Skip to content

Commit

Permalink
[installer]: general fixes for the workspace components
Browse files Browse the repository at this point in the history
This now installs the workspace components to a cluster using an InCluster database and registry
  • Loading branch information
Simon Emms committed Oct 26, 2021
1 parent 60efe10 commit 46ee3c1
Show file tree
Hide file tree
Showing 27 changed files with 327 additions and 158 deletions.
6 changes: 6 additions & 0 deletions installer/pkg/common/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,14 @@ const (
InClusterMessageQueueTLS = "messagebus-certificates-secret-core"
MonitoringChart = "monitoring"
ProxyComponent = "proxy"
RegistryFacadeComponent = "registry-facade"
RegistryFacadeServicePort = 3000
ServerComponent = "server"
SystemNodeCritical = "system-node-critical"
WSManagerComponent = "ws-manager"
WSManagerBridgeComponent = "ws-manager-bridge"
WSProxyComponent = "ws-proxy"
WSSchedulerComponent = "ws-scheduler"
)

const (
Expand Down
27 changes: 27 additions & 0 deletions installer/pkg/common/objects.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@
package common

import (
"fmt"
storageconfig "github.com/gitpod-io/gitpod/content-service/api/config"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
Expand Down Expand Up @@ -68,3 +70,28 @@ func GenerateService(component string, ports map[string]ServicePort, assignClust
}}, nil
}
}

func StorageConfiguration(ctx *RenderContext) (*storageconfig.StorageConfig, error) {
accessKey, found := ctx.Values[ValueStorageAccessKey]
if !found {
return nil, fmt.Errorf("unknown value: %s", ValueStorageAccessKey)
}
secretKey, found := ctx.Values[ValueStorageSecretKey]
if !found {
return nil, fmt.Errorf("unknown value: %s", ValueStorageSecretKey)
}

// todo(sje): support non-Minio storage configuration
// todo(sje): this has been set up with only the default values - receive configuration
return &storageconfig.StorageConfig{
Kind: "minio",
BlobQuota: 0,
MinIOConfig: storageconfig.MinIOConfig{
Endpoint: fmt.Sprintf("minio.%s", ctx.Config.Domain),
AccessKeyID: accessKey,
SecretAccessKey: secretKey,
Secure: false,
Region: "local",
},
}, nil
}
66 changes: 41 additions & 25 deletions installer/pkg/components/blobserve/deployment.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ package blobserve

import (
"github.com/gitpod-io/gitpod/installer/pkg/common"

dockerregistry "github.com/gitpod-io/gitpod/installer/pkg/components/docker-registry"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
Expand All @@ -18,6 +18,44 @@ import (
func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
labels := common.DefaultLabels(Component)

volumes := []corev1.Volume{{
Name: "cache",
VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
}, {
Name: "config",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{Name: Component},
},
},
}}

volumeMounts := []corev1.VolumeMount{
{
Name: "config",
MountPath: "/mnt/config",
ReadOnly: true,
}, {
Name: "cache",
MountPath: "/mnt/cache",
},
}

if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {
volumeName := "pull-secret"
volumes = append(volumes, corev1.Volume{
Name: volumeName,
VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
SecretName: dockerregistry.BuiltInRegistryAuth,
}},
})
volumeMounts = append(volumeMounts, corev1.VolumeMount{
Name: volumeName,
MountPath: "/mnt/pull-secret.json",
SubPath: ".dockerconfigjson",
})
}

return []runtime.Object{
&appsv1.Deployment{
TypeMeta: common.TypeMetaDeployment,
Expand All @@ -41,22 +79,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
Affinity: &corev1.Affinity{},
ServiceAccountName: Component,
EnableServiceLinks: pointer.Bool(false),
Volumes: []corev1.Volume{{
Name: "cache",
VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},
}, {
Name: "config",
VolumeSource: corev1.VolumeSource{
ConfigMap: &corev1.ConfigMapVolumeSource{
LocalObjectReference: corev1.LocalObjectReference{Name: Component},
},
},
}, {
Name: "pull-secret",
VolumeSource: corev1.VolumeSource{Secret: &corev1.SecretVolumeSource{
SecretName: "",
}},
}},
Volumes: volumes,
Containers: []corev1.Container{{
Name: Component,
Args: []string{"run", "-v", "/mnt/config/config.json"},
Expand All @@ -80,14 +103,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
common.DefaultEnv(&ctx.Config),
common.TracingEnv(&ctx.Config),
),
VolumeMounts: []corev1.VolumeMount{{
Name: "config",
MountPath: "/mnt/config",
ReadOnly: true,
}, {
Name: "cache",
MountPath: "/mnt/cache",
}},
VolumeMounts: volumeMounts,
}, *common.KubeRBACProxyContainer()},
},
},
Expand Down
6 changes: 3 additions & 3 deletions installer/pkg/components/docker-registry/secret.go
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ import (
"encoding/base64"
"encoding/json"
"fmt"
v1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
certmanagerv1 "github.com/jetstack/cert-manager/pkg/apis/certmanager/v1"
cmmeta "github.com/jetstack/cert-manager/pkg/apis/meta/v1"
"time"

Expand Down Expand Up @@ -64,14 +64,14 @@ func secret(ctx *common.RenderContext) ([]runtime.Object, error) {
"user": []byte(user),
"password": []byte(password),
},
}, &v1.Certificate{
}, &certmanagerv1.Certificate{
TypeMeta: common.TypeMetaCertificate,
ObjectMeta: metav1.ObjectMeta{
Name: BuiltInRegistryCerts,
Namespace: ctx.Namespace,
Labels: common.DefaultLabels(Component),
},
Spec: v1.CertificateSpec{
Spec: certmanagerv1.CertificateSpec{
Duration: oneYear,
SecretName: BuiltInRegistryCerts,
IssuerRef: cmmeta.ObjectReference{
Expand Down
5 changes: 2 additions & 3 deletions installer/pkg/components/registry-facade/configmap.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,12 +40,11 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
TLS: &tls,
Store: "/mnt/cache/registry",
RequireAuth: false,
// todo(sje): figure out these values
StaticLayer: []regfac.StaticLayerCfg{{
Ref: common.ImageName(ctx.Config.Repository, Component, "todo"),
Ref: common.ImageName(ctx.Config.Repository, SupervisorImage, ctx.VersionManifest.Components.Workspace.Supervisor.Version),
Type: "image",
}, {
Ref: common.ImageName(ctx.Config.Repository, Component, "todo"),
Ref: common.ImageName(ctx.Config.Repository, DockerUpImage, ctx.VersionManifest.Components.Workspace.DockerUp.Version),
Type: "image",
}},
},
Expand Down
11 changes: 9 additions & 2 deletions installer/pkg/components/registry-facade/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,16 @@

package registryfacade

import (
"github.com/gitpod-io/gitpod/installer/pkg/common"
"github.com/gitpod-io/gitpod/installer/pkg/components/workspace"
)

const (
Component = "registry-facade"
Component = common.RegistryFacadeComponent
ContainerPortName = "registry"
ContainerPort = 32223
ServicePort = 3000
ServicePort = common.RegistryFacadeServicePort
DockerUpImage = workspace.DockerUpImage
SupervisorImage = workspace.SupervisorImage
)
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
package registryfacade

import (
"fmt"
"github.com/gitpod-io/gitpod/installer/pkg/common"

"k8s.io/api/policy/v1beta1"
Expand All @@ -16,7 +17,7 @@ func podsecuritypolicy(ctx *common.RenderContext) ([]runtime.Object, error) {
return []runtime.Object{&v1beta1.PodSecurityPolicy{
TypeMeta: common.TypeMetaPodSecurityPolicy,
ObjectMeta: metav1.ObjectMeta{
Name: Component,
Name: fmt.Sprintf("%s-ns-%s", ctx.Namespace, Component),
Namespace: ctx.Namespace,
Labels: common.DefaultLabels(Component),
Annotations: map[string]string{
Expand Down
4 changes: 4 additions & 0 deletions installer/pkg/components/workspace/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,11 @@
package workspace

const (
ContainerPort = 23000
DefaultWorkspaceImage = "gitpod/workspace-full"
DefaultWorkspaceImageVersion = "latest"
IDEImageRepo = "ide/code" // todo(sje): does this need to be config driven?
DockerUpImage = "docker-up"
SupervisorImage = "supervisor"
SupervisorPort = 22999
)
2 changes: 1 addition & 1 deletion installer/pkg/components/ws-daemon/clusterrole.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ func clusterrole(ctx *common.RenderContext) ([]runtime.Object, error) {
&rbacv1.ClusterRole{
TypeMeta: common.TypeMetaClusterRole,
ObjectMeta: metav1.ObjectMeta{
Name: Component,
Name: fmt.Sprintf("%s-ns-%s", ctx.Namespace, Component),
Namespace: ctx.Namespace,
Labels: labels,
},
Expand Down
41 changes: 28 additions & 13 deletions installer/pkg/components/ws-daemon/configmap.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,11 +27,6 @@ import (
"k8s.io/apimachinery/pkg/runtime"
)

