Skip to content

Commit

Permalink
[installer]: general fixes for the meta components
Browse files Browse the repository at this point in the history 
This now installs the meta components to a cluster using an InCluster database and registry
  • Loading branch information
Simon Emms committed Oct 26, 2021
1 parent 5294aa3 commit dd26d45
Show file tree
Hide file tree
Showing 12 changed files with 107 additions and 81 deletions.
34 changes: 26 additions & 8 deletions installer/pkg/common/common.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,16 @@ func DefaultEnv(cfg *config.Config) []corev1.EnvVar {

return []corev1.EnvVar{
{Name: "GITPOD_DOMAIN", Value: cfg.Domain},
{Name: "GITPOD_INSTALLATION_LONGNAME", Value: cfg.Domain}, // todo(sje): figure out these values
{Name: "GITPOD_INSTALLATION_SHORTNAME", Value: cfg.Domain}, // todo(sje): figure out these values
{Name: "GITPOD_REGION", Value: cfg.Metadata.Region},
{Name: "HOST_URL", Value: "https://" + cfg.Domain},
{Name: "KUBE_NAMESPACE", ValueFrom: &corev1.EnvVarSource{
FieldRef: &corev1.ObjectFieldSelector{
FieldPath: "metadata.namespace",
},
}},
{Name: "KUBE_DOMAIN", Value: "svc.cluster.local"},
{Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)},
}
}
Expand Down Expand Up @@ -102,7 +112,7 @@ func AnalyticsEnv(cfg *config.Config) (res []corev1.EnvVar) {
}}
}

func MessageBusEnv(cfg *config.Config) (res []corev1.EnvVar) {
func MessageBusEnv(_ *config.Config) (res []corev1.EnvVar) {
clusterObj := corev1.LocalObjectReference{Name: InClusterMessageQueueName}
tlsObj := corev1.LocalObjectReference{Name: InClusterMessageQueueTLS}

Expand Down Expand Up @@ -173,14 +183,22 @@ func DatabaseEnv(cfg *config.Config) (res []corev1.EnvVar) {
LocalObjectReference: obj,
Key: "password",
}},
}, {
Name: "DB_USERNAME",
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: obj,
Key: "username",
}},
}, {
// todo(sje): conditional
Name: "DB_DELETED_ENTRIES_GC_ENABLED",
Value: "false",
}, {
Name: "DB_ENCRYPTION_KEYS",
// todo(sje): either Value or ValueFrom
Value: "todo",
ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{
LocalObjectReference: obj,
Key: "encryptionKeys",
}},
//ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{
// LocalObjectReference: corev1.LocalObjectReference{
// Name: "",
Expand All @@ -193,7 +211,7 @@ func DatabaseEnv(cfg *config.Config) (res []corev1.EnvVar) {
func DatabaseWaiterContainer(ctx *RenderContext) *corev1.Container {
return &corev1.Container{
Name: "database-waiter",
Image: ImageName(ctx.Config.Repository, "service-waiter", "latest"),
Image: ImageName(ctx.Config.Repository, "service-waiter", ctx.VersionManifest.Components.ServiceWaiter.Version),
Args: []string{
"-v",
"database",
Expand All @@ -211,7 +229,7 @@ func DatabaseWaiterContainer(ctx *RenderContext) *corev1.Container {
func MessageBusWaiterContainer(ctx *RenderContext) *corev1.Container {
return &corev1.Container{
Name: "msgbus-waiter",
Image: ImageName(ctx.Config.Repository, "service-waiter", "latest"),
Image: ImageName(ctx.Config.Repository, "service-waiter", ctx.VersionManifest.Components.ServiceWaiter.Version),
Args: []string{
"-v",
"messagebus",
Expand Down Expand Up @@ -250,10 +268,10 @@ func KubeRBACProxyContainer() *corev1.Container {
},
},
Resources: corev1.ResourceRequirements{Requests: corev1.ResourceList{
corev1.ResourceName("cpu"): resource.MustParse("1m"),
corev1.ResourceName("memory"): resource.MustParse("30Mi"),
corev1.ResourceCPU: resource.MustParse("1m"),
corev1.ResourceMemory: resource.MustParse("30Mi"),
}},
TerminationMessagePolicy: corev1.TerminationMessagePolicy("FallbackToLogsOnError"),
TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
SecurityContext: &corev1.SecurityContext{
RunAsUser: pointer.Int64(65532),
RunAsGroup: pointer.Int64(65532),
Expand Down
9 changes: 6 additions & 3 deletions installer/pkg/components/content-service/configmap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"fmt"

