Better cloud subdomaining (#1343)

.github/workflows/publish.yaml

@@ -315,11 +315,9 @@ jobs:
       with: 
         persist-credentials: false
         fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
-    - name: push chart
-      uses: pluralsh/chart-releaser@v0.1.3
-      with:
-        path: ./plural/helm/plural
-        release: ${{github.ref_name}}
+    - name: update context
+      run: |
+        sed -i '' 's/version: .* # VERSION/version: ${{github.ref_name}} # VERSION/' plural/manifests/context.yaml
     - name: Create Pull Request
       uses: peter-evans/create-pull-request@v5
       with:

apps/core/lib/core/clients/console.ex

@@ -93,6 +93,7 @@ defmodule Core.Clients.Console do
   def stack(client, id) do
     Req.post(client, graphql: {@stack_q, %{id: id}})
     |> case do
+      {:ok, %Req.Response{body: %{"errors" => [_ | _] = errors}}} -> {:error, errors}
       {:ok, %Req.Response{body: %{"data" => %{"infrastructureStack" => stack}}}} ->
         {:ok, stack}
       res ->

apps/core/lib/core/services/cloud.ex

@@ -58,7 +58,7 @@ defmodule Core.Services.Cloud do
       Repositories.upsert_oidc_provider(%{
         auth_method: :post,
         bindings: Shell.oidc_bindings(inst.oidc_provider, user),
-        redirect_uris: Shell.merge_uris(["https://console.#{name}.cloud.plural.sh/oauth/callback"], inst.oidc_provider)
+        redirect_uris: Shell.merge_uris(["https://console.#{name}.#{domain()}/oauth/callback"], inst.oidc_provider)
       }, inst.id, sa)
     end)
     |> add_operation(:instance, fn %{oidc: oidc, token: token, cluster: cluster, postgres: roach, sa: sa} ->
@@ -135,14 +135,14 @@ defmodule Core.Services.Cloud do
   end
 
   defp add_configuration(attrs, name, token, %OIDCProvider{} = oidc, %User{} = user) do
-    Map.merge(attrs, %{subdomain: "#{name}.cloud.plural.sh", url: "console.#{name}.cloud.plural.sh"})
+    Map.merge(attrs, %{subdomain: "#{name}.#{domain()}", url: "console.#{name}.#{domain()}"})
     |> Map.put(:configuration, %{
       aes_key:        aes_key(),
       encryption_key: encryption_key(),
       database:       "#{name}_cloud",
       dbuser:         "#{name}_user",
       dbpassword:     Core.random_alphanum(32),
-      subdomain:      "#{name}.cloud.plural.sh",
+      subdomain:      "#{name}.#{domain()}",
       jwt_secret:     Core.random_alphanum(32) |> Base.encode64(),
       owner_name:     user.name,
       owner_email:    user.email,
@@ -208,6 +208,8 @@ defmodule Core.Services.Cloud do
     |> Base.encode64()
   end
 
+  defp domain(), do: Core.conf(:cloud_domain)
+
   defp notify({:ok, %ConsoleInstance{} = inst}, :create, user),
     do: handle_notify(PubSub.ConsoleInstanceCreated, inst, actor: user)
   defp notify({:ok, %ConsoleInstance{} = inst}, :update, user),

apps/core/priv/repo/seeds/00_bootstrap.exs

@@ -4,6 +4,8 @@ import System, only: [get_env: 1]
 alias Core.Repo
 alias Core.Schema
 
+Application.ensure_all_started(:tzdata)
+
 seed do
   {:ok, admin} = Core.Services.Users.create_user(%{
     name: get_env("ADMIN_NAME"),

apps/core/priv/repo/seeds/012_enterprise_plan.exs

@@ -1,6 +1,7 @@
 import Botanist
 
 seed do
+  {:ok, _} = Core.Services.Payments.setup_plans()
   enterprise = Core.Services.Payments.get_platform_plan_by_name!("Enterprise")
 
   Ecto.Changeset.change(enterprise, %{enterprise: true})

config/config.exs

@@ -146,7 +146,8 @@ config :core,
   sysbox_emails: [],
   mgmt_repo: "https://github.com/pluralsh/plural.git",
   cockroach_parameters: [],
-  bootstrap_ssl: true
+  bootstrap_ssl: true,
+  cloud_domain: "cloud.plural.sh"
 
 config :briefly,
   directory: [{:system, "TMPDIR"}, {:system, "TMP"}, {:system, "TEMP"}, "/tmp"],

plural/helm/plural/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: plural
 description: A helm chart for installing plural
 appVersion: 0.11.8
-version: 0.10.95
+version: 0.10.96
 dependencies:
   - name: hydra
     version: 0.26.5

plural/helm/plural/templates/_helpers.tpl

@@ -101,4 +101,8 @@ plural-migration-{{ .Values.image.tag | default .Chart.AppVersion | sha256sum |
   image: gcr.io/pluralsh/library/busybox:1.35.0
   imagePullPolicy: IfNotPresent
   command: [ "/bin/sh", "-c", "until nc -zv plural-plural 5432 -w1; do echo 'waiting for db'; sleep 1; done" ]
+{{- end -}}
+
+{{- define "plural.imageTag" -}}
+{{ .Values.global.tag | default .Values.image.tag | default .Chart.AppVersion }}
 {{- end -}}

