Clean up bash scripts in favour of previewctl

Author: vulkoingim

.werft/jobs/build/deploy-to-preview-environment.ts

@@ -1,12 +1,10 @@
 import * as fs from "fs";
 import { exec } from "../../util/shell";
 import { MonitoringSatelliteInstaller } from "../../observability/monitoring-satellite";
-
 import { Werft } from "../../util/werft";
 import { Analytics, JobConfig } from "./job-config";
 import * as VM from "../../vm/vm";
 import { Installer } from "./installer/installer";
-import { previewNameFromBranchName } from "../../util/preview";
 
 // used by Installer
 const STACKDRIVER_SERVICEACCOUNT = JSON.parse(
@@ -82,7 +80,7 @@ export async function deployToPreviewEnvironment(werft: Werft, jobConfig: JobCon
         const sliceID = "Install monitoring satellite";
         const monitoringSatelliteInstaller = new MonitoringSatelliteInstaller({
             branch: jobConfig.observability.branch,
-            previewName: previewNameFromBranchName(jobConfig.repository.branch),
+            previewName: exec(`previewctl get name --branch=${jobConfig.repository.branch}`).stdout.trim(),
             stackdriverServiceAccount: STACKDRIVER_SERVICEACCOUNT,
             werft: werft,
         });

.werft/jobs/build/installer/installer.ts

@@ -24,7 +24,7 @@ export class Installer {
         const environment = {
             VERSION: this.options.version,
             DEV_KUBE_PATH: CORE_DEV_KUBECONFIG_PATH,
-            DEV_KUBE_CONTEXT: "gke_gitpod-core-dev_europe-west1-b_core-dev",
+            DEV_KUBE_CONTEXT: "dev",
             PREVIEW_K3S_KUBE_PATH: PREVIEW_K3S_KUBECONFIG_PATH,
             PREVIEW_NAME: this.options.previewName,
             GITPOD_ANALYTICS: this.options.analytics,

.werft/jobs/build/prepare.ts

@@ -1,14 +1,10 @@
-import {exec, execStream} from "../../util/shell";
-import { Werft } from "../../util/werft";
-import {
-    CORE_DEV_KUBECONFIG_PATH,
-    GCLOUD_SERVICE_ACCOUNT_PATH,
-    GLOBAL_KUBECONFIG_PATH,
-    HARVESTER_KUBECONFIG_PATH
-} from "./const";
-import { JobConfig } from "./job-config";
+import {execStream} from "../../util/shell";
+import {Werft} from "../../util/werft";
+import {GCLOUD_SERVICE_ACCOUNT_PATH} from "./const";
+import {JobConfig} from "./job-config";
 import {certReady} from "../../util/certs";
 import {vmExists} from "../../vm/vm";
+import {configureAccess, configureDocker} from "../../util/preview";
 
 const phaseName = "prepare";
 const prepareSlices = {
@@ -22,14 +18,10 @@ export async function prepare(werft: Werft, config: JobConfig) {
     werft.phase(phaseName);
     try {
         werft.log(prepareSlices.CONFIGURE_CORE_DEV, prepareSlices.CONFIGURE_CORE_DEV);
-        activateCoreDevServiceAccount();
+        await configureAccess(werft)
         configureDocker();
-        await installPreviewCTL();
-        configureStaticClustersAccess();
-        configureGlobalKubernetesContext();
         werft.done(prepareSlices.CONFIGURE_CORE_DEV);
-        if (!config.withPreview)
-        {
+        if (!config.withPreview) {
             return
         }
         await decideHarvesterVMCreation(werft, config);
@@ -40,68 +32,9 @@ export async function prepare(werft: Werft, config: JobConfig) {
     werft.done(phaseName);
 }
 