"github.com/gitpod-io/gitpod/content-service/api/config"
apiconfig "github.com/gitpod-io/gitpod/content-service/api/config"
"github.com/gitpod-io/gitpod/installer/pkg/common"

corev1 "k8s.io/api/core/v1"
Expand All @@ -18,6 +17,11 @@ import (
)

func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
storageConfig, err := common.StorageConfiguration(ctx)
if err != nil {
return nil, err
}

cscfg := config.ServiceConfig{
Service: config.Service{
Addr: fmt.Sprintf(":%d", RPCPort),
Expand All @@ -28,8 +32,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
PProf: config.PProf{
Addr: fmt.Sprintf(":%d", PProfPort),
},
// todo(sje): work out how to cater for different storages
Storage: apiconfig.StorageConfig{},
Storage: *storageConfig,
}

fc, err := json.MarshalIndent(cscfg, "", " ")
Expand Down
1 change: 1 addition & 0 deletions installer/pkg/components/docker-registry/constants.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,5 @@ const (
BuiltInRegistryAuth = "builtin-registry-auth"
BuiltInRegistryCerts = "builtin-registry-certs"
Component = "docker-registry"
RegistryName = "registry"
)
1 change: 1 addition & 0 deletions installer/pkg/components/docker-registry/helm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ var Helm = common.CompositeHelmFunc(
Enabled: pointer.BoolDeref(cfg.Config.ContainerRegistry.InCluster, false),
Values: &values.Options{
Values: []string{
helm.KeyValue("docker-registry.fullnameOverride", RegistryName),
helm.KeyValue("docker-registry.service.port", strconv.Itoa(proxy.ContainerHTTPSPort)),
helm.KeyValue("docker-registry.tlsSecretName", proxy.RegistryTLSCertSecret),
},
Expand Down
46 changes: 32 additions & 14 deletions installer/pkg/components/image-builder-mk3/configmap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ package image_builder_mk3
import (
"encoding/json"
"fmt"
dockerregistry "github.com/gitpod-io/gitpod/installer/pkg/components/docker-registry"
"k8s.io/utils/pointer"
"time"

"github.com/gitpod-io/gitpod/common-go/util"
Expand All @@ -21,22 +23,38 @@ import (
)

func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
imgcfg := config.ServiceConfig{
Orchestrator: config.Configuration{
WorkspaceManager: config.WorkspaceManagerConfig{
Address: fmt.Sprintf("%s:%d", wsmanager.Component, wsmanager.RPCPort),
TLS: config.TLS{
Authority: "/wsman-certs/ca.crt",
Certificate: "/wsman-certs/tls.crt",
PrivateKey: "/wsman-certs/tls.key",
},
orchestrator := config.Configuration{
WorkspaceManager: config.WorkspaceManagerConfig{
Address: fmt.Sprintf("%s:%d", wsmanager.Component, wsmanager.RPCPort),
TLS: config.TLS{
Authority: "/wsman-certs/ca.crt",
Certificate: "/wsman-certs/tls.crt",
PrivateKey: "/wsman-certs/tls.key",
},
AuthFile: PullSecretFile, // todo(sje): make conditional
BaseImageRepository: "", // todo(sje): get conditional value
WorkspaceImageRepository: "", // todo(sje): get conditional value
BuilderImage: common.ImageName(ctx.Config.Repository, BuilderImage, BuilderImageVersion),
BuilderAuthKeyFile: "/config/authkey",
},
BuilderImage: common.ImageName(ctx.Config.Repository, BuilderImage, BuilderImageVersion),
BuilderAuthKeyFile: "/config/authkey",
}

var baseImageRepo string
var workspaceImgRepo string
if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {
registryName := dockerregistry.RegistryName

