Skip to content

Commit

Permalink
[installer]: set proxy server configuration in installer
Browse files Browse the repository at this point in the history
  • Loading branch information
Simon Emms committed Aug 5, 2022
1 parent 6370e40 commit 016ead2
Show file tree
Hide file tree
Showing 7 changed files with 124 additions and 22 deletions.
89 changes: 69 additions & 20 deletions install/installer/pkg/common/common.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,32 @@ import (
"sigs.k8s.io/yaml"
)

// getProxyServerEnvvar get the proxy server envvars in both upper and lowercase form for maximum compatiblity
func getProxyServerEnvvar(cfg *config.Config, envvarName string, key string) []corev1.EnvVar {
env := corev1.EnvVar{
Name: strings.ToUpper(envvarName),
ValueFrom: &corev1.EnvVarSource{
ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
LocalObjectReference: corev1.LocalObjectReference{
Name: ProxyServerConfigMap,
},
Key: key,
Optional: pointer.Bool(true),
},
},
}

return []corev1.EnvVar{
env,
func() corev1.EnvVar {
envLower := env.DeepCopy()
envLower.Name = strings.ToLower(envvarName)

return *envLower
}(),
}
}

func DefaultLabels(component string) map[string]string {
return map[string]string{
"app": AppName,
Expand All @@ -42,25 +68,43 @@ func MergeEnv(envs ...[]corev1.EnvVar) (res []corev1.EnvVar) {
return
}

func ProxyEnv(cfg *config.Config) []corev1.EnvVar {
noProxyValue := ".$(KUBE_NAMESPACE).svc.cluster.local,$(CUSTOM_NO_PROXY)"

return MergeEnv(
getProxyServerEnvvar(cfg, "HTTP_PROXY", "httpProxy"),
getProxyServerEnvvar(cfg, "HTTPS_PROXY", "httpsProxy"),
getProxyServerEnvvar(cfg, "CUSTOM_NO_PROXY", "noProxy"),
[]corev1.EnvVar{
// This must come after the CUSTOM_NO_PROXY definition. The (potential) trailing comma doesn't seem to matter
{Name: "NO_PROXY", Value: noProxyValue},
{Name: "no_proxy", Value: noProxyValue},
},
)
}

func DefaultEnv(cfg *config.Config) []corev1.EnvVar {
logLevel := "info"
if cfg.Observability.LogLevel != "" {
logLevel = string(cfg.Observability.LogLevel)
}

return []corev1.EnvVar{
{Name: "GITPOD_DOMAIN", Value: cfg.Domain},
{Name: "GITPOD_INSTALLATION_SHORTNAME", Value: cfg.Metadata.InstallationShortname},
{Name: "GITPOD_REGION", Value: cfg.Metadata.Region},
{Name: "HOST_URL", Value: "https://" + cfg.Domain},
{Name: "KUBE_NAMESPACE", ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "metadata.namespace",
},
}},
{Name: "KUBE_DOMAIN", Value: "svc.cluster.local"},
{Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)},
}
return MergeEnv(
[]corev1.EnvVar{
{Name: "GITPOD_DOMAIN", Value: cfg.Domain},
{Name: "GITPOD_INSTALLATION_SHORTNAME", Value: cfg.Metadata.InstallationShortname},
{Name: "GITPOD_REGION", Value: cfg.Metadata.Region},
{Name: "HOST_URL", Value: "https://" + cfg.Domain},
{Name: "KUBE_NAMESPACE", ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "metadata.namespace",
},
}},
{Name: "KUBE_DOMAIN", Value: "svc.cluster.local"},
{Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)},
},
ProxyEnv(cfg),
)
}