-function activateCoreDevServiceAccount() {
-    const rc = exec(`gcloud auth activate-service-account --key-file "${GCLOUD_SERVICE_ACCOUNT_PATH}"`, {
-        slice: prepareSlices.CONFIGURE_CORE_DEV,
-    }).code;
-
-    if (rc != 0) {
-        throw new Error("Failed to activate core-dev service account.");
-    }
-}
-
-function configureDocker() {
-    const rcDocker = exec("gcloud auth configure-docker --quiet", { slice: prepareSlices.CONFIGURE_CORE_DEV }).code;
-    const rcDockerRegistry = exec("gcloud auth configure-docker europe-docker.pkg.dev --quiet", {
-        slice: prepareSlices.CONFIGURE_CORE_DEV,
-    }).code;
-
-    if (rcDocker != 0 || rcDockerRegistry != 0) {
-        throw new Error("Failed to configure docker with gcloud.");
-    }
-}
-
-function configureGlobalKubernetesContext() {
-    const rc = exec(`KUBECONFIG=${GLOBAL_KUBECONFIG_PATH} previewctl get-credentials --gcp-service-account=${GCLOUD_SERVICE_ACCOUNT_PATH}`, { slice: prepareSlices.CONFIGURE_K8S }).code;
-
-    if (rc != 0) {
-        throw new Error("Failed to configure global kubernetes context.");
-    }
-}
-
-export async function installPreviewCTL() {
-    try {
-        await execStream(`leeway build dev/preview/previewctl:install -Dversion=$(date +%F_T%H-%M-%S) --dont-test`, {
-            slice: "Install previewctl",
-            dontCheckRc: false
-        })
-    }catch (e) {
-        throw new Error("Failed to install previewctl.");
-    }
-}
-
-function configureStaticClustersAccess() {
-    const rcCoreDev = exec(
-        `KUBECONFIG=${CORE_DEV_KUBECONFIG_PATH} gcloud container clusters get-credentials core-dev --zone europe-west1-b --project gitpod-core-dev`,
-        { slice: prepareSlices.CONFIGURE_CORE_DEV },
-    ).code;
-    if (rcCoreDev != 0) {
-        throw new Error("Failed to get core-dev kubeconfig credentials.");
-    }
-
-    const rcHarvester = exec(
-        `cp /mnt/secrets/harvester-kubeconfig/harvester-kubeconfig.yml ${HARVESTER_KUBECONFIG_PATH}`,
-        { slice: prepareSlices.CONFIGURE_CORE_DEV },
-    ).code;
-
-    if (rcHarvester != 0) {
-        throw new Error("Failed to get Harvester kubeconfig credentials.");
-    }
-}
-
 async function decideHarvesterVMCreation(werft: Werft, config: JobConfig) {
     // always try to create - usually it will be no-op, but if tf changed for any reason we would reconcile
-    if (config.withPreview && (!vmExists({ name: config.previewEnvironment.destname }) || config.cleanSlateDeployment || config.recreatePreview || config.recreateVm)) {
+    if (config.withPreview && (!vmExists({name: config.previewEnvironment.destname}) || config.cleanSlateDeployment || config.recreatePreview || config.recreateVm)) {
         await createVM(werft, config);
     }
     werft.done(prepareSlices.BOOT_VM);
@@ -123,7 +56,7 @@ async function createVM(werft: Werft, config: JobConfig) {
         "TF_VAR_vm_memory": `${memory}Gi`,
     }
 
-    if (config.storageClass.length > 0){
+    if (config.storageClass.length > 0) {
         environment["TF_VAR_vm_storage_class"] = config.storageClass
     }
 
@@ -133,11 +66,11 @@ async function createVM(werft: Werft, config: JobConfig) {
         .map(([key, value]) => `${key}="${value}"`)
         .join(" ")
 
-    if (config.recreatePreview){
+    if (config.recreatePreview) {
         werft.log(prepareSlices.BOOT_VM, "Recreating environment");
         await execStream(`${variables} \
                                    leeway run dev/preview:delete-preview`, {slice: prepareSlices.BOOT_VM});
-    }else if (config.cleanSlateDeployment || config.recreateVm) {
+    } else if (config.cleanSlateDeployment || config.recreateVm) {
         werft.log(prepareSlices.BOOT_VM, "Cleaning previously created VM");
         // -replace=... forces recreation of the resource
         await execStream(`${variables} \

