From ca23dba309a3db049bb3de8679776204f34ecf55 Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Wed, 21 Sep 2022 11:37:45 +0000 Subject: [PATCH 1/3] [installer]: bash script allows dry run and pushes logs to configmap --- install/installer/leeway.Dockerfile | 2 +- install/installer/scripts/kots-install.sh | 252 ++++++++++++---------- 2 files changed, 144 insertions(+), 110 deletions(-) diff --git a/install/installer/leeway.Dockerfile b/install/installer/leeway.Dockerfile index 6471ecdf71ae5b..b52d54050237fb 100644 --- a/install/installer/leeway.Dockerfile +++ b/install/installer/leeway.Dockerfile @@ -4,7 +4,7 @@ FROM alpine:3.16 COPY --from=alpine/helm:3.8.0 /usr/bin/helm /usr/bin/helm -RUN apk add --no-cache curl jq openssh-keygen yq \ +RUN apk add --no-cache bash curl jq openssh-keygen yq \ && curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \ && chmod +x /usr/local/bin/kubectl COPY install-installer--app/installer install-installer--app/provenance-bundle.jsonl /app/ diff --git a/install/installer/scripts/kots-install.sh b/install/installer/scripts/kots-install.sh index adf697dae1b1e0..bdc10112482779 100755 --- a/install/installer/scripts/kots-install.sh +++ b/install/installer/scripts/kots-install.sh @@ -1,33 +1,62 @@ -#!/bin/sh +#!/bin/bash # Copyright (c) 2022 Gitpod GmbH. All rights reserved. # Licensed under the MIT License. See License-MIT.txt in the project root for license information. -set -e +set -eo pipefail -echo "Gitpod: Killing any in-progress installations" +INSTALLER_LOG_FILE=/tmp/gitpod-installer.log +rm -f "${INSTALLER_LOG_FILE}" -kubectl delete jobs.batch -n "${NAMESPACE}" -l component="gitpod-installer,cursor!=${CURSOR}" --force --grace-period 0 || true -kubectl delete pod -n "${NAMESPACE}" -l component="gitpod-installer,cursor!=${CURSOR}" --force --grace-period 0 || true +trap 'catch $?' EXIT -if [ "$(helm status -n "${NAMESPACE}" gitpod -o json | jq '.info.status == "deployed"')" = "false" ]; -then - echo "Gitpod: Deployment in-progress - clearing" +catch() { + echo "Gitpod: Saving log to configmap" - VERSION="$(helm status -n "${NAMESPACE}" gitpod -o json | jq '.version')" - if [ "${VERSION}" -le 1 ]; - then - echo "Gitpod: Uninstall application" - helm uninstall -n "${NAMESPACE}" gitpod --wait || true + # Allow config map to be updated + kubectl create configmap \ + gitpod-installation-status \ + -n "${NAMESPACE}" \ + --from-file="${INSTALLER_LOG_FILE}" \ + -o yaml \ + --dry-run=client \ + | kubectl apply -f - + + # This line is used by KOTS to analyse the validation status + if [ "${1}" = "0" ]; then + echo "Gitpod: status pass" else - echo "Gitpod: Rolling back application" - helm rollback -n "${NAMESPACE}" gitpod --wait || true + echo "Gitpod: status fail" + fi + exit "${1}" +} + +main() { + if [ "${INSTALLER_DRY_RUN}" != "true" ]; then + echo "Gitpod: Killing any in-progress installations" + + kubectl delete jobs.batch -n "${NAMESPACE}" -l component="gitpod-installer,cursor!=${CURSOR}" --force --grace-period 0 || true + kubectl delete pod -n "${NAMESPACE}" -l component="gitpod-installer,cursor!=${CURSOR}" --force --grace-period 0 || true + + if [ "$(helm status -n "${NAMESPACE}" gitpod -o json | jq '.info.status == "deployed"')" = "false" ]; + then + echo "Gitpod: Deployment in-progress - clearing" + + VERSION="$(helm status -n "${NAMESPACE}" gitpod -o json | jq '.version')" + if [ "${VERSION}" -le 1 ]; + then + echo "Gitpod: Uninstall application" + helm uninstall -n "${NAMESPACE}" gitpod --wait || true + else + echo "Gitpod: Rolling back application" + helm rollback -n "${NAMESPACE}" gitpod --wait || true + fi + fi fi -fi -echo "Gitpod: Create a Helm template directory" -rm -Rf "${GITPOD_OBJECTS}" -mkdir -p "${GITPOD_OBJECTS}/templates" -cat <> "${GITPOD_OBJECTS}/Chart.yaml" + echo "Gitpod: Create a Helm template directory" + rm -Rf "${GITPOD_OBJECTS}" + mkdir -p "${GITPOD_OBJECTS}/templates" + cat <> "${GITPOD_OBJECTS}/Chart.yaml" apiVersion: v2 name: gitpod-kots description: Always ready-to-code @@ -35,109 +64,114 @@ version: "1.0.0" appVersion: "$(/app/installer version | yq e '.version' -)" EOF -echo "Gitpod: Generate the base Installer config" -/app/installer config init + echo "Gitpod: Generate the base Installer config" + /app/installer config init -echo "Gitpod: auto-detecting ShiftFS support on host machine" -/app/installer config cluster shiftfs + if [ "${INSTALLER_DRY_RUN}" != "true" ]; then + echo "Gitpod: auto-detecting ShiftFS support on host machine" + /app/installer config cluster shiftfs + fi -echo "Gitpod: auto-detecting containerd settings on host machine" -/app/installer config files containerd + echo "Gitpod: auto-detecting containerd settings on host machine" + /app/installer config files containerd -echo "Gitpod: auto-detecting settings" -/app/installer config build-from-envvars + echo "Gitpod: auto-detecting settings" + /app/installer config build-from-envvars -echo "Gitpod: Validate config" -/app/installer validate config + echo "Gitpod: Validate config" + /app/installer validate config -echo "Gitpod: render Kubernetes manifests" -/app/installer render --use-experimental-config > "${GITPOD_OBJECTS}/templates/gitpod.yaml" + echo "Gitpod: render Kubernetes manifests" + /app/installer render --use-experimental-config > "${GITPOD_OBJECTS}/templates/gitpod.yaml" -if [ "${INSTALLER_DRY_RUN}" = "true" ]; then - echo "Gitpod: dry-run set to true, no installation will be performed" - exit -fi + if [ "${INSTALLER_DRY_RUN}" = "true" ]; then + echo "Gitpod: dry-run set to true, no installation will be performed" + return 0 + fi -# Combine the pull secrets -echo "${LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON}" > /tmp/kotsregistry.json -if [ "${REG_INCLUSTER_ENABLED}" = "1" ]; then - echo "Gitpod: Add the local registry secret to the in-cluster registry secret" + # Combine the pull secrets + echo "${LOCAL_REGISTRY_IMAGE_PULL_DOCKER_CONFIG_JSON}" > /tmp/kotsregistry.json + if [ "${REG_INCLUSTER_ENABLED}" = "1" ]; then + echo "Gitpod: Add the local registry secret to the in-cluster registry secret" - # Get the in-cluster registry secret - yq eval-all '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson")' \ - "${GITPOD_OBJECTS}/templates/gitpod.yaml" \ - | base64 -d \ - > /tmp/gitpodregistry.json + # Get the in-cluster registry secret + yq eval-all '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson")' \ + "${GITPOD_OBJECTS}/templates/gitpod.yaml" \ + | base64 -d \ + > /tmp/gitpodregistry.json - REGISTRY_SECRET="$(cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - | base64 -w 0)" - export REGISTRY_SECRET + REGISTRY_SECRET="$(cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - | base64 -w 0)" + export REGISTRY_SECRET - echo "Gitpod: update the in-cluster registry secret" - yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \ - "${GITPOD_OBJECTS}/templates/gitpod.yaml" -else - echo "Gitpod: configuring external container registry" + echo "Gitpod: update the