mirror of
https://github.com/gitpod-io/gitpod.git
synced 2025-12-08 17:36:30 +00:00
6ef48d59c6
Previously, this was defined as a Helm secret inline. Now, this uses the way that the Installer supports by default.
175 lines
5.0 KiB
Go
175 lines
5.0 KiB
Go
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
|
|
// Licensed under the GNU Affero General Public License (AGPL).
|
|
// See License.AGPL.txt in the project root for license information.
|
|
|
|
package rabbitmq
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"helm.sh/helm/v3/pkg/cli/values"
|
|
"sigs.k8s.io/yaml"
|
|
|
|
"github.com/gitpod-io/gitpod/installer/pkg/cluster"
|
|
"github.com/gitpod-io/gitpod/installer/pkg/common"
|
|
"github.com/gitpod-io/gitpod/installer/pkg/helm"
|
|
"github.com/gitpod-io/gitpod/installer/third_party/charts"
|
|
corev1 "k8s.io/api/core/v1"
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
)
|
|
|
|
var Helm = common.CompositeHelmFunc(
|
|
helm.ImportTemplate(charts.RabbitMQ(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) {
|
|
affinity, err := helm.AffinityYaml(cluster.AffinityLabelMeta)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
affinityTemplate, err := helm.KeyFileValue("rabbitmq.affinity", affinity)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
sharedVolume := "shared-data"
|
|
|
|
volumeMounts := []corev1.VolumeMount{
|
|
{
|
|
MountPath: "/gitpod-config",
|
|
Name: sharedVolume,
|
|
},
|
|
}
|
|
|
|
volumeMountsYaml, err := yaml.Marshal(volumeMounts)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
volumeMountsTemplate, err := helm.KeyFileValue("rabbitmq.extraVolumeMounts", volumeMountsYaml)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
volumes := []corev1.Volume{
|
|
{
|
|
Name: sharedVolume,
|
|
VolumeSource: corev1.VolumeSource{
|
|
EmptyDir: &corev1.EmptyDirVolumeSource{},
|
|
},
|
|
},
|
|
}
|
|
|
|
volumesYaml, err := yaml.Marshal(volumes)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
volumesTemplate, err := helm.KeyFileValue("rabbitmq.extraVolumes", volumesYaml)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
msgBusPasswordSecret := InClusterMsgBusSecret
|
|
if cfg.Config.MessageBus != nil && cfg.Config.MessageBus.Credentials != nil {
|
|
msgBusPasswordSecret = cfg.Config.MessageBus.Credentials.Name
|
|
}
|
|
|
|
loadDefinitionsFile := "/gitpod-config/load_definition.json"
|
|
|
|
// Create an init container to convert the password variable to the password value
|
|
// This is so we can use a secret for the custom message bus password in the config
|
|
initContainer := []corev1.Container{
|
|
{
|
|
Name: "credential-injector",
|
|
Image: cfg.ImageName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), InitContainerImage, InitContainerTag),
|
|
Args: []string{
|
|
"sh",
|
|
"-c",
|
|
fmt.Sprintf(`sed "s/%s/${PASSWORD}/" /app/load_definition.json > %s`, passwordReplaceString, loadDefinitionsFile),
|
|
},
|
|
Env: []corev1.EnvVar{
|
|
{
|
|
Name: "PASSWORD",
|
|
ValueFrom: &corev1.EnvVarSource{
|
|
SecretKeyRef: &corev1.SecretKeySelector{
|
|
LocalObjectReference: corev1.LocalObjectReference{
|
|
Name: msgBusPasswordSecret,
|
|
},
|
|
Key: "rabbitmq-password",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
VolumeMounts: append(
|
|
[]corev1.VolumeMount{
|
|
// Mount the load definition
|
|
{
|
|
MountPath: "/app",
|
|
Name: "load-definition-volume", // Set by Helm chart
|
|
},
|
|
},
|
|
volumeMounts...,
|
|
),
|
|
},
|
|
}
|
|
|
|
initContainerYaml, err := yaml.Marshal(initContainer)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
initContainerTemplate, err := helm.KeyFileValue("rabbitmq.initContainers", initContainerYaml)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
imageRegistry := common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL)
|
|
|
|
// Add pod annotation in case config/secrets change
|
|
var hashObj []runtime.Object
|
|
if objs, err := configuration(cfg); err != nil {
|
|
return nil, err
|
|
} else {
|
|
hashObj = append(hashObj, objs...)
|
|
}
|
|
if objs, err := secrets(cfg); err != nil {
|
|
return nil, err
|
|
} else {
|
|
hashObj = append(hashObj, objs...)
|
|
}
|
|
|
|
podAnnotations, err := common.ObjectHash(hashObj, nil)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return &common.HelmConfig{
|
|
Enabled: true,
|
|
Values: &values.Options{
|
|
Values: []string{
|
|
helm.KeyValue("rabbitmq.auth.username", rabbitMQUsername),
|
|
helm.KeyValue("rabbitmq.auth.existingPasswordSecret", msgBusPasswordSecret),
|
|
helm.KeyValue("rabbitmq.auth.existingErlangSecret", CookieSecret),
|
|
helm.KeyValue("rabbitmq.auth.tls.existingSecret", TLSSecret),
|
|
helm.KeyValue("rabbitmq.serviceAccount.name", Component),
|
|
helm.ImagePullSecrets("rabbitmq.image.pullSecrets", cfg),
|
|
helm.KeyValue("rabbitmq.image.registry", imageRegistry),
|
|
helm.ImagePullSecrets("volumePermissions.image.pullSecrets", cfg),
|
|
helm.KeyValue("rabbitmq.volumePermissions.image.registry", imageRegistry),
|
|
helm.KeyValue("rabbitmq.loadDefinition.file", loadDefinitionsFile),
|
|
helm.KeyValue(fmt.Sprintf("rabbitmq.podAnnotations.%s", strings.Replace(common.AnnotationConfigChecksum, ".", "\\.", -1)), podAnnotations),
|
|
|
|
helm.KeyValue("rabbitmq.livenessProbe.initialDelaySeconds", "30"),
|
|
},
|
|
// This is too complex to be sent as a string
|
|
FileValues: []string{
|
|
affinityTemplate,
|
|
initContainerTemplate,
|
|
volumeMountsTemplate,
|
|
volumesTemplate,
|
|
},
|
|
},
|
|
}, nil
|
|
}),
|
|
)
|