From 8f6764f9cb5193568e380d64badd4d5d6cf91e91 Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Tue, 30 Nov 2021 11:17:12 +0000 Subject: [PATCH 1/3] [installer]: add image pull secrets to gitpod components --- installer/pkg/common/objects.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/installer/pkg/common/objects.go b/installer/pkg/common/objects.go index 1c8d8444f4154e..7b9ff280ad1218 100644 --- a/installer/pkg/common/objects.go +++ b/installer/pkg/common/objects.go @@ -14,6 +14,16 @@ import ( func DefaultServiceAccount(component string) RenderFunc { return func(cfg *RenderContext) ([]runtime.Object, error) { + pullSecrets := make([]corev1.LocalObjectReference, 0) + + if len(cfg.Config.ImagePullSecrets) > 0 { + for _, i := range cfg.Config.ImagePullSecrets { + pullSecrets = append(pullSecrets, corev1.LocalObjectReference{ + Name: i.Name, + }) + } + } + return []runtime.Object{ &corev1.ServiceAccount{ TypeMeta: TypeMetaServiceAccount, @@ -23,6 +33,7 @@ func DefaultServiceAccount(component string) RenderFunc { Labels: DefaultLabels(component), }, AutomountServiceAccountToken: pointer.Bool(true), + ImagePullSecrets: pullSecrets, }, }, nil } From d3d3c445e71d775d77616ba7a78e729f38525e5e Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Tue, 30 Nov 2021 15:18:20 +0000 Subject: [PATCH 2/3] [installer]: add image pull secrets to third-party container images --- installer/pkg/common/common.go | 4 ++-- installer/pkg/common/constants.go | 5 +++++ installer/pkg/components/agent-smith/daemonset.go | 2 +- installer/pkg/components/blobserve/deployment.go | 2 +- installer/pkg/components/database/init/constants.go | 2 +- installer/pkg/components/database/init/job.go | 2 +- installer/pkg/components/image-builder-mk3/deployment.go | 2 +- installer/pkg/components/proxy/constants.go | 7 +++++-- installer/pkg/components/proxy/deployment.go | 4 ++-- installer/pkg/components/registry-facade/daemonset.go | 2 +- installer/pkg/components/server/deployment.go | 2 +- installer/pkg/components/ws-daemon/daemonset.go | 5 ++--- installer/pkg/components/ws-manager-bridge/deployment.go | 2 +- installer/pkg/components/ws-scheduler/deployment.go | 2 +- 14 files changed, 25 insertions(+), 18 deletions(-) diff --git a/installer/pkg/common/common.go b/installer/pkg/common/common.go index b75504471ebb3c..17816ad9e57e8c 100644 --- a/installer/pkg/common/common.go +++ b/installer/pkg/common/common.go @@ -264,10 +264,10 @@ func MessageBusWaiterContainer(ctx *RenderContext) *corev1.Container { } } -func KubeRBACProxyContainer() *corev1.Container { +func KubeRBACProxyContainer(ctx *RenderContext) *corev1.Container { return &corev1.Container{ Name: "kube-rbac-proxy", - Image: "quay.io/brancz/kube-rbac-proxy:v0.11.0", + Image: ImageName(ThirdPartyContainerRepo(ctx.Config.Repository, KubeRBACProxyRepo), KubeRBACProxyImage, KubeRBACProxyTag), Args: []string{ "--v=5", "--logtostderr", diff --git a/installer/pkg/common/constants.go b/installer/pkg/common/constants.go index d2e1bf725db91b..94beed13009efa 100644 --- a/installer/pkg/common/constants.go +++ b/installer/pkg/common/constants.go @@ -15,10 +15,15 @@ const ( AppName = "gitpod" BlobServeServicePort = 4000 CertManagerCAIssuer = "ca-issuer" + DockerRegistryURL = "docker.io" DockerRegistryName = "registry" + GitpodContainerRegistry = "eu.gcr.io/gitpod-core-dev/build" InClusterDbSecret = "mysql" InClusterMessageQueueName = "rabbitmq" InClusterMessageQueueTLS = "messagebus-certificates-secret-core" + KubeRBACProxyRepo = "quay.io/brancz" + KubeRBACProxyImage = "kube-rbac-proxy" + KubeRBACProxyTag = "v0.11.0" MinioServiceAPIPort = 9000 MonitoringChart = "monitoring" ProxyComponent = "proxy" diff --git a/installer/pkg/components/agent-smith/daemonset.go b/installer/pkg/components/agent-smith/daemonset.go index bc6955162d2a1d..30a0c82da71ada 100644 --- a/installer/pkg/components/agent-smith/daemonset.go +++ b/installer/pkg/components/agent-smith/daemonset.go @@ -78,7 +78,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) { Privileged: pointer.Bool(true), ProcMount: func() *corev1.ProcMountType { r := corev1.DefaultProcMount; return &r }(), }, - }, *common.KubeRBACProxyContainer()}, + }, *common.KubeRBACProxyContainer(ctx)}, Volumes: []corev1.Volume{{ Name: "config", VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{ diff --git a/installer/pkg/components/blobserve/deployment.go b/installer/pkg/components/blobserve/deployment.go index 377a461391f077..0d724815a26476 100644 --- a/installer/pkg/components/blobserve/deployment.go +++ b/installer/pkg/components/blobserve/deployment.go @@ -125,7 +125,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { MountPath: "/mnt/pull-secret.json", SubPath: ".dockerconfigjson", }}, - }, *common.KubeRBACProxyContainer()}, + }, *common.KubeRBACProxyContainer(ctx)}, }, }, }, diff --git a/installer/pkg/components/database/init/constants.go b/installer/pkg/components/database/init/constants.go index d59390331d27a7..48085fbe3c8467 100644 --- a/installer/pkg/components/database/init/constants.go +++ b/installer/pkg/components/database/init/constants.go @@ -6,7 +6,7 @@ package init const ( Component = "dbinit" - dbSessionsImage = "mysql" + dbSessionsImage = "library/mysql" dbSessionsTag = "5.7.34" initScriptDir = "files" sqlInitScripts = "db-init-scripts" diff --git a/installer/pkg/components/database/init/job.go b/installer/pkg/components/database/init/job.go index 6b7dd133544be9..4feda70b099b1d 100644 --- a/installer/pkg/components/database/init/job.go +++ b/installer/pkg/components/database/init/job.go @@ -47,7 +47,7 @@ func job(ctx *common.RenderContext) ([]runtime.Object, error) { InitContainers: []corev1.Container{*common.DatabaseWaiterContainer(ctx)}, Containers: []corev1.Container{{ Name: fmt.Sprintf("%s-session", Component), - Image: fmt.Sprintf("%s:%s", dbSessionsImage, dbSessionsTag), + Image: common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, ""), dbSessionsImage, dbSessionsTag), ImagePullPolicy: corev1.PullIfNotPresent, Env: common.MergeEnv( common.DatabaseEnv(&ctx.Config), diff --git a/installer/pkg/components/image-builder-mk3/deployment.go b/installer/pkg/components/image-builder-mk3/deployment.go index 5fc9ec25b68546..12f2bc24cf6cbf 100644 --- a/installer/pkg/components/image-builder-mk3/deployment.go +++ b/installer/pkg/components/image-builder-mk3/deployment.go @@ -162,7 +162,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { *common.InternalCAVolumeMount(), }, }, - *common.KubeRBACProxyContainer(), + *common.KubeRBACProxyContainer(ctx), }, }, }, diff --git a/installer/pkg/components/proxy/constants.go b/installer/pkg/components/proxy/constants.go index 13d90e0c550a78..d4272893ec8887 100644 --- a/installer/pkg/components/proxy/constants.go +++ b/installer/pkg/components/proxy/constants.go @@ -13,8 +13,11 @@ const ( ContainerHTTPSPort = common.ProxyContainerHTTPSPort ContainerHTTPSName = common.ProxyContainerHTTPSName PrometheusPort = 9500 - InitContainerImage = "alpine:3.15" - KubeRBACProxyImage = "quay.io/brancz/kube-rbac-proxy:v0.11.0" + InitContainerImage = "library/alpine" + InitContainerTag = "3.15" + KubeRBACProxyRepo = common.KubeRBACProxyRepo + KubeRBACProxyImage = common.KubeRBACProxyImage + KubeRBACProxyTag = common.KubeRBACProxyTag MetricsContainerName = "metrics" ReadinessPort = 8003 RegistryAuthSecret = common.RegistryAuthSecret diff --git a/installer/pkg/components/proxy/deployment.go b/installer/pkg/components/proxy/deployment.go index 4eb2c0c8cf6fff..818cf5c73ff7b7 100644 --- a/installer/pkg/components/proxy/deployment.go +++ b/installer/pkg/components/proxy/deployment.go @@ -129,7 +129,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { Volumes: volumes, InitContainers: []corev1.Container{{ Name: "sysctl", - Image: InitContainerImage, + Image: common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, common.DockerRegistryURL), InitContainerImage, InitContainerTag), ImagePullPolicy: corev1.PullIfNotPresent, SecurityContext: &corev1.SecurityContext{ Privileged: pointer.Bool(true), @@ -142,7 +142,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { }}, Containers: []corev1.Container{{ Name: "kube-rbac-proxy", - Image: KubeRBACProxyImage, + Image: common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, KubeRBACProxyRepo), KubeRBACProxyImage, KubeRBACProxyTag), ImagePullPolicy: corev1.PullIfNotPresent, Args: []string{ "--v=10", diff --git a/installer/pkg/components/registry-facade/daemonset.go b/installer/pkg/components/registry-facade/daemonset.go index f2c24aa12bd1ef..79a9a20350fe21 100644 --- a/installer/pkg/components/registry-facade/daemonset.go +++ b/installer/pkg/components/registry-facade/daemonset.go @@ -176,7 +176,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) { }, volumeMounts...), }, - *common.KubeRBACProxyContainer(), + *common.KubeRBACProxyContainer(ctx), }, Volumes: append([]corev1.Volume{{ Name: "cache", diff --git a/installer/pkg/components/server/deployment.go b/installer/pkg/components/server/deployment.go index 88f20ddc114dc5..535a08ce137efa 100644 --- a/installer/pkg/components/server/deployment.go +++ b/installer/pkg/components/server/deployment.go @@ -149,7 +149,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { MountPath: "/ws-manager-client-tls-certs", ReadOnly: true, }}, - }, *common.KubeRBACProxyContainer()}, + }, *common.KubeRBACProxyContainer(ctx)}, }, }, }, diff --git a/installer/pkg/components/ws-daemon/daemonset.go b/installer/pkg/components/ws-daemon/daemonset.go index ae51258c5e17d7..a9f2beafd1aa08 100644 --- a/installer/pkg/components/ws-daemon/daemonset.go +++ b/installer/pkg/components/ws-daemon/daemonset.go @@ -6,7 +6,6 @@ package wsdaemon import ( "fmt" - "github.com/gitpod-io/gitpod/installer/pkg/cluster" "github.com/gitpod-io/gitpod/installer/pkg/common" "github.com/gitpod-io/gitpod/installer/pkg/config/v1" @@ -32,7 +31,7 @@ func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) { initContainers := []corev1.Container{ { Name: "disable-kube-health-monitor", - Image: "ubuntu:20.04", + Image: common.ImageName(common.ThirdPartyContainerRepo(ctx.Config.Repository, common.DockerRegistryURL), "library/ubuntu", "20.04"), Command: []string{ "/usr/bin/nsenter", "-t", @@ -281,7 +280,7 @@ fi Privileged: pointer.Bool(true), }, }, - *common.KubeRBACProxyContainer(), + *common.KubeRBACProxyContainer(ctx), }, RestartPolicy: "Always", TerminationGracePeriodSeconds: pointer.Int64(30), diff --git a/installer/pkg/components/ws-manager-bridge/deployment.go b/installer/pkg/components/ws-manager-bridge/deployment.go index 0880d6886c938a..e53485ed7bc3f7 100644 --- a/installer/pkg/components/ws-manager-bridge/deployment.go +++ b/installer/pkg/components/ws-manager-bridge/deployment.go @@ -121,7 +121,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { MountPath: "/ws-manager-client-tls-certs", ReadOnly: true, }}, - }, *common.KubeRBACProxyContainer()}, + }, *common.KubeRBACProxyContainer(ctx)}, }, }, }, diff --git a/installer/pkg/components/ws-scheduler/deployment.go b/installer/pkg/components/ws-scheduler/deployment.go index 1ce29300c91adc..35285a9f4588c6 100644 --- a/installer/pkg/components/ws-scheduler/deployment.go +++ b/installer/pkg/components/ws-scheduler/deployment.go @@ -96,7 +96,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { MountPath: "/ws-manager-client-tls-certs", ReadOnly: true, }}, - }, *common.KubeRBACProxyContainer()}, + }, *common.KubeRBACProxyContainer(ctx)}, }, }, }, From 036f7bce5b2b0e5c1cc0f0d5108c686b66b3a756 Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Tue, 30 Nov 2021 18:13:34 +0000 Subject: [PATCH 3/3] [installer]: configure helm dependencies to use custom container registry --- installer/pkg/common/common.go | 14 ++++++++ installer/pkg/common/constants.go | 4 +-- .../pkg/components/database/incluster/helm.go | 6 ++++ .../pkg/components/docker-registry/helm.go | 10 ++++++ .../pkg/components/jaeger-operator/helm.go | 6 ++++ installer/pkg/components/minio/azure/minio.go | 33 ++++++++++--------- installer/pkg/components/minio/helm.go | 12 +++++-- .../pkg/components/minio/incluster/minio.go | 17 ++++++---- installer/pkg/components/rabbitmq/helm.go | 4 +++ installer/pkg/helm/helm.go | 16 +++++++++ 10 files changed, 96 insertions(+), 26 deletions(-) diff --git a/installer/pkg/common/common.go b/installer/pkg/common/common.go index 17816ad9e57e8c..44beb1179fb2b9 100644 --- a/installer/pkg/common/common.go +++ b/installer/pkg/common/common.go @@ -509,3 +509,17 @@ func RandomString(length int) (string, error) { } return string(b), nil } + +// ThirdPartyContainerRepo returns the container registry to use for third-party containers. +// If config registry is set to the Gitpod registry, the third-party registry is returned. If +// config registry is different, that repository is returned and deployment expected to mirror +// the images to their registry +func ThirdPartyContainerRepo(configRegistry string, thirdPartyRegistry string) string { + configRegistry = strings.TrimSuffix(configRegistry, "/") + + if configRegistry == GitpodContainerRegistry { + return thirdPartyRegistry + } + + return configRegistry +} diff --git a/installer/pkg/common/constants.go b/installer/pkg/common/constants.go index 94beed13009efa..4848a17d222281 100644 --- a/installer/pkg/common/constants.go +++ b/installer/pkg/common/constants.go @@ -21,8 +21,8 @@ const ( InClusterDbSecret = "mysql" InClusterMessageQueueName = "rabbitmq" InClusterMessageQueueTLS = "messagebus-certificates-secret-core" - KubeRBACProxyRepo = "quay.io/brancz" - KubeRBACProxyImage = "kube-rbac-proxy" + KubeRBACProxyRepo = "quay.io" + KubeRBACProxyImage = "brancz/kube-rbac-proxy" KubeRBACProxyTag = "v0.11.0" MinioServiceAPIPort = 9000 MonitoringChart = "monitoring" diff --git a/installer/pkg/components/database/incluster/helm.go b/installer/pkg/components/database/incluster/helm.go index 5875cecec9aeb3..efa16e4c880a61 100644 --- a/installer/pkg/components/database/incluster/helm.go +++ b/installer/pkg/components/database/incluster/helm.go @@ -33,6 +33,12 @@ var Helm = common.CompositeHelmFunc( helm.KeyValue("mysql.auth.username", Username), helm.KeyValue("mysql.initdbScriptsConfigMap", SQLInitScripts), helm.KeyValue("mysql.serviceAccount.name", Component), + helm.ImagePullSecrets("mysql.image.pullSecrets", cfg), + helm.KeyValue("mysql.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), + helm.ImagePullSecrets("mysql.metrics.image.pullSecrets", cfg), + helm.KeyValue("mysql.metrics.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), + helm.ImagePullSecrets("mysql.volumePermissions.image.pullSecrets", cfg), + helm.KeyValue("mysql.volumePermissions.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), }, // This is too complex to be sent as a string FileValues: []string{ diff --git a/installer/pkg/components/docker-registry/helm.go b/installer/pkg/components/docker-registry/helm.go index 97ddd454939530..9be30d6cfe46c7 100644 --- a/installer/pkg/components/docker-registry/helm.go +++ b/installer/pkg/components/docker-registry/helm.go @@ -23,11 +23,21 @@ var Helm = common.CompositeHelmFunc( return nil, err } + repository := fmt.Sprintf("%s/library/registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)) + registryValues := []string{ helm.KeyValue(fmt.Sprintf("docker-registry.podAnnotations.%s", strings.Replace(common.AnnotationConfigChecksum, ".", "\\.", -1)), secretHash), helm.KeyValue("docker-registry.fullnameOverride", RegistryName), helm.KeyValue("docker-registry.service.port", strconv.Itoa(common.ProxyContainerHTTPSPort)), helm.KeyValue("docker-registry.tlsSecretName", BuiltInRegistryCerts), + helm.KeyValue("docker-registry.image.repository", repository), + } + + if len(cfg.Config.ImagePullSecrets) > 0 { + // This chart doesn't add in the "name/value" pair format + for k, v := range cfg.Config.ImagePullSecrets { + registryValues = append(registryValues, helm.KeyValue(fmt.Sprintf("docker-registry.imagePullSecrets[%d].name", k), v.Name)) + } } inCluster := pointer.BoolDeref(cfg.Config.ContainerRegistry.InCluster, false) diff --git a/installer/pkg/components/jaeger-operator/helm.go b/installer/pkg/components/jaeger-operator/helm.go index 2f789082a34017..a1e2c46b0ffbf9 100644 --- a/installer/pkg/components/jaeger-operator/helm.go +++ b/installer/pkg/components/jaeger-operator/helm.go @@ -5,6 +5,7 @@ package jaegeroperator import ( + "fmt" "github.com/gitpod-io/gitpod/installer/pkg/common" "github.com/gitpod-io/gitpod/installer/pkg/helm" "github.com/gitpod-io/gitpod/installer/third_party/charts" @@ -14,12 +15,17 @@ import ( var Helm = common.CompositeHelmFunc( helm.ImportTemplate(charts.JaegerOperator(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) { + repository := common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL) + image := "jaegertracing/jaeger-operator" + return &common.HelmConfig{ Enabled: pointer.BoolDeref(cfg.Config.Jaeger.InCluster, false), Values: &values.Options{ Values: []string{ helm.KeyValue("jaeger-operator.crd.install", "true"), helm.KeyValue("jaeger-operator.rbac.clusterRole", "true"), + helm.ImagePullSecrets("jaeger-operator.image.imagePullSecrets", cfg), + helm.KeyValue("jaeger-operator.image.repository", fmt.Sprintf("%s/%s", repository, image)), }, }, }, nil diff --git a/installer/pkg/components/minio/azure/minio.go b/installer/pkg/components/minio/azure/minio.go index 0d95034ce96a84..6ff168812af9a5 100644 --- a/installer/pkg/components/minio/azure/minio.go +++ b/installer/pkg/components/minio/azure/minio.go @@ -12,26 +12,29 @@ import ( "helm.sh/helm/v3/pkg/cli/values" ) -var Helm = func(apiPort int32, consolePort int32) common.HelmFunc { +var Helm = func(apiPort int32, consolePort int32, commonHelmValues []string) common.HelmFunc { return common.CompositeHelmFunc( helm.ImportTemplate(charts.Minio(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) { return &common.HelmConfig{ Enabled: true, Values: &values.Options{ - Values: []string{ - helm.KeyValue("minio.gateway.enabled", "true"), - helm.KeyValue("minio.gateway.auth.azure.accessKey", cfg.Values.StorageAccessKey), // Azure value actually taken from secret - used for console/API access - helm.KeyValue("minio.gateway.auth.azure.secretKey", cfg.Values.StorageSecretKey), // Ditto - helm.KeyValue("minio.gateway.auth.azure.storageAccountNameExistingSecret", cfg.Config.ObjectStorage.Azure.Credentials.Name), - helm.KeyValue("minio.gateway.auth.azure.storageAccountNameExistingSecretKey", "accountName"), - helm.KeyValue("minio.gateway.auth.azure.storageAccountKeyExistingSecret", cfg.Config.ObjectStorage.Azure.Credentials.Name), - helm.KeyValue("minio.gateway.auth.azure.storageAccountKeyExistingSecretKey", "accountKey"), - helm.KeyValue("minio.gateway.replicaCount", "2"), - helm.KeyValue("minio.gateway.type", "azure"), - helm.KeyValue("minio.persistence.enabled", "false"), - helm.KeyValue("minio.service.ports.api", fmt.Sprintf("%d", apiPort)), - helm.KeyValue("minio.service.ports.console", fmt.Sprintf("%d", consolePort)), - }, + Values: append( + []string{ + helm.KeyValue("minio.gateway.enabled", "true"), + helm.KeyValue("minio.gateway.auth.azure.accessKey", cfg.Values.StorageAccessKey), // Azure value actually taken from secret - used for console/API access + helm.KeyValue("minio.gateway.auth.azure.secretKey", cfg.Values.StorageSecretKey), // Ditto + helm.KeyValue("minio.gateway.auth.azure.storageAccountNameExistingSecret", cfg.Config.ObjectStorage.Azure.Credentials.Name), + helm.KeyValue("minio.gateway.auth.azure.storageAccountNameExistingSecretKey", "accountName"), + helm.KeyValue("minio.gateway.auth.azure.storageAccountKeyExistingSecret", cfg.Config.ObjectStorage.Azure.Credentials.Name), + helm.KeyValue("minio.gateway.auth.azure.storageAccountKeyExistingSecretKey", "accountKey"), + helm.KeyValue("minio.gateway.replicaCount", "2"), + helm.KeyValue("minio.gateway.type", "azure"), + helm.KeyValue("minio.persistence.enabled", "false"), + helm.KeyValue("minio.service.ports.api", fmt.Sprintf("%d", apiPort)), + helm.KeyValue("minio.service.ports.console", fmt.Sprintf("%d", consolePort)), + }, + commonHelmValues..., + ), }, }, nil }), diff --git a/installer/pkg/components/minio/helm.go b/installer/pkg/components/minio/helm.go index 31c7ee7d74c7d7..62b56ae36562e7 100644 --- a/installer/pkg/components/minio/helm.go +++ b/installer/pkg/components/minio/helm.go @@ -10,16 +10,24 @@ import ( "github.com/gitpod-io/gitpod/installer/pkg/common" "github.com/gitpod-io/gitpod/installer/pkg/components/minio/azure" "github.com/gitpod-io/gitpod/installer/pkg/components/minio/incluster" + "github.com/gitpod-io/gitpod/installer/pkg/helm" "k8s.io/utils/pointer" ) var Helm = common.CompositeHelmFunc( func(cfg *common.RenderContext) ([]string, error) { + commonHelmValues := []string{ + helm.ImagePullSecrets("minio.image.pullSecrets", cfg), + helm.KeyValue("minio.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), + helm.ImagePullSecrets("minio.volumePermissions.image.pullSecrets", cfg), + helm.KeyValue("minio.volumePermissions.