use previewctl get-creds

Author: vulkoingim

Diff for: .gitpod.yml

@@ -1,4 +1,4 @@
-image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
 workspaceLocation: gitpod/gitpod-ws.code-workspace
 checkoutLocation: gitpod
 ports:

Diff for: .werft/aks-installer-tests.yaml

@@ -65,7 +65,7 @@ pod:
       secretName: self-hosted-github-oauth
   containers:
   - name: nightly-test
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
     workingDir: /workspace
     imagePullPolicy: Always
     volumeMounts:

Diff for: .werft/build.yaml

@@ -76,7 +76,7 @@ pod:
     - name: MYSQL_TCP_PORT
       value: 23306
   - name: build
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
     workingDir: /workspace
     imagePullPolicy: IfNotPresent
     resources:

Diff for: .werft/cleanup-installer-tests.yaml

@@ -25,7 +25,7 @@ pod:
       secretName: aks-credentials
   containers:
   - name: nightly-test
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
     workingDir: /workspace
     imagePullPolicy: Always
     volumeMounts:

Diff for: .werft/debug.yaml

@@ -54,7 +54,7 @@ pod:
     - name: MYSQL_TCP_PORT
       value: 23306
   - name: build
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
     workingDir: /workspace
     imagePullPolicy: IfNotPresent
     volumeMounts:

Diff for: .werft/eks-installer-tests.yaml

@@ -65,7 +65,7 @@ pod:
       secretName: self-hosted-github-oauth
   containers:
   - name: nightly-test
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
     workingDir: /workspace
     imagePullPolicy: Always
     volumeMounts:

Diff for: .werft/gke-installer-tests.yaml

@@ -65,7 +65,7 @@ pod:
         secretName: self-hosted-github-oauth
   containers:
     - name: nightly-test
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: Always
       volumeMounts:

Diff for: .werft/ide-integration-tests-startup.yaml

@@ -17,7 +17,7 @@ pod:
         secretName: github-token-gitpod-bot
   containers:
     - name: gcloud
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: IfNotPresent
       env:

Diff for: .werft/jobs/build/const.ts

@@ -2,3 +2,4 @@ export const GCLOUD_SERVICE_ACCOUNT_PATH = "/mnt/secrets/gcp-sa/service-account.
 export const CORE_DEV_KUBECONFIG_PATH = "/workspace/gitpod/kubeconfigs/core-dev";
 export const HARVESTER_KUBECONFIG_PATH = "/workspace/gitpod/kubeconfigs/harvester";
 export const PREVIEW_K3S_KUBECONFIG_PATH = "/workspace/gitpod/kubeconfigs/k3s";
+export const GLOBAL_KUBECONFIG_PATH = process.env.HOME + "/.kube/config"

Diff for: .werft/jobs/build/prepare.ts

@@ -1,12 +1,18 @@
 import {exec, execStream} from "../../util/shell";
 import { Werft } from "../../util/werft";
-import { CORE_DEV_KUBECONFIG_PATH, GCLOUD_SERVICE_ACCOUNT_PATH, HARVESTER_KUBECONFIG_PATH } from "./const";
+import {
+    CORE_DEV_KUBECONFIG_PATH,
+    GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
+    HARVESTER_KUBECONFIG_PATH
+} from "./const";
 import { JobConfig } from "./job-config";
 import {certReady} from "../../util/certs";
 import {vmExists} from "../../vm/vm";
 
 const phaseName = "prepare";
 const prepareSlices = {
+    CONFIGURE_K8S: "Configuring k8s access.",
     CONFIGURE_CORE_DEV: "Configuring core-dev access.",
     BOOT_VM: "Booting VM.",
     WAIT_CERTIFICATES: "Waiting for certificates to be ready for the preview.",
@@ -19,6 +25,7 @@ export async function prepare(werft: Werft, config: JobConfig) {
         activateCoreDevServiceAccount();
         configureDocker();
         configureStaticClustersAccess();
+        configureGlobalKubernetesContext();
         werft.done(prepareSlices.CONFIGURE_CORE_DEV);
         if (!config.withPreview)
         {
@@ -53,6 +60,15 @@ function configureDocker() {
     }
 }
 