in-cluster registry secret" + yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == "builtin-registry-auth") | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \ + "${GITPOD_OBJECTS}/templates/gitpod.yaml" + else + echo "Gitpod: configuring external container registry" - # Get the external-container-registry secret so we can merge the external registry and KOTS registry keys - echo "${EXTERNAL_DOCKER_CONFIG_JSON}" > /tmp/gitpodregistry.json + # Get the external-container-registry secret so we can merge the external registry and KOTS registry keys + echo "${EXTERNAL_DOCKER_CONFIG_JSON}" > /tmp/gitpodregistry.json - cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret + cat /tmp/kotsregistry.json /tmp/gitpodregistry.json | jq -s '.[0] * .[1]' - - > /tmp/container-registry-secret - echo "Gitpod: append the container-registry secret" - echo "---" >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" - kubectl create secret docker-registry "${REG_EXTERNAL_CERTIFICATE_NAME}" \ - --namespace "${NAMESPACE}" \ - --from-file=.dockerconfigjson=/tmp/container-registry-secret \ - -o yaml --dry-run=client >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" -fi + echo "Gitpod: append the container-registry secret" + echo "---" >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" + kubectl create secret docker-registry "${REG_EXTERNAL_CERTIFICATE_NAME}" \ + --namespace "${NAMESPACE}" \ + --from-file=.dockerconfigjson=/tmp/container-registry-secret \ + -o yaml --dry-run=client >> "${GITPOD_OBJECTS}/templates/gitpod.yaml" + fi -if [ "${REG_DOCKER_CONFIG_ENABLED}" = "1" ]; -then - # Work out the registry secret to use - if [ "${REG_INCLUSTER_ENABLED}" = "0" ]; + if [ "${REG_DOCKER_CONFIG_ENABLED}" = "1" ]; then - export REGISTRY_SECRET_NAME="${REG_EXTERNAL_CERTIFICATE_NAME}" - else - export REGISTRY_SECRET_NAME="builtin-registry-auth" + # Work out the registry secret to use + if [ "${REG_INCLUSTER_ENABLED}" = "0" ]; + then + export REGISTRY_SECRET_NAME="${REG_EXTERNAL_CERTIFICATE_NAME}" + else + export REGISTRY_SECRET_NAME="builtin-registry-auth" + fi + + echo "Gitpod: Add given extra docker config JSON file to ${REGISTRY_SECRET_NAME}" + yq eval-all '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson")' \ + "${GITPOD_OBJECTS}/templates/gitpod.yaml" \ + | base64 -d \ + > /tmp/currentconfig.json + + echo "Gitpod: update the in-cluster registry secret" + REGISTRY_SECRET="$(jq -s '.[0] * .[1]' /tmp/userconfig.json /tmp/currentconfig.json | base64 -w 0)" + export REGISTRY_SECRET + yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \ + "${GITPOD_OBJECTS}/templates/gitpod.yaml" + fi + + echo "Gitpod: Escape any Golang template values" + # shellcheck disable=SC2016 + sed -i -r 's/(.*\{\{.*)/{{`\1`}}/' "${GITPOD_OBJECTS}/templates/gitpod.yaml" + + # If certificate secret already exists, set the timeout to 5m + CERT_SECRET=$(kubectl get secrets -n "${NAMESPACE}" https-certificates -o jsonpath='{.metadata.name}' || echo '') + HELM_TIMEOUT="5m" + if [ "${CERT_SECRET}" = "" ]; then + HELM_TIMEOUT="1h" fi - echo "Gitpod: Add given extra docker config JSON file to ${REGISTRY_SECRET_NAME}" - yq eval-all '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson")' \ - "${GITPOD_OBJECTS}/templates/gitpod.yaml" \ - | base64 -d \ - > /tmp/currentconfig.json - - echo "Gitpod: update the in-cluster registry secret" - REGISTRY_SECRET="$(jq -s '.[0] * .