From 3e7a4a30389b43fc6a24996a5aedaebfb604db86 Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Wed, 6 Apr 2022 15:39:38 +0000 Subject: [PATCH] [kots]: enable use of a local registry This will enable use of Replicated's airgapped functionality --- .../kots/manifests/gitpod-installer-job.yaml | 17 ++++++++++++++--- .../kots/manifests/gitpod-registry-secret.yaml | 2 +- install/kots/manifests/kots-config.yaml | 17 +++++++++-------- 3 files changed, 24 insertions(+), 12 deletions(-) diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index bb5cfe3177a44e..6787c2d8a674bf 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -24,7 +24,7 @@ spec: containers: - name: installer # This will normally be the release tag - using this tag as need the license evaluator - image: 'eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-mini-config.0' + image: 'eu.gcr.io/gitpod-core-dev/build/installer:sje-airgapped.0' volumeMounts: - mountPath: /config-patch name: config-patch @@ -90,7 +90,18 @@ spec: yq e -i ".database.external.certificate.name = \"database\"" "${CONFIG_FILE}" fi - if [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ]; + if [ '{{repl HasLocalRegistry }}' = "true" ]; + then + echo "Gitpod: configuring mirrored container registry" + + yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}" + yq e -i ".containerRegistry.external.url = \"{{repl LocalRegistryAddress }}\"" "${CONFIG_FILE}" + yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}" + yq e -i ".containerRegistry.external.certificate.name = \"{{repl ImagePullSecretName }}\"" "${CONFIG_FILE}" + yq e -i ".repository = \"{{repl LocalRegistryAddress }}\"" "${CONFIG_FILE}" + yq e -i ".imagePullSecrets[0].kind = \"secret\"" "${CONFIG_FILE}" + yq e -i ".imagePullSecrets[0].name = \"{{repl ImagePullSecretName }}\"" "${CONFIG_FILE}" + elif [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ]; then echo "Gitpod: configuring external container registry" @@ -99,7 +110,7 @@ spec: yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}" yq e -i ".containerRegistry.external.certificate.name = \"container-registry\"" "${CONFIG_FILE}" - if [ '{{repl ConfigOptionEquals "reg_s3storage" "1" }}' = "true" ]; + if [ '{{repl ConfigOptionEquals "reg_s3storage" "1" }}' = "true" ]; then echo "Gitpod: configuring container registry S3 backend" diff --git a/install/kots/manifests/gitpod-registry-secret.yaml b/install/kots/manifests/gitpod-registry-secret.yaml index 5d863f0582527f..121f940ce6be5a 100644 --- a/install/kots/manifests/gitpod-registry-secret.yaml +++ b/install/kots/manifests/gitpod-registry-secret.yaml @@ -6,7 +6,7 @@ kind: Secret metadata: name: container-registry annotations: - kots.io/when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}' + kots.io/when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}' type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: '{{repl printf "{\"auths\": {\"%s\": {\"username\": \"%s\", \"password\": %s, \"auth\": \"%s\"}}}" (ConfigOption "reg_server" | default (ConfigOption "reg_url")) (ConfigOption "reg_username") (ConfigOption "reg_password" | toJson) (printf "%s:%s" (ConfigOption "reg_username") (ConfigOption "reg_password") | Base64Encode) | Base64Encode }}' diff --git a/install/kots/manifests/kots-config.yaml b/install/kots/manifests/kots-config.yaml index 9d02807693d8d3..b14366f1683a4f 100644 --- a/install/kots/manifests/kots-config.yaml +++ b/install/kots/manifests/kots-config.yaml @@ -24,6 +24,7 @@ spec: - name: reg_incluster title: Use in-cluster container registry type: bool + when: '{{repl eq HasLocalRegistry false }}' default: "1" help_text: You may either use an in-cluster container registry or configure your own external container registry for better performance. This container registry must be accessible from your Kubernetes cluster. recommended: false @@ -31,27 +32,27 @@ spec: - name: reg_url title: Container registry URL type: text - when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}' required: true help_text: The container registry URL. This will usually be the fully qualified domain of your registry. - name: reg_server title: Container registry server type: text - when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}' help_text: The container registry server. This is used when [generating your credentials](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line). Depending upon your provider, this may or may not be the same as the registry URL. If not specified, the URL will be used. - name: reg_username title: Container registry username type: text - when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}' required: true help_text: The username for your container registry. - name: reg_password title: Container registry password type: password - when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}' required: true help_text: The password for your container registry. @@ -59,27 +60,27 @@ spec: title: Use S3 storage for your container registry type: bool default: "0" - when: '{{repl ConfigOptionEquals "reg_incluster" "0" }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") }}' help_text: If using AWS as your container registry, you must configure an S3 storage backend. - name: reg_bucketname title: S3 bucket name type: text - when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}' required: true help_text: The name of the bucket to act as your S3 storage backend. - name: reg_accesskey title: S3 access key type: text - when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}' required: true help_text: The access key to use for authentication of your S3 storage backend. - name: reg_secretkey title: S3 secret key type: password - when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}' + when: '{{repl and (eq HasLocalRegistry false) (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_s3storage" "1") }}' required: true help_text: The secret key to use for authentication of your S3 storage backend.