cleanup

.github/actions/deploy-gitpod/metadata.yml

@@ -1,9 +1,6 @@
 name: "Deploy Gitpod"
 description: "Deploys Gitpod to an existing preview environment"
 inputs:
-    sa_key:
-        description: "The service account key to use when authenticating with GCP"
-        required: true
     name:
         description: "The name of the preview environment to deploy Gitpod to"
         required: false

.github/actions/deploy-monitoring-satellite/metadata.yml

@@ -1,12 +1,5 @@
 name: "Deploy monitoring satellite"
 description: "Deploys monitoring satellite to an existing preview environment"
-inputs:
-    sa_key:
-        description: "The service account key to use when authenticating with GCP"
-        required: true
-    previewctl_hash:
-        description: "The Leeway hash of the dev/preview/previewctl:docker package to be used when downloading previewclt"
-        required: false
 runs:
     using: "docker"
     image: "Dockerfile"

dev/preview/BUILD.yaml

@@ -13,7 +13,7 @@ packages:
 scripts:
 
   - name: configure-workspace
-    description: Configures the workspace so that it has access to development resources (dev, harvester) as well as your preview environment.
+    description: Configures the workspace so that it has access to development resources as well as your preview environment.
     script: ./workflow/preview/configure-workspace.sh
 
   - name: build
@@ -26,7 +26,6 @@ scripts:
       export GOOGLE_APPLICATION_CREDENTIALS="${GOOGLE_APPLICATION_CREDENTIALS:-$PREVIEW_ENV_DEV_SA_KEY_PATH}"
       export TF_VAR_cert_issuer="${TF_VAR_cert_issuer:-letsencrypt-issuer-gitpod-core-dev}"
       export TF_VAR_preview_name="${TF_VAR_preview_name:-$(previewctl get name)}"
-      export TF_VAR_vm_storage_class="${TF_VAR_vm_storage_class:-longhorn-gitpod-k3s-202304191605-onereplica}"
       ./workflow/preview/deploy-harvester.sh
 
   - name: delete-preview

dev/preview/infrastructure/modules/gce/cloudinit.yaml

@@ -2,21 +2,7 @@
 users:
 - name: ubuntu
   sudo: "ALL=(ALL) NOPASSWD: ALL"
-  ssh_authorized_keys:
-    - ${ssh_authorized_keys}
 chpasswd:
   list: |
     ubuntu:ubuntu
   expire: False
-write_files:
-  - path: /usr/local/bin/bootstrap.sh
-    permissions: '0744'
-    owner: root
-    content: |
-      #!/bin/bash
-
-      set -eo pipefail
-
-      sudo systemctl restart containerd.service &
-runcmd:
- - bash /usr/local/bin/bootstrap.sh

dev/preview/infrastructure/modules/gce/variables.tf

@@ -14,11 +14,6 @@ variable "vm_type" {
   default = "n2d-standard-16"
 }
 
-variable "ssh_key" {
-  type        = string
-  description = "ssh public key used for access to the vm"
-}
-
 variable "dev_kube_context" {
   type        = string
   default     = "dev"

dev/preview/infrastructure/modules/gce/vm.tf

@@ -47,7 +47,6 @@ resource "google_compute_instance" "default" {
   }
 
   metadata = {
-    ssh-keys           = "ubuntu:${var.ssh_key}"
     serial-port-enable = true
     user-data          = local.cloudinit_user_data
   }
@@ -75,11 +74,6 @@ resource "google_compute_address" "static-preview-ip" {
   name     = var.preview_name
 }
 
