Skip to content

Commit

Permalink
[installer]: refactor the install bash script with the new installer cli
Browse files Browse the repository at this point in the history
  • Loading branch information
Simon Emms committed Sep 14, 2022
1 parent 084d606 commit 702f20c
Show file tree
Hide file tree
Showing 7 changed files with 74 additions and 313 deletions.
268 changes: 31 additions & 237 deletions install/installer/scripts/kots-install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,6 @@
# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
# Licensed under the MIT License. See License-MIT.txt in the project root for license information.

# shellcheck disable=SC2050,SC2153

set -e

echo "Gitpod: Killing any in-progress installations"
Expand Down Expand Up @@ -38,247 +36,31 @@ appVersion: "$(/app/installer version | yq e '.version' -)"
EOF

echo "Gitpod: Generate the base Installer config"
/app/installer init > "${CONFIG_FILE}"
/app/installer config init

echo "Gitpod: auto-detecting ShiftFS support on host machine"
kubectl wait job -n "${NAMESPACE}" --for=condition=complete -l component=shiftfs-module-loader --timeout=30s || true
ENABLE_SHIFTFS=$(kubectl get jobs.batch -n "${NAMESPACE}" -l component=shiftfs-module-loader -o jsonpath='{.items[0].status.succeeded}')

if [ "${ENABLE_SHIFTFS}" = "1" ]; then
echo "Gitpod: enabling ShiftFS support"

yq e -i '.workspace.runtime.fsShiftMethod = "shiftfs"' "${CONFIG_FILE}"
fi

echo "Gitpod: auto-detecting containerd location on host machine"
if [ -d "/mnt/node0${CONTAINERD_DIR_K3S}" ]; then
echo "Gitpod: containerd dir detected as k3s"

yq e -i ".workspace.runtime.containerdRuntimeDir = \"${CONTAINERD_DIR_K3S}\"" "${CONFIG_FILE}"
elif [ -d "/mnt/node0${CONTAINERD_DIR_AL}" ]; then
echo "Gitpod: containerd dir detected as ${CONTAINERD_DIR_AL}"

yq e -i ".workspace.runtime.containerdRuntimeDir = \"${CONTAINERD_DIR_AL}\"" "${CONFIG_FILE}"
fi

if [ -S "/mnt/node0${CONTAINERD_SOCKET_K3S}" ]; then
echo "Gitpod: containerd socket detected as k3s"
/app/installer config cluster shiftfs

yq e -i ".workspace.runtime.containerdSocket = \"${CONTAINERD_SOCKET_K3S}\"" "${CONFIG_FILE}"
elif [ -S "/mnt/node0${CONTAINERD_SOCKET_AL}" ]; then
echo "Gitpod: containerd socket detected as ${CONTAINERD_SOCKET_AL}"

yq e -i ".workspace.runtime.containerdSocket = \"${CONTAINERD_SOCKET_AL}\"" "${CONFIG_FILE}"
fi
echo "Gitpod: auto-detecting containerd settings on host machine"
/app/installer config files containerd

echo "Gitpod: Inject the Replicated variables into the config"
yq e -i ".domain = \"${DOMAIN}\"" "${CONFIG_FILE}"
yq e -i '.license.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.license.name = "gitpod-license"' "${CONFIG_FILE}"
echo "Gitpod: auto-detecting settings"
/app/installer config build-from-envvars

echo "Gitpod: Inject the HTTP_PROXY settings secret"
yq e -i '.httpProxy.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.httpProxy.name = "http-proxy-settings"' "${CONFIG_FILE}"

if [ "${OPEN_VSX_URL}" != "" ];
then
echo "Gitpod: Setting Open VSX Registry URL"
yq e -i ".openVSX.url = \"${OPEN_VSX_URL}\"" "${CONFIG_FILE}"
fi

if [ "${DB_INCLUSTER_ENABLED}" = "0" ] && [ "${DB_CLOUDSQL_INSTANCE}" != "" ];
then
echo "Gitpod: configuring CloudSQLProxy"

yq e -i ".database.inCluster = false" "${CONFIG_FILE}"
yq e -i ".database.cloudSQL.instance = \"${DB_CLOUDSQL_INSTANCE}\"" "${CONFIG_FILE}"
yq e -i ".database.cloudSQL.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".database.cloudSQL.serviceAccount.name = \"cloudsql\"" "${CONFIG_FILE}"
fi

if [ "${DB_INCLUSTER_ENABLED}" = "0" ] && [ "${DB_CLOUDSQL_INSTANCE}" = "" ];
then
echo "Gitpod: configuring external database"

