mirror of
https://github.com/gitpod-io/gitpod.git
synced 2025-12-08 17:36:30 +00:00
204 lines
7.7 KiB
Bash
Executable File
204 lines
7.7 KiB
Bash
Executable File
#!/bin/bash
|
|
# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
|
|
# Licensed under the GNU Affero General Public License (AGPL).
|
|
# See License.AGPL.txt in the project root for license information.
|
|
|
|
set -eo pipefail
|
|
|
|
INSTALLER_LOG_FILE=/tmp/gitpod-installer.log
|
|
rm -f "${INSTALLER_LOG_FILE}"
|
|
|
|
trap 'catch $?' EXIT
|
|
|
|
catch() {
|
|
echo "Gitpod: Saving log to configmap"
|
|
|
|
# Allow config map to be updated
|
|
kubectl create configmap \
|
|
gitpod-installation-status \
|
|
-n "${NAMESPACE}" \
|
|
--from-file="${INSTALLER_LOG_FILE}" \
|
|
-o yaml \
|
|
--dry-run=client \
|
|
| kubectl apply -f -
|
|
|
|
# This line is used by KOTS to analyse the validation status
|
|
if [ "${1}" = "0" ]; then
|
|
echo "Gitpod: status pass"
|
|
else
|
|
echo "Gitpod: status fail"
|
|
fi
|
|
exit "${1}"
|
|
}
|
|
|
|
stop_running_workspaces() {
|
|
echo "Gitpod: shut down any running workspaces/image-builders"
|
|
|
|
# Create a context for gpctl
|
|
kubectl config set-context "${NAMESPACE}"
|
|
kubectl config use-context "${NAMESPACE}"
|
|
# gpctl doesn't have a namespace flag
|
|
kubectl config set-context --current --namespace="${NAMESPACE}"
|
|
|
|
# Get list of workspace instances from gpctl
|
|
for instance in $(/app/gpctl workspaces list -o json | jq -r 'select(. != null) | .[] | .Instance'); do
|
|
echo "Gitpod: shutting down workspace ${instance}"
|
|
/app/gpctl workspaces stop "${instance}" || eval "$(echo "Gitpod: retrying shutting down workspace" && \
|
|
sleep 10 && \
|
|
/app/gpctl workspaces stop "${instance}")"
|
|
done
|
|
|
|
# Delete the context
|
|
kubectl config unset "contexts.${NAMESPACE}"
|
|
kubectl config unset current-context
|
|
}
|
|
|
|
main() {
|
|
if [ "${INSTALLER_DRY_RUN}" != "true" ]; then
|
|
echo "Gitpod: Killing any in-progress installations"
|
|
|
|
kubectl delete jobs.batch -n "${NAMESPACE}" -l component="gitpod-installer,cursor!=${CURSOR}" --force --grace-period 0 || true
|
|
kubectl delete pod -n "${NAMESPACE}" -l component="gitpod-installer,cursor!=${CURSOR}" --force --grace-period 0 || true
|
|
|
|
if [ "$(helm status -n "${NAMESPACE}" gitpod -o json | jq '.info.status == "deployed"')" = "false" ];
|
|
then
|
|
echo "Gitpod: Deployment in-progress - clearing"
|
|
|
|
VERSION="$(helm status -n "${NAMESPACE}" gitpod -o json | jq '.version')"
|
|
if [ "${VERSION}" -le 1 ];
|
|
then
|
|
echo "Gitpod: Uninstall application"
|
|
helm uninstall -n "${NAMESPACE}" gitpod --wait || true
|
|
else
|
|
echo "Gitpod: Rolling back application"
|
|
helm rollback -n "${NAMESPACE}" gitpod --wait || true
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
echo "Gitpod: Create a Helm template directory"
|
|
rm -Rf "${GITPOD_OBJECTS}"
|
|
mkdir -p "${GITPOD_OBJECTS}/templates"
|
|
cat <<EOF >> "${GITPOD_OBJECTS}/Chart.yaml"
|
|
apiVersion: v2
|
|
name: gitpod-kots
|
|
description: Always ready-to-code
|
|
version: "1.0.0"
|
|
appVersion: "$(/app/installer version | yq e '.version' -)"
|
|
EOF
|
|
|
|
echo "Gitpod: Installer version - $(/app/installer version | yq e '.version' -)"
|
|
|
|
echo "Gitpod: Generate the base Installer config"
|
|
/app/installer config init --overwrite
|
|
|
|
echo "Gitpod: auto-detecting containerd settings on host machine"
|
|
/app/installer config files containerd
|
|
|
|
echo "Gitpod: auto-detecting settings"
|
|
/app/installer config build-from-envvars
|
|
|
|
echo "Gitpod: Validate config"
|
|
/app/installer validate config
|
|
|
|
echo "Gitpod: render Kubernetes manifests"
|
|
/app/installer render --use-experimental-config > "${GITPOD_OBJECTS}/templates/gitpod.yaml"
