-
Notifications
You must be signed in to change notification settings - Fork 1.2k
/
gitpod-installer-job.yaml
220 lines (188 loc) · 9.58 KB
/
gitpod-installer-job.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# The installer job is where the magic happens. It generates
# the config, installs Gitpod and then deletes itself when
# it's finished
apiVersion: batch/v1
kind: Job
metadata:
name: installer
labels:
app: gitpod
component: gitpod-installer
spec:
ttlSecondsAfterFinished: 60
template:
metadata:
labels:
app: gitpod
component: gitpod-installer
spec:
serviceAccountName: installer
restartPolicy: OnFailure
initContainers:
# Checks that the cert-manager installation is complete
- name: cert-manager
image: alpine/helm
command:
- /bin/sh
- -c
args:
- |
set -e
echo "Gitpod: Install jq"
apk add --no-cache jq
echo "Gitpod: Perform the check"
while [ "$(helm status -n {{repl Namespace }} cert-manager -o json | jq '.info.status == "deployed"')" = "false" ];
do
echo "Gitpod: Release not found - will retry in 10s"
sleep 10
done
echo "Gitpod: Release found - goodbye"
containers:
- name: installer
# This will normally be the release tag - using this tag as need the license evaluator
image: 'eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-helm.4'
volumeMounts:
- mountPath: /config-patch
name: config-patch
readOnly: true
- mountPath: /mnt/node0
name: node-fs0
readOnly: true
env:
- name: CONFIG_FILE
value: /tmp/gitpod-config.yaml
- name: CONFIG_PATCH_FILE
value: /config-patch/gitpod-config-patch.yaml
- name: CONTAINERD_DIR_K3S
value: /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io
- name: CONTAINERD_SOCKET_K3S
value: /run/k3s/containerd/containerd.sock
- name: GITPOD_OBJECTS
value: /tmp/gitpod
command:
- /bin/sh
- -c
args:
- |
set -e
echo "Gitpod: Generate the base Installer config"
/app/installer init > "${CONFIG_FILE}"
echo "Gitpod: auto-detecting containerd location on host machine"
if [ -d "/mnt/node0${CONTAINERD_DIR_K3S}" ]; then
echo "Gitpod: containerd dir detected as k3s"
yq e -i ".workspace.runtime.containerdRuntimeDir = \"${CONTAINERD_DIR_K3S}\"" "${CONFIG_FILE}"
fi
if [ -S "/mnt/node0${CONTAINERD_SOCKET_K3S}" ]; then
echo "Gitpod: containerd socket detected as k3s"
yq e -i ".workspace.runtime.containerdSocket = \"${CONTAINERD_SOCKET_K3S}\"" "${CONFIG_FILE}"
fi
echo "Gitpod: Inject the Replicated variables into the config"
yq e -i '.domain = "{{repl ConfigOption "domain" }}"' "${CONFIG_FILE}"
yq e -i '.license.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.license.name = "gitpod-license"' "${CONFIG_FILE}"
if [ '{{repl and (ConfigOptionEquals "db_incluster" "0") (ConfigOptionEquals "db_cloudsql_enabled" "1") }}' = "true" ];
then
echo "Gitpod: configuring CloudSQLProxy"
yq e -i ".database.inCluster = false" "${CONFIG_FILE}"
yq e -i ".database.cloudSQL.instance = \"{{repl ConfigOption "db_cloudsql_instance" }}\"" "${CONFIG_FILE}"
yq e -i ".database.cloudSQL.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".database.cloudSQL.serviceAccount.name = \"cloudsql\"" "${CONFIG_FILE}"
fi
if [ '{{repl and (ConfigOptionEquals "db_incluster" "0") (ConfigOptionEquals "db_cloudsql_enabled" "0") }}' = "true" ];
then
echo "Gitpod: configuring external database"
yq e -i ".database.inCluster = false" "${CONFIG_FILE}"
yq e -i ".database.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".database.external.certificate.name = \"database\"" "${CONFIG_FILE}"
fi
if [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ];
then
echo "Gitpod: configuring external container registry"
yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}"
yq e -i ".containerRegistry.external.url = \"{{repl ConfigOption "reg_url" }}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.external.certificate.name = \"container-registry\"" "${CONFIG_FILE}"
