[installer]: general fixes for the Helm dependencies

installer/BUILD.yaml

@@ -10,6 +10,7 @@ packages:
       - "pkg/components/**/*.crt"
       - "pkg/components/**/*.key"
       - "pkg/components/**/*.pem"
+      - "pkg/components/**/*.sql"
       - "third_party/**/*"
     deps:
       - components/common-go:lib

installer/pkg/components/docker-registry/constants.go

@@ -5,6 +5,7 @@
 package dockerregistry
 
 const (
-	BuiltInRegistrySecret = "builtin-registry-auth"
-	Component             = "docker-registry"
+	BuiltInRegistryAuth  = "builtin-registry-auth"
+	BuiltInRegistryCerts = "builtin-registry-certs"
+	Component            = "docker-registry"
 )

installer/pkg/components/docker-registry/secret.go

@@ -7,6 +7,10 @@ package dockerregistry
 import (
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
+	v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
+	cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
+	"time"
 
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
 	corev1 "k8s.io/api/core/v1"
@@ -45,10 +49,12 @@ func secret(ctx *common.RenderContext) ([]runtime.Object, error) {
 		return nil, err
 	}
 
+	oneYear := &metav1.Duration{Duration: time.Hour * 24 * 365}
+
 	return []runtime.Object{&corev1.Secret{
 		TypeMeta: common.TypeMetaSecret,
 		ObjectMeta: metav1.ObjectMeta{
-			Name:      BuiltInRegistrySecret,
+			Name:      BuiltInRegistryAuth,
 			Namespace: ctx.Namespace,
 			Labels:    common.DefaultLabels(Component),
 		},
@@ -58,5 +64,24 @@ func secret(ctx *common.RenderContext) ([]runtime.Object, error) {
 			"user":              []byte(user),
 			"password":          []byte(password),
 		},
+	}, &v1.Certificate{
+		TypeMeta: common.TypeMetaCertificate,
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      BuiltInRegistryCerts,
+			Namespace: ctx.Namespace,
+			Labels:    common.DefaultLabels(Component),
+		},
+		Spec: v1.CertificateSpec{
+			Duration:   oneYear,
+			SecretName: BuiltInRegistryCerts,
+			IssuerRef: cmmeta.ObjectReference{
+				Name:  common.CertManagerCAIssuer,
+				Kind:  "Issuer",
+				Group: "cert-manager.io",
+			},
+			DNSNames: []string{
+				fmt.Sprintf("registry.%s.svc.cluster.local", ctx.Namespace),
+			},
+		},
 	}}, nil
 }

installer/pkg/components/image-builder-mk3/deployment.go

@@ -53,7 +53,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 		volumes = append(volumes, corev1.Volume{
 			Name: "pull-secret",
 			VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
-				SecretName: dockerregistry.BuiltInRegistrySecret,
+				SecretName: dockerregistry.BuiltInRegistryAuth,
 			}},
 		})
 	}

installer/pkg/components/mysql/configmap.go

@@ -5,15 +5,45 @@
 package mysql
 
 import (
+	"embed"
+	"fmt"
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	"io/fs"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"strings"
 )
 
+//go:embed init/*.sql
+var initScriptFiles embed.FS
+
 func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
-	// todo(sje): work out how best to load the db init scripts - I'm thinking generate at buildtime to a single .sql file then embed it here
-	var initScripts []byte
+	if !enabled(ctx) {
+		return nil, nil
+	}
+
+	initScripts, err := fs.ReadDir(initScriptFiles, initScriptDir)
+	if err != nil {
+		return nil, err
+	}
+
+	initScriptData := ""
+
+	for _, script := range initScripts {
+		file, err := fs.ReadFile(initScriptFiles, fmt.Sprintf("%s/%s", initScriptDir, script.Name()))
+
+		if err != nil {
+			return nil, err
+		}
+
+		fileStr := string(file)
+		// Replace variables in the script
+		fileStr = strings.Replace(fileStr, "__GITPOD_DB_NAME__", Database, -1)
+
+		// Add the file name for debugging purposes
+		initScriptData += fmt.Sprintf("-- %s\n\n%s", script.Name(), fileStr)
+	}
 
 	return []runtime.Object{
 		&corev1.ConfigMap{
@@ -24,7 +54,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 				Labels:    common.DefaultLabels(Component),
 			},
 			Data: map[string]string{
-				"init.sql": string(initScripts),
+				"init.sql": initScriptData,
 			},
 		},
 	}, nil

