diff --git a/.gitpod.yml b/.gitpod.yml index 20eface069fe3f..f0ffa7ca63e36f 100644 --- a/.gitpod.yml +++ b/.gitpod.yml @@ -1,4 +1,4 @@ -image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:mads-dont-include-previewctl-in-image.12 +image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:mads-remove-adc.9 workspaceLocation: gitpod/gitpod-ws.code-workspace checkoutLocation: gitpod ports: @@ -34,12 +34,11 @@ ports: - port: 8022 onOpen: ignore tasks: + # This task takes care of configuring your workspace so it can manage and interact + # with preview environments. - name: Preview environment configuration - init: | - leeway run dev/preview/previewctl:install - command: | - previewctl get-credentials - previewctl install-context --watch + init: leeway run dev/preview/previewctl:install + command: leeway run dev/preview:configure-workspace - name: Installer dependencies init: | (cd install/installer && make deps) diff --git a/dev/image/BUILD.yaml b/dev/image/BUILD.yaml index 70d9f8aa3bf894..505dd0c2477eae 100644 --- a/dev/image/BUILD.yaml +++ b/dev/image/BUILD.yaml @@ -8,7 +8,6 @@ packages: - imageRepoBase srcs: - gcloud-default-config - - kubeconfig.yaml config: dockerfile: Dockerfile image: diff --git a/dev/image/Dockerfile b/dev/image/Dockerfile index 9804cfb4b816e6..5ded0bf01181b8 100644 --- a/dev/image/Dockerfile +++ b/dev/image/Dockerfile @@ -163,18 +163,11 @@ RUN sudo install-packages \ RUN sudo python3 -m pip uninstall crcmod; sudo python3 -m pip install --no-cache-dir -U crcmod -### gitpod-core specific gcloud/kubectl config +### gitpod-core specific gcloud config # Copy GCloud default config that points to gitpod-dev ARG GCLOUD_CONFIG_DIR=/home/gitpod/.config/gcloud COPY --chown=gitpod gcloud-default-config $GCLOUD_CONFIG_DIR/configurations/config_default -# Set kubeconfig file for dev cluster, using GCloud Application Default Credentials (ADC) as auth provider -ARG KUBE_CONFIG_PATH=/home/gitpod/.kube/config -COPY --chown=gitpod kubeconfig.yaml $KUBE_CONFIG_PATH - -# Set Application Default Credentials (ADC) based on user-provided env var -RUN echo ". /workspace/gitpod/scripts/setup-google-adc.sh" >> ~/.bashrc - ENV DB_HOST=localhost ENV LEEWAY_WORKSPACE_ROOT=/workspace/gitpod @@ -263,3 +256,7 @@ COPY dev-kubecdl--app/kubecdl dev-gpctl--app/gpctl /usr/bin/ RUN bash -c "echo . \<\(gpctl completion bash\) >> ~/.bashrc" ENV PATH=$PATH:/workspace/bin + +# Setting the environment variable here so that it will be accessible to all tasks and +# terminal sessions in Gitpod workspaces. +ENV PREVIEW_ENV_DEV_SA_KEY_PATH=/home/gitpod/.config/gcloud/preview-environment-dev-sa.json diff --git a/dev/image/kubeconfig.yaml b/dev/image/kubeconfig.yaml deleted file mode 100644 index 597d0f1713e840..00000000000000 --- a/dev/image/kubeconfig.yaml +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright (c) 2020 Gitpod GmbH. All rights reserved. -# Licensed under the GNU Affero General Public License (AGPL). -# See License-AGPL.txt in the project root for license information. - -apiVersion: v1 -clusters: -- cluster: - certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLakNDQWhLZ0F3SUJBZ0lRZHpqTWhSeE1PWFNFT0ZsZUx4d2hqakFOQmdrcWhraUc5dzBCQVFzRkFEQXYKTVMwd0t3WURWUVFERXlSaFpqY3dObVF5Tmkwek16STFMVFJpTldRdE9UVmtNeTFoWXpVd1pEaGxZamd6TVdJdwpIaGNOTWpFd09EQXlNRGsxT0RNM1doY05Nall3T0RBeE1UQTFPRE0zV2pBdk1TMHdLd1lEVlFRREV5UmhaamN3Ck5tUXlOaTB6TXpJMUxUUmlOV1F0T1RWa015MWhZelV3WkRobFlqZ3pNV0l3Z2dFaU1BMEdDU3FHU0liM0RRRUIKQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUQ3NGkvejZsQmNCdFNwYVJxMWd1THhLTmJ3TUl6ckRYbG9ZYkpvUVE4KwpUNzR6S1NIMWM1WE9tTFU5SjBpcXNFcWxjK3pCZHZKa3g0RmtCaWRvdy9WTEo1U2dOVGJQblRjS2IyTGpBZElvCmpTR215Y3k5RGIrSVEvU1VIVzZxSkNDckY2OXpHSUVMRGQ3czlqcklLYWllK0tVZCtGUEpIMjlDM2k4VVhob24KVDEwNEVhaHZwOHZDWll2WWRwZ0hkSnlwSkw3Z2FuRW5pQTB5T2pwQ2pwWHNMTG9EMUlTQndjRmdKaDJJRVZDZQpVbU5Oa3FTOUxiSEZscGpZa2JqNlE0QmNybnBvdUIwOFo5ZGN6N0lDdkJCQUZ6Z1MwZGVlbVIvYzV1TFkxTGlJCllid1BWSmJobktqZXp5Q3NYUEcyekV1dE9tWVRFY2RMRkxLMEN0LzRMbWM5QWdNQkFBR2pRakJBTUE0R0ExVWQKRHdFQi93UUVBd0lDQkRBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRK1F2QkhkM2RLTXgvMQpjYk03WEo3QnF4eGRPREFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBaEFycSsyQUZQL05SZUxIL2VYbTJUbFJYClp4Y0ZwOUhpRDRHVHJYMHY3cUhGRDhPdUNvZzFUUmpDQ1V6b1NxUkg0Q3JQd3dQckNQTUtQSS8yUzlVakdmWFIKWkVYRlhEZTV5ZCtOUHZGckd4VGZyTytYSVlSdzB5TnNLY0VNZEs0NThMUFVUdXNYRmQ1OWhLc01BVXNmNnNSUApaOXJtdTdVdHlKTXJIekNjdWpVQzh0dXFkdEFreHRzZnBNUC8vVDllRHltSm1uWE82UExxUFBLN05mSjl4aTlFCk54amNlOHpJWkJoN09xcHBYdGxPdkVibGxjQVdMSXNpZkExVFhmSDYyZDBFdmdwWHozYktOVnpGZ0I5dW84c3MKWkVNTWlGU2hsK296Z2N6QWZRSkNiNFFUOEtHOVlzNlgybE5kMjBCMXY4RGZPQVRVZ0tCazdxd2pLc1NzTHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - server: https://34.79.201.234 - name: gke_gitpod-core-dev_europe-west1-b_core-dev -contexts: -- context: - cluster: gke_gitpod-core-dev_europe-west1-b_core-dev - user: gke_gitpod-core-dev_europe-west1-b_core-dev - name: dev -current-context: dev -kind: Config -preferences: {} -users: -- name: gke_gitpod-core-dev_europe-west1-b_core-dev - user: - exec: - apiVersion: client.authentication.k8s.io/v1beta1 - args: - - --use_application_default_credentials - command: gke-gcloud-auth-plugin - installHint: Install gke-gcloud-auth-plugin for use with kubectl by following - https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke - provideClusterInfo: true diff --git a/dev/preview/BUILD.yaml b/dev/preview/BUILD.yaml index c943eb1b926995..2544eedc95abee 100644 --- a/dev/preview/BUILD.yaml +++ b/dev/preview/BUILD.yaml @@ -11,18 +11,20 @@ packages: - [ "sh", "-c", "cat components--all-docker/versions.yaml > /tmp/versions.yaml" ] scripts: + + - name: configure-workspace + description: Configures the workspace so that it has access to development resources (dev, harvester) as well as your preview environment. + script: ./workflow/preview/configure-workspace.sh + - name: build description: Build all packages needed to deploy Gitpod to preview environments script: ./workflow/preview/build.sh - - name: get-credentials - description: Provisions a new preview environment - script: | - KUBECONFIG=$HOME/.kube/config previewctl get-credentials - - name: create-preview description: Provisions a new preview environment script: | + export GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}" + export GOOGLE_BACKEND_CREDENTIALS="${GOOGLE_BACKEND_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}" export TF_VAR_cert_issuer="${TF_VAR_cert_issuer:-zerossl-issuer-gitpod-core-dev}" export TF_VAR_dev_kube_path="${TF_VAR_dev_kube_path:-/home/gitpod/.kube/config}" export TF_VAR_dev_kube_context="${TF_VAR_dev_kube_context:-dev}" @@ -38,6 +40,8 @@ scripts: description: Delete an existing preview environment script: | export DESTROY=true + export GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}" + export GOOGLE_BACKEND_CREDENTIALS="${GOOGLE_BACKEND_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}" export TF_VAR_kubeconfig_path="${TF_VAR_kubeconfig_path:-/home/gitpod/.kube/config}" export TF_VAR_preview_name="${TF_VAR_preview_name:-$(previewctl get-name)}" ./workflow/preview/deploy-harvester.sh diff --git a/dev/preview/workflow/preview/build.sh b/dev/preview/workflow/preview/build.sh index 6a1e20ff90aa0a..7e95adec438964 100755 --- a/dev/preview/workflow/preview/build.sh +++ b/dev/preview/workflow/preview/build.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# shellcheck disable=1091 set -euo pipefail diff --git a/dev/preview/workflow/preview/configure-workspace.sh b/dev/preview/workflow/preview/configure-workspace.sh new file mode 100755 index 00000000000000..d92fa9a2524b86 --- /dev/null +++ b/dev/preview/workflow/preview/configure-workspace.