const (
locContainerWorkingArea = "/mnt/workingarea"
locNodeWorkingArea = "/mnt/disks/ssd0/workspaces"
)

func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
var fsshift wsdapi.FSShiftMethod
switch ctx.Config.Workspace.Runtime.FSShiftMethod {
Expand All @@ -46,26 +41,38 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
wsdcfg := wsdconfig.Config{
Daemon: daemon.Config{
Runtime: daemon.RuntimeConfig{
KubernetesNamespace: ctx.Namespace,
Container: &container.Config{
Runtime: container.RuntimeContainerd,
Mapping: map[string]string{
ctx.Config.Workspace.Runtime.ContainerDRuntimeDir: "/mnt/node0",
},
Mounts: container.NodeMountsLookupConfig{
ProcLoc: "/mnt/rootfs/proc",
ProcLoc: "/mnt/mounts",
},
Containerd: &container.ContainerdConfig{
SocketPath: "/mnt/rootfs/run/containerd/containerd.sock",
SocketPath: "/mnt/containerd.sock",
},
},
},
Content: content.Config{
WorkingArea: locContainerWorkingArea,
WorkingAreaNode: locNodeWorkingArea,
WorkingArea: "/mnt/workingarea",
WorkingAreaNode: HostWorkspacePath,
TmpDir: "/tmp",
UserNamespaces: content.UserNamespacesConfig{
FSShift: content.FSShiftMethod(fsshift),
},
Storage: common.StorageConfig(&ctx.Config),
Backup: content.BackupConfig{
Timeout: util.Duration(time.Minute * 5),
Attempts: 3,
},
Initializer: content.InitializerConfig{
Command: "/app/content-initializer",
},
},
Uidmapper: iws.UidmapperConfig{
ProcLocation: "/mnt/rootfs/proc",
ProcLocation: "/proc",
RootRange: iws.UIDRange{
Start: 33333,
Size: 1,
Expand All @@ -84,7 +91,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
},
ControlPeriod: "15m",
SamplingPeriod: "10s",
CGroupsBasePath: "/mnt/rootfs/sys/fs/cgroup",
CGroupsBasePath: "/mnt/node-cgroups",
ProcessPriorities: map[resources.ProcessType]int{
resources.ProcessSupervisor: 0,
resources.ProcessTheia: 5,
Expand All @@ -94,7 +101,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
},
Hosts: hosts.Config{
Enabled: true,
NodeHostsFile: "/mnt/rootfs/etc/hosts",
NodeHostsFile: "/mnt/hosts",
FixedHosts: map[string][]hosts.Host{
"registryFacade": {{
Name: fmt.Sprintf("reg.%s", ctx.Config.Domain),
Expand All @@ -110,11 +117,19 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
Enabled: true,
Interval: util.Duration(5 * time.Minute),
Locations: []diskguard.LocationConfig{{
Path: locContainerWorkingArea,
Path: "/mnt/wsdaemon-workingarea",
MinBytesAvail: 21474836480,
}},
},
},
Service: wsdconfig.AddrTLS{
Addr: fmt.Sprintf(":%d", ServicePort),
TLS: &wsdconfig.TLS{
Authority: "/certs/ca.crt",
Certificate: "/certs/tls.crt",
PrivateKey: "/certs/tls.key",
},
},
Prometheus: wsdconfig.Addr{
Addr: "localhost:9500",
},
Expand Down
9 changes: 5 additions & 4 deletions installer/pkg/components/ws-daemon/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@
package wsdaemon

const (
Component = "ws-daemon"
ServicePort = 8080
TLSSecretName = "ws-daemon-tls"
VolumeTLSCerts = "ws-daemon-tls-certs"
Component = "ws-daemon"
ServicePort = 8080
HostWorkspacePath = "/var/gitpod/workspaces"
TLSSecretName = "ws-daemon-tls"
VolumeTLSCerts = "ws-daemon-tls-certs"
)
Loading

0 comments on commit 46ee3c1

Please sign in to comment.