[1]' /tmp/userconfig.json /tmp/currentconfig.json | base64 -w 0)" - export REGISTRY_SECRET - yq eval-all --inplace '(select(.kind == "Secret" and .metadata.name == env(REGISTRY_SECRET_NAME)) | .data.".dockerconfigjson") |= env(REGISTRY_SECRET)' \ - "${GITPOD_OBJECTS}/templates/gitpod.yaml" -fi - -echo "Gitpod: Escape any Golang template values" -# shellcheck disable=SC2016 -sed -i -r 's/(.*\{\{.*)/{{`\1`}}/' "${GITPOD_OBJECTS}/templates/gitpod.yaml" - -# If certificate secret already exists, set the timeout to 5m -CERT_SECRET=$(kubectl get secrets -n "${NAMESPACE}" https-certificates -o jsonpath='{.metadata.name}' || echo '') -HELM_TIMEOUT="5m" -if [ "${CERT_SECRET}" = "" ]; then - HELM_TIMEOUT="1h" -fi - -# The long timeout is to ensure the TLS cert is created (if required) -echo "Gitpod: Apply the Kubernetes objects with timeout of ${HELM_TIMEOUT}" -helm upgrade \ - --atomic \ - --cleanup-on-fail \ - --create-namespace \ - --install \ - --namespace="${NAMESPACE}" \ - --reset-values \ - --timeout "${HELM_TIMEOUT}" \ - --wait \ - gitpod \ - "${GITPOD_OBJECTS}" - -echo "Gitpod: Restarting installation status job" -kubectl delete pod -n "${NAMESPACE}" -l component=gitpod-installer-status || true + # The long timeout is to ensure the TLS cert is created (if required) + echo "Gitpod: Apply the Kubernetes objects with timeout of ${HELM_TIMEOUT}" + helm upgrade \ + --atomic \ + --cleanup-on-fail \ + --create-namespace \ + --install \ + --namespace="${NAMESPACE}" \ + --reset-values \ + --timeout "${HELM_TIMEOUT}" \ + --wait \ + gitpod \ + "${GITPOD_OBJECTS}" + + echo "Gitpod: Restarting installation status job" + kubectl delete pod -n "${NAMESPACE}" -l component=gitpod-installer-status || true +} + +main 2>&1 | tee -a "${INSTALLER_LOG_FILE}" From 5764639fc98acdba54e74d7bb287fcd32f2f5daa Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Wed, 21 Sep 2022 17:38:46 +0000 Subject: [PATCH 2/3] [kots]: remove the service account from manifests and use RBAC --- .../manifests/gitpod-clusterrolebinding.yaml | 18 ------------------ .../manifests/gitpod-installation-status.yaml | 2 +- .../kots/manifests/gitpod-installer-job.yaml | 2 +- .../kots/manifests/gitpod-serviceaccount.yaml | 10 ---------- install/kots/manifests/kots-app.yaml | 1 + 5 files changed, 3 insertions(+), 30 deletions(-) delete mode 100644 install/kots/manifests/gitpod-clusterrolebinding.yaml delete mode 100644 install/kots/manifests/gitpod-serviceaccount.yaml diff --git a/install/kots/manifests/gitpod-clusterrolebinding.yaml b/install/kots/manifests/gitpod-clusterrolebinding.yaml deleted file mode 100644 index 55bf7715e16222..00000000000000 --- a/install/kots/manifests/gitpod-clusterrolebinding.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) 2022 Gitpod GmbH. All rights reserved. -# Licensed under the MIT License. See License-MIT.txt in the project root for license information. - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: installer - labels: - app: gitpod - component: gitpod-installer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: installer - namespace: '{{repl Namespace }}' diff --git a/install/kots/manifests/gitpod-installation-status.yaml b/install/kots/manifests/gitpod-installation-status.yaml index afc82ff7210ddd..81ce1cfcdd7aa4 100644 --- a/install/kots/manifests/gitpod-installation-status.yaml +++ b/install/kots/manifests/gitpod-installation-status.yaml @@ -26,7 +26,7 @@ spec: component: gitpod-installer-status spec: restartPolicy: Always - serviceAccountName: installer + serviceAccountName: kotsadm containers: - name: installation-status # This will normally be the release tag diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index bcb2febbc651b5..386db3ada5f387 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -34,7 +34,7 @@ spec: - matchExpressions: - key: gitpod.io/workload_workspace_headless operator: Exists - serviceAccountName: installer + serviceAccountName: kotsadm restartPolicy: OnFailure containers: - name: installer diff --git a/install/kots/manifests/gitpod-serviceaccount.yaml b/install/kots/manifests/gitpod-serviceaccount.yaml deleted file mode 100644 index afabcfea5f467b..00000000000000 --- a/install/kots/manifests/gitpod-serviceaccount.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Copyright (c) 2022 Gitpod GmbH. All rights reserved. -# Licensed under the MIT License. See License-MIT.txt in the project root for license information. - -apiVersion: v1 -kind: ServiceAccount -metadata: - name: installer - labels: - app: gitpod - component: gitpod-installer diff --git a/install/kots/manifests/kots-app.yaml b/install/kots/manifests/kots-app.yaml index e75917843321cd..1b6955f40d8a25 100644 --- a/install/kots/manifests/kots-app.yaml +++ b/install/kots/manifests/kots-app.yaml @@ -10,6 +10,7 @@ spec: icon: "" allowRollback: true kubectlVersion: ">= 1.21.0" + requireMinimalRBACPrivileges: true # daemonsets are not supported yet statusInformers: - deployment/blobserve From ac0e0d7d1eb9a6085047e5912558525936d5d56a Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Wed, 21 Sep 2022 12:55:13 +0000 Subject: [PATCH 3/3] [kots]: add preflight check to validate the generated Gitpod config --- .werft/jobs/build/build-and-publish.ts | 4 +-- install/kots/Makefile | 27 ++++++++++++++++++- .../manifests/gitpod-installation-status.yaml | 2 +- .../kots/manifests/gitpod-installer-job.yaml | 2 +- install/kots/manifests/kots-preflight.yaml | 23 ++++++++++++++++ 5 files changed, 53 insertions(+), 5 deletions(-) diff --git a/.werft/jobs/build/build-and-publish.ts b/.werft/jobs/build/build-and-publish.ts index 88c253ec80ba01..143bbf584c1099 100644 --- a/.werft/jobs/build/build-and-publish.ts +++ b/.werft/jobs/build/build-and-publish.ts @@ -154,8 +154,8 @@ function publishKots(werft: Werft, jobConfig: JobConfig) { { slice: phases.PUBLISH_KOTS }, ); - // Generate the logo and pull any Helm charts - exec(`make logo helm -C ${REPLICATED_DIR}`, { slice: phases.PUBLISH_KOTS }); + // Generate the preflights, logo and pull any Helm charts + exec(`make generate_preflight_checks logo helm -C ${REPLICATED_DIR}`, { slice: phases.PUBLISH_KOTS }); // Update the additionalImages in the kots-app.yaml exec(`/tmp/installer mirror kots --file ${REPLICATED_YAML_DIR}/kots-app.yaml`, { slice: phases.PUBLISH_KOTS }); diff --git a/install/kots/Makefile b/install/kots/Makefile index 58af8bc69b080d..25362ab158972a 100644 --- a/install/kots/Makefile +++ b/install/kots/Makefile @@ -4,7 +4,7 @@ CHANNEL_UNSTABLE = Unstable CHARTS_DIR = charts YAML_DIR = manifests -all: logo helm lint create_dev_release +all: generate_preflight_checks logo helm lint create_dev_release create_dev_release: @if [ "${REPLICATED_DEV_CHANNEL}" = "" ]; then \ @@ -24,6 +24,31 @@ create_unstable_release: replicated release create --lint --ensure-channel --yaml-dir ${YAML_DIR} --promote ${CHANNEL_UNSTABLE} .PHONY: create_unstable_release +generate_preflight_checks: + @echo "Generating installation config validation preflight check" + +# Extract the installer job + @yq r manifests/gitpod-installer-job.yaml spec.template.spec > /tmp/installer-job.yaml +# Remove the envFrom block + @yq d -i /tmp/installer-job.yaml containers[0].envFrom + +# Extract the envFrom block as envvars and convert to "env" format + @yq r -j manifests/gitpod-kots-config.yaml data > /tmp/installer-envvars.json + + @for row in $$(cat /tmp/installer-envvars.json | jq -r 'to_entries | .