.werft/observability/monitoring-satellite.ts

@@ -18,7 +18,7 @@ export class MonitoringSatelliteInstaller {
     public async install(slice: string) {
         const environment = {
             DEV_KUBE_PATH: CORE_DEV_KUBECONFIG_PATH,
-            DEV_KUBE_CONTEXT: "gke_gitpod-core-dev_europe-west1-b_core-dev",
+            DEV_KUBE_CONTEXT: "dev",
             PREVIEW_K3S_KUBE_PATH: PREVIEW_K3S_KUBECONFIG_PATH,
             PREVIEW_NAME: this.options.previewName,
         };

.werft/platform-delete-preview-environment.ts

@@ -1,6 +1,6 @@
 import {Werft} from "./util/werft";
 import * as Tracing from "./observability/tracing";
-import {configureGlobalKubernetesContext, HarvesterPreviewEnvironment} from "./util/preview";
+import {configureAccess, HarvesterPreviewEnvironment} from "./util/preview";
 import {SpanStatusCode} from "@opentelemetry/api";
 import * as fs from "fs";
 
@@ -49,7 +49,7 @@ async function deletePreviewEnvironment() {
     }
     werft.done(SLICES.VALIDATE_CONFIGURATION);
 
-    await configureGlobalKubernetesContext(werft)
+    await configureAccess(werft)
 
     const preview = new HarvesterPreviewEnvironment(werft, previewName);
     if (DRY_RUN) {

.werft/platform-delete-preview-environments-cron.ts

@@ -2,7 +2,7 @@ import {Werft} from "./util/werft";
 import * as Tracing from "./observability/tracing";
 import {SpanStatusCode} from "@opentelemetry/api";
 import {exec, execStream} from "./util/shell";
-import {configureGlobalKubernetesContext, HarvesterPreviewEnvironment, PreviewEnvironment} from "./util/preview";
+import {configureAccess, HarvesterPreviewEnvironment, PreviewEnvironment} from "./util/preview";
 import {GCLOUD_SERVICE_ACCOUNT_PATH} from "./jobs/build/const";
 import * as fs from "fs";
 
@@ -66,7 +66,7 @@ async function getStalePreviewEnvironments(slice: string): Promise<PreviewEnviro
 }
 
 async function deletePreviewEnvironments() {
-    await configureGlobalKubernetesContext(werft)
+    await configureAccess(werft)
 
     werft.phase("Fetching stale preview environments");
     let stalePreviews: PreviewEnvironment[];

.werft/util/preview.ts

@@ -1,13 +1,18 @@
 import {createHash} from "crypto";
 import * as VM from "../vm/vm";
-import {exec} from "./shell";
+import {exec, execStream} from "./shell";
 import {Werft} from "./werft";
-import {installPreviewCTL} from "../jobs/build/prepare";
-import {GCLOUD_SERVICE_ACCOUNT_PATH, GLOBAL_KUBECONFIG_PATH} from "../jobs/build/const";
+import {
+    CORE_DEV_KUBECONFIG_PATH,
+    GCLOUD_SERVICE_ACCOUNT_PATH,
+    GLOBAL_KUBECONFIG_PATH,
+    HARVESTER_KUBECONFIG_PATH
+} from "../jobs/build/const";
 
 const SLICES = {
+    CONFIGURE_DOCKER: "Configuring Docker",
     CONFIGURE_GCP_ACCESS: "Activating service account",
-    CONFIGURE_K8S_ACCESS: "Installing dev/harvester contexts account",
+    CONFIGURE_K8S_ACCESS: "Installing dev/harvester contexts",
     INSTALL_PREVIEWCTL: "Install previewctl",
 };
 
@@ -71,7 +76,7 @@ export class HarvesterPreviewEnvironment {
     }
 }
 
-export async function configureGlobalKubernetesContext(werft: Werft) {
+export async function configureAccess(werft: Werft) {
     werft.phase("Configure access");
     try {
         exec(`gcloud auth activate-service-account --key-file "${GCLOUD_SERVICE_ACCOUNT_PATH}"`, {
@@ -82,15 +87,59 @@ export async function configureGlobalKubernetesContext(werft: Werft) {
         werft.fail(SLICES.CONFIGURE_GCP_ACCESS, err);
     }
 
