CoCalc -- entrypoint.sh

GitHub Repository: gitpod-io/gitpod
Path: blob/main/install/preview/entrypoint.sh
²⁴⁹² views
1
#!/bin/sh
2
# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
3
# Licensed under the GNU Affero General Public License (AGPL).
4
# See License.AGPL.txt in the project root for license information.
5

6
set -e
7

8
touch logs.txt
9

10
# Set Domain to `preview.gitpod-self-hosted.com` if not set
11
if [ -z "${DOMAIN}" ]; then
12
  export DOMAIN="preview.gitpod-self-hosted.com"
13
fi
14

15
# Create a USER_ID to be used everywhere
16
USER_ID="$(od -x /dev/urandom | head -1 | awk '{OFS="-"; print $2$3,$4,$5,$6,$7$8$9}')"
17
export USER_ID
18

19
if [ "$1" != "logging" ]; then
20
  $0 logging > logs.txt 2>&1 &
21
  /prettylog
22
  exit
23
fi
24

25
# check for minimum requirements
26
REQUIRED_MEM_KB=$((6 * 1024 * 1024))
27
total_mem_kb=$(awk '/MemTotal:/ {print $2}' /proc/meminfo)
28
if [ "${total_mem_kb}" -lt "${REQUIRED_MEM_KB}" ]; then
29
    echo "Gitpod local preview requires a system with at least 6GB of memory"
30
    exit 1
31
fi
32

33
REQUIRED_CORES=4
34
total_cores=$(nproc)
35
if [ "${total_cores}" -lt "${REQUIRED_CORES}" ]; then
36
    echo "Gitpod local preview requires a system with at least 4 CPU Cores"
37
    exit 1
38
fi
39

40
echo "Gitpod Domain: $DOMAIN"
41

42
# With cgroupv2, We need to move the k3s processes into the
43
# init group when we override the entrypoint in the container
44
if [ -f /sys/fs/cgroup/cgroup.controllers ]; then
45
  mkdir -p /sys/fs/cgroup/init
46
  busybox xargs -rn1 < /sys/fs/cgroup/cgroup.procs > /sys/fs/cgroup/init/cgroup.procs || :
47
  sed -e 's/ / +/g' -e 's/^/+/' <"/sys/fs/cgroup/cgroup.controllers" >"/sys/fs/cgroup/cgroup.subtree_control"
48
fi
49

50

51
mount --make-shared /sys/fs/cgroup
52
mount --make-shared /proc
53
mount --make-shared /var/gitpod
54

55
# install in local store
56
mkcert -install
57
cat "${HOME}"/.local/share/mkcert/rootCA.pem >> /etc/ssl/certs/ca-certificates.crt
58
# also send root cert into a volume
59
cat "${HOME}"/.local/share/mkcert/rootCA.pem > /var/gitpod/gitpod-ca.crt
60

61
FN_CACERT="./ca.pem"
62
FN_SSLCERT="./ssl.crt"
63
FN_SSLKEY="./ssl.key"
64

65
cat "${HOME}"/.local/share/mkcert/rootCA.pem > "$FN_CACERT"
66
mkcert -cert-file "$FN_SSLCERT" \
67
  -key-file "$FN_SSLKEY" \
68
  "*.ws.${DOMAIN}" "*.${DOMAIN}" "${DOMAIN}" "reg.${DOMAIN}" "registry.default.svc.cluster.local" "gitpod.default" "ws-manager.default.svc" "ws-manager" "ws-manager-dev" "registry-facade" "server" "ws-manager-bridge" "ws-proxy" "ws-manager" "ws-daemon.default.svc" "ws-daemon" "wsdaemon"
69

70
CACERT=$(base64 -w0 < "$FN_CACERT")
71
SSLCERT=$(base64 -w0 < "$FN_SSLCERT")
72
SSLKEY=$(base64 -w0 < "$FN_SSLKEY")
73

74
mkdir -p /var/lib/rancher/k3s/server/manifests/gitpod
75

76
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/customCA-cert.yaml
77
---
78
apiVersion: v1
79
kind: Secret
80
metadata:
81
  name: ca-key-pair
82
  labels:
83
    app: gitpod
84
data:
85
  ca.crt: $CACERT
86
EOF
87

