gitpod-io
diff --git a/‎.env.example
Lines changed: 0 additions & 2 deletions b/‎.env.example
Lines changed: 0 additions & 2 deletions
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎Dockerfile
Lines changed: 9 additions & 0 deletions b/‎Dockerfile
Lines changed: 9 additions & 0 deletions
diff --git a/‎README.md
Lines changed: 62 additions & 40 deletions b/‎README.md
Lines changed: 62 additions & 40 deletions
diff --git a/‎auth-providers-patch.yaml
Lines changed: 0 additions & 19 deletions b/‎auth-providers-patch.yaml
Lines changed: 0 additions & 19 deletions
@@ -2,8 +2,6 @@
 # https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
 AZURE_SUBSCRIPTION_ID=""
 AZURE_TENANT_ID=""
-AZURE_CLIENT_ID=""
-AZURE_CLIENT_SECRET=""
 
 # The name of the Kubernetes cluster
 CLUSTER_NAME=gitpod
 
@@ -1,3 +1,5 @@
 .env
 .kube
 .idea
+gitpod.yaml
+gitpod-config.yaml
@@ -1,3 +1,7 @@
+ARG GITPOD_VERSION="main.1887"
+
+FROM eu.gcr.io/gitpod-core-dev/build/installer:$GITPOD_VERSION as installer
+
 FROM mcr.microsoft.com/azure-cli:2.9.1
 
 RUN apk add --no-cache \
@@ -14,6 +18,11 @@ RUN mkdir -p /tmp/helm/ \
   && cp /tmp/helm/helm /usr/local/bin/helm \
   && rm -rf /tmp/helm
 
+RUN curl -fsSL https://github.com/mikefarah/yq/releases/download/v4.12.2/yq_linux_amd64 -o /usr/local/bin/yq \
+  && chmod +x /usr/local/bin/yq
+
+COPY --from=installer /app/installer /usr/local/bin/gitpod-installer
+
 WORKDIR /gitpod
 
 COPY . /gitpod
 
@@ -4,15 +4,20 @@ Before starting the installation process, you need:
 
 - An Azure account
   - [Create one now by clicking here](https://azure.microsoft.com/en-gb/free/)
-- Azure [service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal). This needs to have "Owner" IAM rights on the subscription and set up with "Group Administrator" ActiveDirectory role
-  - Log into [portal.azure.com](https://portal.azure.com/) and navigate to [Azure Active Directory](https://portal.azure.com/?quickstart=True#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview).
-  - Select the [Roles and Administrators](https://portal.azure.com/?quickstart=True#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RolesAndAdministrators)
-  - Select the role Groups Administrator
-  - Select "Add assignments" and add your service principal
+- A user account with "Owner" IAM rights on the subscription
 - A `.env` file with basic details about the environment.
   - We provide an example of such file [here](.env.example).
 - [Docker](https://docs.docker.com/engine/install/) installed on your machine, or better, a Gitpod workspace :)
 
+## Azure authentication
+
+For simplicity, this guide does **not** use an Azure [service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal).
+Authentication is done via an interactive URL, similar to this:
+
+```shell
+To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code ABC123DEF to authenticate.
+```
+
 **To start the installation, execute:**
 
 ```shell
@@ -23,13 +28,13 @@ The whole process takes around twenty minutes. In the end, the following resourc
 
 - an AKS cluster running Kubernetes v1.21.
 - Azure load balancer.
-- ~~Azure MySQL database.~~ MySQL will be provided by Helm until [#5508](https://github.com/gitpod-io/gitpod/issues/5508) solved.
+- Azure MySQL database.
 - Azure Blob Storage.
 - Azure DNS zone.
 - Azure container registry.
 - [calico](https://docs.projectcalico.org) as CNI and NetworkPolicy implementation.
 - [cert-manager](https://cert-manager.io/) for self-signed SSL certificates.
-- [Jaeger operator](https://github.com/jaegertracing/helm-charts/tree/main/charts/jaeger-operator) - and Jaeger deployment for gitpod distributed tracing.
+- [Jaeger operator](https://github.com/jaegertracing/helm-charts/tree/main/charts/jaeger-operator) - and Jaeger deployment for Gitpod distributed tracing.
 - [gitpod.io](https://github.com/gitpod-io/gitpod) deployment.
 
 ### Common errors running make install
@@ -41,34 +46,63 @@ The whole process takes around twenty minutes. In the end, the following resourc
 
   *After increasing the quota, retry the installation running `make install`*
 
+- Some pods never start (`Init` state)
+
+  ```shell
+  kubectl get pods -l component=proxy
+  NAME                     READY   STATUS    RESTARTS   AGE
+  proxy-5998488f4c-t8vkh   0/1     Init 0/1  0          5m
+  ```
+
+  The most likely reason is because the [DNS01 challenge](https://cert-manager.io/docs/configuration/acme/dns01/) has yet to resolve. If using `SETUP_MANAGED_DNS`, you will need to update your DNS records to point to the Azure DNS zone nameserver.
+
+  Once the DNS record has been updated, you will need to delete all Cert Manager pods to retrigger the certificate request
+
+  ```shell
+  kubectl delete pods -n cert-manager --all
+  ```
+
+  After a few minutes, you should see the `https-certificate` become ready.
+
+  ```shell
+  kubectl get certificate
+  NAME                        READY   SECRET                      AGE
+  https-certificates          True    https-certificates          5m
+  ```
+
 ## Verify the installation
 
 First, check that Gitpod components are running.
 
