[installer]: set proxy server configuration in installer

gitpod-io · Aug 3, 2022 · 371dd42 · 371dd42
1 parent 5be7f7a
commit 371dd42
Show file tree

Hide file tree

Showing 7 changed files with 96 additions and 15 deletions.
diff --git a/install/installer/pkg/common/common.go b/install/installer/pkg/common/common.go
@@ -28,6 +28,32 @@ import (
 	"sigs.k8s.io/yaml"
 )
 
+// getProxyServerEnvvar get the proxy server envvars in both upper and lowercase form for maximum compatiblity
+func getProxyServerEnvvar(cfg *config.Config, envvarName string, key string) []corev1.EnvVar {
+	env := corev1.EnvVar{
+		Name: strings.ToUpper(envvarName),
+		ValueFrom: &corev1.EnvVarSource{
+			ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
+				LocalObjectReference: corev1.LocalObjectReference{
+					Name: ProxyServerConfigMap,
+				},
+				Key:      key,
+				Optional: pointer.Bool(true),
+			},
+		},
+	}
+
+	return []corev1.EnvVar{
+		env,
+		func() corev1.EnvVar {
+			envLower := env.DeepCopy()
+			envLower.Name = strings.ToLower(envvarName)
+
+			return *envLower
+		}(),
+	}
+}
+
 func DefaultLabels(component string) map[string]string {
 	return map[string]string{
 		"app":       AppName,
@@ -48,19 +74,28 @@ func DefaultEnv(cfg *config.Config) []corev1.EnvVar {
 		logLevel = string(cfg.Observability.LogLevel)
 	}
 
-	return []corev1.EnvVar{
-		{Name: "GITPOD_DOMAIN", Value: cfg.Domain},
-		{Name: "GITPOD_INSTALLATION_SHORTNAME", Value: cfg.Metadata.InstallationShortname},
-		{Name: "GITPOD_REGION", Value: cfg.Metadata.Region},
-		{Name: "HOST_URL", Value: "https://" + cfg.Domain},
-		{Name: "KUBE_NAMESPACE", ValueFrom: &corev1.EnvVarSource{
-			FieldRef: &corev1.ObjectFieldSelector{
-				FieldPath: "metadata.namespace",
-			},
-		}},
-		{Name: "KUBE_DOMAIN", Value: "svc.cluster.local"},
-		{Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)},
-	}
+	return MergeEnv(
+		[]corev1.EnvVar{
+			{Name: "GITPOD_DOMAIN", Value: cfg.Domain},
+			{Name: "GITPOD_INSTALLATION_SHORTNAME", Value: cfg.Metadata.InstallationShortname},
+			{Name: "GITPOD_REGION", Value: cfg.Metadata.Region},
+			{Name: "HOST_URL", Value: "https://" + cfg.Domain},
+			{Name: "KUBE_NAMESPACE", ValueFrom: &corev1.EnvVarSource{
+				FieldRef: &corev1.ObjectFieldSelector{
+					FieldPath: "metadata.namespace",
+				},
+			}},
+			{Name: "KUBE_DOMAIN", Value: "svc.cluster.local"},
+			{Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)},
+		},
+		getProxyServerEnvvar(cfg, "HTTP_PROXY", "httpProxy"),
+		getProxyServerEnvvar(cfg, "HTTPS_PROXY", "httpsProxy"),
+		getProxyServerEnvvar(cfg, "CUSTOM_NO_PROXY", "noProxy"),
+		[]corev1.EnvVar{
+			// This must come after the CUSTOM_NO_PROXY definition. The (potential) trailing comma doesn't seem to matter
+			{Name: "NO_PROXY", Value: "$(CUSTOM_NO_PROXY)"},
+		},
+	)
 }
 
