1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package dockerregistry
6

7
import (
8
	"fmt"
9
	"strconv"
10
	"strings"
11

12
	"github.com/gitpod-io/gitpod/installer/pkg/common"
13
	"github.com/gitpod-io/gitpod/installer/pkg/helm"
14
	"github.com/gitpod-io/gitpod/installer/third_party/charts"
15
	"helm.sh/helm/v3/pkg/cli/values"
16
	"k8s.io/utils/pointer"
17
)
18

19
var Helm = common.CompositeHelmFunc(
20
	helm.ImportTemplate(charts.DockerRegistry(), helm.TemplateConfig{}, func(cfg *common.RenderContext) (*common.HelmConfig, error) {
21
		secretHash, err := common.ObjectHash(common.DockerRegistryHash(cfg))
22
		if err != nil {
23
			return nil, err
24
		}
25

26
		repository := cfg.RepoName(common.ThirdPartyContainerRepo(cfg.Config.Repository, common.DockerRegistryURL), "library/registry")
27

28
		registryValues := []string{
29
			helm.KeyValue(fmt.Sprintf("docker-registry.podAnnotations.%s", strings.Replace(common.AnnotationConfigChecksum, ".", "\\.", -1)), secretHash),
30
			helm.KeyValue("docker-registry.fullnameOverride", RegistryName),
31
			helm.KeyValue("docker-registry.service.port", strconv.Itoa(common.ProxyContainerHTTPSPort)),
32
			helm.KeyValue("docker-registry.tlsSecretName", BuiltInRegistryCerts),
33
			helm.KeyValue("docker-registry.image.repository", repository),
34
			helm.KeyValue("docker-registry.serviceAccount.name", Component),
35
		}
36

37
		if len(cfg.Config.ImagePullSecrets) > 0 {
38
			// This chart doesn't add in the "name/value" pair format
39
			for k, v := range cfg.Config.ImagePullSecrets {
40
				registryValues = append(registryValues, helm.KeyValue(fmt.Sprintf("docker-registry.imagePullSecrets[%d].name", k), v.Name))
41
			}
42
		}
43

44
		// Append the custom parameters
45
		registryValues = helm.CustomizeAnnotation(registryValues, "docker-registry.podAnnotations", cfg, Component, common.TypeMetaDeployment)
46
		registryValues = helm.CustomizeLabel(registryValues, "docker-registry.podLabels", cfg, Component, common.TypeMetaDeployment)
47
		registryValues = helm.CustomizeAnnotation(registryValues, "docker-registry.service.annotations", cfg, Component, common.TypeMetaService)
48
		registryValues = helm.CustomizeEnvvar(registryValues, "docker-registry.extraEnvVars", cfg, Component)
49

50
		inCluster := pointer.BoolDeref(cfg.Config.ContainerRegistry.InCluster, false)
51
		s3Storage := cfg.Config.ContainerRegistry.S3Storage
52
		enablePersistence := "true"
53

54
		if inCluster && s3Storage != nil {
55
			enablePersistence = "false"
56
			registryValues = append(registryValues,
57
				helm.KeyValue("docker-registry.s3.region", s3Storage.Region),
58
				helm.KeyValue("docker-registry.s3.bucket", s3Storage.Bucket),
59
				helm.KeyValue("docker-registry.s3.regionEndpoint", s3Storage.Endpoint),
60
				helm.KeyValue("docker-registry.s3.encrypt", "true"),
61
				helm.KeyValue("docker-registry.s3.secure", "true"),
62
				helm.KeyValue("docker-registry.storage", "s3"),
63
				helm.KeyValue("docker-registry.secrets.s3.secretRef", s3Storage.Certificate.Name),
64
				helm.KeyValue("docker-registry.secrets.haSharedSecret", cfg.Values.InternalRegistrySharedSecret),
65
			)
66
		}
67

68
		tolerations, err := helm.WithTolerationWorkspaceComponentNotReadyYaml(cfg)
69
		if err != nil {
70
			return nil, err
71
		}
72
		tolerationsTemplate, err := helm.KeyFileValue("docker-registry.tolerations", tolerations)
73
		if err != nil {
74
			return nil, err
75
		}
76

77
		registryValues = append(registryValues, helm.KeyValue("docker-registry.persistence.enabled", enablePersistence))
78

79
		return &common.HelmConfig{
80
			Enabled: inCluster,
81
			Values: &values.Options{
82
				Values: registryValues,
83
				// This is too complex to be sent as a string
84
				FileValues: []string{
85
					tolerationsTemplate,
86
				},
87
			},
88
		}, nil
89
	}),
90
)
91

92