From 63036324b1912cf8e2972a1818f0d5d262e65dc7 Mon Sep 17 00:00:00 2001
From: Simon Emms <simon@gitpod.io>
Date: Mon, 1 Aug 2022 14:09:15 +0000
Subject: [PATCH] [installer]: set proxy server configuration in installer

---
 install/installer/pkg/common/common.go        | 21 ++++++++++++++
 install/installer/pkg/common/constants.go     |  1 +
 .../manifests/gitpod-installation-status.yaml |  2 +-
 .../kots/manifests/gitpod-installation.yaml   |  1 +
 .../kots/manifests/gitpod-installer-job.yaml  |  2 +-
 .../kots/manifests/gitpod-proxy-server.yaml   | 16 +++++++++++
 install/kots/manifests/kots-config.yaml       | 28 +++++++++++++++++++
 7 files changed, 69 insertions(+), 2 deletions(-)
 create mode 100644 install/kots/manifests/gitpod-proxy-server.yaml

diff --git a/install/installer/pkg/common/common.go b/install/installer/pkg/common/common.go
index 5ed0c8c8b85160..29bae98fbf11e6 100644
--- a/install/installer/pkg/common/common.go
+++ b/install/installer/pkg/common/common.go
@@ -28,6 +28,21 @@ import (
 	"sigs.k8s.io/yaml"
 )
 
+func getProxyServerEnvvar(cfg *config.Config, envvarName string, key string) corev1.EnvVar {
+	return corev1.EnvVar{
+		Name: envvarName,
+		ValueFrom: &corev1.EnvVarSource{
+			ConfigMapKeyRef: &corev1.ConfigMapKeySelector{
+				LocalObjectReference: corev1.LocalObjectReference{
+					Name: ProxyServerConfigMap,
+				},
+				Key:      key,
+				Optional: pointer.Bool(true),
+			},
+		},
+	}
+}
+
 func DefaultLabels(component string) map[string]string {
 	return map[string]string{
 		"app":       AppName,
@@ -60,6 +75,12 @@ func DefaultEnv(cfg *config.Config) []corev1.EnvVar {
 		}},
 		{Name: "KUBE_DOMAIN", Value: "svc.cluster.local"},
 		{Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)},
+
+		getProxyServerEnvvar(cfg, "HTTP_PROXY", "httpProxy"),
+		getProxyServerEnvvar(cfg, "HTTPS_PROXY", "httpsProxy"),
+		getProxyServerEnvvar(cfg, "CUSTOM_NO_PROXY", "noProxy"),
+		// This must come after the CUSTOM_NO_PROXY definition. The (potential) trailing comma doesn't seem to matter
+		{Name: "NO_PROXY", Value: "$(CUSTOM_NO_PROXY)"},
 	}
 }
 
diff --git a/install/installer/pkg/common/constants.go b/install/installer/pkg/common/constants.go
index e70bae6d0d7d5f..f7ddbc709ea19c 100644
--- a/install/installer/pkg/common/constants.go
+++ b/install/installer/pkg/common/constants.go
@@ -27,6 +27,7 @@ const (
 	KubeRBACProxyTag            = "v0.12.0"
 	MinioServiceAPIPort         = 9000
 	MonitoringChart             = "monitoring"
+	ProxyServerConfigMap        = "proxy-server" // Not related to proxy component, but where proxy server values stored
 	ProxyComponent              = "proxy"
 	ProxyContainerHTTPPort      = 80
 	ProxyContainerHTTPName      = "http"
diff --git a/install/kots/manifests/gitpod-installation-status.yaml b/install/kots/manifests/gitpod-installation-status.yaml
index eb9d3763e5b400..64bf9eb6287466 100644
--- a/install/kots/manifests/gitpod-installation-status.yaml
+++ b/install/kots/manifests/gitpod-installation-status.yaml
@@ -30,7 +30,7 @@ spec:
       containers:
         - name: installation-status
           # This will normally be the release tag
-          image: "eu.gcr.io/gitpod-core-dev/build/installer:nvn-fix-11408.15"
+          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-server.2"
           command:
             - /bin/sh
             - -c
diff --git a/install/kots/manifests/gitpod-installation.yaml b/install/kots/manifests/gitpod-installation.yaml
index aa50b5c3e5eaa2..b221cc7ca6eb51 100644
--- a/install/kots/manifests/gitpod-installation.yaml
+++ b/install/kots/manifests/gitpod-installation.yaml
@@ -13,6 +13,7 @@ data:
   channelName: repl{{ ChannelName | quote }}
   cursor: repl{{ Cursor | quote }}
   isAirgap: repl{{ IsAirgap | quote }}
+  kotsVersion: repl{{ KotsVersion | quote }}
   releaseNotes: repl{{ ReleaseNotes | quote }}
   sequence: repl{{ Sequence | quote }}
   version: repl{{ VersionLabel | quote }}
diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml
index bad00875199c1a..6dafc7687df8cf 100644
--- a/install/kots/manifests/gitpod-installer-job.yaml
+++ b/install/kots/manifests/gitpod-installer-job.yaml
@@ -28,7 +28,7 @@ spec:
       containers:
         - name: installer
           # This will normally be the release tag
-          image: "eu.gcr.io/gitpod-core-dev/build/installer:nvn-fix-11408.15"
+          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-server.2"
           volumeMounts:
             - mountPath: /config-patch
               name: config-patch
diff --git a/install/kots/manifests/gitpod-proxy-server.yaml b/install/kots/manifests/gitpod-proxy-server.yaml
new file mode 100644
index 00000000000000..9845b3521f9f96
--- /dev/null
+++ b/install/kots/manifests/gitpod-proxy-server.yaml
@@ -0,0 +1,16 @@
+# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
+# Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: proxy-server # Name set in /install/installer/pkg/common/constants.go
+  labels:
+    app: gitpod
+    component: gitpod-installer
+  annotations:
+    kots.io/when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+data:
+  httpProxy: '{{repl ConfigOption "proxy_server_http_proxy" }}'
+  httpsProxy: '{{repl ConfigOption "proxy_server_https_proxy" }}'
+  noProxy: 'kotsadm,{{repl NoProxy }}{{repl if ConfigOptionNotEquals "proxy_server_no_proxy" "" }},{{repl end }}{{repl ConfigOption "proxy_server_no_proxy" }}' # Merge the KOTS NO_PROXY so we don't lose the ability to talk to it
diff --git a/install/kots/manifests/kots-config.yaml b/install/kots/manifests/kots-config.yaml
index 96e081f257827c..2944568f500720 100644
--- a/install/kots/manifests/kots-config.yaml
+++ b/install/kots/manifests/kots-config.yaml
@@ -369,6 +369,34 @@ spec:
 
             Add the domain only (eg, `gitpod.io`). Separate multiple domains with spaces.
 
+    - name: proxy_server
+      title: Proxy server
+      description: Route your access through a proxy server
+      items:
+        - name: proxy_server_enabled
+          title: Enable proxy server options
+          type: bool
+          default: "0"
+          help_text: Configure proxy access to the Internet
+
+        - name: proxy_server_http_proxy
+          title: HTTP proxy
+          type: text
+          when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+          help_text: Configure HTTP proxy server to route all traffic through. This should be in the format "proxy.domain.com:1234"
+
+        - name: proxy_server_https_proxy
+          title: HTTPS proxy
+          type: text
+          when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+          help_text: Configure HTTPS proxy server to route all traffic through. This should be in the format "proxy.domain.com:1234"
+
+        - name: proxy_server_no_proxy
+          title: No proxy
+          type: text
+          when: '{{repl ConfigOptionEquals "proxy_server_enabled" "1" }}'
+          help_text: Configure URLs that bypass the proxy. This should be a CSV in the format "domain1.com,domain2.com".
+
     - name: advanced
       title: Advanced Options
       description: Here are advanced options that you should only make use of in coordination with us or when you know what you are doing.