From 5454cac39091cc72c1c516685fe9f898365410c1 Mon Sep 17 00:00:00 2001 From: Manuel Alejandro de Brito Fontes Date: Wed, 3 Nov 2021 13:50:29 -0300 Subject: [PATCH] Refactor helm chart --- chart/templates/ws-proxy-configmap.yaml | 12 +----------- chart/templates/ws-proxy-deployment.yaml | 9 +++------ chart/templates/ws-proxy-role.yaml | 21 +++++++++++++++++++++ chart/templates/ws-proxy-rolebinding.yaml | 21 ++++++++++++++++++++- 4 files changed, 45 insertions(+), 18 deletions(-) create mode 100644 chart/templates/ws-proxy-role.yaml diff --git a/chart/templates/ws-proxy-configmap.yaml b/chart/templates/ws-proxy-configmap.yaml index 52190bbf3a2566..35ff0a428bfba6 100644 --- a/chart/templates/ws-proxy-configmap.yaml +++ b/chart/templates/ws-proxy-configmap.yaml @@ -17,20 +17,12 @@ metadata: data: config.json: |- { + "namespace": {{ .Release.Namespace | quote }}, "ingress": { "httpAddress": ":{{- $comp.ports.httpProxy.containerPort -}}", "httpsAddress": ":{{- $comp.ports.httpsProxy.containerPort -}}", "header": "{{- $comp.hostHeader -}}" }, - "workspaceInfoProviderConfig": { - "wsManagerAddr": "ws-manager:8080", - "reconnectInterval": "3s", - "tls": { - "ca": "/ws-manager-client-tls-certs/ca.crt", - "crt": "/ws-manager-client-tls-certs/tls.crt", - "key": "/ws-manager-client-tls-certs/tls.key" - } - }, "proxy": { "https": { "crt": "/mnt/certificates/tls.crt", @@ -53,8 +45,6 @@ data: "workspaceHostSuffixRegex": {{ ($comp.workspaceHostSuffixRegex | default (printf "%s%s" "\\.ws[^\\.]*\\." ($.Values.hostname | replace "." "\\."))) | quote }} }, "workspacePodConfig": { - "serviceTemplate": "http://ws-{{"{{ .workspaceID }}"}}-theia.{{- .Release.Namespace -}}.svc.cluster.local:{{"{{ .port }}"}}", - "portServiceTemplate": "http://ws-{{"{{ .workspaceID }}"}}-ports.{{- .Release.Namespace -}}.svc.cluster.local:{{"{{ .port }}"}}", "theiaPort": {{ .Values.components.workspace.ports.http.containerPort }}, "supervisorPort": {{ .Values.components.workspace.ports.http.supervisorPort }}, "supervisorImage": "{{ template "gitpod.comp.imageFull" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.supervisor) }}" diff --git a/chart/templates/ws-proxy-deployment.yaml b/chart/templates/ws-proxy-deployment.yaml index 84af708f101851..19cf816b83fd91 100644 --- a/chart/templates/ws-proxy-deployment.yaml +++ b/chart/templates/ws-proxy-deployment.yaml @@ -66,7 +66,7 @@ spec: periodSeconds: 5 failureThreshold: 10 httpGet: - path: / + path: /readyz port: 60088 livenessProbe: initialDelaySeconds: 2 @@ -75,15 +75,12 @@ spec: successThreshold: 1 timeoutSeconds: 2 httpGet: - path: / + path: /healthz port: 60088 volumeMounts: - name: config mountPath: "/config" readOnly: true - - mountPath: /ws-manager-client-tls-certs - name: ws-manager-client-tls-certs - readOnly: true {{- if $.Values.certificatesSecret.secretName }} - name: config-certificates mountPath: "/mnt/certificates" @@ -93,4 +90,4 @@ spec: {{ include "gitpod.container.defaultEnv" $this | indent 8 }} {{ include "gitpod.container.tracingEnv" $this | indent 8 }} {{ toYaml .Values.defaults | indent 6 }} -{{ end }} \ No newline at end of file +{{ end }} diff --git a/chart/templates/ws-proxy-role.yaml b/chart/templates/ws-proxy-role.yaml new file mode 100644 index 00000000000000..b60c21d6b2ea55 --- /dev/null +++ b/chart/templates/ws-proxy-role.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2020 Gitpod GmbH. All rights reserved. +# Licensed under the MIT License. See License-MIT.txt in the project root for license information. + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: {{ template "gitpod.fullname" . }} + component: ws-proxy + kind: role + stage: {{ .Values.installation.stage }} + name: ws-proxy +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch diff --git a/chart/templates/ws-proxy-rolebinding.yaml b/chart/templates/ws-proxy-rolebinding.yaml index 9bcf3bedc8362d..94fefbdb18b320 100644 --- a/chart/templates/ws-proxy-rolebinding.yaml +++ b/chart/templates/ws-proxy-rolebinding.yaml @@ -20,4 +20,23 @@ roleRef: kind: ClusterRole name: {{ .Release.Namespace }}-ns-psp:unprivileged apiGroup: rbac.authorization.k8s.io -{{ end }} \ No newline at end of file +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ws-proxy-api + labels: + app: {{ template "gitpod.fullname" . }} + component: ws-proxy + kind: role-binding + stage: {{ .Values.installation.stage }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ws-proxy +subjects: +- kind: ServiceAccount + name: ws-proxy + +{{ end }}