Update the guide to use the KOTS installer

Simon Emms · mrsimonemms · commit f1e6c24823f0 · 2022-04-28T13:32:43.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -3,3 +3,4 @@
 *.json
 gitpod.yaml
 gitpod-config.yaml
+.idea
diff --git a/Dockerfile b/Dockerfile
@@ -9,7 +9,6 @@ RUN apk add --no-cache \
     gettext \
     openssl
 
-ARG GITPOD_VERSION="2022.03.1"
 ARG CLOUD_SDK_VERSION=351.0.0
 ARG HELM_VERSION=v3.6.3
 
@@ -30,12 +29,9 @@ ENV PATH /google-cloud-sdk/bin:$PATH
 RUN gcloud components install beta
 RUN gcloud components install alpha
 
-RUN curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.12.2/yq_linux_amd64 -o /usr/local/bin/yq \
+RUN curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.24.2/yq_linux_amd64 -o /usr/local/bin/yq \
   && chmod +x /usr/local/bin/yq
 
-RUN curl -fsSL https://github.com/gitpod-io/gitpod/releases/download/${GITPOD_VERSION}/gitpod-installer-linux-amd64 -o /usr/local/bin/gitpod-installer \
-  && chmod +x /usr/local/bin/gitpod-installer
-
 WORKDIR /gitpod
 
 COPY . /gitpod
diff --git a/Makefile b/Makefile
@@ -6,7 +6,7 @@ SHELL=/bin/bash -o pipefail -o errexit
 IMG=ghcr.io/gitpod-io/gitpod-gke-guide:latest
 
 build: ## Build docker image containing the required tools for the installation
-	@docker build --quiet . -t ${IMG}
+	@docker build . -t ${IMG}
 
 DOCKER_RUN_CMD = docker run -it \
 	--volume $$HOME/.config/gcloud:/root/.config/gcloud \
diff --git a/README.md b/README.md
@@ -30,9 +30,12 @@ The whole process takes around twenty minutes. In the end, the following resourc
 - In-cluster docker registry using [Cloud Storage](https://cloud.google.com/storage) as storage backend.
 - [calico](https://docs.projectcalico.org) as CNI and NetworkPolicy implementation.
 - [cert-manager](https://cert-manager.io/) for self-signed SSL certificates.
-- [Jaeger operator](https://github.com/jaegertracing/helm-charts/tree/main/charts/jaeger-operator) - and Jaeger deployment for gitpod distributed tracing.
 - [gitpod.io](https://github.com/gitpod-io/gitpod) deployment.
 
+Upon completion, it will print the config for resource (including passwords) and instructions on what
+to do next. **IMPORTANT** - running the `make install` command after the initial install will change
+your database password which will require you to update your KOTS configuration.
+
 ### Common errors running make install
 
 - Insufficient regional quota to satisfy request
@@ -54,7 +57,7 @@ The whole process takes around twenty minutes. In the end, the following resourc
   
   The most likely reason is because the [DNS01 challenge](https://cert-manager.io/docs/configuration/acme/dns01/) has yet to resolve. If using `SETUP_MANAGED_DNS`, you will need to update your DNS records to point to the GCP Cloud DNS nameserver.
 
-  Once the DNS record has been updated, you will need to delete all Cert Manager pods to retrigger the certificate request
+  Once the DNS record has been updated, you will need to delete all cert-manager pods to retrigger the certificate request
 