 func WorkspaceTracingEnv(context *RenderContext) (res []corev1.EnvVar) {

diff --git a/install/installer/pkg/common/constants.go b/install/installer/pkg/common/constants.go
@@ -27,6 +27,7 @@ const (
 	KubeRBACProxyTag            = "v0.12.0"
 	MinioServiceAPIPort         = 9000
 	MonitoringChart             = "monitoring"
+	ProxyServerConfigMap        = "proxy-server" // Not related to proxy component, but where proxy server values stored
 	ProxyComponent              = "proxy"
 	ProxyContainerHTTPPort      = 80
 	ProxyContainerHTTPName      = "http"

diff --git a/install/kots/manifests/gitpod-installation-status.yaml b/install/kots/manifests/gitpod-installation-status.yaml
@@ -30,7 +30,7 @@ spec:
       containers:
         - name: installation-status
           # This will normally be the release tag
-          image: "eu.gcr.io/gitpod-core-dev/build/installer:nvn-fix-11408.15"
+          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-server.6"
           command:
             - /bin/sh
             - -c

diff --git a/install/kots/manifests/gitpod-installation.yaml b/install/kots/manifests/gitpod-installation.yaml
@@ -13,6 +13,7 @@ data:
   channelName: repl{{ ChannelName | quote }}
   cursor: repl{{ Cursor | quote }}
   isAirgap: repl{{ IsAirgap | quote }}
+  kotsVersion: repl{{ KotsVersion | quote }}
   releaseNotes: repl{{ ReleaseNotes | quote }}
   sequence: repl{{ Sequence | quote }}
   version: repl{{ VersionLabel | quote }}
diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml
@@ -28,7 +28,7 @@ spec:
       containers:
         - name: installer
           # This will normally be the release tag
-          image: "eu.gcr.io/gitpod-core-dev/build/installer:nvn-fix-11408.15"
+          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-server.6"
           volumeMounts:
             - mountPath: /config-patch
               name: config-patch

diff --git a/install/kots/manifests/gitpod-proxy-server.yaml b/install/kots/manifests/gitpod-proxy-server.yaml
@@ -0,0 +1,16 @@
+# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+# Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: proxy-server # Name set in /install/installer/pkg/common/constants.go
+  labels:
+    app: gitpod
+    component: gitpod-installer
+  annotations:
+    kots.io/when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+data:
+  httpProxy: '{{repl ConfigOption "proxy_server_http_proxy" }}'
+  httpsProxy: '{{repl ConfigOption "proxy_server_https_proxy" }}'
+  noProxy: 'kotsadm,{{repl NoProxy }}{{repl ConfigOption "proxy_server_no_proxy" }}' # Merge the KOTS NO_PROXY so we don't lose the ability to talk to it
diff --git a/install/kots/manifests/kots-config.yaml b/install/kots/manifests/kots-config.yaml
@@ -369,6 +369,34 @@ spec:
 
             Add the domain only (eg, `gitpod.io`). Separate multiple domains with spaces.
 
+    - name: proxy_server
+      title: Proxy server
+      description: Route your access through a proxy server
+      items:
+        - name: proxy_server_enabled
+          title: Route through a proxy server
+          type: bool
+          default: "0"
+          help_text: Configure proxy access to the Internet
+
+        - name: proxy_server_http_proxy
+          title: HTTP proxy
+          type: text
+          when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+          help_text: Configure HTTP proxy server to route all traffic through. This should be in the format "proxy.domain.com:1234"
+
+        - name: proxy_server_https_proxy
+          title: HTTPS proxy
+          type: text
+          when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+          help_text: Configure HTTPS proxy server to route all traffic through. This should be in the format "proxy.domain.com:1234"
+
+        - name: proxy_server_no_proxy
+          title: No proxy
+          type: text
+          when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+          help_text: Configure URLs that bypass the proxy. This should be a CSV in the format "domain1.com,domain2.com".
+
     - name: advanced
       title: Advanced Options
       description: Here are advanced options that you should only make use of in coordination with us or when you know what you are doing.