+function configureGlobalKubernetesContext() {
+    exec(`sleep 1000000000`)
+    const rc = exec(`previewctl get-credentials --gcp-service-account=${GCLOUD_SERVICE_ACCOUNT_PATH} --kube-save-path=${GLOBAL_KUBECONFIG_PATH}`, { slice: prepareSlices.CONFIGURE_K8S }).code;
+
+    if (rc != 0) {
+        throw new Error("Failed to configure global kubernetes context.");
+    }
+}
+
 function configureStaticClustersAccess() {
     const rcCoreDev = exec(
         `KUBECONFIG=${CORE_DEV_KUBECONFIG_PATH} gcloud container clusters get-credentials core-dev --zone europe-west1-b --project gitpod-core-dev`,
@@ -90,8 +106,7 @@ async function createVM(werft: Werft, config: JobConfig) {
     // We pass the GCP credentials explicitly, otherwise for some reason TF doesn't pick them up
     const commonVars = `GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
                         GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                        TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                        TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                        TF_VAR_kubeconfig_path=${GLOBAL_KUBECONFIG_PATH} \
                         TF_VAR_preview_name=${config.previewEnvironment.destname} \
                         TF_VAR_vm_cpu=${cpu} \
                         TF_VAR_vm_memory=${memory}Gi \

Diff for: .werft/k3s-installer-tests.yaml

@@ -65,7 +65,7 @@ pod:
       secretName: self-hosted-github-oauth
   containers:
   - name: nightly-test
-    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+    image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
     workingDir: /workspace
     imagePullPolicy: Always
     volumeMounts:

Diff for: .werft/platform-delete-preview-environment.yaml

@@ -25,7 +25,7 @@ pod:
         secretName: harvester-vm-ssh-keys
   containers:
     - name: build
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: IfNotPresent
       volumeMounts:

Diff for: .werft/platform-delete-preview-environments-cron.yaml

@@ -29,7 +29,7 @@ pod:
         secretName: github-token-gitpod-bot
   containers:
     - name: build
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: IfNotPresent
       volumeMounts:

Diff for: .werft/platform-trigger-artificial-job.yaml

@@ -24,7 +24,7 @@ pod:
         secretName: github-token-gitpod-bot
   containers:
     - name: build
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aledbf-dl.1
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: IfNotPresent
       volumeMounts:

Diff for: .werft/platform-trigger-werft-cleanup.yaml

@@ -22,7 +22,7 @@ pod:
         secretName: gcp-sa-gitpod-dev-deployer
   containers:
     - name: build
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: IfNotPresent
       volumeMounts:

Diff for: .werft/util/certs.ts

@@ -1,5 +1,9 @@
 import {exec, ExecOptions, execStream} from "./shell";
-import {CORE_DEV_KUBECONFIG_PATH, GCLOUD_SERVICE_ACCOUNT_PATH, HARVESTER_KUBECONFIG_PATH} from "../jobs/build/const";
+import {
+    CORE_DEV_KUBECONFIG_PATH,
+    GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
+} from "../jobs/build/const";
 import { Werft } from "./werft";
 import { reportCertificateError } from "../util/slack";
 import {JobConfig} from "../jobs/build/job-config";
@@ -21,8 +25,7 @@ export async function certReady(werft: Werft, config: JobConfig, slice: string):
     // We pass the GCP credentials explicitly, otherwise for some reason TF doesn't pick them up
     const commonVars = `GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
                         GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                        TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                        TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                        TF_VAR_kubeconfig_path=${GLOBAL_KUBECONFIG_PATH} \
                         TF_VAR_preview_name=${config.previewEnvironment.destname} \
                         TF_VAR_vm_cpu=${cpu} \
                         TF_VAR_vm_memory=${memory}Gi \

Diff for: .werft/vm/vm.ts

@@ -1,6 +1,6 @@
 import {
-    CORE_DEV_KUBECONFIG_PATH,
     GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
     HARVESTER_KUBECONFIG_PATH,
     PREVIEW_K3S_KUBECONFIG_PATH
 } from "../jobs/build/const";
@@ -19,8 +19,7 @@ export async function deleteVM(options: { name: string }) {
         await execStream(`DESTROY=true \
                                     GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
                                     GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                                    TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                                    TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                                    TF_VAR_kubeconfig_path=${GLOBAL_KUBECONFIG_PATH} \
                                     TF_VAR_preview_name=${options.name} \
                                     ./dev/preview/workflow/preview/deploy-harvester.sh`,
             {slice: "Deleting VM."})

