[Werft] - Update build to support Installer

[kylos101]

Description

[Werft] - Update build to support Installer

Related Issue(s)

Fixes #6808

How to test

werft run (runs Installer) or werft run with-helm (runs helm)

werft run with-clean-slate-deployment (will do clean-up, even for helm, and then install with Installer)

werft run with-clean-slate-deployment with-helm (will do clean-up, even for Installer, and then run Helm)

werft run ws-feature-flags=registry-facade (sets flag)

with-observability and with-payment have not been implemented, if needed please use with-helm too.

Meta considerations

Implemented:

1. Analytics
2. License / no-license
3. Feature flags

Not implemented:

1. with-payment integration for chargebees

Release Notes

1. [installer] Add a namespace for the cert-manager self-signing issuer so it can be uninstalled using the configmap.
2. [installer] Set EnableLocalApp to true by default.

Documentation

[kylos101]

@ArthurSens , FYI, here is the draft PR for the Werft job changes.

[kylos101]

/werft run with-helm

[kylos101]

/werft run with-helm

👍 started the job as gitpod-build-kyleb-installer-werft.6

[kylos101]

/status in-progress

[kylos101]

/werft run with-clean-slate-deployment

👍 started the job as gitpod-build-kyleb-installer-werft.55

[kylos101]

/werft run

👍 started the job as gitpod-build-kyleb-installer-werft.63

[kylos101]

/werft run

👍 started the job as gitpod-build-kyleb-installer-werft.64

[kylos101]

/werft run with-helm with-clean-slate-deployment

👍 started the job as gitpod-build-kyleb-installer-werft.65

[codecov]

Codecov Report

Merging #6827 (bc032cd) into main (2631195) will decrease coverage by 1.67%.
The diff coverage is n/a.

@@           Coverage Diff            @@
##            main   #6827      +/-   ##
========================================
- Coverage   7.44%   5.76%   -1.68%     
========================================
  Files         15      13       -2     
  Lines       1330    1162     -168     
========================================
- Hits          99      67      -32     
+ Misses      1228    1094     -134     
+ Partials       3       1       -2     

Flag	Coverage Δ
components-local-app-app-linux-amd64	?
components-local-app-app-linux-arm64	?
components-local-app-app-windows-386	?
components-local-app-app-windows-amd64	?
components-local-app-app-windows-arm64	?
installer-raw-app	5.76% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
components/local-app/pkg/auth/auth.go
components/local-app/pkg/auth/pkce.go

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2631195...bc032cd. Read the comment docs.

[kylos101]

a593de6 also resolves #6851

[iQQBot]

/werft run with-clean-slate-deployment

👍 started the job as gitpod-build-kyleb-installer-werft.87

[kylos101]

@mrsimonemms could I get a code review from you on the Go changes in this PR? They're mostly related to the Installer, and getting workloads to pass the PSP (which I bumped into in core-dev).

[kylos101]

kubectl delete was throwing an error w/o the Issuer being namespaced.

[kylos101]

This shellscript is necessary because the kubectl delete was getting a no resources found in the TypeScript file. In other words, this is a workaround.

[geropl]

Understood. Would be awesome if the installer had such a delete feature itself.

[kylos101]

Hey @geropl what would the use case be for that? I ask because we also have with-clean-slate-deployment=true - which removes either Helm or Installer, and then installs with the Installer if no with-helm was specified. If with-helm=true was specified, it'll clean then install with Helm.

[kylos101]

Or do you mean have the installer connect to the Kubernetes installation, and remove Gitpod itself?

[geropl]

Or do you mean have the installer connect to the Kubernetes installation, and remove Gitpod itself?

Sorry for not being clear: yes. IMO the installer should be able to completly remove everything it added. We already have the gitpod-app Configmap which contains everything required (although only for the last render run).

[kylos101]

Thank you for the approval, @mads-hartmann ! Let's leave the hold applied and wait to hear back from Team Meta.

@gitpod-io/engineering-meta may we ask for a review from you as well? You'll notice there is an "escape hatch", where you can continue to use with-helm, but, the installer will be the default going forward.

[kylos101]

Also, once the meta review is finished, I would like to squash this PR, so let's leave the hold until then. 🙏

[geropl]

@kylos101 Starting to review now 👀

[geropl]

I understand that this is a concession to the interface problem around values.dev.yaml for as long as we have two ways to install on devstaging. I really hope we can get rid of this, soon. :slighty_smiling_face:

[geropl]

After reading in detail, this is less stuff than I feared. It's a bit noisy (not necessarily the bad kind) but most of it is connected to the devstaging setup. 👍

[geropl]

Nice PR @kylos101! Thx for all the explanation :-)

Keeping the hold in case you want to time/announce the merge.

[kylos101]

Hi @mrsimonemms and @iQQBot , I had to do a follow-up commit which removed the L G T M label. May I ask for a follow-up code review so we can add L G T M label back? Also, please leave the hold label on, as I haven't squashed yet.

Please review:

• @iQQBot I rebased from main in 6ceb88e, resolving conflicts from cleanup k3s cluster in core-dev #7136.
• @mrsimonemms I had to address an issue because core-dev / k8s is 1.20, maybe introduced by [installer]: bump rabbitmq chart to remove deprecated kube api #7041, which I handled using post processing in 790907e
  • if you kubectl api-resources | grep disruption, you'll see we're not on the same version as 1.21

And if you approve, then we can add the L G T M label back. Thank you for your help!

[kylos101]

@geropl could I ask you to peek at 1bebdde and 426f82a? I made a couple changes to ensure folks with existing Helm preview environments continue to have a nice experience, and can still opt into using the installer...but only if they specify specify with-clean-slate-deployment=true. Thank you!

[csweichel]

Hey. Awesome to this about to be merged - excellent effort everyone!

This is a lot of commits (43). @kylos101 could you please go through and squash commits so that the remaining commit history makes sense once it's on main?

[kylos101]

Hey @csweichel all set in 7ac89a8.

Helm build here (which is very much like anyone currently using Helm will see):
https://werft.gitpod-dev.com/job/gitpod-build-kyleb-installer-werft.222

I'll do a follow-on where it removes the Helm install, and then uses the Installer, then we should be 🟩 .

[kylos101]

/werft run with-clean-slate-deployment=true

👍 started the job as gitpod-build-kyleb-installer-werft.223

[csweichel]

/lgtm

[roboquat]

LGTM label has been added.

Git tree hash: 481c6b9fe7291e35530751d728c5e0a86bae1a94

[roboquat]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csweichel, geropl, kylos101, mads-hartmann

Associated issue: #6808

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [csweichel,geropl]
• installer/OWNERS [csweichel]
• installer/pkg/components/image-builder-mk3/OWNERS [csweichel]
• installer/pkg/components/registry-facade/OWNERS [csweichel]
• installer/pkg/components/server/OWNERS [geropl]
• installer/pkg/components/ws-daemon/OWNERS [csweichel]
• installer/pkg/components/ws-scheduler/OWNERS [csweichel]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[kylos101]

/unhold

1. This PR has been squashed.
2. I tested one last time with Helm.
3. I tested one last time with the Installer.