diff --git a/install/installer/cmd/testdata/render/aws-setup/config.yaml b/install/installer/cmd/testdata/render/aws-setup/config.yaml index 4fac8b5ae1c357..77b5c20cada823 100644 --- a/install/installer/cmd/testdata/render/aws-setup/config.yaml +++ b/install/installer/cmd/testdata/render/aws-setup/config.yaml @@ -28,3 +28,6 @@ objectStorage: credentials: kind: secret name: aws-storage +experimental: + workspace: + enableProtectedSecrets: true diff --git a/install/installer/cmd/testdata/render/aws-setup/output.golden b/install/installer/cmd/testdata/render/aws-setup/output.golden index 1116632a2b78d9..7861e6edfae530 100644 --- a/install/installer/cmd/testdata/render/aws-setup/output.golden +++ b/install/installer/cmd/testdata/render/aws-setup/output.golden @@ -4374,7 +4374,9 @@ data: "workspaceDefaults": { "workspaceImage": "docker.io/gitpod/workspace-full:latest", "previewFeatureFlags": [], - "defaultFeatureFlags": [] + "defaultFeatureFlags": [ + "protected_secrets" + ] }, "session": { "maxAgeMs": 259200000, @@ -4705,8 +4707,8 @@ data: "procLimit": 0, "netlimit": { "enabled": false, - "connectionsPerMinute": 3000, - "bucketSize": 1000 + "connectionsPerMinute": 0, + "bucketSize": 0 }, "hosts": { "enabled": true, @@ -4845,7 +4847,7 @@ data: "crt": "/certs/tls.crt", "key": "/certs/tls.key" }, - "ratelimits": {} + "ratelimits": null }, "imageBuilderProxy": { "targetAddr": "image-builder-mk3.default.svc.cluster.local:8080" @@ -6865,7 +6867,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: de8ed99a057f28c772db0287eeb93b12fe89401a2645f94d0b533eb0e5640654 + gitpod.io/checksum_config: f38befd979ab4d484385150901fe7df508bcc20d2c9a0585524f8f1e18862ec6 seccomp.security.alpha.kubernetes.io/shiftfs-module-loader: unconfined creationTimestamp: null labels: @@ -8561,7 +8563,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: a4f9aa176dfae6d6939ca2759001c02d37194e89dd8c512a75e7bba7c8eb8912 + gitpod.io/checksum_config: a745ecf007657309c326826c2afb6f0782aa50415678f1c73d45307f02acfa54 creationTimestamp: null labels: app: gitpod @@ -8836,7 +8838,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: 9deca0bd07f53f6e07181614a88b15750abe54c04a0a815e9f936dfcadf97f91 + gitpod.io/checksum_config: 1ff736751190a18723cf1f9270daf16de64196d835039a5d9335d8deb84eb107 creationTimestamp: null labels: app: gitpod diff --git a/install/installer/cmd/testdata/render/azure-setup/config.yaml b/install/installer/cmd/testdata/render/azure-setup/config.yaml index 69a4e7a238f176..be18675f965528 100644 --- a/install/installer/cmd/testdata/render/azure-setup/config.yaml +++ b/install/installer/cmd/testdata/render/azure-setup/config.yaml @@ -24,3 +24,6 @@ objectStorage: credentials: kind: secret name: azure-storage +experimental: + workspace: + enableProtectedSecrets: true diff --git a/install/installer/cmd/testdata/render/azure-setup/output.golden b/install/installer/cmd/testdata/render/azure-setup/output.golden index 7930f002b8b999..7ccac4cc347321 100644 --- a/install/installer/cmd/testdata/render/azure-setup/output.golden +++ b/install/installer/cmd/testdata/render/azure-setup/output.golden @@ -4237,7 +4237,9 @@ data: "workspaceDefaults": { "workspaceImage": "docker.io/gitpod/workspace-full:latest", "previewFeatureFlags": [], - "defaultFeatureFlags": [] + "defaultFeatureFlags": [ + "protected_secrets" + ] }, "session": { "maxAgeMs": 259200000, @@ -4566,8 +4568,8 @@ data: "procLimit": 0, "netlimit": { "enabled": false, - "connectionsPerMinute": 3000, - "bucketSize": 1000 + "connectionsPerMinute": 0, + "bucketSize": 0 }, "hosts": { "enabled": true, @@ -4704,7 +4706,7 @@ data: "crt": "/certs/tls.crt", "key": "/certs/tls.key" }, - "ratelimits": {} + "ratelimits": null }, "imageBuilderProxy": { "targetAddr": "image-builder-mk3.default.svc.cluster.local:8080" @@ -6710,7 +6712,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: f39e45d788bb170ba728cfc3c69c5ca00a2b88a73a2d7288bcc1caee8e638405 + gitpod.io/checksum_config: 4d6d50316ad65fccd200390e1ed50f932a49b4e31aba520c151e700f351b546d seccomp.security.alpha.kubernetes.io/shiftfs-module-loader: unconfined creationTimestamp: null labels: @@ -8412,7 +8414,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: a4f9aa176dfae6d6939ca2759001c02d37194e89dd8c512a75e7bba7c8eb8912 + gitpod.io/checksum_config: a745ecf007657309c326826c2afb6f0782aa50415678f1c73d45307f02acfa54 