[kots]: add preflight check to validate the generated Gitpod config

Simon Emms · Simon Emms · commit d2dc67dddf33 · 2022-09-21T19:10:28.000Z
diff --git a/.werft/jobs/build/build-and-publish.ts b/.werft/jobs/build/build-and-publish.ts
@@ -154,8 +154,8 @@ function publishKots(werft: Werft, jobConfig: JobConfig) {
         { slice: phases.PUBLISH_KOTS },
     );
 
-    // Generate the logo and pull any Helm charts
-    exec(`make logo helm -C ${REPLICATED_DIR}`, { slice: phases.PUBLISH_KOTS });
+    // Generate the preflights, logo and pull any Helm charts
+    exec(`make generate_preflight_checks logo helm -C ${REPLICATED_DIR}`, { slice: phases.PUBLISH_KOTS });
 
     // Update the additionalImages in the kots-app.yaml
     exec(`/tmp/installer mirror kots --file ${REPLICATED_YAML_DIR}/kots-app.yaml`, { slice: phases.PUBLISH_KOTS });
diff --git a/install/kots/Makefile b/install/kots/Makefile
@@ -4,7 +4,7 @@ CHANNEL_UNSTABLE = Unstable
 CHARTS_DIR = charts
 YAML_DIR = manifests
 
-all: logo helm lint create_dev_release
+all: generate_preflight_checks logo helm lint create_dev_release
 
 create_dev_release:
 	@if [ "${REPLICATED_DEV_CHANNEL}" = "" ]; then \
@@ -24,6 +24,31 @@ create_unstable_release:
 	replicated release create --lint --ensure-channel --yaml-dir ${YAML_DIR} --promote ${CHANNEL_UNSTABLE}
 .PHONY: create_unstable_release
 
+generate_preflight_checks:
+	@echo "Generating installation config validation preflight check"
+
+# Extract the installer job
+	@yq r manifests/gitpod-installer-job.yaml spec.template.spec > /tmp/installer-job.yaml
+# Remove the envFrom block
+	@yq d -i /tmp/installer-job.yaml containers[0].envFrom
+
+# Extract the envFrom block as envvars and convert to "env" format
+	@yq r -j manifests/gitpod-kots-config.yaml data > /tmp/installer-envvars.json
+
+	@for row in $$(cat /tmp/installer-envvars.json | jq -r 'to_entries | .[] | @base64'); do \
+		yq w -i /tmp/installer-job.yaml containers[0].env[+].name "$$(echo $${row} | base64 -d | jq -r '.key')"; \
+		yq w -i /tmp/installer-job.yaml containers[0].env[-1].value "$$(echo $${row} | base64 -d | jq -r '.value')"; \
+	done
+
+# Set as dry run
+	@yq w -i /tmp/installer-job.yaml containers[0].env[+].name "INSTALLER_DRY_RUN"
+	@yq w --tag=!!str -i /tmp/installer-job.yaml containers[0].env[-1].value "true"
+
+# Merge the envvars into the installer job
+	@yq p -i /tmp/installer-job.yaml spec.collectors[0].runPod.podSpec
+	@yq m -i manifests/kots-preflight.yaml /tmp/installer-job.yaml
+.PHONY: generate_preflight_checks
+
 helm:
 	@echo "Installing Helm dependencies"
 	@rm -f ${YAML_DIR}/*.tgz
diff --git a/install/kots/manifests/gitpod-installation-status.yaml b/install/kots/manifests/gitpod-installation-status.yaml
@@ -30,7 +30,7 @@ spec:
       containers:
         - name: installation-status
           # This will normally be the release tag
-          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-refactoring.6"
+          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-config-validate.7"
           envFrom:
             - configMapRef:
                 name: gitpod-kots-config
diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml
@@ -39,7 +39,7 @@ spec:
       containers:
         - name: installer
           # This will normally be the release tag
-          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-refactoring.6"
+          image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-config-validate.7"
           volumeMounts:
             - mountPath: /mnt/node0
               name: node-fs0
diff --git a/install/kots/manifests/kots-preflight.yaml b/install/kots/manifests/kots-preflight.yaml
@@ -7,6 +7,12 @@ metadata:
   name: gitpod
 spec:
   collectors:
+    # This will be overridden by the generate_preflight_checks in the Makefile - this must remain at position 0
+    - runPod:
+        name: validate-config
+        namespace: '{{repl Namespace }}'
+        podSpec:
+          containers: []
     - run:
         collectorName: database
         image: eu.gcr.io/gitpod-core-dev/build/kots-config-check/database:sje-kots-config-check.9
@@ -99,6 +105,23 @@ spec:
 
             echo "connection: ${CONNECTION}"
   analyzers:
+    - textAnalyze:
+        checkName: Gitpod configuration
+        fileName: validate-config/validate-config.log
+        regexGroups: 'Gitpod: status (?P<Status>\w+)'
+        outcomes:
+          - fail:
+              when: "Status == fail"
+              message: |
+                Your generated Gitpod config failed validation. Run
+                `kubectl get configmaps -n {{repl Namespace }} gitpod-installation-status -o jsonpath="{.data.gitpod-installer\.log}"`
+                to view the output.
+          - pass:
+              when: "Status == pass"
+              message: |
+                Your generated Gitpod config is valid. Run
+                `kubectl get configmaps -n {{repl Namespace }} gitpod-installation-status -o jsonpath="{.data.gitpod-installer\.log}"`
+                to view the output.
     - clusterVersion:
         outcomes:
           - fail:
