diff --git a/components/openvsx-proxy/BUILD.yaml b/components/openvsx-proxy/BUILD.yaml index 0f940baf60898a..342f5c1b03f331 100644 --- a/components/openvsx-proxy/BUILD.yaml +++ b/components/openvsx-proxy/BUILD.yaml @@ -16,6 +16,20 @@ packages: - GOOS=linux config: packaging: app + - name: lib + type: go + deps: + - components/common-go:lib + srcs: + - "**/*.go" + - "go.mod" + - "go.sum" + env: + - CGO_ENABLED=0 + - GOOS=linux + config: + packaging: library + dontTest: false - name: docker type: docker deps: diff --git a/installer/BUILD.yaml b/installer/BUILD.yaml index 5db71d741a7d77..fb4538abbe33f7 100644 --- a/installer/BUILD.yaml +++ b/installer/BUILD.yaml @@ -27,6 +27,7 @@ packages: - components/registry-facade:lib - components/ws-daemon-api/go:lib - components/ws-proxy:lib + - components/openvsx-proxy:lib env: - CGO_ENABLED=0 config: diff --git a/installer/go.mod b/installer/go.mod index 26917d8d317940..6514fa0062a954 100644 --- a/installer/go.mod +++ b/installer/go.mod @@ -10,6 +10,7 @@ require ( github.com/gitpod-io/gitpod/common-go v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/content-service/api v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/image-builder/api v0.0.0-00010101000000-000000000000 + github.com/gitpod-io/gitpod/openvsx-proxy v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/registry-facade/api v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/ws-daemon v0.0.0-00010101000000-000000000000 github.com/gitpod-io/gitpod/ws-daemon/api v0.0.0-00010101000000-000000000000 @@ -53,9 +54,11 @@ require ( github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/StackExchange/wmi v0.0.0-20210224194228-fe8f1750fd46 // indirect + github.com/allegro/bigcache v1.2.1 // indirect github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bits-and-blooms/bitset v1.2.0 // indirect + github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b // indirect github.com/cenkalti/backoff v2.2.1+incompatible // indirect github.com/cespare/xxhash/v2 v2.1.1 // indirect github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5 // indirect @@ -76,6 +79,7 @@ require ( github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/dustin/go-humanize v1.0.0 // indirect + github.com/eko/gocache v1.1.1 // indirect github.com/evanphx/json-patch v4.11.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect @@ -96,6 +100,7 @@ require ( github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect github.com/go-playground/locales v0.14.0 // indirect github.com/go-playground/universal-translator v0.18.0 // indirect + github.com/go-redis/redis/v7 v7.4.0 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/godbus/dbus/v5 v5.0.4 // indirect github.com/gogo/googleapis v1.4.0 // indirect @@ -105,7 +110,7 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect - github.com/google/uuid v1.2.0 // indirect + github.com/google/uuid v1.3.0 // indirect github.com/googleapis/gax-go/v2 v2.0.5 // indirect github.com/googleapis/gnostic v0.5.5 // indirect github.com/gorilla/handlers v1.5.1 // indirect @@ -216,6 +221,14 @@ require ( replace github.com/gitpod-io/gitpod/image-builder => ../components/image-builder-mk3 // leeway +replace github.com/gitpod-io/gitpod/image-builder/api => ../components/image-builder-api/go // leeway + +replace github.com/gitpod-io/gitpod/openvsx-proxy => ../components/openvsx-proxy // leeway + +replace github.com/gitpod-io/gitpod/ws-scheduler => ../components/ee/ws-scheduler // leeway + +replace github.com/gitpod-io/gitpod/ws-proxy => ../components/ws-proxy // leeway + replace github.com/gitpod-io/gitpod/agent-smith => ../components/ee/agent-smith // leeway replace github.com/gitpod-io/gitpod/blobserve => ../components/blobserve // leeway @@ -228,8 +241,6 @@ replace github.com/gitpod-io/gitpod/content-service/api => ../components/content replace github.com/gitpod-io/gitpod/gitpod-protocol => ../components/gitpod-protocol/go // leeway -replace github.com/gitpod-io/gitpod/image-builder/api => ../components/image-builder-api/go // leeway - replace github.com/gitpod-io/gitpod/registry-facade => ../components/registry-facade // leeway replace github.com/gitpod-io/gitpod/registry-facade/api => ../components/registry-facade-api/go // leeway @@ -240,10 +251,6 @@ replace github.com/gitpod-io/gitpod/ws-daemon/api => ../components/ws-daemon-api replace github.com/gitpod-io/gitpod/ws-manager/api => ../components/ws-manager-api/go // leeway -replace github.com/gitpod-io/gitpod/ws-proxy => ../components/ws-proxy // leeway - -replace github.com/gitpod-io/gitpod/ws-scheduler => ../components/ee/ws-scheduler // leeway - replace k8s.io/api => k8s.io/api v0.22.2 // leeway indirect from components/common-go:lib replace k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.22.2 // leeway indirect from components/common-go:lib diff --git a/installer/go.sum b/installer/go.sum index 086536c8664b1c..5de880a15565b4 100644 --- a/installer/go.sum +++ b/installer/go.sum @@ -73,6 +73,7 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/HdrHistogram/hdrhistogram-go v1.1.0 h1:6dpdDPTRoo78HxAJ6T1HfMiKSnqhgRRqzCuPshRkQ7I= +github.com/HdrHistogram/hdrhistogram-go v1.1.0/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd h1:sjQovDkwrZp8u+gxLtPgKGjk5hCxuy2hrRejBTA9xFU= github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E= @@ -83,6 +84,7 @@ github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3Q github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc= github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= +github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmyxvxX8= github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= @@ -105,6 +107,7 @@ github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg3 github.com/Microsoft/hcsshim v0.8.14/go.mod h1:NtVKoYxQuTLx6gEq0L96c9Ju4JbRJ4nY2ow3VK6a9Lg= github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.16/go.mod h1:o5/SZqmR7x9JNKsW3pu+nqHm0MF8vbA+VxGOoXdC600= +github.com/Microsoft/hcsshim v0.8.17/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.18 h1:cYnKADiM1869gvBpos3YCteeT6sZLB48lB5dmMMs8Tg= github.com/Microsoft/hcsshim v0.8.18/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= @@ -125,13 +128,19 @@ github.com/StackExchange/wmi v0.0.0-20210224194228-fe8f1750fd46/go.mod h1:3eOhrU github.com/Venafi/vcert/v4 v4.13.1/go.mod h1:Z3sJFoAurFNXPpoSUSHq46aIeHLiGQEMDhprfxlpofQ= github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g= github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c= +github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.1.0/go.mod h1:kX6YddBkXqqywAe8c9LyvgTCyFuZCTMF4cRPQhc3Fy8= +github.com/alecthomas/jsonschema v0.0.0-20190504002508-159cbd5dba26/go.mod h1:qpebaTNSsyUn5rPSJMsfqEtDw71TTggXM6stUDI16HA= +github.com/alecthomas/jsonschema v0.0.0-20210413112511-5c9c23bdc720/go.mod h1:/n6+1/DWPltRLWL/VKyUxg6tzsl5kHUCcraimt4vr60= +github.com/alecthomas/repr v0.0.0-20200325044227-4184120f674c/go.mod h1:xTS7Pm1pD1mvyM075QCDSRqH6qRLXylzS24ZTpRiSzQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= +github.com/allegro/bigcache v1.2.1 h1:hg1sY1raCwic3Vnsvje6TT7/pnZba83LeFck5NrFKSc= +github.com/allegro/bigcache v1.2.1/go.mod h1:Cb/ax3seSYIx7SuZdm2G2xzfwmv3TPSk2ucNfQESPXM= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= @@ -144,6 +153,7 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/ashwanthkumar/slack-go-webhook v0.0.0-20200209025033-430dd4e66960/go.mod h1:97O1qkjJBHSSaWJxsTShRIeFy0HWiygk+jnugO9aX3I= github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= @@ -165,6 +175,8 @@ github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqO github.com/blang/semver v3.1.