yq e -i ".database.inCluster = false" "${CONFIG_FILE}"
yq e -i ".database.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".database.external.certificate.name = \"database\"" "${CONFIG_FILE}"
fi

if [ "${HAS_LOCAL_REGISTRY}" = "true" ];
then
echo "Gitpod: configuring mirrored container registry for airgapped installation"

yq e -i ".repository = \"${LOCAL_REGISTRY_ADDRESS}\"" "${CONFIG_FILE}"
yq e -i ".imagePullSecrets[0].kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".imagePullSecrets[0].name = \"${IMAGE_PULL_SECRET_NAME}\"" "${CONFIG_FILE}"
yq e -i '.dropImageRepo = true' "${CONFIG_FILE}"

# Add the registry to the server allowlist - keep docker.io in case it's just using the mirrored registry functionality without being airgapped
yq e -i ".containerRegistry.privateBaseImageAllowList += \"${LOCAL_REGISTRY_HOST}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}"
fi
echo "Gitpod: Validate config"
/app/installer validate config

if [ "${REG_DOCKER_CONFIG_ENABLED}" = "1" ];
then
echo "Gitpod: extracting servers from the custom registry authentication"

kubectl get secret \
-n "${NAMESPACE}" \
custom-registry-credentials \
-o jsonpath="{.data.\.dockerconfigjson}" | base64 -d > /tmp/userconfig.json

# Add the registries to the server allowlist
yq e -i ".containerRegistry.privateBaseImageAllowList += $(jq '.auths' /tmp/userconfig.json | jq -rc 'keys')" "${CONFIG_FILE}"
yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}"
fi

# Output the local registry secret - this is proxy.replicated.com if user hasn't set their own
echo "${LOCAL_REGISTRY_IMAGE_PULL_SECRET}" | base64 -d > /tmp/kotsregistry.json

if [ "${REG_INCLUSTER_ENABLED}" = "0" ];
then
echo "Gitpod: configuring external container registry"

# Get the external-container-registry secret so we can merge the external registry and KOTS registry keys
kubectl get secret external-container-registry \
--namespace "${NAMESPACE}" \
-o jsonpath='{.data.\.dockerconfigjson}' | base64 -d > /tmp/gitpodregistry.json

cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret

echo "Gitpod: create the container-registry secret"
kubectl create secret docker-registry container-registry \
--namespace "${NAMESPACE}" \
--from-file=.dockerconfigjson=/tmp/container-registry-secret \
-o yaml --dry-run=client > "${GITPOD_OBJECTS}/templates/gitpod.yaml"

yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}"
yq e -i ".containerRegistry.external.url = \"${REG_URL}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.external.certificate.name = \"container-registry\"" "${CONFIG_FILE}"
else
if [ "${REG_INCLUSTER_STORAGE}" = "s3" ];
then
echo "Gitpod: configuring container registry S3 backend"

yq e -i ".containerRegistry.s3storage.region = \"${REG_INCLUSTER_STORAGE_S3_REGION}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.s3storage.endpoint = \"${REG_INCLUSTER_STORAGE_S3_ENDPOINT}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.s3storage.bucket = \"${REG_INCLUSTER_STORAGE_S3_BUCKETNAME}\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.s3storage.certificate.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".containerRegistry.s3storage.certificate.name = \"container-registry-s3-backend\"" "${CONFIG_FILE}"
fi
fi

if [ "${STORE_PROVIDER}" != "incluster" ];
then
echo "Gitpod: configuring the storage"

yq e -i ".metadata.region = \"${STORE_REGION}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.inCluster = false" "${CONFIG_FILE}"

if [ "${STORE_PROVIDER}" = "azure" ];
then
echo "Gitpod: configuring storage for Azure"

yq e -i ".objectStorage.azure.credentials.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.azure.credentials.name = \"storage-azure\"" "${CONFIG_FILE}"
fi

if [ "${STORE_PROVIDER}" = "gcp" ];
then
echo "Gitpod: configuring storage for GCP"

yq e -i ".objectStorage.cloudStorage.project = \"${STORE_GCP_PROJECT}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.cloudStorage.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.cloudStorage.serviceAccount.name = \"storage-gcp\"" "${CONFIG_FILE}"
fi

if [ "${STORE_PROVIDER}" = "s3" ];
then
echo "Gitpod: configuring storage for S3"

yq e -i ".objectStorage.s3.endpoint = \"${STORE_S3_ENDPOINT}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.s3.bucket = \"${STORE_S3_BUCKET}\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.s3.credentials.kind = \"secret\"" "${CONFIG_FILE}"
yq e -i ".objectStorage.s3.credentials.name = \"storage-s3\"" "${CONFIG_FILE}"
fi
fi

