[installer gcp] Add certbot support

99c6ce26 · Christian Weichel · d30775ca · 99c6ce26 · 99c6ce26 · 99c6ce26
6 changed file
--- a/components/proxy/Dockerfile
+++ b/components/proxy/Dockerfile
@@ -41,6 +41,7 @@ RUN apt-get update && apt-get install -yq \

 # Include certbot into the proxy for HTTPS termination
 RUN curl -o /usr/bin/lama -L https://github.com/csweichel/lama/releases/download/v0.3.0/lama_0.3.0_Linux_x86_64 && \
+    chmod +x /usr/bin/lama ** \
    mkdir -p /var/www/lama/nginx && \
    touch /var/www/lama/nginx/status && \
    apt-get update && \

--- a/install/gcp-terraform/main.tf
+++ b/install/gcp-terraform/main.tf
@@ -70,6 +70,8 @@ module "helm" {
  ]

  forceHTTPS = var.force_https
+  certificateEmail = var.certificate_email
+  certbotEnabled = var.certbot_enabled

  requirements = [
    module.network.done,

--- a/install/gcp-terraform/modules/helm/main.tf
+++ b/install/gcp-terraform/modules/helm/main.tf
@@ -60,6 +60,16 @@ resource "helm_release" "gitpod" {
    value = "[]"
  }

+  set {
+    name = "components.proxy.certbot.enaled"
+    value = var.certbotEnabled
+  }
+
+  set {
+    name = "components.proxy.certbot.email"
+    value = var.certificateEmail
+  }
+
  depends_on = [
    var.requirements
  ]

--- a/install/gcp-terraform/modules/helm/variables.tf
+++ b/install/gcp-terraform/modules/helm/variables.tf
@@ -53,3 +53,14 @@ variable "forceHTTPS" {
  type = bool
  default = false
 }
+
+variable "certbotEnabled" {
+  type = bool
+  default = false
+}
+
+variable "certificateEmail" {
+  type = string
+}
+
+
--- a/install/gcp-terraform/variables.tf
+++ b/install/gcp-terraform/variables.tf
@@ -46,4 +46,9 @@ variable "image_prefix" {
 variable "force_https" {
    type = bool
    default = false
+}
+
+variable "certbot_enabled" {
+    type = bool
+    default = false
 }
\ No newline at end of file
--- a/install/installer/cmd/gcp.go
+++ b/install/installer/cmd/gcp.go
@@ -67,6 +67,32 @@ var gcpCmd = &cobra.Command{
 			if err != nil {
 				ui.Fatalf("cannot update the \"domain\" terraform variables:\n\t%q", err)
 			}
+		} else {
+			err = terraform.PersistVariable(tfvarsfn,
+				terraform.PersistVariableOpts{
+					Name:    "force_https",
+					Sources: []terraform.VariableValueSource{func(name string, spec terraform.VariableSpec) (value string, ok bool) { return "true", true }},
+				},
+				terraform.PersistVariableOpts{
+					Name:    "certbot_enabled",
+					Sources: []terraform.VariableValueSource{func(name string, spec terraform.VariableSpec) (value string, ok bool) { return "true", true }},
+				},
+				terraform.PersistVariableOpts{
+					Name: "certificate_email",
+					Spec: terraform.VariableSpec{
+						Description: "Gitpod will attempt to issue HTTPS certificates for you. Please provide an email that's used with Let's Encrypt to do so.",
+						Validate: func(val string) error {
+							if !strings.Contains(val, "@") {
+								return fmt.Errorf("not a valid email address")
+							}
+							return nil
+						},
+					},
+				},
+			)
+			if err != nil {
+				ui.Fatalf("cannot update the \"domain\" terraform variables:\n\t%q", err)
+			}
 		}

 		terraform.Run([]string{"init"}, terraform.WithBasedir(basedir), terraform.WithFatalErrors)