func WorkspaceTracingEnv(context *RenderContext) (res []corev1.EnvVar) {
Expand Down Expand Up @@ -298,6 +342,7 @@ func DatabaseWaiterContainer(ctx *RenderContext) *corev1.Container {
},
Env: MergeEnv(
DatabaseEnv(&ctx.Config),
ProxyEnv(&ctx.Config),
),
}
}
Expand All @@ -316,6 +361,7 @@ func MessageBusWaiterContainer(ctx *RenderContext) *corev1.Container {
},
Env: MergeEnv(
MessageBusEnv(&ctx.Config),
ProxyEnv(&ctx.Config),
),
}
}
Expand All @@ -336,16 +382,19 @@ func KubeRBACProxyContainerWithConfig(ctx *RenderContext) *corev1.Container {
Ports: []corev1.ContainerPort{
{Name: baseserver.BuiltinMetricsPortName, ContainerPort: baseserver.BuiltinMetricsPort},
},
Env: []corev1.EnvVar{
{
Name: "IP",
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "status.podIP",
Env: MergeEnv(
[]corev1.EnvVar{
{
Name: "IP",
ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "status.podIP",
},
},
},
},
},
ProxyEnv(&ctx.Config),
),
Resources: corev1.ResourceRequirements{Requests: corev1.ResourceList{
corev1.ResourceCPU: resource.MustParse("1m"),
corev1.ResourceMemory: resource.MustParse("30Mi"),
Expand Down
1 change: 1 addition & 0 deletions install/installer/pkg/common/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ const (
KubeRBACProxyTag = "v0.12.0"
MinioServiceAPIPort = 9000
MonitoringChart = "monitoring"
ProxyServerConfigMap = "proxy-server" // Not related to proxy component, but where proxy server values stored
ProxyComponent = "proxy"
ProxyContainerHTTPPort = 80
ProxyContainerHTTPName = "http"
Expand Down
2 changes: 1 addition & 1 deletion install/kots/manifests/gitpod-installation-status.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
containers:
- name: installation-status
# This will normally be the release tag
image: "eu.gcr.io/gitpod-core-dev/build/installer:nvn-fix-11408.15"
image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-server.16"
command:
- /bin/sh
- -c
Expand Down
1 change: 1 addition & 0 deletions install/kots/manifests/gitpod-installation.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ data:
channelName: repl{{ ChannelName | quote }}
cursor: repl{{ Cursor | quote }}
isAirgap: repl{{ IsAirgap | quote }}
kotsVersion: repl{{ KotsVersion | quote }}
releaseNotes: repl{{ ReleaseNotes | quote }}
sequence: repl{{ Sequence | quote }}
version: repl{{ VersionLabel | quote }}
2 changes: 1 addition & 1 deletion install/kots/manifests/gitpod-installer-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ spec:
containers:
- name: installer
# This will normally be the release tag
image: "eu.gcr.io/gitpod-core-dev/build/installer:nvn-fix-11408.15"
image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-server.16"
volumeMounts:
- mountPath: /config-patch
name: config-patch
Expand Down
18 changes: 18 additions & 0 deletions install/kots/manifests/gitpod-proxy-server.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
# Licensed under the MIT License. See License-MIT.txt in the project root for license information.

apiVersion: v1
kind: ConfigMap
metadata:
name: proxy-server # Name set in /install/installer/pkg/common/constants.go
labels:
app: gitpod
component: gitpod-installer
# annotations:
# kots.io/when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
data:
httpProxy: '{{repl (ConfigOption "proxy_server_http_proxy" | default (HTTPProxy)) }}'
# @todo(sje): There is currently no HTTPSProxy function in KOTS
# @link https://github.com/replicated-collab/replicated-gitpod/issues/39
httpsProxy: '{{repl ConfigOption "proxy_server_https_proxy" | default (HTTPProxy) }}'
noProxy: 'kotsadm,kotsadm-postgres,kotsadm-minio,kotsadm-api-node,.{{repl Namespace }}.svc.cluster.local,{{repl NoProxy }},{{repl ConfigOption "proxy_server_no_proxy" }}' # Merge the KOTS NO_PROXY so we don't lose the ability to talk to it
33 changes: 33 additions & 0 deletions install/kots/manifests/kots-config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -369,6 +369,39 @@ spec:
Add the domain only (eg, `gitpod.io`). Separate multiple domains with spaces.
- name: proxy_server
title: Proxy server
description: Route your access through a proxy server
items:
- name: proxy_server_enabled
title: Route through a proxy server
type: bool
default: "0"
help_text: Configure proxy access to the Internet

- name: proxy_server_http_proxy
title: HTTP proxy
type: text
default: '{{repl HTTPProxy }}'
when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
help_text: Configure HTTP proxy server to route all traffic through. This should be in the format "user:[email protected]:1234"

- name: proxy_server_https_proxy
title: HTTPS proxy
type: text
# @todo(sje): There is currently no HTTPSProxy function in KOTS
# @link https://github.com/replicated-collab/replicated-gitpod/issues/39
default: ''
when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
help_text: Configure HTTPS proxy server to route all traffic through. This should be in the format "user:[email protected]:1234"

- name: proxy_server_no_proxy
title: No proxy
type: text
default: '{{repl NoProxy }}'
when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
help_text: Configure URLs that bypass the proxy. This should be a CSV in the format "domain1.com,domain2.com".

- name: advanced
title: Advanced Options
description: Here are advanced options that you should only make use of in coordination with us or when you know what you are doing.
Expand Down

0 comments on commit 016ead2

Please sign in to comment.