88
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/https-cert.yaml
89
---
90
apiVersion: v1
91
kind: Secret
92
metadata:
93
  name: https-certificates
94
  labels:
95
    app: gitpod
96
type: kubernetes.io/tls
97
data:
98
  tls.crt: $SSLCERT
99
  tls.key: $SSLKEY
100
EOF
101

102
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/builtin-registry-certs.yaml
103
---
104
apiVersion: v1
105
kind: Secret
106
metadata:
107
  name: builtin-registry-certs
108
  labels:
109
    app: gitpod
110
type: kubernetes.io/tls
111
data:
112
  ca.crt: $CACERT
113
  tls.crt: $SSLCERT
114
  tls.key: $SSLKEY
115
EOF
116

117
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/ws-manager-tls.yaml
118
---
119
apiVersion: v1
120
kind: Secret
121
metadata:
122
  name: ws-manager-tls
123
  labels:
124
    app: gitpod
125
type: kubernetes.io/tls
126
data:
127
  ca.crt: $CACERT
128
  tls.crt: $SSLCERT
129
  tls.key: $SSLKEY
130
EOF
131

132
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/ws-manager-client-tls.yaml
133
---
134
apiVersion: v1
135
kind: Secret
136
metadata:
137
  name: ws-manager-client-tls
138
  labels:
139
    app: gitpod
140
type: kubernetes.io/tls
141
data:
142
  ca.crt: $CACERT
143
  tls.crt: $SSLCERT
144
  tls.key: $SSLKEY
145
EOF
146

147
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/ws-daemon-tls.yaml
148
---
149
apiVersion: v1
150
kind: Secret
151
metadata:
152
  name: ws-daemon-tls
153
  labels:
154
    app: gitpod
155
type: kubernetes.io/tls
156
data:
157
  ca.crt: $CACERT
158
  tls.crt: $SSLCERT
159
  tls.key: $SSLKEY
160
EOF
161

162
cat << EOF > /var/lib/rancher/k3s/server/manifests/gitpod/builtin-registry-facade-cert.yaml
163
---
164
apiVersion: v1
165
kind: Secret
166
metadata:
167
  name: builtin-registry-facade-cert
168
  labels:
169
    app: gitpod
170
type: kubernetes.io/tls
171
data:
172
  ca.crt: $CACERT
173
  tls.crt: $SSLCERT
174
  tls.key: $SSLKEY
175
EOF
176

177
/gitpod-installer init > config.yaml
178
yq e -i '.domain = "'"${DOMAIN}"'"' config.yaml
179
yq e -i '.certificate.name = "https-certificates"' config.yaml
180
yq e -i '.certificate.kind = "secret"' config.yaml
181
yq e -i '.customCACert.name = "ca-key-pair"' config.yaml
182
yq e -i '.customCACert.kind = "secret"' config.yaml
183
yq e -i '.observability.logLevel = "debug"' config.yaml
184
yq e -i '.workspace.runtime.containerdSocket = "/run/k3s/containerd/containerd.sock"' config.yaml
185
yq e -i '.workspace.runtime.containerdRuntimeDir = "/var/lib/rancher/k3s/agent/containerd/io.containerd.runtime.v2.task/k8s.io/"' config.yaml
186
yq e -i '.workspace.pvc.size = "10Gi"' config.yaml
187
yq e -i '.workspace.resources.requests.memory = "500Mi"' config.yaml
188
yq e -i '.workspace.resources.requests.cpu = "500m"' config.yaml
189
yq e -i '.experimental.telemetry.data.platform = "local-preview"' config.yaml
190

191
echo "extracting images to download ahead..."
192
/gitpod-installer render --use-experimental-config --config config.yaml | grep 'image:' | sed 's/ *//g' | sed 's/image://g' | sed 's/\"//g' | sed 's/^-//g' | sort | uniq > /gitpod-images.txt
193
echo "downloading images..."
194
while read -r image "$(cat /gitpod-images.txt)"; do
195
   # shellcheck disable=SC2154
196
   ctr images pull "$image" >/dev/null &
197
done
198

199
ctr images pull "docker.io/gitpod/workspace-full:latest" >/dev/null &
200

201
echo "images pulled"
202
/gitpod-installer render --use-experimental-config --config config.yaml --output-split-files /var/lib/rancher/k3s/server/manifests/gitpod
203

