fix review suggestions

.werft/eks-installer-tests.yaml

@@ -19,9 +19,6 @@ pod:
   - name: sh-playground-dns-perm
     secret:
       secretName: sh-playground-dns-perm
-  - name: sh-aks-perm
-    secret:
-      secretName: aks-credentials
   containers:
   - name: nightly-test
     image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:cw-werft-cred.0

.werft/installer-tests.ts

@@ -185,7 +185,7 @@ const INFRA_PHASES: { [name: string]: InfraConfig } = {
     ADD_NS_RECORD: {
         phase: "add-ns-record",
         makeTarget: `add-ns-record cloud=${cloud}`,
-        description: "Adds NS record for subdomain under gitpod-self-hosted.com",
+        description: "Adds NS record for subdomain under tests.gitpod-self-hosted.com",
     },
     INSTALL_GITPOD_IGNORE_PREFLIGHTS: {
         phase: "install-gitpod-without-preflights",
@@ -282,7 +282,7 @@ function cleanup() {
     werft.phase(phase, "Destroying all the created resources");
 
     const response = exec(`make -C ${makefilePath} cleanup cloud=${cloud}`, {
-        slice: "run-terrafrom-destroy",
+        slice: "run-terraform-destroy",
         dontCheckRc: true,
     });
 

install/infra/terraform/eks/database.tf

@@ -1,3 +1,9 @@
+resource "random_password" "password" {
+  length           = 16
+  special          = true
+  override_special = "!#$%&*()-_=+[]{}<>:?"
+}
+
 resource "aws_db_subnet_group" "gitpod_subnets" {
   name       = "db-sg-${var.cluster_name}"
   subnet_ids = [module.vpc.public_subnets[2], module.vpc.public_subnets[3]]
@@ -32,7 +38,7 @@ resource "aws_db_instance" "gitpod" {
   identifier           = "db-${var.cluster_name}"
   name                 = "gitpod"
   username             = "gitpod"
-  password             = "gitpod-qwat"
+  password             = random_password.password.result
   parameter_group_name = "default.mysql5.7"
   db_subnet_group_name = aws_db_subnet_group.gitpod_subnets.name
   skip_final_snapshot  = true

install/infra/terraform/eks/dns.tf

@@ -54,7 +54,7 @@ resource "aws_route53_record" "cert_validation_3" {
   type = tolist(aws_acm_certificate.gitpod.domain_validation_options)[3].resource_record_type
   zone_id = "${resource.aws_route53_zone.gitpod.zone_id}"
   records = [tolist(aws_acm_certificate.gitpod.domain_validation_options)[3].resource_record_value]
-  ttl = 6
+  ttl = 60
 }
 
 resource "aws_iam_policy" "gitpod" {

install/infra/terraform/eks/output.tf

@@ -6,7 +6,7 @@ output "external_dns_settings" {
     },
     {
         "name" = "aws.region",
-        "value" = "eu-west-1"
+        "value" = var.region
     },
     {
         "name" = "aws.credentials.secretKey",
@@ -26,7 +26,7 @@ output "secretAccessKey" {
 
 output "cert_manager_issuer" {
   value = try({
-        region = "eu-west-1"
+        region = var.region
         secretAccessKeySecretRef = {
             name = "route53-credentials"
             key = "secret-access-key"
@@ -45,7 +45,7 @@ output "database" {
   sensitive = true
   value = try({
     host     = "${aws_db_instance.gitpod.address}"
-    password = "gitpod-qwat" # FIXME hardcoded at this point
+    password = random_password.password.result
     port     = 3306
     username = "${aws_db_instance.gitpod.username}"
   }, {})

install/infra/terraform/eks/variables.tf

@@ -1,7 +1,6 @@
 variable "cluster_name" {
   type        = string
   description = "EKS cluster name."
-  default = "nan-eks-3"
 }
 variable "kubeconfig" {
   type        = string

install/tests/Makefile

@@ -203,8 +203,8 @@ check-kots-app:
 	kubectl kots get --kubeconfig=${KUBECONFIG} app gitpod -n gitpod | grep gitpod  | awk '{print $$2}' | grep "ready" || { echo "Gitpod is not ready"; exit 1; }
 
