Skip to content
This repository was archived by the owner on Sep 6, 2022. It is now read-only.

Commit f1e6c24

Browse files
Simon Emmsmrsimonemms
authored andcommitted
Update the guide to use the KOTS installer
1 parent c7711b2 commit f1e6c24

File tree

6 files changed

+74
-105
lines changed

6 files changed

+74
-105
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,3 +3,4 @@
33
*.json
44
gitpod.yaml
55
gitpod-config.yaml
6+
.idea

Dockerfile

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@ RUN apk add --no-cache \
99
gettext \
1010
openssl
1111

12-
ARG GITPOD_VERSION="2022.03.1"
1312
ARG CLOUD_SDK_VERSION=351.0.0
1413
ARG HELM_VERSION=v3.6.3
1514

@@ -30,12 +29,9 @@ ENV PATH /google-cloud-sdk/bin:$PATH
3029
RUN gcloud components install beta
3130
RUN gcloud components install alpha
3231

33-
RUN curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.12.2/yq_linux_amd64 -o /usr/local/bin/yq \
32+
RUN curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.24.2/yq_linux_amd64 -o /usr/local/bin/yq \
3433
&& chmod +x /usr/local/bin/yq
3534

36-
RUN curl -fsSL https://github.com/gitpod-io/gitpod/releases/download/${GITPOD_VERSION}/gitpod-installer-linux-amd64 -o /usr/local/bin/gitpod-installer \
37-
&& chmod +x /usr/local/bin/gitpod-installer
38-
3935
WORKDIR /gitpod
4036

4137
COPY . /gitpod

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ SHELL=/bin/bash -o pipefail -o errexit
66
IMG=ghcr.io/gitpod-io/gitpod-gke-guide:latest
77

88
build: ## Build docker image containing the required tools for the installation
9-
@docker build --quiet . -t ${IMG}
9+
@docker build . -t ${IMG}
1010

1111
DOCKER_RUN_CMD = docker run -it \
1212
--volume $$HOME/.config/gcloud:/root/.config/gcloud \

README.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,9 +30,12 @@ The whole process takes around twenty minutes. In the end, the following resourc
3030
- In-cluster docker registry using [Cloud Storage](https://cloud.google.com/storage) as storage backend.
3131
- [calico](https://docs.projectcalico.org) as CNI and NetworkPolicy implementation.
3232
- [cert-manager](https://cert-manager.io/) for self-signed SSL certificates.
33-
- [Jaeger operator](https://github.com/jaegertracing/helm-charts/tree/main/charts/jaeger-operator) - and Jaeger deployment for gitpod distributed tracing.
3433
- [gitpod.io](https://github.com/gitpod-io/gitpod) deployment.
3534

35+
Upon completion, it will print the config for resource (including passwords) and instructions on what
36+
to do next. **IMPORTANT** - running the `make install` command after the initial install will change
37+
your database password which will require you to update your KOTS configuration.
38+
3639
### Common errors running make install
3740

3841
- Insufficient regional quota to satisfy request
@@ -54,7 +57,7 @@ The whole process takes around twenty minutes. In the end, the following resourc
5457

5558
The most likely reason is because the [DNS01 challenge](https://cert-manager.io/docs/configuration/acme/dns01/) has yet to resolve. If using `SETUP_MANAGED_DNS`, you will need to update your DNS records to point to the GCP Cloud DNS nameserver.
5659

57-
Once the DNS record has been updated, you will need to delete all Cert Manager pods to retrigger the certificate request
60+
Once the DNS record has been updated, you will need to delete all cert-manager pods to retrigger the certificate request
5861