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= +github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b h1:L/QXpzIa3pOvUGt1D1lA5KjYhPBAN/3iWdP7xeFS9F0= +github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= github.com/bshuster-repo/logrus-logstash-hook v1.0.0 h1:e+C0SB5R1pu//O4MQ3f9cFuPGoOVeF2fE4Og9otCc70= github.com/bshuster-repo/logrus-logstash-hook v1.0.0/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk= @@ -181,6 +193,7 @@ github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QH github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/certifi/gocertifi v0.0.0-20191021191039-0944d244cd40/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= github.com/certifi/gocertifi v0.0.0-20200922220541-2c3bb06c6054/go.mod h1:sGbDF6GwGcLpkNXPUTkMRoywsNa/ol15pxFe6ERfguA= +github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -298,6 +311,8 @@ github.com/containernetworking/plugins v0.9.1/go.mod h1:xP/idU2ldlzN6m4p5LmGiwRD github.com/containers/ocicrypt v1.0.1/go.mod h1:MeJDzk1RJHv89LjsH0Sp5KTY3ZYkjXO/C+bKAeWFIrc= github.com/containers/ocicrypt v1.1.0/go.mod h1:b8AOe0YR67uU8OqfVNcznfFpAzu3rdgUV4GP9qXPfu4= github.com/containers/ocicrypt v1.1.1/go.mod h1:Dm55fwWm1YZAjYRaJ94z2mfZikIyIN4B0oB3dj3jFxY= +github.com/coocood/freecache v1.1.1 h1:uukNF7QKCZEdZ9gAV7WQzvh0SbjwdMF6m3x3rxEkaPc= +github.com/coocood/freecache v1.1.1/go.mod h1:OKrEjkGVoxZhyWAJoeFi5BMLUJm2Tit0kpGkIr7NGYY= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -308,6 +323,7 @@ github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3Ee github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20161114122254-48702e0da86b/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= +github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e h1:Wf6HqHfScWJN9/ZjdUKyjop4mf3Qdd+1TvvltAvM3m8= github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/go-systemd/v22 v22.0.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= github.com/coreos/go-systemd/v22 v22.1.0/go.mod h1:xO0FLkIi5MaZafQlIrOotqXZ90ih+1atmu1JpKERPPk= @@ -335,8 +351,11 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE= github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU= github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba/go.mod h1:dV8lFg6daOBZbT6/BDGIz6Y3WFGn8juu6G+CQ6LHtl0= +github.com/dgraph-io/ristretto v0.0.3 h1:jh22xisGBjrEVnRZ1DVTpBVQm0Xndu8sMl0CWDzSIBI= +github.com/dgraph-io/ristretto v0.0.3/go.mod h1:KPxhHT9ZxKefz+PCeOGsrHpl1qZ7i70dGTu2u+Ahh6E= github.com/dgrijalva/jwt-go v0.0.0-20170104182250-a601269ab70c/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= +github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/digitalocean/godo v1.44.0/go.mod h1:p7dOjjtSBqCTUksqtA5Fd3uaKs9kyTq2xcz76ulEJRU= github.com/distribution/distribution/v3 v3.0.0-20210804104954-38ab4c606ee3 h1:rEK0juuU5idazw//KzUcL3yYwUU3DIe2OnfJwjDBqno= @@ -349,6 +368,7 @@ github.com/docker/distribution v2.7.1-0.20190205005809-0d3efadf0154+incompatible github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v20.10.7+incompatible h1:Z6O9Nhsjv+ayUEeI1IojKbYcsGdgYSNqxe1s2MYzUhQ= github.com/docker/docker v20.10.7+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.3/go.mod h1:WRaJzqw3CTB9bk10avuGsjVBZsD05qeibJ1/TYlvc0Y= @@ -374,6 +394,8 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/eko/gocache v1.1.1 h1:hjqBi2Hg068b7IxXMc5JImTH6QvpFDWvlr9YUvt1XFk= +github.com/eko/gocache v1.1.1/go.mod h1:1DSKT8gUScHg1hV8sIm9L16TFeZFpB3Mk7BPM8gJVbM= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc= github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= @@ -406,6 +428,7 @@ github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4 github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/felixge/httpsnoop v1.0.1 h1:lvB5Jl89CsZtGIWuTcDM1E/vkVs49/Ml7JJe07l8SPQ= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c= github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -456,6 +479,7 @@ github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-ozzo/ozzo-validation v3.5.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE= github.com/go-ozzo/ozzo-validation v3.6.0+incompatible/go.mod h1:gsEKFIVnabGBt6mXmxK0MoFy+cZoTJY6mu5Ll3LVLBU= github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A= @@ -466,6 +490,8 @@ github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/j github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= github.com/go-playground/validator/v10 v10.9.0 h1:NgTtmN58D0m8+UuxtYmGztBJB7VnPgjj221I1QHci2A= github.com/go-playground/validator/v10 v10.9.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= +github.com/go-redis/redis/v7 v7.4.0 h1:7obg6wUoj05T0EpY0o8B59S9w5yeMWql7sw2kwNW1x4= +github.com/go-redis/redis/v7 v7.4.0/go.mod h1:JDNMw23GTyLNC4GZu9njt15ctBQVn7xjRfnwdHj/Dcg= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= @@ -473,6 +499,7 @@ github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/me github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= github.com/go-test/deep v1.0.2-0.20181118220953-042da051cf31/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.5 h1:AKODKU3pDH1RzZzm6YZu77YWtEAq6uh1rLIAQlay2qc= +github.com/go-test/deep v1.0.5/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= github.com/gobuffalo/flect v0.2.2/go.mod h1:vmkQwuZYhN5Pc4ljYQZzP+1sq+NEkK+lh20jmEmX3jc= github.com/gobuffalo/logger v1.0.3 h1:YaXOTHNPCvkqqA7w05A4v0k2tCdpr+sgFlgINbQ6gqc= github.com/gobuffalo/logger v1.0.3/go.mod h1:SoeejUwldiS7ZsyCBphOGURmWdwUFXs0J7TCjEhjKxM= @@ -484,6 +511,7 @@ github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= github.com/godbus/dbus v0.0.0-20180201030542-885f9cc04c9c/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= +github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e h1:BWhy2j3IXJhjCbC68FptL43tDKIq8FladmaTs3Xs7Z8= github.com/godbus/dbus v0.0.0-20190422162347-ade71ed3457e/go.mod h1:bBOAhwG1umN6/6ZUMtDFBMQR8jRg9O75tm9K00oMsK4= github.com/godbus/dbus/v5 v5.0.3/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/godbus/dbus/v5 v5.0.4 h1:9349emZab16e7zQvpmsbtjc18ykshndd8y2PG3sgJbA= @@ -502,6 +530,7 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= +github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -519,6 +548,7 @@ github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.0.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -590,8 +620,9 @@ github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3 github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= @@ -613,6 +644,7 @@ github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gosuri/uitable v0.0.4 h1:IG2xLKRvErL3uhY6e1BylFzG+aJiwQviDDTfOKeKTpY= github.com/gosuri/uitable v0.0.4/go.mod h1:tKR86bXuXPZazfOTG1FIzvjIdXzd0mo4Vtn16vt0PJo= @@ -628,6 +660,7 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/h2non/filetype v1.0.8 h1:le8gpf+FQA0/DlDABbtisA1KiTS0Xi+YSC/E8yY3Y14= +github.com/h2non/filetype v1.0.8/go.mod h1:isekKqOuhMj+s/7r3rIeTErIRy4Rub5uBWHfvMusLMU= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= @@ -674,6 +707,7 @@ github.com/huandu/xstrings v1.3.1/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= +github.com/iancoleman/orderedmap v0.0.0-20190318233801-ac98e3ecb4b0/go.mod h1:N0Wam8K1arqPXNWjMo21EXnBPOPp36vB07FNRdD2geA= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= @@ -715,6 +749,7 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= github.com/karrick/godirwalk v1.15.8 h1:7+rWAZPn9zuRxaIqqT8Ohs2Q2Ac0msBqwRdxNCr2VVs= github.com/karrick/godirwalk v1.15.8/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= @@ -937,6 +972,7 @@ github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4= github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM= +github.com/parnurzeal/gorequest v0.2.16/go.mod h1:3Kh2QUMJoqw3icWAecsyzkpY7UzRfDhbRdTjtNwNiUE= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= @@ -1032,6 +1068,7 @@ github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/seccomp/libseccomp-golang v0.9.1/go.mod h1:GbW5+tmTXfcxTToHLXlScSlAvWlF4P2Ca7zGrPiEpWo= +github.com/segmentio/backo-go v0.0.0-20200129164019-23eae7c10bd3/go.mod h1:9/Rh6yILuLysoQnZ2oNooD2g7aBnvM7r/fNVxRNWfBc= github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil v2.20.9+incompatible h1:msXs2frUV+O/JLva9EDLpuJ84PrFsdCTCQex8PUdtkQ= @@ -1057,6 +1094,7 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= +github.com/sourcegraph/jsonrpc2 v0.0.0-20200429184054-15c2290dcb37/go.mod h1:ZafdZgk/axhT1cvZAPOhw+95nz2I/Ra5qMlU4gTRwIo= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= @@ -1095,6 +1133,7 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH github.com/stretchr/testify v0.0.0-20180303142811-b89eecf5ca5d/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.3.1-0.20190311161405-34c6fa2dc709/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= @@ -1125,6 +1164,7 @@ github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852/go.mod h1:tw github.com/vishvananda/netns v0.0.0-20180720170159-13995c7128cc/go.mod h1:ZjcWmFBXmLKZu9Nxj3WKYEafiSqer2rnvPr0en9UNpI= github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae/go.mod h1:DD4vA1DwXk04H54A1oHXtwZmA0grkVMdPxx/VGLCah0= +github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4= github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= @@ -1138,6 +1178,7 @@ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca h1:1CFlNzQhALwjS9mBAUkycX616GzgsuYUOCHA5+HSlXI= github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca/go.mod