Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/proxy/configmap.go
2501 views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package proxy

6


7
import (

8
	"bytes"

9
	_ "embed"

10
	"encoding/base64"

11
	"fmt"

12
	"text/template"

13


14
	"github.com/gitpod-io/gitpod/installer/pkg/common"

15
	ideProxyComponent "github.com/gitpod-io/gitpod/installer/pkg/components/ide-proxy"

16
	minioComponent "github.com/gitpod-io/gitpod/installer/pkg/components/minio"

17
	openvsxproxy "github.com/gitpod-io/gitpod/installer/pkg/components/openvsx-proxy"

18


19
	"golang.org/x/crypto/bcrypt"

20
	corev1 "k8s.io/api/core/v1"

21
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

22
	"k8s.io/apimachinery/pkg/runtime"

23
	"k8s.io/utils/pointer"

24
)

25


26
//go:embed templates/configmap/vhost.docker-registry.tpl

27
var vhostDockerRegistry []byte

28


29
//go:embed templates/configmap/vhost.empty.tpl

30
var vhostEmptyTmpl []byte

31


32
//go:embed templates/configmap/vhost.minio.tpl

33
var vhostMinioTmpl []byte

34


35
//go:embed templates/configmap/vhost.open-vsx.tpl

36
var vhostOpenVSXTmpl []byte

37


38
//go:embed templates/configmap/vhost.ide-proxy.tpl

39
var ideProxyTmpl []byte

40


41
type commonTpl struct {

42
	Domain       string

43
	ReverseProxy string

44
}

45


46
type dockerRegistryTpl struct {

47
	Domain       string

48
	ReverseProxy string

49
	Username     string

50
	Password     string

51
}

52


53
type openVSXTpl struct {

54
	Domain  string

55
	RepoURL string

56
}

57


58
func renderTemplate(tpl []byte, values interface{}) (*string, error) {

59
	t, err := template.New("template").Parse(string(tpl))

60
	if err != nil {

61
		return nil, err

62
	}

63


64
	var parsed bytes.Buffer

65
	err = t.Execute(&parsed, values)

66
	if err != nil {

67
		return nil, err

68
	}

69


70
	rendered := parsed.String()

71


72
	return &rendered, nil

73
}

74


75
const kubeDomain = "svc.cluster.local"

76


77
func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {

78
	empty, err := renderTemplate(vhostEmptyTmpl, nil)

79
	if err != nil {

80
		return nil, err

81
	}

82


83
	openVSX, err := renderTemplate(vhostOpenVSXTmpl, openVSXTpl{

84
		Domain:  ctx.Config.Domain,

85
		RepoURL: fmt.Sprintf("openvsx-proxy.%s.%s:%d", ctx.Namespace, kubeDomain, openvsxproxy.ServicePort),

86
	})

87
	if err != nil {

88
		return nil, err

89
	}

90


91
	ideProxy, err := renderTemplate(ideProxyTmpl, commonTpl{

92
		Domain:       ctx.Config.Domain,

93
		ReverseProxy: fmt.Sprintf("ide-proxy.%s.%s:%d", ctx.Namespace, kubeDomain, ideProxyComponent.ServicePort),

94
	})

95
	if err != nil {

96
		return nil, err

97
	}

98


99
	data := map[string]string{

100
		"vhost.empty":     *empty,

101
		"vhost.open-vsx":  *openVSX,

102
		"vhost.ide-proxy": *ideProxy,

103
	}

104


105
	if ctx.Config.ObjectStorage.CloudStorage == nil {

106
		// Don't expose Minio if using cloud storage

107
		minio, err := renderTemplate(vhostMinioTmpl, commonTpl{

108
			Domain:       ctx.Config.Domain,

109
			ReverseProxy: fmt.Sprintf("minio.%s.%s:%d", ctx.Namespace, kubeDomain, minioComponent.ServiceConsolePort),

110
		})

111
		if err != nil {

112
			return nil, err

113
		}

114
		data["vhost.minio"] = *minio

115
	}

116


117
	if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {

118
		username := ctx.Values.InternalRegistryUsername

119
		if username == "" {

120
			return nil, fmt.Errorf("unknown value: internal registry username")

121
		}

122


123
		password := ctx.Values.InternalRegistryPassword

124
		if password == "" {

125
			return nil, fmt.Errorf("unknown value: internal registry password")

126
		}

127


128
		hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)

129
		if err != nil {

130
			return nil, err

131
		}

132


133
		dockerRegistry, err := renderTemplate(vhostDockerRegistry, dockerRegistryTpl{

134
			Domain:       ctx.Config.Domain,

135
			ReverseProxy: fmt.Sprintf("https://%s.%s.%s", common.DockerRegistryName, ctx.Namespace, kubeDomain),

136
			Username:     username,

137
			Password:     base64.StdEncoding.EncodeToString(hashedPassword),

138
		})

139
		if err != nil {

140
			return nil, err

141
		}

142


143
		data["vhost.docker-registry"] = *dockerRegistry

144
	}

145


146
	return []runtime.Object{

147
		&corev1.ConfigMap{

148
			TypeMeta: common.TypeMetaConfigmap,

149
			ObjectMeta: metav1.ObjectMeta{

150
				Name:        fmt.Sprintf("%s-config", Component),

151
				Namespace:   ctx.Namespace,

152
				Labels:      common.CustomizeLabel(ctx, Component, common.TypeMetaConfigmap),

153
				Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaConfigmap),

154
			},

155
			Data: data,

156
		},

157
	}, nil

158
}

159


160