quote }} STORE_S3_ENDPOINT: repl{{ ConfigOption "store_s3_endpoint" | quote }} STORE_S3_BUCKET: repl{{ ConfigOption "store_s3_bucket" | quote }} + STORE_AZURE_CREDENTIALS_NAME: storage-azure + STORE_GCP_SERVICE_ACCOUNT_NAME: storage-gcp + STORE_S3_CREDENTIALS_NAME: storage-s3 # TLS certificate settings CERT_MANAGER_ENABLED: repl{{ ConfigOption "cert_manager_enabled" | quote }} TLS_SELF_SIGNED_ENABLED: repl{{ ConfigOption "tls_self_signed_enabled" | quote }} TLS_CUSTOM_CA_CRT_ENABLED: repl{{ ConfigOptionNotEquals "tls_ca_crt" "" | quote }} # Use comparison not value + TLS_CUSTOM_CA_CRT_CREDENTIALS_NAME: ca-certificate # User management settings USER_MANAGEMENT_BLOCK_ENABLED: repl{{ ConfigOption "user_management_block_enabled" | quote }} @@ -58,3 +74,7 @@ data: ADVANCED_MODE_ENABLED: repl{{ ConfigOption "advanced_mode_enabled" | quote }} COMPONENT_PROXY_SERVICE_SERVICETYPE: repl{{ ConfigOption "component_proxy_service_serviceType" | quote }} CUSTOMIZATION_PATCH_ENABLED: repl{{ ConfigOptionNotEquals "customization_patch" "" | quote }} # Use comparison not value + + # Customizations + CONFIG_PATCH: repl{{ ConfigOptionData "config_patch" | default "" | quote }} + CUSTOMIZATION_PATCH: repl{{ ConfigOptionData "customization_patch" | default "" | quote }} diff --git a/install/kots/manifests/gitpod-shiftfs-module-loader.yaml b/install/kots/manifests/gitpod-shiftfs-module-loader.yaml deleted file mode 100644 index 2732850d707483..00000000000000 --- a/install/kots/manifests/gitpod-shiftfs-module-loader.yaml +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright (c) 2022 Gitpod GmbH. All rights reserved. -# Licensed under the MIT License. See License-MIT.txt in the project root for license information. - -# This job is allowed to fail as will default to fuse -apiVersion: batch/v1 -kind: Job -metadata: - name: shiftfs-module-loader-{{repl Cursor }} - labels: - app: gitpod - component: shiftfs-module-loader -spec: - ttlSecondsAfterFinished: 60 - activeDeadlineSeconds: 30 - backoffLimit: 1 - parallelism: 1 - template: - metadata: - labels: - app: gitpod - component: shiftfs-module-loader - spec: - serviceAccountName: installer - restartPolicy: Never - containers: - - name: shiftfs-module-loader - # This is the current valid tag. This will be auto-updated by the Werft job - image: eu.gcr.io/gitpod-core-dev/build/shiftfs-module-loader:commit-ab235e8bc00f2c1ac70232cea17e5df9a9d262fa - securityContext: - privileged: true - volumeMounts: - - mountPath: /usr/src_node - name: node-linux-src - readOnly: true - volumes: - - name: node-linux-src - hostPath: - path: /usr/src - type: Directory diff --git a/install/kots/manifests/gitpod-ssh-gateway-key.yaml b/install/kots/manifests/gitpod-ssh-gateway-key.yaml new file mode 100644 index 00000000000000..f4eb3f99c18566 --- /dev/null +++ b/install/kots/manifests/gitpod-ssh-gateway-key.yaml @@ -0,0 +1,14 @@ +# Copyright (c) 2022 Gitpod GmbH. All rights reserved. +# Licensed under the MIT License. See License-MIT.txt in the project root for license information. + +apiVersion: v1 +kind: Secret +metadata: + name: ssh-gateway-host-key + labels: + app: gitpod + component: gitpod-installer + annotations: + kots.io/when: '{{repl ConfigOptionEquals "ssh_gateway" "1" }}' +data: + host.key: '{{repl genPrivateKey "rsa" | Base64Encode }}'