h1:ce1O1j6UtZfjr22oyGxGLbauSBp2YVXpARAosm7dHBg= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1231,7 +1272,10 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI= golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= @@ -1241,6 +1285,7 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1387,6 +1432,7 @@ golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191002063906-3421d5a6bb1c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191010194322-b09406accb47/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1479,11 +1525,13 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180824175216-6c1c5e93cdc1/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -1553,6 +1601,10 @@ golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1N golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.1.0/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= +gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= +gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= +gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= @@ -1718,6 +1770,7 @@ gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU= gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= +gopkg.in/segmentio/analytics-go.v3 v3.1.0/go.mod h1:4QqqlTlSSpVlWA9/9nDcPw+FkM2yv1NQoYjUbL9/JAw= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.3.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= @@ -1793,11 +1846,13 @@ k8s.io/utils v0.0.0-20210111153108-fddb29f9d009/go.mod h1:jPW/WVKK9YHAvNhRxK0md/ k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e h1:ldQh+neBabomh7+89dTpiFAB8tGdfVmuIzAHbvtl+9I= k8s.io/utils v0.0.0-20210820185131-d34e5cb4466e/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE= oras.land/oras-go v0.4.0 h1:u6+7D+raZDYHwlz/uOwNANiRmyYDSSMW7A9E1xXycUQ= oras.land/oras-go v0.4.0/go.mod h1:VJcU+VE4rkclUbum5C0O7deEZbBYnsnpbGSACwTjOcg= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/letsencrypt v0.0.3 h1:H7xDfhkaFFSYEJlKeq38RwX2jYcnTeHuDQyT+mMNMwM= rsc.io/letsencrypt v0.0.3/go.mod h1:buyQKZ6IXrRnB7TdkHP0RyEybLx18HHyOSoTyoOLqNY= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg= diff --git a/installer/pkg/common/common.go b/installer/pkg/common/common.go index dd7403265ed685..aa64861513c7ac 100644 --- a/installer/pkg/common/common.go +++ b/installer/pkg/common/common.go @@ -61,6 +61,16 @@ func DefaultEnv(cfg *config.Config) []corev1.EnvVar { return []corev1.EnvVar{ {Name: "GITPOD_DOMAIN", Value: cfg.Domain}, + {Name: "GITPOD_INSTALLATION_LONGNAME", Value: cfg.Domain}, // todo(sje): figure out these values + {Name: "GITPOD_INSTALLATION_SHORTNAME", Value: cfg.Domain}, // todo(sje): figure out these values + {Name: "GITPOD_REGION", Value: cfg.Metadata.Region}, + {Name: "HOST_URL", Value: "https://" + cfg.Domain}, + {Name: "KUBE_NAMESPACE", ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + FieldPath: "metadata.namespace", + }, + }}, + {Name: "KUBE_DOMAIN", Value: "svc.cluster.local"}, {Name: "LOG_LEVEL", Value: strings.ToLower(logLevel)}, } } @@ -102,7 +112,7 @@ func AnalyticsEnv(cfg *config.Config) (res []corev1.EnvVar) { }} } -func MessageBusEnv(cfg *config.Config) (res []corev1.EnvVar) { +func MessageBusEnv(_ *config.Config) (res []corev1.EnvVar) { clusterObj := corev1.LocalObjectReference{Name: InClusterMessageQueueName} tlsObj := corev1.LocalObjectReference{Name: InClusterMessageQueueTLS} @@ -173,14 +183,22 @@ func DatabaseEnv(cfg *config.Config) (res []corev1.EnvVar) { LocalObjectReference: obj, Key: "password", }}, + }, { + Name: "DB_USERNAME", + ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: obj, + Key: "username", + }}, }, { // todo(sje): conditional Name: "DB_DELETED_ENTRIES_GC_ENABLED", Value: "false", }, { Name: "DB_ENCRYPTION_KEYS", - // todo(sje): either Value or ValueFrom - Value: "todo", + ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{ + LocalObjectReference: obj, + Key: "encryptionKeys", + }}, //ValueFrom: &corev1.EnvVarSource{SecretKeyRef: &corev1.SecretKeySelector{ // LocalObjectReference: corev1.LocalObjectReference{ // Name: "", @@ -193,7 +211,7 @@ func DatabaseEnv(cfg *config.Config) (res []corev1.EnvVar) { func DatabaseWaiterContainer(ctx *RenderContext) *corev1.Container { return &corev1.Container{ Name: "database-waiter", - Image: ImageName(ctx.Config.Repository, "service-waiter", "latest"), + Image: ImageName(ctx.Config.Repository, "service-waiter", ctx.VersionManifest.Components.ServiceWaiter.Version), Args: []string{ "-v", "database", @@ -211,7 +229,7 @@ func DatabaseWaiterContainer(ctx *RenderContext) *corev1.Container { func MessageBusWaiterContainer(ctx *RenderContext) *corev1.Container { return &corev1.Container{ Name: "msgbus-waiter", - Image: ImageName(ctx.Config.Repository, "service-waiter", "latest"), + Image: ImageName(ctx.Config.Repository, "service-waiter", ctx.VersionManifest.Components.ServiceWaiter.Version), Args: []string{ "-v", "messagebus", @@ -250,10 +268,10 @@ func KubeRBACProxyContainer() *corev1.Container { }, }, Resources: corev1.ResourceRequirements{Requests: corev1.ResourceList{ - corev1.ResourceName("cpu"): resource.MustParse("1m"), - corev1.ResourceName("memory"): resource.MustParse("30Mi"), + corev1.ResourceCPU: resource.MustParse("1m"), + corev1.ResourceMemory: resource.MustParse("30Mi"), }}, - TerminationMessagePolicy: corev1.TerminationMessagePolicy("FallbackToLogsOnError"), + TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError, SecurityContext: &corev1.SecurityContext{ RunAsUser: pointer.Int64(65532), RunAsGroup: pointer.Int64(65532), @@ -398,6 +416,10 @@ var ( APIVersion: "v1", Kind: "namespace", } + TypeMetaStatefulSet = metav1.TypeMeta{ + APIVersion: "apps/v1", + Kind: "StatefulSet", + } TypeMetaConfigmap = metav1.TypeMeta{ APIVersion: "v1", Kind: "ConfigMap", @@ -462,6 +484,10 @@ var ( APIVersion: "v1", Kind: "ResourceQuota", } + TypeMetaBatchJob = metav1.TypeMeta{ + APIVersion: "batch/v1", + Kind: "Job", + } ) type TLS struct { diff --git a/installer/pkg/common/objects.go b/installer/pkg/common/objects.go index 8ef5eaa500a43d..7e1363087f7cf4 100644 --- a/installer/pkg/common/objects.go +++ b/installer/pkg/common/objects.go @@ -60,12 +60,18 @@ func GenerateService(component string, ports map[string]ServicePort, mod ...func m(spec) } + var annotations map[string]string + if componentConfig, found := cfg.Config.Workspace.Components[component]; found { + annotations = componentConfig.ServiceAnnotations + } + return []runtime.Object{&corev1.Service{ TypeMeta: TypeMetaService, ObjectMeta: metav1.ObjectMeta{ - Name: component, - Namespace: cfg.Namespace, - Labels: labels, + Name: component, + Namespace: cfg.Namespace, + Labels: labels, + Annotations: annotations, }, Spec: *spec, }}, nil diff --git a/installer/pkg/common/render.go b/installer/pkg/common/render.go index c536968defbfbd..0c80915f4835b0 100644 --- a/installer/pkg/common/render.go +++ b/installer/pkg/common/render.go @@ -78,8 +78,10 @@ func DependencySortingRenderFunc(f RenderFunc) RenderFunc { } type GeneratedValues struct { - StorageAccessKey string - StorageSecretKey string + StorageAccessKey string + StorageSecretKey string + InternalRegistryUsername string + InternalRegistryPassword string } type RenderContext struct { @@ -104,6 +106,18 @@ func (r *RenderContext) generateValues() error { } r.Values.StorageSecretKey = storageSecretKey + internalRegistryUsername, err := RandomString(20) + if err != nil { + return err + } + r.Values.InternalRegistryUsername = internalRegistryUsername + + internalRegistryPassword, err := RandomString(20) + if err != nil { + return err + } + r.Values.InternalRegistryPassword = internalRegistryPassword + return nil } diff --git a/installer/pkg/components/components.go b/installer/pkg/components/components.go index 667fabada63f57..cbf160e61583f3 100644 --- a/installer/pkg/components/components.go +++ b/installer/pkg/components/components.go @@ -15,12 +15,15 @@ import ( "github.com/gitpod-io/gitpod/installer/pkg/components/gitpod" imagebuildermk3 "github.com/gitpod-io/gitpod/installer/pkg/components/image-builder-mk3" jaegeroperator "github.com/gitpod-io/gitpod/installer/pkg/components/jaeger-operator" + "github.com/gitpod-io/gitpod/installer/pkg/components/migrations" "github.com/gitpod-io/gitpod/installer/pkg/components/minio" "github.com/gitpod-io/gitpod/installer/pkg/components/mysql" + openvsxproxy "github.com/gitpod-io/gitpod/installer/pkg/components/openvsx-proxy" "github.com/gitpod-io/gitpod/installer/pkg/components/proxy" "github.com/gitpod-io/gitpod/installer/pkg/components/rabbitmq" registryfacade "github.com/gitpod-io/gitpod/installer/pkg/components/registry-facade" "github.com/gitpod-io/gitpod/installer/pkg/components/server" + "github.com/gitpod-io/gitpod/installer/pkg/components/workspace" wsdaemon "github.com/gitpod-io/gitpod/installer/pkg/components/ws-daemon" wsmanager "github.com/gitpod-io/gitpod/installer/pkg/components/ws-manager" wsmanagerbridge "github.com/gitpod-io/gitpod/installer/pkg/components/ws-manager-bridge" @@ -33,7 +36,9 @@ var MetaObjects = common.CompositeRenderFunc( proxy.Objects, dashboard.Objects, imagebuildermk3.Objects, + migrations.Objects, mysql.Objects, + openvsxproxy.Objects, rabbitmq.Objects, server.Objects, wsmanagerbridge.Objects, @@ -44,6 +49,7 @@ var WorkspaceObjects = common.CompositeRenderFunc( blobserve.Objects, gitpod.Objects, registryfacade.Objects, + workspace.Objects, wsdaemon.Objects, wsmanager.Objects, wsproxy.Objects, diff --git a/installer/pkg/components/content-service/configmap.go b/installer/pkg/components/content-service/configmap.go index 383eb782a8a55b..fbacbf7609242c 100644 --- a/installer/pkg/components/content-service/configmap.go +++ b/installer/pkg/components/content-service/configmap.go @@ -9,7 +9,6 @@ import ( "fmt" "github.com/gitpod-io/gitpod/content-service/api/config" - apiconfig "github.com/gitpod-io/gitpod/content-service/api/config" "github.com/gitpod-io/gitpod/installer/pkg/common" corev1 "k8s.io/api/core/v1" @@ -18,6 +17,11 @@ import ( ) func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { + storageConfig, err := common.StorageConfiguration(ctx) + if err != nil { + return nil, err + } + cscfg := config.ServiceConfig{ Service: config.Service{ Addr: fmt.Sprintf(":%d", RPCPort), @@ -28,8 +32,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { PProf: config.PProf{ Addr: fmt.Sprintf(":%d", PProfPort), }, - // todo(sje): work out how to cater for different storages - Storage: apiconfig.StorageConfig{}, + Storage: *storageConfig, } fc, err := json.MarshalIndent(cscfg, "", " ") diff --git a/installer/pkg/components/docker-registry/constants.go b/installer/pkg/components/docker-registry/constants.go index 267b8cff2f784e..e50f60235ba0d6 100644 --- a/installer/pkg/components/docker-registry/constants.go +++ b/installer/pkg/components/docker-registry/constants.go @@ -8,4 +8,5 @@ const ( BuiltInRegistryAuth = "builtin-registry-auth" BuiltInRegistryCerts = "builtin-registry-certs" Component = "docker-registry" + RegistryName = "registry" ) diff --git a/installer/pkg/components/docker-registry/helm.go b/installer/pkg/components/docker-registry/helm.go index 729051d426e719..2d68d6698a158f 100644 --- a/installer/pkg/components/docker-registry/helm.go +++ b/installer/pkg/components/docker-registry/helm.go @@ -21,6 +21,7 @@ var Helm = common.CompositeHelmFunc( Enabled: pointer.BoolDeref(cfg.Config.ContainerRegistry.InCluster, false), Values: &values.Options{ Values: []string{ + helm.KeyValue("docker-registry.fullnameOverride", RegistryName), helm.KeyValue("docker-registry.service.port", strconv.Itoa(proxy.ContainerHTTPSPort)), helm.KeyValue("docker-registry.tlsSecretName", proxy.RegistryTLSCertSecret), }, diff --git a/installer/pkg/components/docker-registry/secret.go b/installer/pkg/components/docker-registry/secret.go index 63e0412da8547a..c80b671a1cff54 100644 --- a/installer/pkg/components/docker-registry/secret.go +++ b/installer/pkg/components/docker-registry/secret.go @@ -25,14 +25,14 @@ func secret(ctx *common.RenderContext) ([]runtime.Object, error) { return nil, nil } - user, err := common.RandomString(20) - if err != nil { - return nil, err + user := ctx.Values.InternalRegistryUsername + if user == "" { + return nil, fmt.Errorf("unknown value: internal registry username") } - password, err := common.RandomString(20) - if err != nil { - return nil, err + password := ctx.Values.InternalRegistryPassword + if password == "" { + return nil, fmt.Errorf("unknown value: internal registry password") } // todo(sje): handle if bypassing registry with proxy diff --git a/installer/pkg/components/image-builder-mk3/configmap.go b/installer/pkg/components/image-builder-mk3/configmap.go index ca6d0edd19530e..cfdcdcb8920ada 100644 --- a/installer/pkg/components/image-builder-mk3/configmap.go +++ b/installer/pkg/components/image-builder-mk3/configmap.go @@ -7,6 +7,8 @@ package image_builder_mk3 import ( "encoding/json" "fmt" + dockerregistry "github.com/gitpod-io/gitpod/installer/pkg/components/docker-registry" + "k8s.io/utils/pointer" "time" "github.com/gitpod-io/gitpod/common-go/util" @@ -21,26 +23,43 @@ import ( ) func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { - imgcfg := config.ServiceConfig{ - Orchestrator: config.Configuration{ - WorkspaceManager: config.WorkspaceManagerConfig{ - Address: fmt.Sprintf("%s:%d", wsmanager.Component, wsmanager.RPCPort), - TLS: config.TLS{ - Authority: "/wsman-certs/ca.crt", - Certificate: "/wsman-certs/tls.crt", - PrivateKey: "/wsman-certs/tls.key", - }, + orchestrator := config.Configuration{ + WorkspaceManager: config.WorkspaceManagerConfig{ + Address: fmt.Sprintf("%s:%d", wsmanager.Component, wsmanager.RPCPort), + TLS: config.TLS{ + Authority: "/wsman-certs/ca.crt", + Certificate: "/wsman-certs/tls.crt", + PrivateKey: "/wsman-certs/tls.key", }, - AuthFile: PullSecretFile, // todo(sje): make conditional - BaseImageRepository: "", // todo(sje): get conditional value - WorkspaceImageRepository: "", // todo(sje): get conditional value - BuilderImage: common.ImageName(ctx.Config.Repository, BuilderImage, BuilderImageVersion), - BuilderAuthKeyFile: "/config/authkey", }, + BuilderImage: common.ImageName(ctx.Config.Repository, BuilderImage, ctx.VersionManifest.Components.ImageBuilderMk3.BuilderImage.Version), + BuilderAuthKeyFile: "/config/authkey", + } + + var baseImageRepo string + var workspaceImgRepo string + if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) { + // todo(sje): handle external registry + registryName := fmt.Sprintf("%s.%s", dockerregistry.RegistryName, ctx.Config.Domain) + + baseImageRepo = fmt.Sprintf("%s/base-images", registryName) + workspaceImgRepo = fmt.Sprintf("%s/workspace-images", registryName) + + orchestrator.AuthFile = PullSecretFile + } else { + // todo(sje): handle outside cluster values for image builder mk3 + return nil, fmt.Errorf("in cluster container currently only supported option") + } + + orchestrator.BaseImageRepository = baseImageRepo + orchestrator.WorkspaceImageRepository = workspaceImgRepo + + imgcfg := config.ServiceConfig{ + Orchestrator: orchestrator, RefCache: config.RefCacheConfig{ Interval: util.Duration(time.Hour * 6).String(), Refs: []string{ - common.ImageName(ctx.Config.Repository, workspace.DefaultWorkspaceImage, workspace.DefaultWorkspaceImageVersion), + fmt.Sprintf("%s:%s", workspace.DefaultWorkspaceImage, workspace.DefaultWorkspaceImageVersion), }, }, Service: config.Service{ diff --git a/installer/pkg/components/image-builder-mk3/constants.go b/installer/pkg/components/image-builder-mk3/constants.go index a209b7c39230e5..c58be07d358ff9 100644 --- a/installer/pkg/components/image-builder-mk3/constants.go +++ b/installer/pkg/components/image-builder-mk3/constants.go @@ -5,12 +5,11 @@ package image_builder_mk3 const ( - PullSecretFile = "/config/pull-secret.json" - BuilderImage = "image-builder-mk3/bob" - BuilderImageVersion = "latest" - Component = "image-builder-mk3" - RPCPort = 8080 - RPCPortName = "service" - PProfPort = 6060 - PrometheusPort = 9500 + PullSecretFile = "/config/pull-secret.json" + BuilderImage = "image-builder-mk3/bob" + Component = "image-builder-mk3" + RPCPort = 8080 + RPCPortName = "service" + PProfPort = 6060 + PrometheusPort = 9500 ) diff --git a/installer/pkg/components/migrations/constants.go b/installer/pkg/components/migrations/constants.go new file mode 100644 index 00000000000000..209fe55a195d6c --- /dev/null +++ b/installer/pkg/components/migrations/constants.go @@ -0,0 +1,9 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package migrations + +const ( + Component = "migrations" +) diff --git a/installer/pkg/components/migrations/job.go b/installer/pkg/components/migrations/job.go new file mode 100644 index 00000000000000..d3cac368582d1c --- /dev/null +++ b/installer/pkg/components/migrations/job.go @@ -0,0 +1,53 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package migrations + +import ( + "github.com/gitpod-io/gitpod/installer/pkg/common" + batchv1 "k8s.io/api/batch/v1" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/pointer" +) + +func job(ctx *common.RenderContext) ([]runtime.Object, error) { + objectMeta := metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: common.DefaultLabels(Component), + } + + return []runtime.Object{&batchv1.Job{ + TypeMeta: common.TypeMetaBatchJob, + ObjectMeta: objectMeta, + Spec: batchv1.JobSpec{ + Template: corev1.PodTemplateSpec{ + ObjectMeta: objectMeta, + Spec: corev1.PodSpec{ + Affinity: &corev1.Affinity{}, + RestartPolicy: corev1.RestartPolicyNever, + ServiceAccountName: Component, + EnableServiceLinks: pointer.Bool(false), + // The init container is designed to emulate Helm hooks + InitContainers: []corev1.Container{*common.DatabaseWaiterContainer(ctx)}, + Containers: []corev1.Container{{ + Name: Component, + Image: common.ImageName(ctx.Config.Repository, "db-migrations", ctx.VersionManifest.Components.DBMigrations.Version), + ImagePullPolicy: corev1.PullIfNotPresent, + Env: common.MergeEnv( + common.DatabaseEnv(&ctx.Config), + ), + Command: []string{ + "sh", + "-c", + "cd /app/node_modules/@gitpod/gitpod-db && yarn run wait-for-db && yarn run typeorm migrations:run", + }, + }}, + }, + }, + }, + }}, nil +} diff --git a/installer/pkg/components/migrations/objects.go b/installer/pkg/components/migrations/objects.go new file mode 100644 index 00000000000000..e5256c380aef36 --- /dev/null +++ b/installer/pkg/components/migrations/objects.go @@ -0,0 +1,15 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package migrations + +import ( + "github.com/gitpod-io/gitpod/installer/pkg/common" +) + +var Objects = common.CompositeRenderFunc( + job, + rolebinding, + common.DefaultServiceAccount(Component), +) diff --git a/installer/pkg/components/migrations/rolebinding.go b/installer/pkg/components/migrations/rolebinding.go new file mode 100644 index 00000000000000..b4daefb875e374 --- /dev/null +++ b/installer/pkg/components/migrations/rolebinding.go @@ -0,0 +1,35 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package migrations + +import ( + "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) { + labels := common.DefaultLabels(Component) + + return []runtime.Object{&rbacv1.RoleBinding{ + TypeMeta: common.TypeMetaRoleBinding, + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: labels, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + Name: fmt.Sprintf("%s-ns-psp:restricted-root-user", ctx.Namespace), + APIGroup: "rbac.authorization.k8s.io", + }, + Subjects: []rbacv1.Subject{{ + Kind: "ServiceAccount", + Name: Component, + }}, + }}, nil +} diff --git a/installer/pkg/components/mysql/configmap.go b/installer/pkg/components/mysql/configmap.go index 40a55754321245..fb9ebb7954e868 100644 --- a/installer/pkg/components/mysql/configmap.go +++ b/installer/pkg/components/mysql/configmap.go @@ -40,6 +40,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { fileStr := string(file) // Replace variables in the script fileStr = strings.Replace(fileStr, "__GITPOD_DB_NAME__", Database, -1) + fileStr = strings.Replace(fileStr, "__GITPOD_USERNAME__", Username, -1) // Add the file name for debugging purposes initScriptData += fmt.Sprintf("-- %s\n\n%s", script.Name(), fileStr) diff --git a/installer/pkg/components/mysql/init/00-create-and-init-sessions-db.sql b/installer/pkg/components/mysql/init/00-create-and-init-sessions-db.sql index ffe04f00e855bd..f25ce59d4416e6 100644 --- a/installer/pkg/components/mysql/init/00-create-and-init-sessions-db.sql +++ b/installer/pkg/components/mysql/init/00-create-and-init-sessions-db.sql @@ -14,3 +14,6 @@ CREATE TABLE IF NOT EXISTS sessions ( `_lastModified` timestamp(6) NOT NULL DEFAULT CURRENT_TIMESTAMP(6) ON UPDATE CURRENT_TIMESTAMP(6), PRIMARY KEY (`session_id`) ); + +-- Grant privileges +GRANT ALL ON `gitpod-sessions`.* TO "__GITPOD_USERNAME__"@"%"; diff --git a/installer/pkg/components/mysql/secret.go b/installer/pkg/components/mysql/secret.go index a68bfdb148c94d..d02b0206de0c6c 100644 --- a/installer/pkg/components/mysql/secret.go +++ b/installer/pkg/components/mysql/secret.go @@ -5,6 +5,7 @@ package mysql import ( + "encoding/json" "fmt" "github.com/gitpod-io/gitpod/installer/pkg/common" corev1 "k8s.io/api/core/v1" @@ -12,6 +13,13 @@ import ( "k8s.io/apimachinery/pkg/runtime" ) +type EncryptionKey struct { + Name string `json:"name"` + Version int `json:"version"` + Primary bool `json:"primary"` + Material string `json:"material"` +} + func secrets(ctx *common.RenderContext) ([]runtime.Object, error) { if !enabled(ctx) { return nil, nil @@ -27,6 +35,16 @@ func secrets(ctx *common.RenderContext) ([]runtime.Object, error) { return nil, err } + encryptionKeys, err := json.MarshalIndent([]EncryptionKey{{ + Name: "general", + Version: 1, + Primary: true, + Material: "4uGh1q8y2DYryJwrVMHs0kWXJlqvHWWt/KJuNi04edI=", + }}, "", " ") + if err != nil { + return nil, fmt.Errorf("failed to marshal mysql encryptionKeys: %w", err) + } + return []runtime.Object{&corev1.Secret{ TypeMeta: common.TypeMetaSecret, ObjectMeta: metav1.ObjectMeta{ @@ -46,11 +64,12 @@ func secrets(ctx *common.RenderContext) ([]runtime.Object, error) { Labels: common.DefaultLabels(Component), }, Data: map[string][]byte{ - "database": []byte(Database), - "host": []byte(Component), - "port": []byte(fmt.Sprintf("%d", Port)), - "password": []byte(password), - "username": []byte(Username), + "database": []byte(Database), + "encryptionKeys": encryptionKeys, + "host": []byte(Component), + "port": []byte(fmt.Sprintf("%d", Port)), + "password": []byte(password), + "username": []byte(Username), }, }}, nil } diff --git a/installer/pkg/components/openvsx-proxy/configmap.go b/installer/pkg/components/openvsx-proxy/configmap.go new file mode 100644 index 00000000000000..9c1628438e754e --- /dev/null +++ b/installer/pkg/components/openvsx-proxy/configmap.go @@ -0,0 +1,52 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package openvsx_proxy + +import ( + "encoding/json" + "fmt" + "github.com/gitpod-io/gitpod/common-go/util" + "github.com/gitpod-io/gitpod/installer/pkg/common" + openvsx "github.com/gitpod-io/gitpod/openvsx-proxy/pkg" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "time" +) + +func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { + // todo(sje): enable redis config + imgcfg := openvsx.Config{ + LogDebug: true, + CacheDurationRegular: util.Duration(time.Minute), + CacheDurationBackup: util.Duration(time.Hour * 72), + URLUpstream: "https://open-vsx.org", // todo(sje): make configurable + URLLocal: fmt.Sprintf("https://open-vsx.%s", ctx.Config.Domain), + MaxIdleConns: 1000, + MaxIdleConnsPerHost: 1000, + PrometheusAddr: fmt.Sprintf(":%d", PrometheusPort), + } + + fc, err := json.MarshalIndent(imgcfg, "", " ") + if err != nil { + return nil, fmt.Errorf("failed to marshal openvsx config: %w", err) + } + + data := map[string]string{ + "config.json": string(fc), + } + + return []runtime.Object{ + &corev1.ConfigMap{ + TypeMeta: common.TypeMetaConfigmap, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-config", Component), + Namespace: ctx.Namespace, + Labels: common.DefaultLabels(Component), + }, + Data: data, + }, + }, nil +} diff --git a/installer/pkg/components/openvsx-proxy/constants.go b/installer/pkg/components/openvsx-proxy/constants.go new file mode 100644 index 00000000000000..26d0fe322cde72 --- /dev/null +++ b/installer/pkg/components/openvsx-proxy/constants.go @@ -0,0 +1,14 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package openvsx_proxy + +const ( + Component = "openvsx-proxy" + ContainerPort = 8080 + ServicePort = 8080 + PortName = "http" + PrometheusPort = 9500 + PrometheusPortName = "metrics" +) diff --git a/installer/pkg/components/openvsx-proxy/networkpolicy.go b/installer/pkg/components/openvsx-proxy/networkpolicy.go new file mode 100644 index 00000000000000..add6e10c018196 --- /dev/null +++ b/installer/pkg/components/openvsx-proxy/networkpolicy.go @@ -0,0 +1,49 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package openvsx_proxy + +import ( + "github.com/gitpod-io/gitpod/installer/pkg/common" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) { + labels := common.DefaultLabels(Component) + + return []runtime.Object{&networkingv1.NetworkPolicy{ + TypeMeta: common.TypeMetaNetworkPolicy, + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: labels, + }, + Spec: networkingv1.NetworkPolicySpec{ + PodSelector: metav1.LabelSelector{MatchLabels: labels}, + PolicyTypes: []networkingv1.PolicyType{"Ingress"}, + Ingress: []networkingv1.NetworkPolicyIngressRule{{ + Ports: []networkingv1.NetworkPolicyPort{{ + Protocol: common.TCPProtocol, + Port: &intstr.IntOrString{IntVal: ContainerPort}, + }}, + }, { + Ports: []networkingv1.NetworkPolicyPort{{ + Protocol: common.TCPProtocol, + Port: &intstr.IntOrString{IntVal: ContainerPort}, + }}, + From: []networkingv1.NetworkPolicyPeer{{ + NamespaceSelector: &metav1.LabelSelector{MatchLabels: map[string]string{ + "chart": common.MonitoringChart, + }}, + PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{ + "component": common.ServerComponent, + }}, + }}, + }}, + }, + }}, nil +} diff --git a/installer/pkg/components/openvsx-proxy/objects.go b/installer/pkg/components/openvsx-proxy/objects.go new file mode 100644 index 00000000000000..d21c98225e4ba2 --- /dev/null +++ b/installer/pkg/components/openvsx-proxy/objects.go @@ -0,0 +1,27 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package openvsx_proxy + +import "github.com/gitpod-io/gitpod/installer/pkg/common" + +// todo(sje): conditionally deploy this component + +var Objects = common.CompositeRenderFunc( + configmap, + networkpolicy, + rolebinding, + statefulset, + common.GenerateService(Component, map[string]common.ServicePort{ + PortName: { + ContainerPort: ContainerPort, + ServicePort: ServicePort, + }, + PrometheusPortName: { + ContainerPort: PrometheusPort, + ServicePort: PrometheusPort, + }, + }), + common.DefaultServiceAccount(Component), +) diff --git a/installer/pkg/components/openvsx-proxy/rolebinding.go b/installer/pkg/components/openvsx-proxy/rolebinding.go new file mode 100644 index 00000000000000..da07192feef395 --- /dev/null +++ b/installer/pkg/components/openvsx-proxy/rolebinding.go @@ -0,0 +1,53 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package openvsx_proxy + +import ( + "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) { + labels := common.DefaultLabels(Component) + return []runtime.Object{ + &rbacv1.RoleBinding{ + TypeMeta: common.TypeMetaRoleBinding, + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: labels, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + Name: fmt.Sprintf("%s-ns-psp:restricted-root-user", ctx.Namespace), + APIGroup: "rbac.authorization.k8s.io", + }, + Subjects: []rbacv1.Subject{{ + Kind: "ServiceAccount", + Name: Component, + }}, + }, + &rbacv1.ClusterRoleBinding{ + TypeMeta: common.TypeMetaClusterRoleBinding, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-%s-kube-rbac-proxy", ctx.Namespace, Component), + Labels: labels, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "ClusterRole", + Name: fmt.Sprintf("%s-kube-rbac-proxy", ctx.Namespace), + APIGroup: "rbac.authorization.k8s.io", + }, + Subjects: []rbacv1.Subject{{ + Kind: "ServiceAccount", + Name: Component, + Namespace: ctx.Namespace, + }}, + }, + }, nil +} diff --git a/installer/pkg/components/openvsx-proxy/statefulset.go b/installer/pkg/components/openvsx-proxy/statefulset.go new file mode 100644 index 00000000000000..f648ff6700103c --- /dev/null +++ b/installer/pkg/components/openvsx-proxy/statefulset.go @@ -0,0 +1,96 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package openvsx_proxy + +import ( + "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" + appsv1 "k8s.io/api/apps/v1" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/pointer" +) + +func statefulset(ctx *common.RenderContext) ([]runtime.Object, error) { + labels := common.DefaultLabels(Component) + // todo(sje): add redis + + return []runtime.Object{&appsv1.StatefulSet{ + TypeMeta: common.TypeMetaStatefulSet, + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: labels, + }, + Spec: appsv1.StatefulSetSpec{ + Selector: &metav1.LabelSelector{ + MatchLabels: labels, + }, + ServiceName: Component, + // todo(sje): receive config value + Replicas: pointer.Int32(1), + Template: v1.PodTemplateSpec{ + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: labels, + }, + Spec: v1.PodSpec{ + Affinity: &v1.Affinity{}, + ServiceAccountName: Component, + EnableServiceLinks: pointer.Bool(false), + DNSPolicy: "ClusterFirst", + RestartPolicy: "Always", + TerminationGracePeriodSeconds: pointer.Int64(30), + Volumes: []v1.Volume{{ + Name: "config", + VolumeSource: v1.VolumeSource{ + ConfigMap: &v1.ConfigMapVolumeSource{ + LocalObjectReference: v1.LocalObjectReference{Name: fmt.Sprintf("%s-config", Component)}, + }, + }, + }}, + Containers: []v1.Container{{ + Name: Component, + Image: common.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.OpenVSXProxy.Version), + Args: []string{"/config/config.json"}, + ReadinessProbe: &v1.Probe{ + Handler: v1.Handler{ + HTTPGet: &v1.HTTPGetAction{ + Path: "/openvsx-proxy-status", + Port: intstr.IntOrString{IntVal: ContainerPort}, + }, + }, + }, + ImagePullPolicy: v1.PullIfNotPresent, + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + "cpu": resource.MustParse("1m"), + "memory": resource.MustParse("2.25Gi"), + }, + }, + Ports: []v1.ContainerPort{{ + Name: PortName, + ContainerPort: ContainerPort, + }, { + Name: PrometheusPortName, + ContainerPort: PrometheusPort, + }}, + VolumeMounts: []v1.VolumeMount{{ + Name: "config", + MountPath: "/config", + }}, + Env: common.MergeEnv( + common.DefaultEnv(&ctx.Config), + ), + }}, + }, + }, + }, + }}, nil +} diff --git a/installer/pkg/components/proxy/configmap.go b/installer/pkg/components/proxy/configmap.go index 11d450b038a7de..1deb1b29948079 100644 --- a/installer/pkg/components/proxy/configmap.go +++ b/installer/pkg/components/proxy/configmap.go @@ -90,15 +90,14 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { // todo(sje) make conditional // todo(sje): allow value to be set via config - username, err := common.RandomString(20) - if err != nil { - return nil, err + username := ctx.Values.InternalRegistryUsername + if username == "" { + return nil, fmt.Errorf("unknown value: internal registry username") } - // todo(sje): allow value to be set via config - password, err := common.RandomString(20) - if err != nil { - return nil, err + password := ctx.Values.InternalRegistryPassword + if password == "" { + return nil, fmt.Errorf("unknown value: internal registry password") } hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) @@ -108,7 +107,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { dockerRegistry, err := renderTemplate(vhostDockerRegistry, dockerRegistryTpl{ Domain: ctx.Config.Domain, - ReverseProxy: fmt.Sprintf("https://%s", common.DockerRegistryName), + ReverseProxy: fmt.Sprintf("https://%s.%s.%s", common.DockerRegistryName, ctx.Namespace, kubeDomain), Username: username, Password: base64.StdEncoding.EncodeToString(hashedPassword), }) @@ -118,7 +117,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { openVSX, err := renderTemplate(vhostOpenVSXTmpl, openVSXTpl{ Domain: ctx.Config.Domain, - RepoURL: "open-vsx.org", // todo(sje) allow this to be configurable + RepoURL: fmt.Sprintf("openvsx-proxy.%s.%s:%d", ctx.Namespace, kubeDomain, 8080), // todo(sje): get port from (future) config }) if err != nil { return nil, err diff --git a/installer/pkg/components/proxy/objects.go b/installer/pkg/components/proxy/objects.go index d28dfc8fbb7e10..f0a5abd2c08317 100644 --- a/installer/pkg/components/proxy/objects.go +++ b/installer/pkg/components/proxy/objects.go @@ -4,7 +4,10 @@ package proxy -import "github.com/gitpod-io/gitpod/installer/pkg/common" +import ( + "github.com/gitpod-io/gitpod/installer/pkg/common" + corev1 "k8s.io/api/core/v1" +) var Objects = common.CompositeRenderFunc( configmap, @@ -24,6 +27,8 @@ var Objects = common.CompositeRenderFunc( ContainerPort: PrometheusPort, ServicePort: PrometheusPort, }, + }, func(spec *corev1.ServiceSpec) { + spec.Type = corev1.ServiceTypeLoadBalancer }), common.DefaultServiceAccount(Component), ) diff --git a/installer/pkg/components/proxy/templates/configmap/vhost.open-vsx.tpl b/installer/pkg/components/proxy/templates/configmap/vhost.open-vsx.tpl index 120fd1c90f9e80..a9f695d07bb086 100644 --- a/installer/pkg/components/proxy/templates/configmap/vhost.open-vsx.tpl +++ b/installer/pkg/components/proxy/templates/configmap/vhost.open-vsx.tpl @@ -1,48 +1,9 @@ -# We cache the requests to the VSX registry and in case of an upstream server error we serve the the cached results. https://open-vsx.