204
# store files in `gitpod.debug` for debugging purposes
205
for f in /var/lib/rancher/k3s/server/manifests/gitpod/*.yaml; do (cat "$f"; echo) >> /var/lib/rancher/k3s/server/gitpod.debug; done
206
# remove unused resources
207
rm /var/lib/rancher/k3s/server/manifests/gitpod/*NetworkPolicy*
208
rm /var/lib/rancher/k3s/server/manifests/gitpod/*Certificate*
209
rm /var/lib/rancher/k3s/server/manifests/gitpod/*Issuer*
210
# update PersistentVolumeClaim's to use k3s's `local-path` storage class
211
for f in /var/lib/rancher/k3s/server/manifests/gitpod/*PersistentVolumeClaim*.yaml; do yq e -i '.spec.storageClassName="local-path"' "$f"; done
212
# Set `volumeClassTemplate` so that each replica creates its own PVC
213
# update Statefulset's to use k3s's `local-path` storage class
214
for f in /var/lib/rancher/k3s/server/manifests/gitpod/*StatefulSet*.yaml; do yq e -i '.spec.volumeClaimTemplates[0].spec.storageClassName="local-path"' "$f"; done
215

216
# removing init container from ws-daemon (systemd and Ubuntu)
217
yq eval-all -i 'del(.spec.template.spec.initContainers[0])' /var/lib/rancher/k3s/server/manifests/gitpod/*_DaemonSet_ws-daemon.yaml
218

219
# set lower requirements
220
yq eval-all -i '.spec.template.spec.containers[0].resources.requests.memory="250Mi"' /var/lib/rancher/k3s/server/manifests/gitpod/*_DaemonSet_ws-daemon.yaml
221
yq eval-all -i '.spec.template.spec.containers[0].resources.requests.cpu="250m"' /var/lib/rancher/k3s/server/manifests/gitpod/*_DaemonSet_ws-daemon.yaml
222
yq eval-all -i '.spec.template.spec.containers[0].resources.requests.memory="250Mi"' /var/lib/rancher/k3s/server/manifests/gitpod/*_Deployment_minio.yaml
223

224
# set storage requests to be lower
225
for f in /var/lib/rancher/k3s/server/manifests/gitpod/*PersistentVolumeClaim*.yaml; do
226
    yq e -i '.spec.resources.requests.storage="1Gi"' "$f";
227
done
228

229
for f in /var/lib/rancher/k3s/server/manifests/gitpod/*StatefulSet*.yaml; do
230
    yq e -i '.spec.volumeClaimTemplates[0].spec.resources.requests.storage="1Gi"' "$f";
231
done
232

233
touch /var/lib/rancher/k3s/server/manifests/coredns.yaml.skip
234
mv -f /app/manifests/coredns.yaml /var/lib/rancher/k3s/server/manifests/custom-coredns.yaml
235

236
for f in /var/lib/rancher/k3s/server/manifests/gitpod/*.yaml; do (cat "$f"; echo) >> /var/lib/rancher/k3s/server/manifests/gitpod.yaml; done
237
rm -rf /var/lib/rancher/k3s/server/manifests/gitpod
238

239
echo "manifests generated"
240
# waits for gitpod pods to be ready, and manually runs the `gitpod-telemetry` cronjob
241
run_telemetry(){
242
  # wait for the k3s cluster to be ready and Gitpod workloads are added
243
  sleep 100
244
  # indefinitely wait for Gitpod pods to be ready
245
  kubectl wait --timeout=-1s --for=condition=ready pod -l app=gitpod,component!=migrations
246
  echo "Gitpod pods are ready"
247
  # honour DO_NOT_TRACK if set
248
  if [ -n "${DO_NOT_TRACK}" ] && [ "${DO_NOT_TRACK}" -eq 1 ]; then
249
    # suspend the cronjob
250
    kubectl patch cronjobs gitpod-telemetry -p '{"spec" : {"suspend" : true }}'
251
  else
252
    # manually run the cronjob
253
    kubectl create job gitpod-telemetry-init --from=cronjob/gitpod-telemetry
254
  fi
255
}
256

257
run_telemetry 2>&1 &
258

259
/bin/k3s server --disable traefik \
260
  --node-label gitpod.io/workload_meta=true \
261
  --node-label gitpod.io/workload_ide=true \
262
  --node-label gitpod.io/workload_workspace_services=true \
263
  --node-label gitpod.io/workload_services=true \
264
  --node-label gitpod.io/workload_workspace_regular=true \
265
  --node-label gitpod.io/workload_workspace_headless=true
266

267
Product

Resources

Company