|
|
|
|
if [ "${INSTALLER_DRY_RUN}" = "true" ]; then
|
|
echo "Gitpod: dry-run set to true, no installation will be performed"
|
|
return 0
|
|
fi
|
|
|
|
# Combine the pull secrets
|
|
echo "${LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON}" > /tmp/kotsregistry.json
|
|
if [ "${REGISTRY_INCLUSTER_ENABLED}" = "1" ]; then
|
|
echo "Gitpod: Add the local registry secret to the in-cluster registry secret"
|
|
|
|
# Get the in-cluster registry secret
|
|
yq eval-all '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson")' \
|
|
"${GITPOD_OBJECTS}/templates/gitpod.yaml" \
|
|
| base64 -d \
|
|
> /tmp/gitpodregistry.json
|
|
|
|
REGISTRY_SECRET="$(cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - | base64 -w 0)"
|
|
export REGISTRY_SECRET
|
|
|
|
echo "Gitpod: update the in-cluster registry secret"
|
|
yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \
|
|
"${GITPOD_OBJECTS}/templates/gitpod.yaml"
|
|
else
|
|
echo "Gitpod: configuring external container registry"
|
|
|
|
# Get the external-container-registry secret so we can merge the external registry and KOTS registry keys
|
|
echo "${EXTERNAL_DOCKER_CONFIG_JSON}" > /tmp/gitpodregistry.json
|
|
|
|
cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret
|
|
|
|
echo "Gitpod: append the container-registry secret"
|
|
echo "---" >> "${GITPOD_OBJECTS}/templates/gitpod.yaml"
|
|
kubectl create secret docker-registry "${REGISTRY_EXTERNAL_CERTIFICATE_NAME}" \
|
|
--namespace "${NAMESPACE}" \
|
|
--from-file=.dockerconfigjson=/tmp/container-registry-secret \
|
|
-o yaml --dry-run=client >> "${GITPOD_OBJECTS}/templates/gitpod.yaml"
|
|
fi
|
|
|
|
if [ "${REGISTRY_DOCKER_CONFIG_ENABLED}" = "1" ];
|
|
then
|
|
# Work out the registry secret to use
|
|
if [ "${REGISTRY_INCLUSTER_ENABLED}" = "0" ];
|
|
then
|
|
export REGISTRY_SECRET_NAME="${REGISTRY_EXTERNAL_CERTIFICATE_NAME}"
|
|
else
|
|
export REGISTRY_SECRET_NAME="builtin-registry-auth"
|
|
fi
|
|
|
|
echo "Gitpod: Add given extra docker config JSON file to ${REGISTRY_SECRET_NAME}"
|
|
yq eval-all '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson")' \
|
|
"${GITPOD_OBJECTS}/templates/gitpod.yaml" \
|
|
| base64 -d \
|
|
> /tmp/currentconfig.json
|
|
|
|
echo "${REGISTRY_DOCKER_CONFIG_JSON}" > /tmp/userconfig.json
|
|
echo "Gitpod: update the in-cluster registry secret"
|
|
REGISTRY_SECRET="$(jq -s '.[0] * .[1]' /tmp/userconfig.json /tmp/currentconfig.json | base64 -w 0)"
|
|
export REGISTRY_SECRET
|
|
yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \
|
|
"${GITPOD_OBJECTS}/templates/gitpod.yaml"
|
|
fi
|
|
|
|
echo "Gitpod: Escape any Golang template values"
|
|
# shellcheck disable=SC2016
|
|
sed -i -r 's/(.*\{\{.*)/{{`\1`}}/' "${GITPOD_OBJECTS}/templates/gitpod.yaml"
|
|
|
|
# If certificate secret already exists, set the timeout to 5m
|
|
CERT_SECRET=$(kubectl get secrets -n "${NAMESPACE}" https-certificates -o jsonpath='{.metadata.name}' || echo '')
|
|
HELM_TIMEOUT="5m"
|
|
if [ "${ADVANCED_MODE_ENABLED}" = "1" ]; then
|
|
HELM_TIMEOUT="${INSTALLER_TIMEOUT}"
|
|
fi
|
|
if [ "${CERT_SECRET}" = "" ]; then
|
|
HELM_TIMEOUT="1h"
|
|
fi
|
|
|
|
stop_running_workspaces
|
|
|
|
# The long timeout is to ensure the TLS cert is created (if required)
|
|
echo "Gitpod: Apply the Kubernetes objects with timeout of ${HELM_TIMEOUT}"
|
|
helm upgrade \
|
|
--atomic \
|
|
--cleanup-on-fail \
|
|
--create-namespace \
|
|
--install \
|
|
--namespace="${NAMESPACE}" \
|
|
--reset-values \
|
|
--timeout "${HELM_TIMEOUT}" \
|
|
--wait \
|
|
gitpod \
|
|
"${GITPOD_OBJECTS}"
|
|
|
|
echo "Gitpod: Restarting installation status job"
|
|
kubectl delete pod -n "${NAMESPACE}" -l component=gitpod-installer-status || true
|
|
}
|
|
|
|
main 2>&1 | tee -a "${INSTALLER_LOG_FILE}"
|