[kots]: enable use of a local registry

This will enable use of Replicated's airgapped functionality
gitpod-io · Apr 13, 2022 · 3e7a4a3 · 3e7a4a3
1 parent 55d1e4b
commit 3e7a4a3
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 12 deletions.
diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml
@@ -24,7 +24,7 @@ spec:
       containers:
         - name: installer
           # This will normally be the release tag - using this tag as need the license evaluator
-          image: 'eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-mini-config.0'
+          image: 'eu.gcr.io/gitpod-core-dev/build/installer:sje-airgapped.0'
           volumeMounts:
             - mountPath: /config-patch
               name: config-patch
@@ -90,7 +90,18 @@ spec:
                 yq e -i ".database.external.certificate.name = \"database\"" "${CONFIG_FILE}"
               fi
 
-              if [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ];
+              if [ '{{repl HasLocalRegistry }}' = "true" ];
+              then
+                echo "Gitpod: configuring mirrored container registry"
+
+                yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}"
+                yq e -i ".containerRegistry.external.url = \"{{repl LocalRegistryAddress }}\"" "${CONFIG_FILE}"
+                yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
+                yq e -i ".containerRegistry.external.certificate.name = \"{{repl ImagePullSecretName }}\"" "${CONFIG_FILE}"
+                yq e -i ".repository = \"{{repl LocalRegistryAddress }}\"" "${CONFIG_FILE}"
+                yq e -i ".imagePullSecrets[0].kind = \"secret\"" "${CONFIG_FILE}"
+                yq e -i ".imagePullSecrets[0].name = \"{{repl ImagePullSecretName }}\"" "${CONFIG_FILE}"
+              elif [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ];
               then
                 echo "Gitpod: configuring external container registry"
 
@@ -99,7 +110,7 @@ spec:
                 yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
                 yq e -i ".containerRegistry.external.certificate.name = \"container-registry\"" "${CONFIG_FILE}"
 
-              if [ '{{repl ConfigOptionEquals "reg_s3storage" "1" }}' = "true" ];
+                if [ '{{repl ConfigOptionEquals "reg_s3storage" "1" }}' = "true" ];
                 then
                   echo "Gitpod: configuring container registry S3 backend"
 

diff --git a/install/kots/manifests/gitpod-registry-secret.yaml b/install/kots/manifests/gitpod-registry-secret.yaml
@@ -6,7 +6,7 @@ kind: Secret
 metadata:
   name: container-registry
   annotations:
-    kots.io/when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}'
+    kots.io/when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
 type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: '{{repl printf "{\"auths\": {\"%s\": {\"username\": \"%s\", \"password\": %s, \"auth\": \"%s\"}}}" (ConfigOption "reg_server" | default (ConfigOption "reg_url")) (ConfigOption "reg_username") (ConfigOption "reg_password" | toJson) (printf "%s:%s" (ConfigOption "reg_username") (ConfigOption "reg_password") | Base64Encode) | Base64Encode }}'
diff --git a/install/kots/manifests/kots-config.yaml b/install/kots/manifests/kots-config.yaml
@@ -24,62 +24,63 @@ spec:
         - name: reg_incluster
           title: Use in-cluster container registry
           type: bool
+          when: '{{repl eq HasLocalRegistry false }}'
           default: "1"
           help_text: You may either use an in-cluster container registry or configure your own external container registry for better performance. This container registry must be accessible from your Kubernetes cluster.
           recommended: false
 
         - name: reg_url
           title: Container registry URL
           type: text
-          when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
           required: true
           help_text: The container registry URL. This will usually be the fully qualified domain of your registry.
 
         - name: reg_server
           title: Container registry server
           type: text
-          when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
           help_text: The container registry server. This is used when [generating your credentials](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line). Depending upon your provider, this may or may not be the same as the registry URL. If not specified, the URL will be used.
 
         - name: reg_username
           title: Container registry username
           type: text
-          when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
           required: true
           help_text: The username for your container registry.
 
         - name: reg_password
           title: Container registry password
           type: password
-          when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
           required: true
           help_text: The password for your container registry.
 
         - name: reg_s3storage
           title: Use S3 storage for your container registry
           type: bool
           default: "0"
-          when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}'
           help_text: If using AWS as your container registry, you must configure an S3 storage backend.
 
         - name: reg_bucketname
           title: S3 bucket name
           type: text
-          when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
           required: true
           help_text: The name of the bucket to act as your S3 storage backend.
 
         - name: reg_accesskey
           title: S3 access key
           type: text
-          when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
           required: true
           help_text: The access key to use for authentication of your S3 storage backend.
 
         - name: reg_secretkey
           title: S3 secret key
           type: password
-          when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
+          when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}'
           required: true
           help_text: The secret key to use for authentication of your S3 storage backend.