From c4e03c102d0a0d78ff7241a84f412403e6252f63 Mon Sep 17 00:00:00 2001
From: cccs-eric <eric.ladouceur@cyber.gc.ca>
Date: Mon, 21 Dec 2020 07:32:53 -0500
Subject: [PATCH] Make che update Images from registries at startup (#18562)

* Added support for Keycloak admin secret
Added support to change endpoint-watcher image

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

* Added user feedback and validation for Keycloak password

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

* Apply suggestions from code review

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

Co-authored-by: Anatolii Bazko <abazko@redhat.com>

* Apply suggestions from code review

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

Co-authored-by: Anatolii Bazko <abazko@redhat.com>

* Added feature to registries to update images at startup.

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

* Trying to improve value names and we use them

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

* Added missing newline

Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

* Missing newline
Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>

* Added checksums to configmap to enable pod restart on configmap change.

Signed-off-by: cccs-eric <eric.ladouceur@cyber.gc.ca>

* Applied code review changes.

Signed-off-by: cccs-eric <eric.ladouceur@cyber.gc.ca>

* Update from code review

Signed-off-by: cccs-eric <eric.ladouceur@cyber.gc.ca>

Co-authored-by: Anatolii Bazko <abazko@redhat.com>
---
 .../templates/configmap.yaml                  | 25 +++++++++++++++++++
 .../templates/deployment.yaml                 |  6 +++++
 .../templates/configmap.yaml                  | 25 +++++++++++++++++++
 .../templates/deployment.yaml                 |  6 +++++
 .../helm/che/templates/configmap.yaml         |  8 ++++++
 5 files changed, 70 insertions(+)
 create mode 100644 deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/configmap.yaml
 create mode 100644 deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/configmap.yaml

diff --git a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/configmap.yaml b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/configmap.yaml
new file mode 100644
index 0000000000..405ab78b41
--- /dev/null
+++ b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/configmap.yaml
@@ -0,0 +1,25 @@
+#
+# Copyright (c) 2018-2020 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: che-devfile-registry
+data:
+{{- with .Values.cheDevfileImagesOverride -}}
+  {{- with .url }}
+  CHE_DEVFILE_IMAGES_REGISTRY_URL: {{ . | quote }}
+  {{- end }}
+  {{- with .organization }}
+  CHE_DEVFILE_IMAGES_REGISTRY_ORGANIZATION: {{ . | quote }}
+  {{- end }}
+  {{- with .tag }}
+  CHE_DEVFILE_IMAGES_REGISTRY_TAG: {{ . | quote }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/deployment.yaml b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/deployment.yaml
index e3d62f923e..711e9e4894 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/deployment.yaml
@@ -31,6 +31,8 @@ spec:
       labels:
         app: che
         component: devfile-registry
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
     spec:
       containers:
       - image: {{ .Values.cheDevfileRegistry.image }}
@@ -59,3 +61,7 @@ spec:
             memory: {{ .Values.cheDevfileRegistry.memoryLimit }}
           requests:
             memory: {{ .Values.cheDevfileRegistry.memoryRequests }}
+        envFrom:
+          - configMapRef:
+              name: che-devfile-registry
+              optional: true
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/configmap.yaml b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/configmap.yaml
new file mode 100644
index 0000000000..6f01199db2
--- /dev/null
+++ b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/configmap.yaml
@@ -0,0 +1,25 @@
+#
+# Copyright (c) 2018-2020 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: che-plugin-registry
+data:
+{{- with .Values.chePluginSidecarOverride -}}
+  {{- with .url }}
+  CHE_SIDECAR_CONTAINERS_REGISTRY_URL: {{ . | quote }}
+  {{- end }}
+  {{- with .organization }}
+  CHE_SIDECAR_CONTAINERS_REGISTRY_ORGANIZATION: {{ . | quote }}
+  {{- end }}
+  {{- with .tag }}
+  CHE_SIDECAR_CONTAINERS_REGISTRY_TAG: {{ . | quote }}
+  {{- end }}
+{{- end }}
diff --git a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/deployment.yaml b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/deployment.yaml
index 3393e04ba6..956134f8e9 100644
--- a/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/deployment.yaml
+++ b/deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/deployment.yaml
@@ -31,6 +31,8 @@ spec:
       labels:
         app: che
         component: plugin-registry
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
     spec:
       containers:
       - image: {{ .Values.chePluginRegistry.image }}
@@ -59,3 +61,7 @@ spec:
             memory: {{ .Values.chePluginRegistry.memoryLimit }}
           requests:
             memory: {{ .Values.chePluginRegistry.memoryRequests }}
+        envFrom:
+        - configMapRef:
+            name: che-plugin-registry
+            optional: true
diff --git a/deploy/kubernetes/helm/che/templates/configmap.yaml b/deploy/kubernetes/helm/che/templates/configmap.yaml
index be490fc299..ad66e154ef 100644
--- a/deploy/kubernetes/helm/che/templates/configmap.yaml
+++ b/deploy/kubernetes/helm/che/templates/configmap.yaml
@@ -66,6 +66,9 @@ data:
   CHE_INFRA_KUBERNETES_PVC_QUANTITY: {{ .Values.global.pvcClaim }}
   CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: "true"
   CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME: "{{ .Values.global.cheWorkspacePVCStorageClassName }}"
+{{- if .Values.cheInfraKubernetesPvcJobsImage }}
+  CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE: {{ .Values.cheInfraKubernetesPvcJobsImage | quote }}
+{{- end }}
   CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER: "{{ .Values.global.securityContext.runAsUser }}"
   CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP: "{{ .Values.global.securityContext.fsGroup }}"
   CHE_LOCAL_CONF_DIR: /etc/conf
@@ -122,6 +125,8 @@ data:
   {{- if .Values.che.workspace.pluginBroker.waitTimeoutMin }}
   CHE_WORKSPACE_PLUGIN__BROKER_WAIT__TIMEOUT__MIN: {{ .Values.che.workspace.pluginBroker.waitTimeoutMin | quote }}
   {{- end }}
+  CHE_WORKSPACE_PLUGIN__BROKER_METADATA_IMAGE: {{ .Values.che.workspace.pluginBroker.metadataImage | quote }}
+  CHE_WORKSPACE_PLUGIN__BROKER_ARTIFACTS_IMAGE: {{ .Values.che.workspace.pluginBroker.artifactsImage | quote }}
 {{- end }}
 {{- if .Values.workspaceSidecarDefaultRamLimit }}
   CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB: {{ .Values.workspaceSidecarDefaultRamLimit | quote }}
@@ -146,3 +151,6 @@ data:
   CHE_WORKSPACE_JAVA__OPTIONS: "-Xmx2000m"
   CHE_WORKSPACE_MAVEN__OPTIONS: "-Xmx20000m"
   CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN: "15"
+{{- if .Values.cheServerSecureExposerJwtProxyImage }}
+  CHE_SERVER_SECURE__EXPOSER_JWTPROXY_IMAGE: {{ .Values.cheServerSecureExposerJwtProxyImage | quote }}
+{{- end }}