From 5f32584acc0ff92e48be47c4c0f5f445a0cd9d9e Mon Sep 17 00:00:00 2001 From: Tarun Pothulapati Date: Wed, 17 Aug 2022 05:12:05 +0000 Subject: [PATCH] [kots] Add new config to upload `dockerConfigJson` file Signed-off-by: Tarun Pothulapati --- .../kots/manifests/gitpod-installer-job.yaml | 54 ++++++++++++++----- install/kots/manifests/kots-config.yaml | 15 +++++- 2 files changed, 54 insertions(+), 15 deletions(-) diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index 4b7fc907859cad..0b22700a6b47f0 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -78,6 +78,17 @@ spec: fi fi + echo "Gitpod: Create a Helm template directory" + rm -Rf "${GITPOD_OBJECTS}" + mkdir -p "${GITPOD_OBJECTS}/templates" + cat <> "${GITPOD_OBJECTS}/Chart.yaml" + apiVersion: v2 + name: gitpod-kots + description: Always ready-to-code + version: "1.0.0" + appVersion: "$(/app/installer version | yq e '.version' -)" + EOF + echo "Gitpod: Generate the base Installer config" /app/installer init > "${CONFIG_FILE}" @@ -174,8 +185,7 @@ spec: kubectl create secret docker-registry container-registry \ --namespace "{{repl Namespace }}" \ --from-file=.dockerconfigjson=/tmp/container-registry-secret \ - -o yaml --dry-run=client | \ - kubectl replace --namespace "{{repl Namespace }}" --force -f - + -o yaml --dry-run=client > "${GITPOD_OBJECTS}/templates/gitpod.yaml" yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}" yq e -i ".containerRegistry.external.url = \"{{repl ConfigOption "reg_url" }}\"" "${CONFIG_FILE}" @@ -298,19 +308,8 @@ spec: config=$(cat "${CONFIG_FILE}") echo "Gitpod: ${CONFIG_FILE}=${config}" - echo "Gitpod: Create a Helm template directory" - rm -Rf "${GITPOD_OBJECTS}" - mkdir -p "${GITPOD_OBJECTS}/templates" - cat <> "${GITPOD_OBJECTS}/Chart.yaml" - apiVersion: v2 - name: gitpod-kots - description: Always ready-to-code - version: "1.0.0" - appVersion: "$(/app/installer version | yq e '.version' -)" - EOF - echo "Gitpod: render Kubernetes manifests" - /app/installer render -c "${CONFIG_FILE}" --namespace {{repl Namespace }} --use-experimental-config > "${GITPOD_OBJECTS}/templates/gitpod.yaml" + /app/installer render -c "${CONFIG_FILE}" --namespace {{repl Namespace }} --use-experimental-config >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" if [ '{{repl ConfigOptionEquals "reg_incluster" "1" }}' = "true" ]; then @@ -329,6 +328,33 @@ spec: "${GITPOD_OBJECTS}/templates/gitpod.yaml" fi + # figure out the secret to use + if [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ]; + then + export REGISTRY_SECRET_NAME="container-registry" + else + export REGISTRY_SECRET_NAME="builtin-registry-auth" + fi + + if [ '{{repl ConfigOptionNotEquals "reg_docker_config" "" }}' = "true" ]; + then + echo "Gitpod: Add given extra docker config json file to ${REGISTRY_SECRET_NAME}" + + yq eval-all '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson")' \ + "${GITPOD_OBJECTS}/templates/gitpod.yaml" \ + | base64 -d \ + > /tmp/currentconfig.json + + DOCKER_CONFIG='{{repl ConfigOptionData "reg_docker_config" | Base64Encode }}' + echo "${DOCKER_CONFIG}" | base64 -d > /tmp/userconfig.json + + export REGISTRY_SECRET=$(jq -s '.[0] * .[1]' /tmp/userconfig.json /tmp/currentconfig.json | base64 -w 0) + + echo "Gitpod: update the in-cluster registry secret" + yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \ + "${GITPOD_OBJECTS}/templates/gitpod.yaml" + fi + echo "Gitpod: Escape any Golang template values" sed -i -r 's/(.*\{\{.*)/{{`\1`}}/' "${GITPOD_OBJECTS}/templates/gitpod.yaml" diff --git a/install/kots/manifests/kots-config.yaml b/install/kots/manifests/kots-config.yaml index 96e081f257827c..75b0411e089888 100644 --- a/install/kots/manifests/kots-config.yaml +++ b/install/kots/manifests/kots-config.yaml @@ -23,7 +23,7 @@ spec: - name: container_registry title: Container registry - description: Gitpod requires a container registry to store container images. This can either be an in-cluster or external container registry. + description: Gitpod [requires a container registry](https://www.gitpod.io/docs/self-hosted/latest/reference-architecture/single-cluster-ref-arch#oci-image-registry) to push and store workspace images. This can either be an in-cluster or external container registry. items: - name: reg_incluster title: Use in-cluster container registry @@ -108,6 +108,19 @@ spec: required: true help_text: The password for your container registry. + - name: reg_docker_config_enable + title: Configure additional registry credentials for pulling workspace images + type: bool + default: "0" + help_text: This is useful when you have base workspace images in private registries other than the above configured ones. + + - name: reg_docker_config + title: Registry credentials + when: '{{repl ConfigOptionEquals "reg_docker_config_enable" "1" }}' + type: file + required: true + help_text: Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images. + - name: database title: Database description: Gitpod requires an instance of MySQL 5.7 for data storage. This can either be an in-cluster or external database.