use previewctl get-creds

vulkoingim · vulkoingim · commit 93f2bad38b74 · 2022-10-24T10:21:21.000+01:00
diff --git a/.werft/jobs/build/const.ts b/.werft/jobs/build/const.ts
@@ -2,3 +2,4 @@ export const GCLOUD_SERVICE_ACCOUNT_PATH = "/mnt/secrets/gcp-sa/service-account.
 export const CORE_DEV_KUBECONFIG_PATH = "/workspace/gitpod/kubeconfigs/core-dev";
 export const HARVESTER_KUBECONFIG_PATH = "/workspace/gitpod/kubeconfigs/harvester";
 export const PREVIEW_K3S_KUBECONFIG_PATH = "/workspace/gitpod/kubeconfigs/k3s";
+export const GLOBAL_KUBECONFIG_PATH = process.env.HOME + "/.kube/config"
diff --git a/.werft/jobs/build/prepare.ts b/.werft/jobs/build/prepare.ts
@@ -1,12 +1,18 @@
 import {exec, execStream} from "../../util/shell";
 import { Werft } from "../../util/werft";
-import { CORE_DEV_KUBECONFIG_PATH, GCLOUD_SERVICE_ACCOUNT_PATH, HARVESTER_KUBECONFIG_PATH } from "./const";
+import {
+    CORE_DEV_KUBECONFIG_PATH,
+    GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
+    HARVESTER_KUBECONFIG_PATH
+} from "./const";
 import { JobConfig } from "./job-config";
 import {certReady} from "../../util/certs";
 import {vmExists} from "../../vm/vm";
 
 const phaseName = "prepare";
 const prepareSlices = {
+    CONFIGURE_K8S: "Configuring k8s access.",
     CONFIGURE_CORE_DEV: "Configuring core-dev access.",
     BOOT_VM: "Booting VM.",
     WAIT_CERTIFICATES: "Waiting for certificates to be ready for the preview.",
@@ -19,6 +25,7 @@ export async function prepare(werft: Werft, config: JobConfig) {
         activateCoreDevServiceAccount();
         configureDocker();
         configureStaticClustersAccess();
+        configureGlobalKubernetesContext();
         werft.done(prepareSlices.CONFIGURE_CORE_DEV);
         if (!config.withPreview)
         {
@@ -53,6 +60,14 @@ function configureDocker() {
     }
 }
 