baseImageRepo = fmt.Sprintf("%s/base-images", registryName)
workspaceImgRepo = fmt.Sprintf("%s/workspace-images", registryName)

orchestrator.AuthFile = PullSecretFile
} else {
// todo(sje): handle outside cluster values for image builder mk3
return nil, fmt.Errorf("in cluster container currently only supported option")
}

orchestrator.BaseImageRepository = baseImageRepo
orchestrator.WorkspaceImageRepository = workspaceImgRepo

imgcfg := config.ServiceConfig{
Orchestrator: orchestrator,
RefCache: config.RefCacheConfig{
Interval: util.Duration(time.Hour * 6).String(),
Refs: []string{
Expand Down
29 changes: 24 additions & 5 deletions installer/pkg/components/mysql/secret.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,21 @@
package mysql

import (
"encoding/json"
"fmt"
"github.com/gitpod-io/gitpod/installer/pkg/common"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)

type EncryptionKey struct {
Name string `json:"name"`
Version int `json:"version"`
Primary bool `json:"primary"`
Material string `json:"material"`
}

func secrets(ctx *common.RenderContext) ([]runtime.Object, error) {
if !enabled(ctx) {
return nil, nil
Expand All @@ -27,6 +35,16 @@ func secrets(ctx *common.RenderContext) ([]runtime.Object, error) {
return nil, err
}

encryptionKeys, err := json.MarshalIndent([]EncryptionKey{{
Name: "general",
Version: 1,
Primary: true,
Material: "4uGh1q8y2DYryJwrVMHs0kWXJlqvHWWt/KJuNi04edI=",
}}, "", " ")
if err != nil {
return nil, fmt.Errorf("failed to marshal mysql encryptionKeys: %w", err)
}

return []runtime.Object{&corev1.Secret{
TypeMeta: common.TypeMetaSecret,
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -46,11 +64,12 @@ func secrets(ctx *common.RenderContext) ([]runtime.Object, error) {
Labels: common.DefaultLabels(Component),
},
Data: map[string][]byte{
"database": []byte(Database),
"host": []byte(Component),
"port": []byte(fmt.Sprintf("%d", Port)),
"password": []byte(password),
"username": []byte(Username),
"database": []byte(Database),
"encryptionKeys": encryptionKeys,
"host": []byte(Component),
"port": []byte(fmt.Sprintf("%d", Port)),
"password": []byte(password),
"username": []byte(Username),
},
}}, nil
}
2 changes: 1 addition & 1 deletion installer/pkg/components/proxy/configmap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,7 +118,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {

openVSX, err := renderTemplate(vhostOpenVSXTmpl, openVSXTpl{
Domain: ctx.Config.Domain,
RepoURL: "open-vsx.org", // todo(sje) allow this to be configurable
RepoURL: fmt.Sprintf("openvsx-proxy.%s.%s:%d", ctx.Namespace, kubeDomain, 8080), // todo(sje): get port from (future) config
})
if err != nil {
return nil, err
Expand Down
43 changes: 2 additions & 41 deletions installer/pkg/components/proxy/templates/configmap/vhost.open-vsx.tpl
View file
Original file line number Diff line number Diff line change
@@ -1,48 +1,9 @@
# We cache the requests to the VSX registry and in case of an upstream server error we serve the the cached results.
https://open-vsx.{{.Domain}} {
import enable_log_debug
import remove_server_header
import ssl_configuration
# The http_cache plugin does not allow to cache the HTTP OPTIONS method.
# That's why we simply serve a static respond instead of asking the upstream server.
@options method OPTIONS
header @options {
Access-Control-Allow-Credentials "true"
Access-Control-Allow-Headers "content-type,x-market-client-id,x-market-user-id,x-client-commit,x-client-name,x-client-version,x-machine-id"
Access-Control-Allow-Methods "OPTIONS,GET,POST,PATCH,PUT,DELETE"
Access-Control-Allow-Origin "*"
}
respond @options 204 {
close
}
reverse_proxy {
to https://{{.RepoURL}}
# health_uri /api/-/search
header_up Host "{{.RepoURL}}"
header_up -Connection
# Override/remove existing cache control headers from the upstream server.
header_down Cache-Control "max-age=30, public" # cache for 30 seconds
header_down -Vary
header_down -Pragma
header_down -Expires
}
gitpod.body_intercept {
search "{{.RepoURL}}"
replace "open-vsx.{{.Domain}}"
}
http_cache {
cache_type file
path /tmp/openvsx-cache
match_path /
match_methods GET HEAD POST
stale_max_age 72h # 3 days
cache_key "{http.request.method} {http.request.host}{http.request.uri.path}?{http.request.uri.query} {http.request.contentlength} {http.request.bodyhash}"
reverse_proxy {
to {{.RepoURL}}
}
}
9 changes: 7 additions & 2 deletions installer/pkg/components/server/configmap.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ package server
import (
"encoding/json"
"fmt"