-# data "google_secret_manager_secret_version" "dockerhub-pull-account" {
-#   provider = google
-#   secret   = "dockerhub-pull-account"
-# }
-
 locals {
   vm_name = "preview-${var.preview_name}"
   bootstrap_script = templatefile("${path.module}/../../scripts/bootstrap-k3s.sh", {
@@ -94,10 +88,7 @@ locals {
   EOT
 
   cloudinit_user_data = templatefile("${path.module}/cloudinit.yaml", {
-    # dockerhub_user      = base64decode(jsondecode(data.google_secret_manager_secret_version.dockerhub-pull-account.secret_data).username)
-    # dockerhub_passwd    = base64decode(jsondecode(data.google_secret_manager_secret_version.dockerhub-pull-account.secret_data).password)
-    vm_name             = local.vm_name
-    ssh_authorized_keys = var.ssh_key
+    vm_name = local.vm_name
   })
 
   machine_type = var.with_large_vm ? "n2d-standard-32" : var.vm_type

dev/preview/infrastructure/preview.tf

@@ -4,7 +4,6 @@ module "preview_gce" {
 
   preview_name  = var.preview_name
   cert_issuer   = var.cert_issuer
-  ssh_key       = local.ssh_key
   use_spot      = var.gce_use_spot
   with_large_vm = var.with_large_vm
   vm_type       = var.vm_type
@@ -35,7 +34,3 @@ module "dns" {
     acme.zerossl     = acme.zerossl,
   }
 }
-
-locals {
-  ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/aB/HYsb56V0NBOEab6j33v3LIxRiGqG4fmidAryAXevLyTANJPF8m44KSzSQg7AI7PMy6egxQp/JqH2b+3z1cItWuHZSU+klsKNuf5HxK7AOrND3ahbejZfyYewtKFQ3X9rv5Sk8TAR5gw5oPbkTR61jiLa58Sw7UkhLm2EDguGASb6mBal8iboiF8Wpl8QIvPmJaGIOY2YwXLepwFA3S3kVqW88eh2WFmjTMre5ASLguYNkHXjyb/TuhVFzAvphzpl84RAaEyjKYnk45fh4xRXx+oKqlfKRJJ/Owxa7SmGO+/4rWb3chdnpodHeu7XjERmjYLY+r46sf6n6ySgEht1xAWjMb1uqZqkDx+fDDsjFSeaN3ncX6HSoDOrphFmXYSwaMpZ8v67A791fuUPrMLC+YMckhTuX2g4i3XUdumIWvhaMvKhy/JRRMsfUH0h+KAkBLI6tn5ozoXiQhgM4SAE5HsMr6CydSIzab0yY3sq0avmZgeoc78+8PKPkZG1zRMEspV/hKKBC8hq7nm0bu4IgzuEIYHowOD8svqA0ufhDWxTt6A4Jo0xDzhFyKme7KfmW7SIhpejf3T1Wlf+QINs1hURr8LSOZEyY2SzYmAoQ49N0SSPb5xyG44cptpKcj0WCAJjBJoZqz0F5x9TjJ8XToB5obyJfRHD1JjxoMQ== [email protected]"
-}

dev/preview/previewctl/cmd/access.go

@@ -29,7 +29,7 @@ func newHasAccessCmd(logger *logrus.Logger) *cobra.Command {
 		},
 	}
 
-	cmd.PersistentFlags().StringSliceVar(&clusters, "clusters", []string{"dev"}, "Comma separated list of cluster to check access for")
+	cmd.PersistentFlags().StringSliceVar(&clusters, "clusters", []string{""}, "Comma separated list of cluster to check access for")
 
 	return cmd
 }

dev/preview/workflow/lib/k8s-util.sh

@@ -74,19 +74,6 @@ function waitUntilAllPodsAreReady {
   fi
 }
 
-function readWerftSecret {
-    local name
-    local key
-    name="$1"
-    key="$2"
-    kubectl \
-        --kubeconfig "${DEV_KUBE_PATH}" \
-        --context "${DEV_KUBE_CONTEXT}" \
-        --namespace werft \
-    get secret "${name}" -o jsonpath="{.data.${key}}" \
-  | base64 -d
-}
-
 function diff-apply {
   local context=$1
   shift