-    await installPreviewCTL()
+    try {
+        await installPreviewCTL()
+    } catch (e) {
+        throw new Error("Failed to install Previewctl")
+    }
+
+    try {
+        exec(`KUBECONFIG=${GLOBAL_KUBECONFIG_PATH} previewctl get-credentials --gcp-service-account=${GCLOUD_SERVICE_ACCOUNT_PATH}`, {
+            slice: SLICES.CONFIGURE_K8S_ACCESS
+        });
+
+        exec(`mkdir -p $(dirname ${HARVESTER_KUBECONFIG_PATH})`)
+
+        exec(
+            `kubectl --context=harvester config view --minify --flatten > ${HARVESTER_KUBECONFIG_PATH}`, {
+                slice: SLICES.CONFIGURE_K8S_ACCESS
+            },
+        )
+
+        exec(
+            `kubectl --context=dev config view --minify --flatten > ${CORE_DEV_KUBECONFIG_PATH}`, {
+                slice: SLICES.CONFIGURE_K8S_ACCESS
+            },
+        )
+        werft.done(SLICES.CONFIGURE_K8S_ACCESS);
+    } catch (e) {
+        werft.fail(SLICES.CONFIGURE_K8S_ACCESS, e);
+        throw new Error("Failed to configure kubernetes contexts");
+    }
+
+    werft.done("Configure access");
+}
+
+export async function installPreviewCTL() {
+    try {
+        await execStream(`leeway build dev/preview/previewctl:install -Dversion=$(date +%F_T%H-%M-%S) --dont-test`, {
+            slice: "Install previewctl",
+        })
+    } catch (e) {
+        throw new Error("Failed to install previewctl.");
+    }
+}
 
-    const rc = exec(`KUBECONFIG=${GLOBAL_KUBECONFIG_PATH} previewctl get-credentials --gcp-service-account=${GCLOUD_SERVICE_ACCOUNT_PATH}`, {
-        slice: SLICES.CONFIGURE_K8S_ACCESS
+export function configureDocker() {
+    const rcDocker = exec("gcloud auth configure-docker --quiet", {slice: SLICES.CONFIGURE_DOCKER}).code;
+    const rcDockerRegistry = exec("gcloud auth configure-docker europe-docker.pkg.dev --quiet", {
+        slice: SLICES.CONFIGURE_DOCKER,
     }).code;
 
-    if (rc != 0) {
-        throw new Error("Failed to configure global kubernetes context.");
+    if (rcDocker != 0 || rcDockerRegistry != 0) {
+        throw new Error("Failed to configure docker with gcloud.");
     }
 }
 
+
 export type PreviewEnvironment = HarvesterPreviewEnvironment;

.werft/vm/vm.ts

@@ -69,10 +69,12 @@ export function waitForVMReadiness(options: { name: string; timeoutSeconds: numb
 export async function installPreviewContext(options: { name: string; slice: string }) {
     try {
         await execStream(
-            `previewctl install-context --branch=${options.name} --timeout=10m`,
+            `previewctl install-context --private-key-path=/workspace/.ssh/id_rsa_harvester_vm --gcp-service-account=${GCLOUD_SERVICE_ACCOUNT_PATH} --branch=${options.name} --timeout=10m`,
             {slice: options.slice},
         );
 
+        exec(`mkdir -p $(dirname ${PREVIEW_K3S_KUBECONFIG_PATH})`)
+
         exec(
             `kubectl --context=${options.name} config view --minify --flatten > ${PREVIEW_K3S_KUBECONFIG_PATH}`,
             {dontCheckRc: true, slice: options.slice},

