Refactor helm chart

chart/templates/ws-proxy-configmap.yaml

@@ -17,20 +17,12 @@ metadata:
 data:
   config.json: |-
     {
+        "namespace": {{ .Release.Namespace | quote }},
         "ingress": {
             "httpAddress": ":{{- $comp.ports.httpProxy.containerPort -}}",
             "httpsAddress": ":{{- $comp.ports.httpsProxy.containerPort -}}",
             "header": "{{- $comp.hostHeader -}}"
         },
-        "workspaceInfoProviderConfig": {
-            "wsManagerAddr": "ws-manager:8080",
-            "reconnectInterval": "3s",
-            "tls": {
-                "ca": "/ws-manager-client-tls-certs/ca.crt",
-                "crt": "/ws-manager-client-tls-certs/tls.crt",
-                "key": "/ws-manager-client-tls-certs/tls.key"
-            }
-        },
         "proxy": {
             "https": {
                 "crt": "/mnt/certificates/tls.crt",
@@ -53,8 +45,6 @@ data:
                 "workspaceHostSuffixRegex": {{ ($comp.workspaceHostSuffixRegex | default (printf "%s%s" "\\.ws[^\\.]*\\." ($.Values.hostname | replace "." "\\."))) | quote }}
             },
             "workspacePodConfig": {
-                "serviceTemplate": "http://ws-{{"{{ .workspaceID }}"}}-theia.{{- .Release.Namespace -}}.svc.cluster.local:{{"{{ .port }}"}}",
-                "portServiceTemplate": "http://ws-{{"{{ .workspaceID }}"}}-ports.{{- .Release.Namespace -}}.svc.cluster.local:{{"{{ .port }}"}}",
                 "theiaPort": {{ .Values.components.workspace.ports.http.containerPort }},
                 "supervisorPort": {{ .Values.components.workspace.ports.http.supervisorPort }},
                 "supervisorImage": "{{ template "gitpod.comp.imageFull" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.supervisor) }}"

chart/templates/ws-proxy-deployment.yaml

@@ -66,7 +66,7 @@ spec:
           periodSeconds: 5
           failureThreshold: 10
           httpGet:
-            path: /
+            path: /readyz
             port: 60088
         livenessProbe:
           initialDelaySeconds: 2
@@ -75,15 +75,12 @@ spec:
           successThreshold: 1
           timeoutSeconds: 2
           httpGet:
-            path: /
+            path: /healthz
             port: 60088
         volumeMounts:
         - name: config
           mountPath: "/config"
           readOnly: true
-        - mountPath: /ws-manager-client-tls-certs
-          name: ws-manager-client-tls-certs
-          readOnly: true
 {{- if $.Values.certificatesSecret.secretName }}
         - name: config-certificates
           mountPath: "/mnt/certificates"
@@ -93,4 +90,4 @@ spec:
 {{ include "gitpod.container.defaultEnv" $this | indent 8 }}
 {{ include "gitpod.container.tracingEnv" $this | indent 8 }}
 {{ toYaml .Values.defaults | indent 6 }}
-{{ end }}
+{{ end }}

chart/templates/ws-proxy-role.yaml

@@ -0,0 +1,21 @@
+# Copyright (c) 2020 Gitpod GmbH. All rights reserved.
+# Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: {{ template "gitpod.fullname" . }}
+    component: ws-proxy
+    kind: role
+    stage: {{ .Values.installation.stage }}
+  name: ws-proxy
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch

chart/templates/ws-proxy-rolebinding.yaml

@@ -20,4 +20,23 @@ roleRef:
   kind: ClusterRole
   name: {{ .Release.Namespace }}-ns-psp:unprivileged
   apiGroup: rbac.authorization.k8s.io
-{{ end }}
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ws-proxy-api
+  labels:
+    app: {{ template "gitpod.fullname" . }}
+    component: ws-proxy
+    kind: role-binding
+    stage: {{ .Values.installation.stage }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ws-proxy
+subjects:
+- kind: ServiceAccount
+  name: ws-proxy
+
+{{ end }}