creationTimestamp: null labels: app: gitpod @@ -8687,7 +8689,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: 4ac62854eccd472efc91ccb1041633960da4448fe1534555abb4ac94fe22861d + gitpod.io/checksum_config: 734853520982e32ae5a95da4635fd8e1cb049a0d2f8bb09e0aaa40f4fdb321db creationTimestamp: null labels: app: gitpod diff --git a/install/installer/cmd/testdata/render/gcp-setup/config.yaml b/install/installer/cmd/testdata/render/gcp-setup/config.yaml index d922a75362fea3..b3571991334d42 100644 --- a/install/installer/cmd/testdata/render/gcp-setup/config.yaml +++ b/install/installer/cmd/testdata/render/gcp-setup/config.yaml @@ -26,3 +26,6 @@ objectStorage: serviceAccount: kind: secret name: gcp-storage +experimental: + workspace: + enableProtectedSecrets: true diff --git a/install/installer/cmd/testdata/render/gcp-setup/output.golden b/install/installer/cmd/testdata/render/gcp-setup/output.golden index caf9f8aab066bc..963802e0c019e1 100644 --- a/install/installer/cmd/testdata/render/gcp-setup/output.golden +++ b/install/installer/cmd/testdata/render/gcp-setup/output.golden @@ -4198,7 +4198,9 @@ data: "workspaceDefaults": { "workspaceImage": "docker.io/gitpod/workspace-full:latest", "previewFeatureFlags": [], - "defaultFeatureFlags": [] + "defaultFeatureFlags": [ + "protected_secrets" + ] }, "session": { "maxAgeMs": 259200000, @@ -4526,8 +4528,8 @@ data: "procLimit": 0, "netlimit": { "enabled": false, - "connectionsPerMinute": 3000, - "bucketSize": 1000 + "connectionsPerMinute": 0, + "bucketSize": 0 }, "hosts": { "enabled": true, @@ -4663,7 +4665,7 @@ data: "crt": "/certs/tls.crt", "key": "/certs/tls.key" }, - "ratelimits": {} + "ratelimits": null }, "imageBuilderProxy": { "targetAddr": "image-builder-mk3.default.svc.cluster.local:8080" @@ -6684,7 +6686,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: f985a365ca2934d925e1510c4398f0cf27ba9a85413f34a1f119317ad098f028 + gitpod.io/checksum_config: 64f1a4838a91ead47c99f03de97bda648bc25e041d8a8130cdbaba4fef980bff seccomp.security.alpha.kubernetes.io/shiftfs-module-loader: unconfined creationTimestamp: null labels: @@ -8341,7 +8343,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: 73fa19472813179dc8c919dc7f879256916481ff520144b6362fefaa7d5e2f15 + gitpod.io/checksum_config: 6992584742d8c0130c85e9635aefdcfbb7d252a4e968a7a38f7d296f8600acc5 creationTimestamp: null labels: app: gitpod @@ -8604,7 +8606,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: ff12fcd029119d3d0900803abce70dd9a95d746776f14796a5bac3baf03ca8f6 + gitpod.io/checksum_config: 01cc48cbadb4ba7866a896b48d74eeb0f52cb1e74cd93c4ffa48820af27cdbe4 creationTimestamp: null labels: app: gitpod diff --git a/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden b/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden index 439135f7e0ab43..47836dbe748bc3 100644 --- a/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden +++ b/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden @@ -4977,7 +4977,9 @@ data: "workspaceDefaults": { "workspaceImage": "docker.io/gitpod/workspace-full:latest", "previewFeatureFlags": [], - "defaultFeatureFlags": [] + "defaultFeatureFlags": [ + "protected_secrets" + ] }, "session": { "maxAgeMs": 259200000, @@ -9657,7 +9659,7 @@ spec: template: metadata: annotations: - gitpod.io/checksum_config: adc398b5039ad75f724b2585a5da8a95110b918a32c0b854630fc3fa03a91722 + gitpod.io/checksum_config: a4e77dfdb4f0f6103762722c99d4ba4eaf570a7c3d9fbc3e292a2d48cb17ad24 creationTimestamp: null labels: app: gitpod diff --git a/install/installer/pkg/components/server/configmap.go b/install/installer/pkg/components/server/configmap.go index c80b164495119c..f14b684b0c192a 100644 --- a/install/installer/pkg/components/server/configmap.go +++ b/install/installer/pkg/components/server/configmap.go @@ -165,7 +165,9 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { defaultFeatureFlags := []NamedWorkspaceFeatureFlag{} _ = ctx.WithExperimental(func(cfg *experimental.Config) error { - if cfg.Workspace != nil && cfg.Workspace.EnableProtectedSecrets { + if cfg == nil || cfg.Workspace == nil { + defaultFeatureFlags = append(defaultFeatureFlags, NamedWorkspaceFeatureProtectedSecrets) + } else if cfg.Workspace != nil && cfg.Workspace.EnableProtectedSecrets { defaultFeatureFlags = append(defaultFeatureFlags, NamedWorkspaceFeatureProtectedSecrets) } return nil