dev/preview/BUILD.yaml

@@ -30,7 +30,7 @@ scripts:
       export TF_VAR_dev_kube_context="${TF_VAR_dev_kube_context:-dev}"
       export TF_VAR_harvester_kube_path="${TF_VAR_harvester_kube_path:-$HOME/.kube/config}"
       export TF_VAR_harvester_kube_context="${TF_VAR_harvester_kube_context:-harvester}"
-      export TF_VAR_preview_name="${TF_VAR_preview_name:-$(previewctl get-name)}"
+      export TF_VAR_preview_name="${TF_VAR_preview_name:-$(previewctl get name)}"
       export TF_VAR_vm_cpu="${TF_VAR_vm_cpu:-6}"
       export TF_VAR_vm_memory="${TF_VAR_vm_memory:-12Gi}"
       export TF_VAR_vm_storage_class="${TF_VAR_vm_storage_class:-longhorn-gitpod-k3s-202209251218-onereplica}"
@@ -43,7 +43,7 @@ scripts:
       export GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}"
       export GOOGLE_BACKEND_CREDENTIALS="${GOOGLE_BACKEND_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}"
       export TF_VAR_kubeconfig_path="${TF_VAR_kubeconfig_path:-$HOME/.kube/config}"
-      export TF_VAR_preview_name="${TF_VAR_preview_name:-$(previewctl get-name)}"
+      export TF_VAR_preview_name="${TF_VAR_preview_name:-$(previewctl get name)}"
       ./workflow/preview/deploy-harvester.sh
 
   - name: deploy-gitpod

dev/preview/install-k3s-kubeconfig.sh

@@ -7,8 +7,6 @@ set -euo pipefail
 
 THIS_DIR="$(dirname "$0")"
 
-source "$THIS_DIR/util/preview-name-from-branch.sh"
-
 PRIVATE_KEY=$HOME/.ssh/vm_id_rsa
 PUBLIC_KEY=$HOME/.ssh/vm_id_rsa.pub
 USER="ubuntu"
@@ -30,9 +28,9 @@ done
 
 if [ -z "${VM_NAME:-}" ]; then
   if [[ "${BRANCH}" == "" ]]; then
-      VM_NAME="$(preview-name-from-branch)"
+      VM_NAME="$(previewctl get name)"
   else
-      VM_NAME="$(preview-name-from-branch "$BRANCH")"
+      VM_NAME="$(previewctl get name --branch "$BRANCH")"
   fi
 fi
 

dev/preview/previewctl/pkg/preview/status.go

@@ -44,10 +44,10 @@ func (c *Config) GetStatus(ctx context.Context) (Status, error) {
 	if c.vmiCreationTime.After(time.Now().Add(-120 * time.Minute)) {
 		logEntry.WithFields(log.Fields{
 			"created": c.vmiCreationTime,
-		}).Debug("VM created in the past 20 mins, assuming active")
+		}).Debug("VM created in the past 120 mins, assuming active")
 
 		c.status.Active = true
-		c.status.Reason = fmt.Sprintf("VM created in the past 20 mins, assuming active: [%v]", c.vmiCreationTime.Time)
+		c.status.Reason = fmt.Sprintf("VM created in the past 120 mins, assuming active: [%v]", c.vmiCreationTime.Time)
 		return c.status, nil
 	}
 

dev/preview/ssh-vm.sh

@@ -7,8 +7,6 @@ set -euo pipefail
 
 THIS_DIR="$(dirname "$0")"
 
-source "$THIS_DIR/util/preview-name-from-branch.sh"
-
 PRIVATE_KEY=$HOME/.ssh/vm_id_rsa
 PUBLIC_KEY=$HOME/.ssh/vm_id_rsa.pub
 PORT=8022
@@ -30,9 +28,9 @@ done
 
 if [ -z "${VM_NAME:-}" ]; then
   if [[ "${BRANCH}" == "" ]]; then
-      VM_NAME="$(preview-name-from-branch)"
+      VM_NAME="$(previewctl get name)"
   else
-      VM_NAME="$(preview-name-from-branch "$BRANCH")"
+      VM_NAME="$(previewctl get name --branch "$BRANCH")"
   fi
 fi
 

dev/preview/util/portforward-monitoring-satellite-core-dev.sh

@@ -5,9 +5,7 @@
 
 THIS_DIR="$(dirname "$0")"
 
-source "$THIS_DIR/preview-name-from-branch.sh"
-
-PREVIEW_NAME="$(preview-name-from-branch)"
+PREVIEW_NAME="$(previewctl get name)"
 NAMESPACE="staging-${PREVIEW_NAME}"
 
 function log {