installer/pkg/components/mysql/constants.go

@@ -7,8 +7,12 @@ package mysql
 import "github.com/gitpod-io/gitpod/installer/pkg/common"
 
 const (
-	Component         = "mysql"
+	Component         = "db" // mysql is used by the Helm package
 	InClusterDbSecret = common.InClusterDbSecret
+	Port              = 3306
 	SQLInitScripts    = "db-init-scripts"
 	SQLPasswordName   = "db-password"
+	Username          = "gitpod"
+	Database          = "gitpod"
+	initScriptDir     = "init"
 )

installer/pkg/components/mysql/helm.go

@@ -9,17 +9,19 @@ import (
 	"github.com/gitpod-io/gitpod/installer/pkg/helm"
 	"github.com/gitpod-io/gitpod/installer/third_party/charts"
 	"helm.sh/helm/v3/pkg/cli/values"
-	"k8s.io/utils/pointer"
 )
 
 var Helm = common.CompositeHelmFunc(
 	helm.ImportTemplate(charts.MySQL(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) {
 		return &common.HelmConfig{
-			Enabled: pointer.BoolDeref(cfg.Config.Database.InCluster, false),
+			Enabled: enabled(cfg),
 			Values: &values.Options{
 				Values: []string{
 					helm.KeyValue("mysql.auth.existingSecret", SQLPasswordName),
-					helm.KeyValue("mysql.initdbScriptsConfigMap", SQLPasswordName),
+					helm.KeyValue("mysql.auth.database", Database),
+					helm.KeyValue("mysql.auth.username", Username),
+					helm.KeyValue("mysql.initdbScriptsConfigMap", SQLInitScripts),
+					helm.KeyValue("mysql.serviceAccount.name", Component),
 				},
 			},
 		}, nil

installer/pkg/components/mysql/init/00-create-and-init-sessions-db.sql

@@ -0,0 +1,16 @@
+-- Copyright (c) 2020 Gitpod GmbH. All rights reserved.
+-- Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+-- must be idempotent
+
+CREATE DATABASE IF NOT EXISTS `gitpod-sessions` CHARSET utf8mb4;
+
+USE `gitpod-sessions`;
+
+CREATE TABLE IF NOT EXISTS sessions (
+   `session_id` varchar(128) COLLATE utf8mb4_bin NOT NULL,
+   `expires` int(11) unsigned NOT NULL,
+   `data` text COLLATE utf8mb4_bin,
+   `_lastModified` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6),
+   PRIMARY KEY (`session_id`)
+);

installer/pkg/components/mysql/init/01-recreate-gitpod-db.sql

@@ -0,0 +1,18 @@
+-- Copyright (c) 2020 Gitpod GmbH. All rights reserved.
+-- Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+-- must be idempotent
+
+-- @gitpodDB contains name of the DB the script manipulates, and is replaced by the file reader
+SET
+@gitpodDB = IFNULL(@gitpodDB, '`__GITPOD_DB_NAME__`');
+
+SET
+@statementStr = CONCAT('DROP DATABASE IF EXISTS ', @gitpodDB);
+PREPARE statement FROM @statementStr;
+EXECUTE statement;
+
+SET
+@statementStr = CONCAT('CREATE DATABASE ', @gitpodDB, ' CHARSET utf8mb4');
+PREPARE statement FROM @statementStr;
+EXECUTE statement;

installer/pkg/components/mysql/objects.go

@@ -6,9 +6,23 @@ package mysql
 
 import (
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/utils/pointer"
 )
 
+func enabled(cfg *common.RenderContext) bool {
+	return pointer.BoolDeref(cfg.Config.Database.InCluster, false)
+}
+
 var Objects = common.CompositeRenderFunc(
 	configmap,
 	secrets,
+	service,
+	common.CompositeRenderFunc(func(cfg *common.RenderContext) ([]runtime.Object, error) {
+		if !enabled(cfg) {
+			return nil, nil
+		}
+
+		return common.DefaultServiceAccount(Component)(cfg)
+	}),
 )

installer/pkg/components/mysql/secret.go

@@ -5,18 +5,23 @@
 package mysql
 
 import (
+	"fmt"
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
-	"k8s.io/utils/pointer"
 )
 
 func secrets(ctx *common.RenderContext) ([]runtime.Object, error) {
-	if !pointer.BoolDeref(ctx.Config.Database.InCluster, false) {
+	if !enabled(ctx) {
 		return nil, nil
 	}
 
+	rootPassword, err := common.RandomString(20)
+	if err != nil {
+		return nil, err
+	}
+
 	password, err := common.RandomString(20)
 	if err != nil {
 		return nil, err
@@ -30,7 +35,8 @@ func secrets(ctx *common.RenderContext) ([]runtime.Object, error) {
 			Labels:    common.DefaultLabels(Component),
 		},
 		Data: map[string][]byte{
-			"mysql-root-password": []byte(password),
+			"mysql-root-password": []byte(rootPassword),
+			"mysql-password":      []byte(password),
 		},
 	}, &corev1.Secret{
 		TypeMeta: common.TypeMetaSecret,
@@ -40,9 +46,11 @@ func secrets(ctx *common.RenderContext) ([]runtime.Object, error) {
 			Labels:    common.DefaultLabels(Component),
 		},
 		Data: map[string][]byte{
-			"host":     []byte("db"),
-			"port":     []byte("3306"),
+			"database": []byte(Database),
+			"host":     []byte(Component),
+			"port":     []byte(fmt.Sprintf("%d", Port)),
 			"password": []byte(password),
+			"username": []byte(Username),
 		},
 	}}, nil
 }

installer/pkg/components/mysql/service.go

@@ -0,0 +1,44 @@
+// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
+// Licensed under the GNU Affero General Public License (AGPL).
+// See License-AGPL.txt in the project root for license information.
+
+package mysql
+
+import (
+	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/intstr"
+)
+
+// service this doesn't use the common.GenerateService function
+// because it's more complex than this caters for
+func service(ctx *common.RenderContext) ([]runtime.Object, error) {
+	if !enabled(ctx) {
+		return nil, nil
+	}
+
+	labels := common.DefaultLabels(Component)
+
+	return []runtime.Object{&corev1.Service{
+		TypeMeta: common.TypeMetaService,
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      Component,
+			Namespace: ctx.Namespace,
+			Labels:    labels,
+		},
+		Spec: corev1.ServiceSpec{
+			Ports: []corev1.ServicePort{{
+				Protocol:   *common.TCPProtocol,
+				Port:       Port,
+				TargetPort: intstr.IntOrString{IntVal: Port},
+			}},
+			// todo(sje): selector is different if using CloudSQLProxy
+			Selector: map[string]string{
+				"app.kubernetes.io/name": "mysql",
+			},
+			Type: corev1.ServiceTypeClusterIP,
+		},
+	}}, nil
+}

installer/pkg/components/rabbitmq/helm.go

@@ -11,6 +11,7 @@ import (
 	"github.com/gitpod-io/gitpod/installer/pkg/helm"
 	"github.com/gitpod-io/gitpod/installer/third_party/charts"
 	"helm.sh/helm/v3/pkg/cli/values"
+	"sigs.k8s.io/yaml"
 	"strings"
 )
 
@@ -105,7 +106,8 @@ type config struct {
 }
 
 func generateParameters(username string, password string, input []parameter) ([]parameter, error) {
-	var params []parameter
+	// Ensures this defaults to [] not null when marshalled to JSON
+	params := make([]parameter, 0)
 
 	for _, item := range input {
 		// Sort out default values
@@ -156,10 +158,7 @@ func generateParameters(username string, password string, input []parameter) ([]
 
 var Helm = common.CompositeHelmFunc(
 	helm.ImportTemplate(charts.RabbitMQ(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) {
-		username, err := common.RandomString(20)
-		if err != nil {
-			return nil, err
-		}
+		username := "gitpod"
 
 		password, err := common.RandomString(20)
 		if err != nil {
@@ -252,6 +251,16 @@ var Helm = common.CompositeHelmFunc(
 			return nil, err
 		}
 
+		shovelsTemplate, err := yaml.Marshal(parameters)
+		if err != nil {
+			return nil, err
+		}
+
+		shovelsTemplateFileName, err := helm.KeyFileValue("shovelsTemplate", shovelsTemplate)
+		if err != nil {
+			return nil, err
+		}
+
 		return &common.HelmConfig{
 			Enabled: true,
 			Values: &values.Options{
@@ -266,6 +275,7 @@ var Helm = common.CompositeHelmFunc(
 				// This is too complex to be sent as a string
 				FileValues: []string{
 					loadDefinitionFilename,
+					shovelsTemplateFileName,
 				},
 			},
 		}, nil

installer/pkg/components/rabbitmq/objects.go

@@ -7,5 +7,6 @@ package rabbitmq
 import "github.com/gitpod-io/gitpod/installer/pkg/common"
 
 var Objects = common.CompositeRenderFunc(
+	rolebinding,
 	secrets,
 )