plural/helm/plural/templates/deployment.yaml

@@ -20,6 +20,7 @@ spec:
         prometheus.io/scrape: "true"
         prometheus.io/path: "/metrics"
         prometheus.io/port: {{ .Values.api.port | quote }}
+        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
     spec:
       serviceAccountName: plural
     {{- with .Values.imagePullSecrets }}
@@ -30,7 +31,7 @@ spec:
       {{ include "plural.wait-for-migration" . | nindent 6 }}
       containers:
       - name: api
-        image: "{{ .Values.global.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        image: "{{ .Values.global.registry }}/{{ .Values.image.repository }}:{{ include "plural.imageTag" . }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         envFrom:
         - secretRef:
@@ -90,6 +91,8 @@ spec:
       labels:
         app.kubernetes.io/name: plural-worker
         app.kubernetes.io/instance: {{ .Release.Name }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
     spec:
       serviceAccountName: plural
     {{- with .Values.imagePullSecrets }}
@@ -100,7 +103,7 @@ spec:
       {{ include "plural.wait-for-migration" . | nindent 6 }}
       containers:
       - name: worker
-        image: "{{ .Values.global.registry }}/{{ .Values.worker.repository }}:{{ .Values.worker.tag | default .Chart.AppVersion }}"
+        image: "{{ .Values.global.registry }}/{{ .Values.worker.repository }}:{{ include "plural.imageTag" . }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         envFrom:
         - secretRef:
@@ -155,6 +158,7 @@ spec:
         prometheus.io/scrape: "true"
         prometheus.io/path: "/metrics"
         prometheus.io/port: {{ .Values.api.port | quote }}
+        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
     spec:
       serviceAccountName: plural
     {{- with .Values.imagePullSecrets }}
@@ -165,7 +169,7 @@ spec:
       {{ include "plural.wait-for-migration" . | nindent 6 }}
       containers:
       - name: rtc
-        image: "{{ .Values.global.registry }}/{{ .Values.rtc.repository }}:{{ .Values.rtc.tag | default .Chart.AppVersion }}"
+        image: "{{ .Values.global.registry }}/{{ .Values.rtc.repository }}:{{ include "plural.imageTag" . }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         envFrom:
         - secretRef:
@@ -223,14 +227,15 @@ spec:
       labels:
         app.kubernetes.io/name: plural-www
         app.kubernetes.io/instance: {{ .Release.Name }}
+        checksum/config: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
     spec:
       {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 6 }}
       {{- end }}
       containers:
       - name: www
-        image: "{{ .Values.global.registry }}/{{ .Values.www.repository }}:{{ .Values.www.tag | default .Chart.AppVersion }}"
+        image: "{{ .Values.global.registry }}/{{ .Values.www.repository }}:{{ include "plural.imageTag" . }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         ports:
         - name: http

plural/helm/plural/templates/migration.yaml

@@ -11,7 +11,7 @@ spec:
       {{- end }}
       containers:
       - name: migrator
-        image: "{{ .Values.global.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+        image: "{{ .Values.global.registry }}/{{ .Values.image.repository }}:{{ include "plural.imageTag" . }}"
         command: ["/opt/app/bin/plural",  "migrate"]
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         envFrom:
@@ -43,7 +43,7 @@ spec:
       {{- end }}
       containers:
       - name: cron
-        image: "{{ .Values.cron.image }}:{{ .Values.cron.tag }}"
+        image: "{{ .Values.cron.image }}:{{ include "plural.imageTag" . }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         envFrom:
         - secretRef:

plural/helm/plural/values.yaml

@@ -1,5 +1,6 @@
 global:
   registry: dkr.plural.sh/plural
+  tag: ~
 
 replicaCount: 3
 rabbitmqNamespace: rabbitmq

plural/manifests/context.yaml

@@ -0,0 +1,10 @@
+apiVersion: deployments.plural.sh/v1alpha1
+kind: PipelineContext
+metadata:
+  name: plural
+spec:
+  pipelineRef:
+    name: plural
+    namespace: infra
+  context:
+    version: sha-a1f4280 # VERSION

rel/config/config.exs

@@ -94,7 +94,8 @@ config :core,
   console_token: get_env("CONSOLE_SA_TOKEN"),
   console_url: get_env("CONSOLE_URL"),
   mgmt_repo: get_env("CONSOLE_MGMT_REPO"),
-  stack_id: get_env("CONSOLE_CLOUD_STACK_ID")
+  stack_id: get_env("CONSOLE_CLOUD_STACK_ID"),
+  cloud_domain: get_env("CONSOLE_CLOUD_DOMAIN") || "cloud.plural.sh"
 
 
 if get_env("VAULT_HOST") do
@@ -143,3 +144,6 @@ config :core,
 
 config :openai,
   token: get_env("OPENAI_BEARER_TOKEN")
+
+
+config :tzdata, :autoupdate, :disabled