5962
```shell
6063
❯ kubectl delete pods -n cert-manager --all

charts/assets/issuer.yaml

Lines changed: 1 addition & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
1-
---
21
apiVersion: cert-manager.io/v1
3-
kind: Issuer
2+
kind: ClusterIssuer
43
metadata:
54
name: gitpod-issuer
65
spec:
@@ -13,20 +12,3 @@ spec:
1312
- dns01:
1413
cloudDNS:
1514
project: $PROJECT_NAME
16-
serviceAccountSecretRef:
17-
name: $CLOUD_DNS_SECRET
18-
key: key.json
19-
---
20-
apiVersion: cert-manager.io/v1
21-
kind: Certificate
22-
metadata:
23-
name: $CERT_NAME
24-
spec:
25-
secretName: $CERT_NAME
26-
issuerRef:
27-
name: gitpod-issuer
28-
kind: Issuer
29-
dnsNames:
30-
- $DOMAIN
31-
- "*.$DOMAIN"
32-
- "*.ws.$DOMAIN"

setup.sh

Lines changed: 65 additions & 78 deletions
Original file line numberDiff line numberDiff line change
@@ -29,15 +29,9 @@ DNS_SA_EMAIL="${DNS_SA}"@"${PROJECT_NAME}".iam.gserviceaccount.com
2929
# Name of the node-pools for Gitpod services and workspaces
3030
SERVICES_POOL="workload-services"
3131
WORKSPACES_POOL="workload-workspaces"
32-
# Secrets
33-
SECRET_DATABASE="gcp-sql-token"
34-
SECRET_REGISTRY="gcp-registry-token"
35-
SECRET_STORAGE="gcp-storage-token"
3632

3733
REGISTRY_URL="gcr.io/${PROJECT_NAME}/gitpod"
3834
MYSQL_GITPOD_USERNAME="gitpod"
39-
MYSQL_GITPOD_ENCRYPTION_KEY='[{"name":"general","version":1,"primary":true,"material":"4uGh1q8y2DYryJwrVMHs0kWXJlqvHWWt/KJuNi04edI="}]'
40-
CERT_NAME="https-certificates"
4135

4236
function check_prerequisites() {
4337
if [ -z "${PROJECT_NAME}" ]; then
@@ -94,33 +88,6 @@ function create_node_pool() {
9488
${PREEMPTIBLE_NODES}
9589
}
9690

97-
function create_secrets() {
98-
# Assume that these values can change so create each run time
99-
100-
echo "Create database secret..."
101-
kubectl create secret generic "${SECRET_DATABASE}" \
102-
--from-literal=credentials.json="$(cat ./mysql-credentials.json)" \
103-
--from-literal=encryptionKeys="${MYSQL_GITPOD_ENCRYPTION_KEY}" \
104-
--from-literal=password="${MYSQL_GITPOD_PASSWORD}" \
105-
--from-literal=username="${MYSQL_GITPOD_USERNAME}" \
106-
--dry-run=client -o yaml | \
107-
kubectl replace --force -f -
108-
109-
echo "Create registry secret..."
110-
kubectl create secret docker-registry "${SECRET_REGISTRY}" \
111-
--docker-server="gcr.io" \
112-
--docker-username=_json_key \
113-
--docker-password="$(cat gs-credentials.json)" \
114-
--dry-run=client -o yaml | \
115-
kubectl replace --force -f -
116-
117-
echo "Create storage secret..."
118-
kubectl create secret generic "${SECRET_STORAGE}" \
119-
--from-file=service-account.json=./gs-credentials.json \
120-
--dry-run=client -o yaml | \
121-
kubectl replace --force -f -
122-
}
123-
12491
function setup_mysql_database() {
12592
if [ "$(gcloud sql instances list --filter="name:${MYSQL_INSTANCE_NAME}" --format="value(name)" | grep "${MYSQL_INSTANCE_NAME}" || echo "empty")" == "${MYSQL_INSTANCE_NAME}" ]; then
12693
echo "Cloud SQL (MySQL) Instance already exists."
@@ -206,10 +173,14 @@ function setup_managed_dns() {
206173
export CLOUD_DNS_SECRET=clouddns-dns01-solver
207174

208175
kubectl create secret generic "${CLOUD_DNS_SECRET}" \
176+
--namespace=cert-manager \
209177
--from-file=key.json="${DIR}/dns-credentials.json" \
210178
--dry-run=client -o yaml | \
211179
kubectl replace --force -f -
212180

181+
kubectl annotate serviceaccount --namespace=cert-manager cert-manager --overwrite \
182+
"iam.gke.io/gcp-service-account=${DNS_SA_EMAIL}"
183+
213184
echo "Installing cert-manager certificate issuer..."
214185
envsubst < "${DIR}/charts/assets/issuer.yaml" | kubectl apply -f -
215186
fi
@@ -231,41 +202,64 @@ function install_cert_manager() {
231202
jetstack/cert-manager
232203
}
233204

234-
function install_gitpod() {
235-
echo "Installing Gitpod..."
236-
237-
local CONFIG_FILE="${DIR}/gitpod-config.yaml"
238-
239-
gitpod-installer init > "${CONFIG_FILE}"
240-
241-
echo "Updating config..."
242-
yq e -i ".certificate.name = \"${CERT_NAME}\"" "${CONFIG_FILE}"
243-
yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}"
244-
yq e -i ".containerRegistry.external.url = \"${REGISTRY_URL}\"" "${CONFIG_FILE}"
245-
yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
246-
yq e -i ".containerRegistry.external.certificate.name = \"${SECRET_REGISTRY}\"" "${CONFIG_FILE}"
247-
yq e -i ".database.inCluster = false" "${CONFIG_FILE}"
248-
yq e -i ".database.cloudSQL.instance = \"${PROJECT_NAME}:${REGION}:${MYSQL_INSTANCE_NAME}\"" "${CONFIG_FILE}"
249-
yq e -i ".database.cloudSQL.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
250-
yq e -i ".database.cloudSQL.serviceAccount.name = \"${SECRET_DATABASE}\"" "${CONFIG_FILE}"
251-
yq e -i ".domain = \"${DOMAIN}\"" "${CONFIG_FILE}"
252-
yq e -i ".metadata.region = \"${REGION}\"" "${CONFIG_FILE}"
253-
yq e -i ".objectStorage.inCluster = false" "${CONFIG_FILE}"
254-
yq e -i ".objectStorage.cloudStorage.project = \"${PROJECT_NAME}\"" "${CONFIG_FILE}"
255-
yq e -i ".objectStorage.cloudStorage.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
256-
yq e -i ".objectStorage.cloudStorage.serviceAccount.name = \"${SECRET_STORAGE}\"" "${CONFIG_FILE}"
257-
yq e -i '.workspace.runtime.containerdRuntimeDir = "/var/lib/containerd/io.containerd.runtime.v2.task/k8s.io"' "${CONFIG_FILE}"
258-
259-
gitpod-installer \
260-
render \
261-
--config="${CONFIG_FILE}" > gitpod.yaml
262-
263-
# See https://github.com/gitpod-io/gitpod/tree/main/install/installer#error-validating-statefulsetstatus
264-
yq eval-all --inplace \
265-
'del(select(.kind == "StatefulSet" and .metadata.name == "openvsx-proxy").status)' \
266-
gitpod.yaml
267-
268-
kubectl apply -f gitpod.yaml
205+
function output_config() {
206+
cat << EOF
207+
208+
209+
==========================
210+
🎉🥳🔥🧡🚀
211+
212+
Your cloud infrastructure is ready to install Gitpod. Please visit
213+
https://www.gitpod.io/docs/self-hosted/latest/getting-started#step-4-install-gitpod
214+
for your next steps.
215+
216+
Passwords may change on subsequents runs of this guide.
217+
218+
=================
219+
Config Parameters
220+
=================
221+
222+
Domain Name: ${DOMAIN}
223+
224+
Registry
225+
========
226+
URL: ${REGISTRY_URL}
227+
Registry Server: gcr.io
228+
Username: _json_key
229+
Password: $(cat gs-credentials.json | tr -d '\n')
230+
231+
Database
232+
========
233+
Cloud SQL Proxy: enabled
234+
Connection Name: ${PROJECT_NAME}:${REGION}:${MYSQL_INSTANCE_NAME}
235+
Username: ${MYSQL_GITPOD_USERNAME}
236+
Password: ${MYSQL_GITPOD_PASSWORD}
237+
Service Account Key Path: ./mysql-credentials.json
238+
239+
Storage
240+
=======
241+
Region: ${REGION}
242+
Project ID: ${PROJECT_NAME}
243+
Service Account Key Path: ./gs-credentials.json
244+
245+
TLS Certificates
246+
================
247+
Issuer name: gitpod-issuer
248+
Issuer type: Cluster issuer
249+
250+
EOF
251+
252+
if [ -n "${SETUP_MANAGED_DNS}" ] && [ "${SETUP_MANAGED_DNS}" == "true" ]; then
253+
cat << EOF
254+
===========
255+
DNS Records
256+
===========
257+
258+
Domain Name: ${DOMAIN}
259+
Nameserver(s):
260+
$(gcloud dns managed-zones describe ${CLUSTER_NAME} --format json | jq '.nameServers' | yq -P)
261+
EOF
262+
fi
269263
}
270264

271265
function service_account_exists() {
@@ -278,8 +272,6 @@ function service_account_exists() {
278272
}
279273

280274
function install() {
281-
echo "Gitpod installer version: $(gitpod-installer version | jq -r '.version')"
282-
283275
check_prerequisites
284276

285277
echo "Updating helm repositories..."
@@ -403,15 +395,10 @@ function install() {
403395
install_cert_manager
404396
setup_managed_dns
405397
setup_mysql_database
406-
create_secrets
407-
install_gitpod
398+
output_config
408399

409-
cat << EOF
410-
==========================
411-
Gitpod is now installed on your cluster
412-
413-
Please update your DNS records with the relevant nameserver.
414-
EOF
400+
# Make the credentials readable
401+
chmod 644 *credentials.json
415402
}
416403

417404
function setup_kubectl() {

0 commit comments

Comments
 (0)