"github.com/gitpod-io/gitpod/installer/pkg/common"
"github.com/gitpod-io/gitpod/installer/pkg/components/workspace"
"github.com/gitpod-io/gitpod/installer/pkg/config/v1"

corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
Expand All @@ -22,6 +22,11 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
return nil, err
}

authProviders := make([]config.AuthProviderConfigs, 0)
if len(ctx.Config.AuthProviders) > 0 {
authProviders = ctx.Config.AuthProviders
}

// todo(sje): all these values are configurable
scfg := ConfigSerialized{
Version: ctx.VersionManifest.Version,
Expand Down Expand Up @@ -56,7 +61,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
MinAgePrebuildDays: 7,
},
EnableLocalApp: true,
AuthProviderConfigs: ctx.Config.AuthProviders,
AuthProviderConfigs: authProviders,
DisableDynamicAuthProviderLogin: false,
BrandingConfig: BrandingConfig{
Logo: "/images/gitpod-ddd.svg",
Expand Down
3 changes: 2 additions & 1 deletion installer/pkg/components/server/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
Name: "config",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{Name: Component},
LocalObjectReference: corev1.LocalObjectReference{Name: fmt.Sprintf("%s-config", Component)},
},
},
}, {
Expand Down Expand Up @@ -104,6 +104,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
// todo(sje): do we need to cater for serverContainer.env from values.yaml?
Env: common.MergeEnv(
common.DefaultEnv(&ctx.Config),
common.DatabaseEnv(&ctx.Config),
common.TracingEnv(&ctx.Config),
common.AnalyticsEnv(&ctx.Config),
common.MessageBusEnv(&ctx.Config),
Expand Down
8 changes: 4 additions & 4 deletions installer/pkg/components/ws-manager-bridge/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
package wsmanagerbridge

import (
"fmt"
"github.com/gitpod-io/gitpod/installer/pkg/common"
wsmanager "github.com/gitpod-io/gitpod/installer/pkg/components/ws-manager"

Expand Down Expand Up @@ -50,7 +51,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
Name: "config",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{Name: Component},
LocalObjectReference: corev1.LocalObjectReference{Name: fmt.Sprintf("%s-config", Component)},
},
},
}, {
Expand All @@ -64,8 +65,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
InitContainers: []corev1.Container{*common.DatabaseWaiterContainer(ctx), *common.MessageBusWaiterContainer(ctx)},
Containers: []corev1.Container{{
Name: Component,
Args: []string{"run", "-v", "/mnt/config/config.json"},
Image: common.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.Blobserve.Version),
Image: common.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.WSManagerBridge.Version),
ImagePullPolicy: corev1.PullIfNotPresent,
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
Expand All @@ -90,7 +90,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
),
VolumeMounts: []corev1.VolumeMount{{
Name: "config",
MountPath: "/mnt/config",
MountPath: "/config",
ReadOnly: true,
}, {
Name: "ws-manager-client-tls-certs",
Expand Down
3 changes: 1 addition & 2 deletions installer/third_party/charts/docker-registry/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,4 @@
# Licensed under the GNU Affero General Public License (AGPL).
# See License-AGPL.txt in the project root for license information.

docker-registry:
fullnameOverride: registry
docker-registry: { }

0 comments on commit dd26d45

Please sign in to comment.