   ```shell
   ❯ kubectl delete pods -n cert-manager --all
diff --git a/charts/assets/issuer.yaml b/charts/assets/issuer.yaml
@@ -1,6 +1,5 @@
----
 apiVersion: cert-manager.io/v1
-kind: Issuer
+kind: ClusterIssuer
 metadata:
   name: gitpod-issuer
 spec:
@@ -13,20 +12,3 @@ spec:
       - dns01:
           cloudDNS:
             project: $PROJECT_NAME
-            serviceAccountSecretRef:
-              name: $CLOUD_DNS_SECRET
-              key: key.json
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: $CERT_NAME
-spec:
-  secretName: $CERT_NAME
-  issuerRef:
-    name: gitpod-issuer
-    kind: Issuer
-  dnsNames:
-    - $DOMAIN
-    - "*.$DOMAIN"
-    - "*.ws.$DOMAIN"
diff --git a/setup.sh b/setup.sh
@@ -29,15 +29,9 @@ DNS_SA_EMAIL="${DNS_SA}"@"${PROJECT_NAME}".iam.gserviceaccount.com
 # Name of the node-pools for Gitpod services and workspaces
 SERVICES_POOL="workload-services"
 WORKSPACES_POOL="workload-workspaces"
-# Secrets
-SECRET_DATABASE="gcp-sql-token"
-SECRET_REGISTRY="gcp-registry-token"
-SECRET_STORAGE="gcp-storage-token"
 
 REGISTRY_URL="gcr.io/${PROJECT_NAME}/gitpod"
 MYSQL_GITPOD_USERNAME="gitpod"
-MYSQL_GITPOD_ENCRYPTION_KEY='[{"name":"general","version":1,"primary":true,"material":"4uGh1q8y2DYryJwrVMHs0kWXJlqvHWWt/KJuNi04edI="}]'
-CERT_NAME="https-certificates"
 
 function check_prerequisites() {
     if [ -z "${PROJECT_NAME}" ]; then
@@ -94,33 +88,6 @@ function create_node_pool() {
         ${PREEMPTIBLE_NODES}
 }
 
-function create_secrets() {
-  # Assume that these values can change so create each run time
-
-  echo "Create database secret..."
-  kubectl create secret generic "${SECRET_DATABASE}" \
-    --from-literal=credentials.json="$(cat ./mysql-credentials.json)" \
-    --from-literal=encryptionKeys="${MYSQL_GITPOD_ENCRYPTION_KEY}" \
-    --from-literal=password="${MYSQL_GITPOD_PASSWORD}" \
-    --from-literal=username="${MYSQL_GITPOD_USERNAME}" \
-    --dry-run=client -o yaml | \
-    kubectl replace --force -f -
-
-  echo "Create registry secret..."
-  kubectl create secret docker-registry "${SECRET_REGISTRY}" \
-      --docker-server="gcr.io" \
-      --docker-username=_json_key \
-      --docker-password="$(cat gs-credentials.json)" \
-      --dry-run=client -o yaml | \
-      kubectl replace --force -f -
-
-  echo "Create storage secret..."
-  kubectl create secret generic "${SECRET_STORAGE}" \
-      --from-file=service-account.json=./gs-credentials.json \
-      --dry-run=client -o yaml | \
-      kubectl replace --force -f -
-}
-
 function setup_mysql_database() {
     if [ "$(gcloud sql instances list --filter="name:${MYSQL_INSTANCE_NAME}" --format="value(name)" | grep "${MYSQL_INSTANCE_NAME}" || echo "empty")" == "${MYSQL_INSTANCE_NAME}" ]; then
         echo "Cloud SQL (MySQL) Instance already exists."
@@ -206,10 +173,14 @@ function setup_managed_dns() {
         export CLOUD_DNS_SECRET=clouddns-dns01-solver
 
         kubectl create secret generic "${CLOUD_DNS_SECRET}" \
+            --namespace=cert-manager \
             --from-file=key.json="${DIR}/dns-credentials.json" \
             --dry-run=client -o yaml | \
             kubectl replace --force -f -
 
+        kubectl annotate serviceaccount --namespace=cert-manager cert-manager --overwrite \
+          "iam.gke.io/gcp-service-account=${DNS_SA_EMAIL}"
+
         echo "Installing cert-manager certificate issuer..."
         envsubst < "${DIR}/charts/assets/issuer.yaml" | kubectl apply -f -
     fi
@@ -231,41 +202,64 @@ function install_cert_manager() {
         jetstack/cert-manager
 }
 
-function install_gitpod() {
-    echo "Installing Gitpod..."
-
-    local CONFIG_FILE="${DIR}/gitpod-config.yaml"
-
-    gitpod-installer init > "${CONFIG_FILE}"
-
-    echo "Updating config..."
-    yq e -i ".certificate.name = \"${CERT_NAME}\"" "${CONFIG_FILE}"
-    yq e -i ".containerRegistry.inCluster = false" "${CONFIG_FILE}"
-    yq e -i ".containerRegistry.external.url = \"${REGISTRY_URL}\"" "${CONFIG_FILE}"
-    yq e -i ".containerRegistry.external.certificate.kind = \"secret\"" "${CONFIG_FILE}"
-    yq e -i ".containerRegistry.external.certificate.name = \"${SECRET_REGISTRY}\"" "${CONFIG_FILE}"
-    yq e -i ".database.inCluster = false" "${CONFIG_FILE}"
-    yq e -i ".database.cloudSQL.instance = \"${PROJECT_NAME}:${REGION}:${MYSQL_INSTANCE_NAME}\"" "${CONFIG_FILE}"
-    yq e -i ".database.cloudSQL.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
-    yq e -i ".database.cloudSQL.serviceAccount.name = \"${SECRET_DATABASE}\"" "${CONFIG_FILE}"
-    yq e -i ".domain = \"${DOMAIN}\"" "${CONFIG_FILE}"
-    yq e -i ".metadata.region = \"${REGION}\"" "${CONFIG_FILE}"
-    yq e -i ".objectStorage.inCluster = false" "${CONFIG_FILE}"
-    yq e -i ".objectStorage.cloudStorage.project = \"${PROJECT_NAME}\"" "${CONFIG_FILE}"
-    yq e -i ".objectStorage.cloudStorage.serviceAccount.kind = \"secret\"" "${CONFIG_FILE}"
-    yq e -i ".objectStorage.cloudStorage.serviceAccount.name = \"${SECRET_STORAGE}\"" "${CONFIG_FILE}"
-    yq e -i '.workspace.runtime.containerdRuntimeDir = "/var/lib/containerd/io.containerd.runtime.v2.task/k8s.io"' "${CONFIG_FILE}"
-
-    gitpod-installer \
-        render \
-        --config="${CONFIG_FILE}" > gitpod.yaml
-
-    # See https://github.com/gitpod-io/gitpod/tree/main/install/installer#error-validating-statefulsetstatus
-    yq eval-all --inplace \
-        'del(select(.kind == "StatefulSet" and .metadata.name == "openvsx-proxy").status)' \
-        gitpod.yaml
-
-    kubectl apply -f gitpod.yaml
+function output_config() {
+    cat << EOF
+
+
+==========================
+🎉🥳🔥🧡🚀
+
+Your cloud infrastructure is ready to install Gitpod. Please visit
+https://www.gitpod.io/docs/self-hosted/latest/getting-started#step-4-install-gitpod
+for your next steps.
+
+Passwords may change on subsequents runs of this guide.
+
+=================
+Config Parameters
+=================
+
+Domain Name: ${DOMAIN}
+
+Registry
+========
+URL: ${REGISTRY_URL}
+Registry Server: gcr.io
+Username: _json_key
+Password: $(cat gs-credentials.json | tr -d '\n')
+
+Database
+========
+Cloud SQL Proxy: enabled
+Connection Name: ${PROJECT_NAME}:${REGION}:${MYSQL_INSTANCE_NAME}
+Username: ${MYSQL_GITPOD_USERNAME}
+Password: ${MYSQL_GITPOD_PASSWORD}
+Service Account Key Path: ./mysql-credentials.json
+
+Storage
+=======
+Region: ${REGION}
+Project ID: ${PROJECT_NAME}
+Service Account Key Path: ./gs-credentials.json
+
+TLS Certificates
+================
+Issuer name: gitpod-issuer
+Issuer type: Cluster issuer
+
+EOF
+
+    if [ -n "${SETUP_MANAGED_DNS}" ] && [ "${SETUP_MANAGED_DNS}" == "true" ]; then
+  cat << EOF
+===========
+DNS Records
+===========
+
+Domain Name: ${DOMAIN}
+Nameserver(s):
+$(gcloud dns managed-zones describe ${CLUSTER_NAME} --format json | jq '.nameServers' | yq -P)
+EOF
+fi
 }
 
 function service_account_exists() {
@@ -278,8 +272,6 @@ function service_account_exists() {
 }
 
 function install() {
-    echo "Gitpod installer version: $(gitpod-installer version | jq -r '.version')"
-
     check_prerequisites
 
     echo "Updating helm repositories..."
@@ -403,15 +395,10 @@ function install() {
     install_cert_manager
     setup_managed_dns
     setup_mysql_database
-    create_secrets
-    install_gitpod
+    output_config
 
-    cat << EOF
-==========================
-Gitpod is now installed on your cluster
-
-Please update your DNS records with the relevant nameserver.
-EOF
+    # Make the credentials readable
+    chmod 644 *credentials.json
 }
 
 function setup_kubectl() {