+function configureGlobalKubernetesContext() {
+    const rc = exec(`previewctl get-credentials --gcp-service-account=${GCLOUD_SERVICE_ACCOUNT_PATH} --kube-save-path=${GLOBAL_KUBECONFIG_PATH}`, { slice: prepareSlices.CONFIGURE_K8S }).code;
+
+    if (rc != 0) {
+        throw new Error("Failed to configure global kubernetes context.");
+    }
+}
+
 function configureStaticClustersAccess() {
     const rcCoreDev = exec(
         `KUBECONFIG=${CORE_DEV_KUBECONFIG_PATH} gcloud container clusters get-credentials core-dev --zone europe-west1-b --project gitpod-core-dev`,
@@ -90,8 +105,7 @@ async function createVM(werft: Werft, config: JobConfig) {
     // We pass the GCP credentials explicitly, otherwise for some reason TF doesn't pick them up
     const commonVars = `GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
                         GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                        TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                        TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                        TF_VAR_kubeconfig_path=${GLOBAL_KUBECONFIG_PATH} \
                         TF_VAR_preview_name=${config.previewEnvironment.destname} \
                         TF_VAR_vm_cpu=${cpu} \
                         TF_VAR_vm_memory=${memory}Gi \
diff --git a/.werft/util/certs.ts b/.werft/util/certs.ts
@@ -1,5 +1,9 @@
 import {exec, ExecOptions, execStream} from "./shell";
-import {CORE_DEV_KUBECONFIG_PATH, GCLOUD_SERVICE_ACCOUNT_PATH, HARVESTER_KUBECONFIG_PATH} from "../jobs/build/const";
+import {
+    CORE_DEV_KUBECONFIG_PATH,
+    GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
+} from "../jobs/build/const";
 import { Werft } from "./werft";
 import { reportCertificateError } from "../util/slack";
 import {JobConfig} from "../jobs/build/job-config";
@@ -21,8 +25,7 @@ export async function certReady(werft: Werft, config: JobConfig, slice: string):
     // We pass the GCP credentials explicitly, otherwise for some reason TF doesn't pick them up
     const commonVars = `GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
                         GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                        TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                        TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                        TF_VAR_kubeconfig_path=${GLOBAL_KUBECONFIG_PATH} \
                         TF_VAR_preview_name=${config.previewEnvironment.destname} \
                         TF_VAR_vm_cpu=${cpu} \
                         TF_VAR_vm_memory=${memory}Gi \
diff --git a/.werft/vm/vm.ts b/.werft/vm/vm.ts
@@ -1,6 +1,6 @@
 import {
-    CORE_DEV_KUBECONFIG_PATH,
     GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
     HARVESTER_KUBECONFIG_PATH,
     PREVIEW_K3S_KUBECONFIG_PATH
 } from "../jobs/build/const";
@@ -19,8 +19,7 @@ export async function deleteVM(options: { name: string }) {
         await execStream(`DESTROY=true \
                                     GOOGLE_APPLICATION_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
                                     GOOGLE_BACKEND_CREDENTIALS=${GCLOUD_SERVICE_ACCOUNT_PATH} \
-                                    TF_VAR_dev_kube_path=${CORE_DEV_KUBECONFIG_PATH} \
-                                    TF_VAR_harvester_kube_path=${HARVESTER_KUBECONFIG_PATH} \
+                                    TF_VAR_kubeconfig_path=${GLOBAL_KUBECONFIG_PATH} \
                                     TF_VAR_preview_name=${options.name} \
                                     ./dev/preview/workflow/preview/deploy-harvester.sh`,
             {slice: "Deleting VM."})
diff --git a/dev/preview/infrastructure/harvester/provider.tf b/dev/preview/infrastructure/harvester/provider.tf
@@ -9,7 +9,7 @@ terraform {
   required_providers {
     harvester = {
       source  = "harvester/harvester"
-      version = ">=0.5.1"
+      version = ">=0.5.3"
     }
     k8s = {
       source  = "hashicorp/kubernetes"
@@ -23,18 +23,21 @@ terraform {
 }
 
 provider "harvester" {
-  alias      = "harvester"
-  kubeconfig = var.harvester_kube_path
+  alias       = "harvester"
+  kubeconfig  = var.kubeconfig_path
+  kubecontext = "harvester"
 }
 
 provider "k8s" {
-  alias       = "dev"
-  config_path = var.dev_kube_path
+  alias          = "dev"
+  config_path    = var.kubeconfig_path
+  config_context = var.dev_kube_context
 }
 
 provider "k8s" {
-  alias       = "harvester"
-  config_path = var.harvester_kube_path
+  alias          = "harvester"
+  config_path    = var.kubeconfig_path
+  config_context = var.harvester_kube_context
 }
 
 provider "google" {
diff --git a/dev/preview/infrastructure/harvester/variables.tf b/dev/preview/infrastructure/harvester/variables.tf
@@ -3,14 +3,22 @@ variable "preview_name" {
   description = "The preview environment's name"
 }
 
-variable "harvester_kube_path" {
+variable "kubeconfig_path" {
   type        = string
-  description = "The path to the Harvester Cluster kubeconfig"
+  default     = "/home/gitpod/.kube/config"
+  description = "The path to the kubernetes config"
 }
 
-variable "dev_kube_path" {
+variable "harvester_kube_context" {
   type        = string
-  description = "The path to the Dev Cluster kubeconfig"
+  default     = "harvester"
+  description = "The name of the harvester kube context"
+}
+
+variable "dev_kube_context" {
+  type        = string
+  default     = "dev"
+  description = "The name of the dev kube context"
 }
 
 variable "vm_memory" {
@@ -28,7 +36,6 @@ variable "vm_cpu" {
 variable "vm_storage_class" {
   type        = string
   description = "The storage class for the VM"
-  default     = "longhorn-gitpod-k3s-202209251218-onereplica"
 }
 
 variable "harvester_ingress_ip" {
