WIP: [kots]: use Helm for the Installer job

.github/CODEOWNERS

@@ -25,6 +25,7 @@
 /components/image-builder-bob @gitpod-io/engineering-workspace
 /components/image-builder-mk3 @gitpod-io/engineering-workspace
 /components/installation-telemetry @gitpod-io/engineering-self-hosted
+/install @gitpod-io/engineering-self-hosted
 /install/installer @gitpod-io/engineering-self-hosted
 /install/installer/pkg/components/agent-smith @gitpod-io/engineering-workspace
 /install/installer/pkg/components/blobserve @gitpod-io/engineering-workspace

.gitpod.yml

@@ -29,6 +29,14 @@ tasks:
     command: |
       ./dev/preview/download-and-merge-harvester-kubeconfig.sh
       exit 0
+  - name: Replicated
+    before: |
+      brew install replicatedhq/replicated/cli kubectl helm
+      curl https://kots.io/install | bash
+    command: |
+      cd install/kots
+      make helm
+      exit 0
   - name: Java
     init: |
       leeway exec --package components/supervisor-api/java:lib --package components/gitpod-protocol/java:lib -- ./gradlew build

install/installer/leeway.Dockerfile

@@ -4,6 +4,7 @@
 
 FROM alpine:3.15
 COPY install-installer--app/installer install-installer--app/provenance-bundle.jsonl /app/
+COPY --from=alpine/helm:latest /usr/bin/helm /usr/local/bin/helm
 RUN apk add --no-cache curl yq  \
     && curl -L "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -o /usr/local/bin/kubectl \
     && chmod +x /usr/local/bin/kubectl

install/installer/pkg/components/gitpod/configmap.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	"github.com/gitpod-io/gitpod/installer/pkg/config"
 	"github.com/gitpod-io/gitpod/installer/pkg/config/versions"
 
 	corev1 "k8s.io/api/core/v1"
@@ -24,9 +25,9 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 		VersionManifest: ctx.VersionManifest,
 	}
 
-	config, err := common.ToJSONString(ctx.Config)
+	cfg, err := config.Marshal(config.CurrentVersion, ctx.Config)
 	if err != nil {
-		return nil, fmt.Errorf("failed to marshal Gitpod config: %w", err)
+		return nil, err
 	}
 
 	versions, err := common.ToJSONString(gpversions)
@@ -43,7 +44,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
 				Labels:    common.DefaultLabels(Component),
 			},
 			Data: map[string]string{
-				"config.json":   string(config),
+				"config.yaml":   string(cfg),
 				"versions.json": string(versions),
 			},
 		},

install/kots/.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+Thumbs.db
+.idea
+charts/*/charts
+charts/*/Chart.lock
+*.tgz

install/kots/Makefile

@@ -0,0 +1,20 @@
+CHANNEL_STABLE = Stable
+CHANNEL_BETA = Beta
+CHANNEL_UNSTABLE = Unstable
+YAML_DIR = manifests
+
+all: helm lint create_unstable_release
+
+create_unstable_release:
+	replicated release create --lint --yaml-dir ${YAML_DIR} --promote ${CHANNEL_UNSTABLE}
+.PHONY: create_unstable_release
+
+lint:
+	replicated release lint --yaml-dir ${YAML_DIR}
+.PHONY: lint
+
+helm:
+	@echo "Installing Helm dependencies"
+	@rm -f manifests/*.tgz
+	@for f in $(shell ls -d charts/*/); do cd $${f} && helm dep up && helm package . --destination ../../manifests && cd -; done
+.PHONY: helm

install/kots/README.md

@@ -0,0 +1,48 @@
+# KOTS
+
+[Kubernetes Off-The-Shelf(KOTS)](https://kots.io/) is how we deliver
+Gitpod to enterprise customers.
+
+# Getting started
+
+You will need:
+ - a Kubernetes cluster
+ - a [Replicated](https://vendor.replicated.com) license file
+
+Go to [our Replicated channels page](https://vendor.replicated.com/apps/gitpod/channels) and
+follow the installation instructions on screen.
+
+# Terminology
+
+KOTS is the technology which is used to deliver a Replicated installation. Generally,
+KOTS should refer to the underlying open source technology and Replicated is the
+commercially supported project.
+
+# Development
+
+## Authentication
+
+Two environment variables are required to be able to publish to our Replicated account:
+
+ - `REPLICATED_APP`: the unique application slug
+ - `REPLICATED_API_TOKEN`: a [User API Token](https://vendor.replicated.com/account-settings) with `Read/Write` permissions
+
+## Naming conventions
+
+- Starts with `kots` - part of the KOTS configuration. Typically, this will follow the KOTS documentation/conventions
+- Starts with `gitpod` - part of the Gitpod application. Typically, this will be something we define/own
+- Starts with `helm` - a Helm chart
+- Starts with `crd` - a Custom Resource Definition
+
+## Helm charts
+
+KOTS [requires](https://kots.io/reference/v1beta1/helmchart) Helm charts to be uploaded as a `.tgz`
+file. The `make helm` command iterates through everything inside `charts`, installs the dependencies
+and packages them up as a `.tgz` file.
+
+The `.tgz` files should not be committed to the repository.
+
+## Create an unstable release
+
+An unstable release can be created by running `make create_unstable_release`. This builds and publishes
+a new unstable release to the account. This can be then applied to your development cluster.

install/kots/charts/cert-manager/Chart.yaml

@@ -0,0 +1,8 @@
+apiVersion: v2
+description: Gitpod cert-manager
+name: cert-manager
+version: 1.7.0
+dependencies:
+  - name: cert-manager
+    version: 1.7.0
+    repository: https://charts.jetstack.io

install/kots/charts/cert-manager/values.yaml

@@ -0,0 +1,2 @@
+cert-manager:
+  installCRDs: false