 ```shell
 kubectl get pods
 NAME                                 READY   STATUS    RESTARTS   AGE
-blobserve-5584456c68-t2vf6           2/2     Running   0          7m40s
-content-service-69fbcdf9fc-ngq9n     1/1     Running   0          7m39s
-dashboard-86877b7779-8rtdj           1/1     Running   0          7m40s
-image-builder-6557d4b5cf-xl9xf       3/3     Running   0          7m39s
-jaeger-5dfd44f668-8tj9x              1/1     Running   0          7m46s
-messagebus-0                         1/1     Running   0          7m40s
-minio-76f8b45fb7-brr96               1/1     Running   0          7m40s
-mysql-0                              1/1     Running   0          7m40s
-proxy-69d87469f9-fdx9l               1/1     Running   0          7m40s
-proxy-69d87469f9-qsmwg               1/1     Running   0          7m40s
-registry-facade-5xlhh                2/2     Running   0          7m39s
-registry-facade-qzmft                2/2     Running   0          7m39s
-registry-facade-vk9q4                2/2     Running   0          7m39s
-server-6bfdcbfd5b-2kwbt              2/2     Running   0          7m39s
-ws-daemon-7fqd5                      2/2     Running   0          7m39s
-ws-daemon-jl46t                      2/2     Running   0          7m39s
-ws-daemon-q9k9l                      2/2     Running   0          7m39s
-ws-manager-66f6b48c8-ts286           2/2     Running   0          7m40s
-ws-manager-bridge-5dfb558c96-kcxvr   1/1     Running   0          7m40s
-ws-proxy-979dd587b-ghjf4             1/1     Running   0          7m39s
-ws-proxy-979dd587b-mtkxt             1/1     Running   0          7m39s
+agent-smith-67mj5                    2/2     Running     0          3m24s
+agent-smith-khv98                    2/2     Running     0          3m24s
+agent-smith-ncvzc                    2/2     Running     0          3m24s
+blobserve-85c48c8789-hr486           2/2     Running     0          3m24s
+content-service-7786d99476-6z7ws     1/1     Running     0          3m24s
+dashboard-679cb8dbf-mm6hg            1/1     Running     0          3m24s
+dbinit-session-s5v7f                 0/1     Completed   0          3m23s
+image-builder-mk3-6798697948-h994t   2/2     Running     0          3m24s
+jaeger-operator-6cc9f79cc8-t5z7p     1/1     Running     0          3m24s
+messagebus-0                         1/1     Running     0          3m24s
+migrations-j5tcc                     0/1     Completed   0          3m23s
+minio-bcb6cdddb-7rgwx                1/1     Running     0          3m23s
+minio-bcb6cdddb-nhbqv                1/1     Running     0          3m23s
+openvsx-proxy-0                      1/1     Running     0          3m24s
+proxy-589657d8d5-p4xwq               2/2     Running     0          3m23s
+registry-facade-pks57                2/2     Running     0          3m24s
+registry-facade-rwh5l                2/2     Running     0          3m24s
+registry-facade-t8jhb                2/2     Running     0          3m25s
+server-84ddd9d6b5-fjlpj              2/2     Running     0          3m23s
+ws-daemon-95ms7                      2/2     Running     0          3m25s
+ws-daemon-psdcv                      2/2     Running     0          3m25s
+ws-daemon-q2z2f                      2/2     Running     0          3m25s
+ws-manager-bridge-6f775fb4fc-p475k   2/2     Running     0          3m23s
+ws-manager-c89cbc75d-bnw9k           1/1     Running     0          3m23s
+ws-proxy-757d8f5bf8-7mv2c            1/1     Running     0          3m23s
+ws-scheduler-58c65c759-jwtv5         2/2     Running     0          3m24s
 ```
 
 ### Test Gitpod workspaces
@@ -85,18 +119,6 @@ It should display the Gitpod login page similar to the next image.
 
 ----
 
-## Update Gitpod auth providers
-
-Please check the [OAuth providers integration documentation](https://www.gitpod.io/docs/self-hosted/0.5.0/install/oauth) expected format.
-
-We provide an [example here](./auth-providers-patch.yaml). Fill it with your OAuth providers data.
-
-```console
-make auth
-```
-
-> We are aware of the limitation of this approach, and we are working to improve the Helm chart to avoid this step.
-
 ## Destroy the cluster and Azure resources
 
 Remove the Azure cluster running:
-Original file line number
+Diff line change
@@ @@ -1,3 +1,5 @@ @@
 .env
 .kube
 .idea
 +gitpod.yaml
 +gitpod-config.yaml