Diff for: .werft/workspace-run-integration-tests.yaml

@@ -22,7 +22,7 @@ pod:
         secretName: github-token-gitpod-bot
   containers:
     - name: gcloud
-      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:af-dev-update-image.8
+      image: eu.gcr.io/gitpod-core-dev/dev/dev-environment:aa-previewctl-fix-rebuild.2
       workingDir: /workspace
       imagePullPolicy: IfNotPresent
       env:

Diff for: dev/image/Dockerfile

@@ -4,7 +4,7 @@
 
 FROM gitpod/workspace-full:2022-10-15-02-50-27
 
-ENV TRIGGER_REBUILD 22
+ENV TRIGGER_REBUILD 23
 
 USER root
 

Diff for: dev/preview/infrastructure/harvester/provider.tf

@@ -9,7 +9,7 @@ terraform {
   required_providers {
     harvester = {
       source  = "harvester/harvester"
-      version = ">=0.5.1"
+      version = ">=0.5.3"
     }
     k8s = {
       source  = "hashicorp/kubernetes"
@@ -23,18 +23,21 @@ terraform {
 }
 
 provider "harvester" {
-  alias      = "harvester"
-  kubeconfig = var.harvester_kube_path
+  alias       = "harvester"
+  kubeconfig  = var.kubeconfig_path
+  kubecontext = "harvester"
 }
 
 provider "k8s" {
-  alias       = "dev"
-  config_path = var.dev_kube_path
+  alias          = "dev"
+  config_path    = var.kubeconfig_path
+  config_context = var.dev_kube_context
 }
 
 provider "k8s" {
-  alias       = "harvester"
-  config_path = var.harvester_kube_path
+  alias          = "harvester"
+  config_path    = var.kubeconfig_path
+  config_context = var.harvester_kube_context
 }
 
 provider "google" {

Diff for: dev/preview/infrastructure/harvester/variables.tf

@@ -3,14 +3,22 @@ variable "preview_name" {
   description = "The preview environment's name"
 }
 
-variable "harvester_kube_path" {
+variable "kubeconfig_path" {
   type        = string
-  description = "The path to the Harvester Cluster kubeconfig"
+  default     = "/home/gitpod/.kube/config"
+  description = "The path to the kubernetes config"
 }
 
-variable "dev_kube_path" {
+variable "harvester_kube_context" {
   type        = string
-  description = "The path to the Dev Cluster kubeconfig"
+  default     = "harvester"
+  description = "The name of the harvester kube context"
+}
+
+variable "dev_kube_context" {
+  type        = string
+  default     = "dev"
+  description = "The name of the dev kube context"
 }
 
 variable "vm_memory" {
@@ -28,7 +36,6 @@ variable "vm_cpu" {
 variable "vm_storage_class" {
   type        = string
   description = "The storage class for the VM"
-  default     = "longhorn-gitpod-k3s-202209251218-onereplica"
 }
 
 variable "harvester_ingress_ip" {

Diff for: dev/preview/previewctl/cmd/credentials.go

@@ -34,9 +34,6 @@ type getCredentialsOpts struct {
 	gcpClient *gcloud.Config
 	logger    *logrus.Logger
 
-	serviceAccountPath string
-	kubeConfigSavePath string
-
 	getCredentialsMap map[string]func(ctx context.Context) (*api.Config, error)
 	configMap         map[string]*api.Config
 }
@@ -46,18 +43,16 @@ func newGetCredentialsCommand(logger *logrus.Logger) *cobra.Command {
 	var client *gcloud.Config
 	ctx := context.Background()
 	opts := &getCredentialsOpts{
-		logger:             logger,
-		kubeConfigSavePath: kubeConfigSavePath,
-		serviceAccountPath: serviceAccountPath,
-		configMap:          map[string]*api.Config{},
+		logger:    logger,
+		configMap: map[string]*api.Config{},
 	}
 
 	cmd := &cobra.Command{
 		Use: "get-credentials",
 		Long: `previewctl get-credentials retrieves the kubernetes configs for core-dev and harvester clusters,
 merges them with the default config, and outputs them either to stdout or to a file.`,
 		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
-			client, err = gcloud.New(ctx, opts.serviceAccountPath)
+			client, err = gcloud.New(ctx, serviceAccountPath)
 			if err != nil {
 				return err
 			}
@@ -118,7 +113,7 @@ func (o *getCredentialsOpts) mergeContexts() error {
 		return err
 	}
 
-	if o.kubeConfigSavePath != "" {
+	if kubeConfigSavePath != "" {
 		return clientcmd.WriteToFile(*finalConfig, kubeConfigSavePath)
 	}