Path: blob/main/install/installer/pkg/components/public-api-server/configmap.go
2501 views
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.1// Licensed under the GNU Affero General Public License (AGPL).2// See License.AGPL.txt in the project root for license information.34package public_api_server56import (7"fmt"89"github.com/gitpod-io/gitpod/installer/pkg/config/v1/experimental"10"k8s.io/utils/pointer"1112"github.com/gitpod-io/gitpod/common-go/baseserver"13"github.com/gitpod-io/gitpod/components/public-api/go/config"1415"github.com/gitpod-io/gitpod/installer/pkg/common"16"github.com/gitpod-io/gitpod/installer/pkg/components/auth"17"github.com/gitpod-io/gitpod/installer/pkg/components/redis"18"github.com/gitpod-io/gitpod/installer/pkg/components/server"19"github.com/gitpod-io/gitpod/installer/pkg/components/usage"20corev1 "k8s.io/api/core/v1"21metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"22"k8s.io/apimachinery/pkg/runtime"23)2425const (26configJSONFilename = "config.json"27)2829func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {30var stripeSecretPath string31var personalAccessTokenSigningKeyPath string3233publicUrl := fmt.Sprintf("https://services.%s", ctx.Config.Domain)3435_ = ctx.WithExperimental(func(cfg *experimental.Config) error {36_, _, stripeSecretPath, _ = getStripeConfig(cfg)37return nil38})3940_ = ctx.WithExperimental(func(cfg *experimental.Config) error {41_, _, personalAccessTokenSigningKeyPath, _ = getPersonalAccessTokenSigningKey(cfg)42return nil43})4445_ = ctx.WithExperimental(func(cfg *experimental.Config) error {46if cfg.WebApp != nil && cfg.WebApp.PublicURL != "" {47publicUrl = cfg.WebApp.PublicURL48}49return nil50})5152_, _, databaseSecretMountPath := common.DatabaseEnvSecret(ctx.Config)5354_, _, authCfg := auth.GetConfig(ctx)55redisCfg := redis.GetConfiguration(ctx)5657cfg := config.Configuration{58PublicURL: publicUrl,59GitpodServiceURL: common.ClusterURL("ws", server.Component, ctx.Namespace, server.ContainerPort),60StripeWebhookSigningSecretPath: stripeSecretPath,61PersonalAccessTokenSigningKeyPath: personalAccessTokenSigningKeyPath,62BillingServiceAddress: common.ClusterAddress(usage.Component, ctx.Namespace, usage.GRPCServicePort),63SessionServiceAddress: common.ClusterAddress(common.ServerComponent, ctx.Namespace, common.ServerIAMSessionPort),64DatabaseConfigPath: databaseSecretMountPath,65Redis: config.RedisConfiguration{66Address: redisCfg.Address,67},68Auth: config.AuthConfiguration{69PKI: config.AuthPKIConfiguration{70Signing: config.KeyPair{71ID: authCfg.PKI.Signing.ID,72PublicKeyPath: authCfg.PKI.Signing.PublicKeyPath,73PrivateKeyPath: authCfg.PKI.Signing.PrivateKeyPath,74},75},76Session: config.SessionConfig{77LifetimeSeconds: authCfg.Session.LifetimeSeconds,78Issuer: authCfg.Session.Issuer,79Cookie: config.CookieConfig{80Name: authCfg.Session.Cookie.Name,81MaxAge: authCfg.Session.Cookie.MaxAge,82SameSite: authCfg.Session.Cookie.SameSite,83Secure: authCfg.Session.Cookie.Secure,84HTTPOnly: authCfg.Session.Cookie.HTTPOnly,85},86},87},88Server: &baseserver.Configuration{89Services: baseserver.ServicesConfiguration{90GRPC: &baseserver.ServerConfiguration{91Address: fmt.Sprintf("0.0.0.0:%d", GRPCContainerPort),92},93HTTP: &baseserver.ServerConfiguration{94Address: fmt.Sprintf("0.0.0.0:%d", HTTPContainerPort),95},96},97},98}99100fc, err := common.ToJSONString(cfg)101if err != nil {102return nil, fmt.Errorf("failed to marshal config: %w", err)103}104105return []runtime.Object{106&corev1.ConfigMap{107TypeMeta: common.TypeMetaConfigmap,108ObjectMeta: metav1.ObjectMeta{109Name: Component,110Namespace: ctx.Namespace,111Labels: common.CustomizeLabel(ctx, Component, common.TypeMetaConfigmap),112Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaConfigmap),113},114Data: map[string]string{115configJSONFilename: string(fc),116},117},118}, nil119}120121func getStripeConfig(cfg *experimental.Config) (corev1.Volume, corev1.VolumeMount, string, bool) {122var volume corev1.Volume123var mount corev1.VolumeMount124var path string125126if cfg == nil || cfg.WebApp == nil || cfg.WebApp.PublicAPI == nil || cfg.WebApp.PublicAPI.StripeSecretName == "" {127return volume, mount, path, false128}129130stripeSecret := cfg.WebApp.PublicAPI.StripeSecretName131path = stripeSecretMountPath132133volume = corev1.Volume{134Name: "stripe-secret",135VolumeSource: corev1.VolumeSource{136Secret: &corev1.SecretVolumeSource{137SecretName: stripeSecret,138Optional: pointer.Bool(true),139},140},141}142143mount = corev1.VolumeMount{144Name: "stripe-secret",145MountPath: stripeSecretMountPath,146SubPath: "stripe-webhook-secret",147ReadOnly: true,148}149150return volume, mount, path, true151}152153func getPersonalAccessTokenSigningKey(cfg *experimental.Config) (corev1.Volume, corev1.VolumeMount, string, bool) {154var volume corev1.Volume155var mount corev1.VolumeMount156var path string157158if cfg == nil || cfg.WebApp == nil || cfg.WebApp.PublicAPI == nil || cfg.WebApp.PublicAPI.PersonalAccessTokenSigningKeySecretName == "" {159return volume, mount, path, false160}161162personalAccessTokenSecretname := cfg.WebApp.PublicAPI.PersonalAccessTokenSigningKeySecretName163path = personalAccessTokenSigningKeyMountPath164165volume = corev1.Volume{166Name: "personal-access-token-signing-key",167VolumeSource: corev1.VolumeSource{168Secret: &corev1.SecretVolumeSource{169SecretName: personalAccessTokenSecretname,170Optional: pointer.Bool(true),171},172},173}174175mount = corev1.VolumeMount{176Name: "personal-access-token-signing-key",177MountPath: personalAccessTokenSigningKeyMountPath,178SubPath: "personal-access-token-signing-key",179ReadOnly: true,180}181182return volume, mount, path, true183}184185186