[] | @base64'); do \ + yq w -i /tmp/installer-job.yaml containers[0].env[+].name "$$(echo $${row} | base64 -d | jq -r '.key')"; \ + yq w -i /tmp/installer-job.yaml containers[0].env[-1].value "$$(echo $${row} | base64 -d | jq -r '.value')"; \ + done + +# Set as dry run + @yq w -i /tmp/installer-job.yaml containers[0].env[+].name "INSTALLER_DRY_RUN" + @yq w --tag=!!str -i /tmp/installer-job.yaml containers[0].env[-1].value "true" + +# Merge the envvars into the installer job + @yq p -i /tmp/installer-job.yaml spec.collectors[0].runPod.podSpec + @yq m -i manifests/kots-preflight.yaml /tmp/installer-job.yaml +.PHONY: generate_preflight_checks + helm: @echo "Installing Helm dependencies" @rm -f ${YAML_DIR}/*.tgz diff --git a/install/kots/manifests/gitpod-installation-status.yaml b/install/kots/manifests/gitpod-installation-status.yaml index 81ce1cfcdd7aa4..2e85e86e26f747 100644 --- a/install/kots/manifests/gitpod-installation-status.yaml +++ b/install/kots/manifests/gitpod-installation-status.yaml @@ -30,7 +30,7 @@ spec: containers: - name: installation-status # This will normally be the release tag - image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-refactoring.6" + image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-config-validate.7" envFrom: - configMapRef: name: gitpod-kots-config diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index 386db3ada5f387..9b7c6e4131c997 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -39,7 +39,7 @@ spec: containers: - name: installer # This will normally be the release tag - image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-refactoring.6" + image: "eu.gcr.io/gitpod-core-dev/build/installer:sje-kots-config-validate.7" volumeMounts: - mountPath: /mnt/node0 name: node-fs0 diff --git a/install/kots/manifests/kots-preflight.yaml b/install/kots/manifests/kots-preflight.yaml index d6e78afbf786b6..8b18879bc83893 100644 --- a/install/kots/manifests/kots-preflight.yaml +++ b/install/kots/manifests/kots-preflight.yaml @@ -7,6 +7,12 @@ metadata: name: gitpod spec: collectors: + # This will be overridden by the generate_preflight_checks in the Makefile - this must remain at position 0 + - runPod: + name: validate-config + namespace: '{{repl Namespace }}' + podSpec: + containers: [] - run: collectorName: database image: eu.gcr.io/gitpod-core-dev/build/kots-config-check/database:sje-kots-config-check.9 @@ -99,6 +105,23 @@ spec: echo "connection: ${CONNECTION}" analyzers: + - textAnalyze: + checkName: Gitpod configuration + fileName: validate-config/validate-config.log + regexGroups: 'Gitpod: status (?P\w+)' + outcomes: + - fail: + when: "Status == fail" + message: | + Your generated Gitpod config failed validation. Run + `kubectl get configmaps -n {{repl Namespace }} gitpod-installation-status -o jsonpath="{.data.gitpod-installer\.log}"` + to view the output. + - pass: + when: "Status == pass" + message: | + Your generated Gitpod config is valid. Run + `kubectl get configmaps -n {{repl Namespace }} gitpod-installation-status -o jsonpath="{.data.gitpod-installer\.log}"` + to view the output. - clusterVersion: outcomes: - fail: