1
// Copyright (c) 2023 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package spicedb
6

7
import (
8
	"fmt"
9
	"net"
10
	"strconv"
11

12
	"github.com/gitpod-io/gitpod/installer/pkg/common"
13
	"github.com/gitpod-io/gitpod/installer/pkg/config/v1/experimental"
14
	corev1 "k8s.io/api/core/v1"
15
	"k8s.io/apimachinery/pkg/runtime"
16
)
17

18
func Objects(ctx *common.RenderContext) ([]runtime.Object, error) {
19

20
	spiceDBConfig := getExperimentalSpiceDBConfig(ctx)
21
	if spiceDBConfig == nil {
22
		return nil, nil
23
	}
24

25
	return common.CompositeRenderFunc(
26
		deployment,
27
		service,
28
		common.DefaultServiceAccount(Component),
29
		migrations,
30
		networkpolicy,
31
		bootstrap,
32
		role,
33
		rolebinding,
34
	)(ctx)
35
}
36

37
func getExperimentalSpiceDBConfig(ctx *common.RenderContext) *experimental.SpiceDBConfig {
38
	webappCfg := common.ExperimentalWebappConfig(ctx)
39

40
	if webappCfg == nil || webappCfg.SpiceDB == nil {
41
		return nil
42
	}
43

44
	return webappCfg.SpiceDB
45
}
46

47
func Env(ctx *common.RenderContext) []corev1.EnvVar {
48
	cfg := getExperimentalSpiceDBConfig(ctx)
49
	if cfg == nil {
50
		return nil
51
	}
52

53
	return []corev1.EnvVar{
54
		{
55
			Name:  "SPICEDB_ADDRESS",
56
			Value: net.JoinHostPort(fmt.Sprintf("%s.%s.svc.cluster.local", Component, ctx.Namespace), strconv.Itoa(ContainerGRPCPort)),
57
		},
58
		{
59
			Name: "SPICEDB_PRESHARED_KEY",
60
			ValueFrom: &corev1.EnvVarSource{
61
				SecretKeyRef: &corev1.SecretKeySelector{
62
					LocalObjectReference: corev1.LocalObjectReference{
63
						Name: cfg.SecretRef,
64
					},
65
					Key: SecretPresharedKeyName,
66
				},
67
			},
68
		},
69
	}
70
}
71

72