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), + } + if pointer.BoolDeref(cfg.Config.ObjectStorage.InCluster, false) { - return incluster.Helm(ServiceAPIPort, ServiceConsolePort)(cfg) + return incluster.Helm(ServiceAPIPort, ServiceConsolePort, commonHelmValues)(cfg) } if cfg.Config.ObjectStorage.Azure != nil { - return azure.Helm(ServiceAPIPort, ServiceConsolePort)(cfg) + return azure.Helm(ServiceAPIPort, ServiceConsolePort, commonHelmValues)(cfg) } return nil, nil diff --git a/installer/pkg/components/minio/incluster/minio.go b/installer/pkg/components/minio/incluster/minio.go index e81ef9e03a098c..a51c2fb9f2c6d7 100644 --- a/installer/pkg/components/minio/incluster/minio.go +++ b/installer/pkg/components/minio/incluster/minio.go @@ -13,7 +13,7 @@ import ( "helm.sh/helm/v3/pkg/cli/values" ) -var Helm = func(apiPort int32, consolePort int32) common.HelmFunc { +var Helm = func(apiPort int32, consolePort int32, commonHelmValues []string) common.HelmFunc { return common.CompositeHelmFunc( helm.ImportTemplate(charts.Minio(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) { affinity, err := helm.AffinityYaml(cluster.AffinityLabelMeta) @@ -29,12 +29,15 @@ var Helm = func(apiPort int32, consolePort int32) common.HelmFunc { return &common.HelmConfig{ Enabled: true, Values: &values.Options{ - Values: []string{ - helm.KeyValue("minio.auth.rootUser", cfg.Values.StorageAccessKey), - helm.KeyValue("minio.auth.rootPassword", cfg.Values.StorageSecretKey), - helm.KeyValue("minio.service.ports.api", fmt.Sprintf("%d", apiPort)), - helm.KeyValue("minio.service.ports.console", fmt.Sprintf("%d", consolePort)), - }, + Values: append( + []string{ + helm.KeyValue("minio.auth.rootUser", cfg.Values.StorageAccessKey), + helm.KeyValue("minio.auth.rootPassword", cfg.Values.StorageSecretKey), + helm.KeyValue("minio.service.ports.api", fmt.Sprintf("%d", apiPort)), + helm.KeyValue("minio.service.ports.console", fmt.Sprintf("%d", consolePort)), + }, + commonHelmValues..., + ), // This is too complex to be sent as a string FileValues: []string{ affinityTemplate, diff --git a/installer/pkg/components/rabbitmq/helm.go b/installer/pkg/components/rabbitmq/helm.go index 326d9ce22f62f2..409926641b1326 100644 --- a/installer/pkg/components/rabbitmq/helm.go +++ b/installer/pkg/components/rabbitmq/helm.go @@ -279,6 +279,10 @@ var Helm = common.CompositeHelmFunc( helm.KeyValue("rabbitmq.auth.tls.existingSecret", TLSSecret), helm.KeyValue(fmt.Sprintf("rabbitmq.extraSecrets.%s.username", InClusterDbSecret), username), helm.KeyValue(fmt.Sprintf("rabbitmq.extraSecrets.%s.password", InClusterDbSecret), password), + helm.ImagePullSecrets("rabbitmq.image.pullSecrets", cfg), + helm.KeyValue("rabbitmq.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), + helm.ImagePullSecrets("volumePermissions.image.pullSecrets", cfg), + helm.KeyValue("rabbitmq.volumePermissions.image.registry", common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)), }, // This is too complex to be sent as a string FileValues: []string{ diff --git a/installer/pkg/helm/helm.go b/installer/pkg/helm/helm.go index a568cad77f73f5..317cd4f8662713 100644 --- a/installer/pkg/helm/helm.go +++ b/installer/pkg/helm/helm.go @@ -12,6 +12,7 @@ import ( "os/signal" "path/filepath" "sigs.k8s.io/yaml" + "strings" "syscall" "github.com/gitpod-io/gitpod/installer/pkg/common" @@ -121,6 +122,21 @@ func AffinityYaml(orLabels ...string) ([]byte, error) { return marshal, nil } +func ImagePullSecrets(key string, ctx *common.RenderContext) string { + if len(ctx.Config.ImagePullSecrets) > 0 { + var pullSecrets []string + for _, i := range ctx.Config.ImagePullSecrets { + pullSecrets = append(pullSecrets, i.Name) + } + + // Helm array nomenclature + return KeyValue(key, fmt.Sprintf("{%s}", strings.Join(pullSecrets, ","))) + } + + // Nothing to be set + return "" +} + // ImportTemplate allows for Helm charts to be imported into the installer manifest func ImportTemplate(chart *charts.Chart, templateCfg TemplateConfig, pkgConfig PkgConfig) common.HelmFunc { return func(cfg *common.RenderContext) (r []string, err error) {