if [ "${SSH_GATEWAY}" = "1" ];
then
echo "Gitpod: Generate SSH host key"
ssh-keygen -t rsa -q -N "" -f host.key
kubectl create secret generic ssh-gateway-host-key --from-file=host.key -n "${NAMESPACE}" || echo "SSH Gateway Host Key secret has not been created. Does it exist already?"
yq e -i '.sshGatewayHostKey.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.sshGatewayHostKey.name = "ssh-gateway-host-key"' "${CONFIG_FILE}"
fi

if [ "${TLS_SELF_SIGNED_ENABLED}" = "1" ];
then
echo "Gitpod: Generating a self-signed certificate with the internal CA"
yq e -i '.customCACert.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.customCACert.name = "ca-issuer-ca"' "${CONFIG_FILE}"
elif [ "${TLS_SELF_SIGNED_ENABLED}" = "0" ] && [ "${CERT_MANAGER_ENABLED}" = "0" ] && [ "${TLS_CUSTOM_CA_CRT_ENABLED}" = "true" ];
then
echo "Gitpod: Setting CA to be used for certificate"
yq e -i '.customCACert.kind = "secret"' "${CONFIG_FILE}"
yq e -i '.customCACert.name = "ca-certificate"' "${CONFIG_FILE}"
fi

if [ "${USER_MANAGEMENT_BLOCK_ENABLED}" = "1" ];
then
echo "Gitpod: Adding blockNewUsers to config"
yq e -i '.blockNewUsers.enabled = true' "${CONFIG_FILE}"

for domain in ${USER_MANAGEMENT_BLOCK_PASSLIST}
do
echo "Gitpod: Adding domain \"${domain}\" to blockNewUsers config"
yq e -i ".blockNewUsers.passlist += \"${domain}\"" "${CONFIG_FILE}"
done
fi

if [ "${ADVANCED_MODE_ENABLED}" = "1" ];
then
echo "Gitpod: Applying advanced configuration"

if [ "${COMPONENT_PROXY_SERVICE_SERVICETYPE}" != "" ];
then
# Empty string defaults to LoadBalancer. This maintains backwards compatibility with the deprecated experimental value
echo "Gitpod: Applying Proxy service type"
yq e -i ".components.proxy.service.serviceType = \"${COMPONENT_PROXY_SERVICE_SERVICETYPE}\"" "${CONFIG_FILE}"
fi

if [ -s "${CUSTOMIZATION_PATCH_FILE}" ];
then
CUSTOMIZATION="$(base64 "${CUSTOMIZATION_PATCH_FILE}" -w 0)"
echo "Gitpod: Applying customization patch ${CUSTOMIZATION}"
echo "Gitpod: render Kubernetes manifests"
/app/installer render --use-experimental-config > "${GITPOD_OBJECTS}/templates/gitpod.yaml"

# Apply the customization property - if something else is set, this will be ignored
yq e -i ".customization = $(echo "${CUSTOMIZATION}" | base64 -d | yq e -o json '.customization' - | jq -rc) // []" "${CONFIG_FILE}"
fi
else
echo "Gitpod: No advanced configuration applied"
if [ "${INSTALLER_DRY_RUN}" = "true" ]; then
echo "Gitpod: dry-run set to true, no installation will be performed"
exit
fi

echo "Gitpod: Update platform telemetry value"
yq eval-all --inplace ".experimental.telemetry.data.platform = \"${DISTRIBUTION}\"" "${CONFIG_FILE}"

echo "Gitpod: Patch Gitpod config"
base64 -d "${CONFIG_PATCH_FILE}" > /tmp/patch.yaml
config_patch=$(cat /tmp/patch.yaml)
echo "Gitpod: ${CONFIG_PATCH_FILE}=${config_patch}"
yq eval-all --inplace 'select(fileIndex == 0) * select(fileIndex == 1)' "${CONFIG_FILE}" /tmp/patch.yaml

echo "Gitpod: Generate the Kubernetes objects"
config=$(cat "${CONFIG_FILE}")
echo "Gitpod: ${CONFIG_FILE}=${config}"

echo "Gitpod: render Kubernetes manifests"
/app/installer render -c "${CONFIG_FILE}" --namespace "${NAMESPACE}" --use-experimental-config >> "${GITPOD_OBJECTS}/templates/gitpod.yaml"

if [ "${REG_INCLUSTER_ENABLED}" = "1" ];
then
# Combine the pull secrets
echo "${LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON}" > /tmp/kotsregistry.json
if [ "${REG_INCLUSTER_ENABLED}" = "1" ]; then
echo "Gitpod: Add the local registry secret to the in-cluster registry secret"

# Get the in-cluster registry secret
Expand All @@ -293,14 +75,28 @@ then
echo "Gitpod: update the in-cluster registry secret"
yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \
"${GITPOD_OBJECTS}/templates/gitpod.yaml"
else
echo "Gitpod: configuring external container registry"

# Get the external-container-registry secret so we can merge the external registry and KOTS registry keys
echo "${EXTERNAL_DOCKER_CONFIG_JSON}" > /tmp/gitpodregistry.json

cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret

echo "Gitpod: create the container-registry secret"
echo "---" >> "${GITPOD_OBJECTS}/templates/gitpod.yaml"
kubectl create secret docker-registry "${REG_EXTERNAL_CERTIFICATE_NAME}" \
--namespace "${NAMESPACE}" \
--from-file=.dockerconfigjson=/tmp/container-registry-secret \
-o yaml --dry-run=client >> "${GITPOD_OBJECTS}/templates/gitpod.yaml"
fi

if [ "${REG_DOCKER_CONFIG_ENABLED}" = "1" ];
then
# Work out the registry secret to use
if [ "${REG_INCLUSTER_ENABLED}" = "0" ];
then
export REGISTRY_SECRET_NAME="container-registry"
export REGISTRY_SECRET_NAME="${REG_EXTERNAL_CERTIFICATE_NAME}"
else
export REGISTRY_SECRET_NAME="builtin-registry-auth"
fi
Expand Down Expand Up @@ -345,5 +141,3 @@ helm upgrade \

echo "Gitpod: Restarting installation status job"
kubectl delete pod -n "${NAMESPACE}" -l component=gitpod-installer-status || true

echo "Gitpod: Installer job finished - goodbye"
14 changes: 0 additions & 14 deletions install/kots/manifests/gitpod-config-patch.yaml

This file was deleted.

2 changes: 1 addition & 1 deletion install/kots/manifests/gitpod-installation-status.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
containers:
- name: installation-status
# This will normally be the release tag
image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-move-kots-bash-script.28"
image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-config-build.22"
envFrom:
- configMapRef:
name: gitpod-kots-config
Expand Down
32 changes: 11 additions & 21 deletions install/kots/manifests/gitpod-installer-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -39,41 +39,34 @@ spec:
containers:
- name: installer
# This will normally be the release tag
image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-proxy-config.23"
image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-installer-config-build.22"
volumeMounts:
- mountPath: /config-patch
name: config-patch
readOnly: true
- mountPath: /mnt/node0
name: node-fs0
readOnly: true
env:
- name: CONFIG_FILE
- name: GITPOD_INSTALLER_CONFIG
value: /tmp/gitpod-config.yaml
- name: CONFIG_PATCH_FILE
value: /config-patch/gitpod-config-patch.yaml
- name: CUSTOMIZATION_PATCH_FILE
value: /config-patch/customization-patch.yaml
- name: CONTAINERD_DIR_K3S
value: /run/k3s/containerd/io.containerd.runtime.v2.task/k8s.io
- name: CONTAINERD_SOCKET_K3S
value: /run/k3s/containerd/containerd.sock
- name: CONTAINERD_DIR_AL
value: /run/containerd/io.containerd.runtime.v2.task/k8s.io
- name: CONTAINERD_SOCKET_AL
value: /run/containerd/containerd.sock
- name: GITPOD_OBJECTS
value: /tmp/gitpod
- name: MOUNT_PATH
value: /mnt/node0
- name: REG_DOCKER_CONFIG_JSON
valueFrom:
secretKeyRef:
name: custom-registry-credentials
key: .dockerconfigjson
optional: true
- name: EXTERNAL_DOCKER_CONFIG_JSON
valueFrom:
secretKeyRef:
name: external-container-registry
key: .dockerconfigjson
optional: true
- name: LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON
valueFrom:
secretKeyRef:
name: repl{{ LocalRegistryImagePullSecret | quote }}
name: repl{{ ImagePullSecretName | quote }}
key: .dockerconfigjson
optional: true
envFrom:
Expand All @@ -82,9 +75,6 @@ spec:
command:
- /app/scripts/kots-install.sh
volumes:
- name: config-patch
configMap:
name: gitpod-config-patch
- name: node-fs0
hostPath:
path: /
Expand Down
Loading

0 comments on commit 702f20c

Please sign in to comment.