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +# shellcheck disable=1090 + +set -euo pipefail + +SCRIPT_PATH=$(realpath "$(dirname "$0")") + +source "$(realpath "${SCRIPT_PATH}/../lib/common.sh")" + +if [[ -z "${PREVIEW_ENV_DEV_SA_KEY:-}" ]]; then + log_warn "PREVIEW_ENV_DEV_SA_KEY is not set. Skipping workspace setup." + exit 0 +fi + +echo "${PREVIEW_ENV_DEV_SA_KEY}" > "${PREVIEW_ENV_DEV_SA_KEY_PATH}" +gcloud auth activate-service-account --key-file "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + +log_info "Configuring access to kubernetes clusters" +previewctl get-credentials --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" + +log_info "Starting watch-loop to configure access to your preview environment" +previewctl install-context --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" --watch diff --git a/dev/preview/workflow/preview/deploy-gitpod.sh b/dev/preview/workflow/preview/deploy-gitpod.sh index 800697131d9629..b347c7fb9128e1 100755 --- a/dev/preview/workflow/preview/deploy-gitpod.sh +++ b/dev/preview/workflow/preview/deploy-gitpod.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# shellcheck disable=1091 set -euo pipefail diff --git a/dev/preview/workflow/preview/deploy-harvester.sh b/dev/preview/workflow/preview/deploy-harvester.sh index 15ef0c684fc7eb..19b90c3b7a5095 100755 --- a/dev/preview/workflow/preview/deploy-harvester.sh +++ b/dev/preview/workflow/preview/deploy-harvester.sh @@ -1,5 +1,5 @@ #!/bin/bash - +# shellcheck disable=1091 # shellcheck disable=SC2034 set -euo pipefail diff --git a/dev/preview/workflow/preview/deploy-monitoring-satellite.sh b/dev/preview/workflow/preview/deploy-monitoring-satellite.sh index 74757a2faada26..b20367b48ab729 100755 --- a/dev/preview/workflow/preview/deploy-monitoring-satellite.sh +++ b/dev/preview/workflow/preview/deploy-monitoring-satellite.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# shellcheck disable=1091 set -euo pipefail diff --git a/dev/preview/workflow/preview/preview.sh b/dev/preview/workflow/preview/preview.sh index 2911b98ac494f2..4ac1b9eca1acf1 100755 --- a/dev/preview/workflow/preview/preview.sh +++ b/dev/preview/workflow/preview/preview.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash # shellcheck disable=1091 +# shellcheck disable=1090 set -euo pipefail @@ -27,8 +28,7 @@ fi ensure_gcloud_auth -leeway run dev/preview:get-credentials leeway run dev/preview:create-preview leeway run dev/preview:build -previewctl install-context --retry 30 +previewctl install-context --gcp-service-account "${PREVIEW_ENV_DEV_SA_KEY_PATH}" --retry 30 leeway run dev/preview:deploy-gitpod diff --git a/scripts/setup-google-adc.sh b/scripts/setup-google-adc.sh deleted file mode 100755 index 6a878c7b958615..00000000000000 --- a/scripts/setup-google-adc.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash -# #### Instructions to fill the GCP_ADC_FILE env var -# 1. `gcloud auth login ` and authenticate -# 2. `gcloud auth application-default login` and authenticate -# 3. `cat ~/.config/gcloud/application_default_credentials.json` and copy the output -# 4. Go to https://gitpod.io/settings/ and create: -# - name: GCP_ADC_FILE -# - value: paste-the-output -# - repo: gitpod-io/gitpod - -GCLOUD_ADC_PATH="/home/gitpod/.config/gcloud/application_default_credentials.json" - -if [ ! -f "$GCLOUD_ADC_PATH" ]; then - if [ -z "$GCP_ADC_FILE" ]; then - echo "GCP_ADC_FILE not set, doing nothing." - return; - fi - echo "$GCP_ADC_FILE" > "$GCLOUD_ADC_PATH" - #echo "Set GOOGLE_APPLICATION_CREDENTIALS value based on contents from GCP_ADC_FILE" -fi -export GOOGLE_APPLICATION_CREDENTIALS="$GCLOUD_ADC_PATH" -