 check-gitpod-installation: delete-cm-setup check-kots-app check-env-sub-domain
-	@echo "Curling http://${TF_VAR_TEST_ID}.gitpod-self-hosted.com/api/version"
-	curl -i -X GET http://${TF_VAR_TEST_ID}.gitpod-self-hosted.com/api/version || { echo "Curling Gitpod endpoint failed"; exit 1; }
+	@echo "Curling http://${TF_VAR_TEST_ID}.tests.gitpod-self-hosted.com/api/version"
+	curl -i -X GET http://${TF_VAR_TEST_ID}.tests.gitpod-self-hosted.com/api/version || { echo "Curling Gitpod endpoint failed"; exit 1; }
 
 run-tests:
 	./tests.sh ${KUBECONFIG}
@@ -241,7 +241,7 @@ destroy-azure: select-workspace
 
 get-results:
 	@echo "If you have gotten this far, it means your setup succeeded"
-	@echo "The IP address of you setup is "$(TF_VAR_TEST_ID).gitpod-self-hosted.com""
+	@echo "The IP address of you setup is "$(TF_VAR_TEST_ID).tests.gitpod-self-hosted.com""
 	@echo "Following is the KUBECONFIG you can use to connect to the cluster:"
 	@cat ${KUBECONFIG}
 

install/tests/main.tf

@@ -36,7 +36,7 @@ module "k3s" {
   dns_sa_creds     = var.dns_sa_creds
   dns_project      = "dns-for-playgrounds"
   managed_dns_zone = "gitpod-self-hosted-com"
-  domain_name      = "${var.TEST_ID}.gitpod-self-hosted.com"
+  domain_name      = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
 }
 
 module "gcp-issuer" {
@@ -57,7 +57,7 @@ module "aks" {
   # source = "github.com/gitpod-io/gitpod//install/infra/terraform/aks?ref=main" # we can later use tags here
   source                   = "../infra/terraform/aks"
 
-  domain_name              = "${var.TEST_ID}.gitpod-self-hosted.com"
+  domain_name              = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
   enable_airgapped         = false
   enable_external_database = true
   enable_external_registry = true
@@ -69,7 +69,7 @@ module "aks" {
 
 module "eks" {
   source                 = "../infra/terraform/eks"
-  domain_name            = "${var.TEST_ID}.gitpod-self-hosted.com"
+  domain_name            = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
   cluster_name           = var.TEST_ID
   region                 = "eu-west-1"
   vpc_availability_zones = ["eu-west-1c", "eu-west-1b"]
@@ -96,15 +96,15 @@ module "azure-externaldns" {
   source       = "../infra/terraform/tools/external-dns"
   kubeconfig   = var.kubeconfig
   settings     = module.aks.external_dns_settings
-  domain_name  = "${var.TEST_ID}.gitpod-self-hosted.com"
+  domain_name  = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
   txt_owner_id = var.TEST_ID
 }
 
 module "aws-externaldns" {
   source       = "../infra/terraform/tools/external-dns"
   kubeconfig   = var.kubeconfig
   settings     = module.eks.external_dns_settings
-  domain_name  = "${var.TEST_ID}.gitpod-self-hosted.com"
+  domain_name  = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
   txt_owner_id = var.TEST_ID
 }
 
@@ -129,14 +129,14 @@ module "azure-add-dns-record" {
   nameservers      = module.aks.domain_nameservers
   dns_project      = "dns-for-playgrounds"
   managed_dns_zone = "gitpod-self-hosted-com"
-  domain_name      = "${var.TEST_ID}.gitpod-self-hosted.com"
+  domain_name      = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
 }
 
 module "aws-add-dns-record" {
   source           = "../infra/terraform/tools/cloud-dns-ns"
   credentials      = var.dns_sa_creds
   nameservers      = module.eks.domain_nameservers
   dns_project      = "dns-for-playgrounds"
-  managed_dns_zone = "gitpod-self-hosted-com"
-  domain_name      = "${var.TEST_ID}.gitpod-self-hosted.com"
+  managed_dns_zone = "tests-gitpod-self-hosted-com"
+  domain_name      = "${var.TEST_ID}.tests.gitpod-self-hosted.com"
 }

install/tests/manifests/kots-config-aws-db.yaml

@@ -12,5 +12,5 @@ spec:
         value: ${DBUSER}
         data: "db_username"
       db_password:
-        value: ${DBPASS}
+        value: "${DBPASS}"
         data: "db_password"

install/tests/manifests/kots-config.yaml

@@ -3,7 +3,7 @@ kind: ConfigValues
 spec:
   values:
       domain:
-        value: "${TF_VAR_TEST_ID}.gitpod-self-hosted.com"
+        value: "${TF_VAR_TEST_ID}.tests.gitpod-self-hosted.com"
         data: "domain"
       ssh_gateway:
         value: "1"