if [ '{{repl ConfigOptionEquals "reg_s3storage" "1" }}' = "true" ];
then
echo "Gitpod: configuring container registry S3 backend"
yq e -i ".containerRegistry.s3storage.bucket = \"{{repl ConfigOption "reg_bucketname" }}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.s3storage.certificate.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.s3storage.certificate.name = \"container-registry-s3-backend\"" "${CONFIG_FILE}"
fi
fi
if [ '{{repl ConfigOptionNotEquals "store_provider" "incluster" }}' = "true" ];
then
echo "Gitpod: configuring the storage"
yq e -i ".metadata.region = \"{{repl ConfigOption "store_region" }}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.inCluster = false" "${CONFIG_FILE}"
if [ '{{repl ConfigOptionEquals "store_provider" "azure" }}' = "true" ];
then
echo "Gitpod: configuring storage for Azure"
yq e -i ".objectStorage.azure.credentials.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.azure.credentials.name = \"storage-azure\"" "${CONFIG_FILE}"
fi
if [ '{{repl ConfigOptionEquals "store_provider" "gcp" }}' = "true" ];
then
echo "Gitpod: configuring storage for GCP"
yq e -i ".objectStorage.cloudStorage.project = \"{{repl ConfigOption "store_gcp_project" }}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.cloudStorage.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.cloudStorage.serviceAccount.name = \"storage-gcp\"" "${CONFIG_FILE}"
fi
if [ '{{repl ConfigOptionEquals "store_provider" "s3" }}' = "true" ];
then
echo "Gitpod: configuring storage for S3"
yq e -i ".objectStorage.s3.endpoint = \"{{repl ConfigOption "store_s3_endpoint" }}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.s3.credentials.secret = \"secret\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.s3.credentials.name = \"storage-s3\"" "${CONFIG_FILE}"
fi
fi
if [ '{{repl ConfigOptionEquals "ssh_gateway" "1" }}' = "true" ];
then
echo "Gitpod: Generate SSH host key"
apk update && apk add --no-cache openssh-keygen # TODO: Move installation of openssh-keygen to installer image
ssh-keygen -t rsa -q -N "" -f host.key
kubectl create secret generic ssh-gateway-host-key --from-file=host.key -n {{repl Namespace }} || echo "SSH Gateway Host Key secret has not been created. Does it exist already?"
yq e -i '.sshGatewayHostKey.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.sshGatewayHostKey.name = "ssh-gateway-host-key"' "${CONFIG_FILE}"
fi
echo "Gitpod: Patch Gitpod config"
base64 -d "${CONFIG_PATCH_FILE}" > /tmp/patch.yaml
config_patch=$(cat /tmp/patch.yaml)
echo "Gitpod: ${CONFIG_PATCH_FILE}=${config_patch}"
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' "${CONFIG_FILE}" /tmp/patch.yaml
echo "Gitpod: Generate the Kubernetes objects and apply"
config=$(cat "${CONFIG_FILE}")
echo "Gitpod: ${CONFIG_FILE}=${config}"
echo "Gitpod: Create a Helm template directory"
rm -Rf "${GITPOD_OBJECTS}"
mkdir -p "${GITPOD_OBJECTS}/templates"
cat <<EOF >> "${GITPOD_OBJECTS}/Chart.yaml"
apiVersion: v2
name: gitpod-kots
description: Always ready-to-code
Version: "1.0.0"
appVersion: "$(/app/installer version | yq e '.version' -)"
EOF
/app/installer render -c "${CONFIG_FILE}" --namespace {{repl Namespace }} > "${GITPOD_OBJECTS}/templates/gitpod.yaml"
# The long timeout is to ensure the TLS cert is created (if required)
helm upgrade \
--atomic \
--cleanup-on-fail \
--create-namespace \
--install \
--namespace="{{repl Namespace }}" \
--reset-values \
--timeout 1h \
--wait \
--wait-for-jobs \
gitpod \
"${GITPOD_OBJECTS}"
echo "Gitpod: Installer job finished - goodbye"
volumes:
- name: config-patch
configMap:
name: gitpod-config-patch
- name: node-fs0
hostPath:
path: /
type: Directory