{{.Domain}} { import enable_log_debug import remove_server_header import ssl_configuration - # The http_cache plugin does not allow to cache the HTTP OPTIONS method. - # That's why we simply serve a static respond instead of asking the upstream server. - @options method OPTIONS - header @options { - Access-Control-Allow-Credentials "true" - Access-Control-Allow-Headers "content-type,x-market-client-id,x-market-user-id,x-client-commit,x-client-name,x-client-version,x-machine-id" - Access-Control-Allow-Methods "OPTIONS,GET,POST,PATCH,PUT,DELETE" - Access-Control-Allow-Origin "*" - } - respond @options 204 { - close - } - - reverse_proxy { - to https://{{.RepoURL}} - - # health_uri /api/-/search - - header_up Host "{{.RepoURL}}" - header_up -Connection - - # Override/remove existing cache control headers from the upstream server. - header_down Cache-Control "max-age=30, public" # cache for 30 seconds - header_down -Vary - header_down -Pragma - header_down -Expires - } - - gitpod.body_intercept { - search "{{.RepoURL}}" - replace "open-vsx.{{.Domain}}" - } - - http_cache { - cache_type file - path /tmp/openvsx-cache - match_path / - match_methods GET HEAD POST - stale_max_age 72h # 3 days - cache_key "{http.request.method} {http.request.host}{http.request.uri.path}?{http.request.uri.query} {http.request.contentlength} {http.request.bodyhash}" + reverse_proxy { + to {{.RepoURL}} } } \ No newline at end of file diff --git a/installer/pkg/components/server/configmap.go b/installer/pkg/components/server/configmap.go index 51261eb81e81f3..acc9d2724854af 100644 --- a/installer/pkg/components/server/configmap.go +++ b/installer/pkg/components/server/configmap.go @@ -7,10 +7,8 @@ package server import ( "encoding/json" "fmt" - "github.com/gitpod-io/gitpod/installer/pkg/common" "github.com/gitpod-io/gitpod/installer/pkg/components/workspace" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -28,7 +26,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { HostURL: fmt.Sprintf("https://%s", ctx.Config.Domain), InstallationShortname: ctx.Namespace, // todo(sje): is this needed? Stage: "production", // todo(sje): is this needed? - License: "", + License: "", // todo(sje): how do we populate this? WorkspaceHeartbeat: WorkspaceHeartbeat{ IntervalSeconds: 60, TimeoutSeconds: 300, @@ -42,10 +40,6 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { MaxAgeMs: 259200000, Secret: "Important!Really-Change-This-Key!", // todo(sje): how best to do this? }, - GitHubApp: GitHubApp{ // todo(sje): conditionally apply - Enabled: false, - AuthProviderId: "Public-GitHub", - }, DefinitelyGpDisabled: false, WorkspaceGarbageCollection: WorkspaceGarbageCollection{ ChunkLimit: 1000, @@ -55,8 +49,9 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { MinAgeDays: 14, MinAgePrebuildDays: 7, }, - EnableLocalApp: true, + EnableLocalApp: false, AuthProviderConfigs: ctx.Config.AuthProviders, + BuiltinAuthProvidersConfigured: len(ctx.Config.AuthProviders) > 0, DisableDynamicAuthProviderLogin: false, BrandingConfig: BrandingConfig{ Logo: "/images/gitpod-ddd.svg", diff --git a/installer/pkg/components/server/deployment.go b/installer/pkg/components/server/deployment.go index 22c18f0567331c..98f375b88779d3 100644 --- a/installer/pkg/components/server/deployment.go +++ b/installer/pkg/components/server/deployment.go @@ -61,7 +61,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { Name: "config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{Name: Component}, + LocalObjectReference: corev1.LocalObjectReference{Name: fmt.Sprintf("%s-config", Component)}, }, }, }, { @@ -104,6 +104,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { // todo(sje): do we need to cater for serverContainer.env from values.yaml? Env: common.MergeEnv( common.DefaultEnv(&ctx.Config), + common.DatabaseEnv(&ctx.Config), common.TracingEnv(&ctx.Config), common.AnalyticsEnv(&ctx.Config), common.MessageBusEnv(&ctx.Config), diff --git a/installer/pkg/components/workspace/constants.go b/installer/pkg/components/workspace/constants.go index 09c2d8b6c5c96f..d716aba81cfb2e 100644 --- a/installer/pkg/components/workspace/constants.go +++ b/installer/pkg/components/workspace/constants.go @@ -5,6 +5,7 @@ package workspace const ( + Component = "workspace" ContainerPort = 23000 DefaultWorkspaceImage = "gitpod/workspace-full" DefaultWorkspaceImageVersion = "latest" diff --git a/installer/pkg/components/workspace/networkpolicy.go b/installer/pkg/components/workspace/networkpolicy.go new file mode 100644 index 00000000000000..d1b32d23eddc8d --- /dev/null +++ b/installer/pkg/components/workspace/networkpolicy.go @@ -0,0 +1,103 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package workspace + +import ( + "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" + agentsmith "github.com/gitpod-io/gitpod/installer/pkg/components/agent-smith" + "github.com/gitpod-io/gitpod/installer/pkg/components/proxy" + wsdaemon "github.com/gitpod-io/gitpod/installer/pkg/components/ws-daemon" + networkingv1 "k8s.io/api/networking/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/util/intstr" +) + +func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) { + labels := common.DefaultLabels(Component) + + podSelectorLabels := labels + podSelectorLabels["gitpod.io/networkpolicy"] = "default" + + return []runtime.Object{&networkingv1.NetworkPolicy{ + TypeMeta: common.TypeMetaNetworkPolicy, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-default", Component), + Namespace: ctx.Namespace, + Labels: labels, + }, + Spec: networkingv1.NetworkPolicySpec{ + PodSelector: metav1.LabelSelector{MatchLabels: podSelectorLabels}, + PolicyTypes: []networkingv1.PolicyType{"Ingress", "Egress"}, + Ingress: []networkingv1.NetworkPolicyIngressRule{ + { + From: []networkingv1.NetworkPolicyPeer{ + { + PodSelector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(proxy.Component)}, + }, + }, + }, + { + From: []networkingv1.NetworkPolicyPeer{ + { + PodSelector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(common.WSProxyComponent)}, + }, + }, + }, + { + From: []networkingv1.NetworkPolicyPeer{ + { + PodSelector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(agentsmith.Component)}, + }, + }, + }, + { + From: []networkingv1.NetworkPolicyPeer{ + { + PodSelector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(wsdaemon.Component)}, + }, + }, + }, + { + Ports: []networkingv1.NetworkPolicyPort{ + { + Protocol: common.TCPProtocol, + Port: &intstr.IntOrString{IntVal: 23000}, + }, + }, + From: []networkingv1.NetworkPolicyPeer{ + { + NamespaceSelector: &metav1.LabelSelector{MatchLabels: map[string]string{ + "chart": common.MonitoringChart, + }}, + PodSelector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(common.ServerComponent)}, + }, + }, + }, + }, + Egress: []networkingv1.NetworkPolicyEgressRule{ + { + To: []networkingv1.NetworkPolicyPeer{ + { + IPBlock: &networkingv1.IPBlock{ + CIDR: "0.0.0.0/0", + // Google Compute engine special, reserved VM metadata IP + Except: []string{"169.254.169.254/32"}, + }, + }, + }, + }, + { + To: []networkingv1.NetworkPolicyPeer{ + { + PodSelector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(proxy.Component)}, + }, + }, + }, + }, + }, + }}, nil +} diff --git a/installer/pkg/components/workspace/objects.go b/installer/pkg/components/workspace/objects.go new file mode 100644 index 00000000000000..50440b13041041 --- /dev/null +++ b/installer/pkg/components/workspace/objects.go @@ -0,0 +1,15 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package workspace + +import "github.com/gitpod-io/gitpod/installer/pkg/common" + +var Objects = common.CompositeRenderFunc( + networkpolicy, + podsecuritypolicies, + role, + rolebinding, + common.DefaultServiceAccount(Component), +) diff --git a/installer/pkg/components/workspace/podsecuritypolicies.go b/installer/pkg/components/workspace/podsecuritypolicies.go new file mode 100644 index 00000000000000..abd6ade496067a --- /dev/null +++ b/installer/pkg/components/workspace/podsecuritypolicies.go @@ -0,0 +1,59 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package workspace + +import ( + "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" + corev1 "k8s.io/api/core/v1" + "k8s.io/api/policy/v1beta1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/utils/pointer" +) + +func podsecuritypolicies(ctx *common.RenderContext) ([]runtime.Object, error) { + return []runtime.Object{ + &v1beta1.PodSecurityPolicy{ + TypeMeta: common.TypeMetaPodSecurityPolicy, + ObjectMeta: metav1.ObjectMeta{ + Name: fmt.Sprintf("%s-ns-workspace", ctx.Namespace), + Namespace: ctx.Namespace, + Annotations: map[string]string{ + "seccomp.security.alpha.kubernetes.io/allowedProfileNames": "*", + "apparmor.security.beta.kubernetes.io/allowedProfileNames": "runtime/default,unconfined", + "seccomp.security.alpha.kubernetes.io/defaultProfileName": "runtime/default", + "apparmor.security.beta.kubernetes.io/defaultProfileName": "runtime/default", + }, + }, + Spec: v1beta1.PodSecurityPolicySpec{ + Privileged: false, + AllowPrivilegeEscalation: pointer.Bool(true), + AllowedCapabilities: []corev1.Capability{"AUDIT_WRITE", "FSETID", "KILL", "NET_BIND_SERVICE", "SYS_PTRACE"}, + Volumes: []v1beta1.FSType{v1beta1.ConfigMap, v1beta1.Projected, v1beta1.Secret, v1beta1.HostPath}, + HostNetwork: false, + HostIPC: false, + HostPID: false, + RunAsUser: v1beta1.RunAsUserStrategyOptions{Rule: v1beta1.RunAsUserStrategyRunAsAny}, + SELinux: v1beta1.SELinuxStrategyOptions{Rule: v1beta1.SELinuxStrategyRunAsAny}, + SupplementalGroups: v1beta1.SupplementalGroupsStrategyOptions{ + Rule: v1beta1.SupplementalGroupsStrategyMustRunAs, + Ranges: []v1beta1.IDRange{{ + Min: 1, + Max: 65535, + }}, + }, + FSGroup: v1beta1.FSGroupStrategyOptions{ + Rule: v1beta1.FSGroupStrategyMustRunAs, + Ranges: []v1beta1.IDRange{{ + Min: 1, + Max: 65535, + }}, + }, + ReadOnlyRootFilesystem: false, + }, + }, + }, nil +} diff --git a/installer/pkg/components/workspace/role.go b/installer/pkg/components/workspace/role.go new file mode 100644 index 00000000000000..7fa7e02783eb5a --- /dev/null +++ b/installer/pkg/components/workspace/role.go @@ -0,0 +1,33 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package workspace + +import ( + "fmt" + "github.com/gitpod-io/gitpod/installer/pkg/common" + + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +func role(ctx *common.RenderContext) ([]runtime.Object, error) { + return []runtime.Object{&rbacv1.Role{ + TypeMeta: common.TypeMetaRole, + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: common.DefaultLabels(Component), + }, + Rules: []rbacv1.PolicyRule{ + { + APIGroups: []string{"policy"}, + Resources: []string{"podsecuritypolicies"}, + Verbs: []string{"use"}, + ResourceNames: []string{fmt.Sprintf("%s-ns-workspace", ctx.Namespace)}, + }, + }, + }}, nil +} diff --git a/installer/pkg/components/workspace/rolebinding.go b/installer/pkg/components/workspace/rolebinding.go new file mode 100644 index 00000000000000..7db0617c4caeeb --- /dev/null +++ b/installer/pkg/components/workspace/rolebinding.go @@ -0,0 +1,37 @@ +// Copyright (c) 2021 Gitpod GmbH. All rights reserved. +// Licensed under the GNU Affero General Public License (AGPL). +// See License-AGPL.txt in the project root for license information. + +package workspace + +import ( + "github.com/gitpod-io/gitpod/installer/pkg/common" + + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" +) + +func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) { + labels := common.DefaultLabels(Component) + + return []runtime.Object{ + &rbacv1.RoleBinding{ + TypeMeta: common.TypeMetaRoleBinding, + ObjectMeta: metav1.ObjectMeta{ + Name: Component, + Namespace: ctx.Namespace, + Labels: labels, + }, + RoleRef: rbacv1.RoleRef{ + Kind: "Role", + Name: Component, + APIGroup: "rbac.authorization.k8s.io", + }, + Subjects: []rbacv1.Subject{{ + Kind: "ServiceAccount", + Name: Component, + }}, + }, + }, nil +} diff --git a/installer/pkg/components/ws-daemon/daemonset.go b/installer/pkg/components/ws-daemon/daemonset.go index d9f584d00dacff..53488d5fc1ba39 100644 --- a/installer/pkg/components/ws-daemon/daemonset.go +++ b/installer/pkg/components/ws-daemon/daemonset.go @@ -5,6 +5,7 @@ package wsdaemon import ( + "fmt" "github.com/gitpod-io/gitpod/installer/pkg/common" "github.com/gitpod-io/gitpod/installer/pkg/config/v1" @@ -57,7 +58,7 @@ fi Command: []string{ "/bin/sh", "-c", - "cp -f /installer/workspace_default.json /mnt/dst/workspace_default_not-set.json", + fmt.Sprintf("cp -f /installer/workspace_default.json /mnt/dst/workspace_default_%s.json", ctx.VersionManifest.Version), }, VolumeMounts: []corev1.VolumeMount{{ Name: "hostseccomp", diff --git a/installer/pkg/components/ws-manager-bridge/deployment.go b/installer/pkg/components/ws-manager-bridge/deployment.go index 4e4711349a98c2..cf3dee9a0aa8a6 100644 --- a/installer/pkg/components/ws-manager-bridge/deployment.go +++ b/installer/pkg/components/ws-manager-bridge/deployment.go @@ -5,6 +5,7 @@ package wsmanagerbridge import ( + "fmt" "github.com/gitpod-io/gitpod/installer/pkg/common" wsmanager "github.com/gitpod-io/gitpod/installer/pkg/components/ws-manager" @@ -50,7 +51,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { Name: "config", VolumeSource: corev1.VolumeSource{ ConfigMap: &corev1.ConfigMapVolumeSource{ - LocalObjectReference: corev1.LocalObjectReference{Name: Component}, + LocalObjectReference: corev1.LocalObjectReference{Name: fmt.Sprintf("%s-config", Component)}, }, }, }, { @@ -64,8 +65,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { InitContainers: []corev1.Container{*common.DatabaseWaiterContainer(ctx), *common.MessageBusWaiterContainer(ctx)}, Containers: []corev1.Container{{ Name: Component, - Args: []string{"run", "-v", "/mnt/config/config.json"}, - Image: common.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.Blobserve.Version), + Image: common.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.WSManagerBridge.Version), ImagePullPolicy: corev1.PullIfNotPresent, Resources: corev1.ResourceRequirements{ Requests: corev1.ResourceList{ @@ -90,7 +90,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { ), VolumeMounts: []corev1.VolumeMount{{ Name: "config", - MountPath: "/mnt/config", + MountPath: "/config", ReadOnly: true, }, { Name: "ws-manager-client-tls-certs", diff --git a/installer/pkg/components/ws-manager/configmap.go b/installer/pkg/components/ws-manager/configmap.go index 2254f4fe0f4972..047e3bd00f13d3 100644 --- a/installer/pkg/components/ws-manager/configmap.go +++ b/installer/pkg/components/ws-manager/configmap.go @@ -48,7 +48,7 @@ func configmap(ctx *common.RenderContext) ([]runtime.Object, error) { Manager: config.Configuration{ Namespace: ctx.Namespace, SchedulerName: "workspace-scheduler", - SeccompProfile: "/mnt/dst/workspace_default_not-set.json", + SeccompProfile: fmt.Sprintf("localhost/workspace_default_%s.json", ctx.VersionManifest.Version), DryRun: false, WorkspaceDaemon: config.WorkspaceDaemonConfiguration{ Port: 8080, diff --git a/installer/pkg/config/v1/config.go b/installer/pkg/config/v1/config.go index a744b3fee5d0f7..9425907d90845a 100644 --- a/installer/pkg/config/v1/config.go +++ b/installer/pkg/config/v1/config.go @@ -19,7 +19,15 @@ func init() { type version struct{} -func (v version) Factory() interface{} { return &Config{} } +func (v version) Factory() interface{} { + return &Config{ + AuthProviders: []AuthProviderConfigs{}, + BlockNewUsers: BlockNewUsers{ + Enabled: false, + Passlist: []string{}, + }, + } +} func (v version) Defaults(in interface{}) error { cfg, ok := in.(*Config) if !ok { @@ -72,7 +80,7 @@ type Config struct { Workspace Workspace `json:"workspace" validate:"required"` - AuthProviders []AuthProviderConfigs `json:"authProviders,omitempty"` + AuthProviders []AuthProviderConfigs `json:"authProviders"` BlockNewUsers BlockNewUsers `json:"blockNewUsers"` } @@ -198,10 +206,15 @@ type WorkspaceTemplates struct { Probe *corev1.Pod `json:"probe"` } +type WorkspaceComponent struct { + ServiceAnnotations map[string]string `json:"serviceAnnotations,omitempty"` +} + type Workspace struct { - Runtime WorkspaceRuntime `json:"runtime" validate:"required"` - Resources Resources `json:"resources" validate:"required"` - Templates *WorkspaceTemplates `json:"templates,omitempty"` + Runtime WorkspaceRuntime `json:"runtime" validate:"required"` + Resources Resources `json:"resources" validate:"required"` + Templates *WorkspaceTemplates `json:"templates,omitempty"` + Components map[string]WorkspaceComponent `json:"components,omitempty"` } type FSShiftMethod string @@ -227,7 +240,7 @@ type AuthProviderConfigs struct { type BlockNewUsers struct { Enabled bool `json:"enabled"` - Passlist []string `json:"passlist,omitempty"` + Passlist []string `json:"passlist"` } type OAuth struct { diff --git a/installer/pkg/config/versions/versions.go b/installer/pkg/config/versions/versions.go index 699687110df245..3d1f55de9d87c3 100644 --- a/installer/pkg/config/versions/versions.go +++ b/installer/pkg/config/versions/versions.go @@ -27,6 +27,7 @@ type Components struct { } `json:"imageBuilderMk3"` IntegrationTests Versioned `json:"integrationTests"` Kedge Versioned `json:"kedge"` + OpenVSXProxy Versioned `json:"openVSXProxy"` PaymentEndpoint Versioned `json:"paymentEndpoint"` Proxy Versioned `json:"proxy"` RegistryFacade Versioned `json:"registryFacade"` diff --git a/installer/third_party/charts/docker-registry/values.yaml b/installer/third_party/charts/docker-registry/values.yaml index 9b5e6bffa13b0f..b3fc162a1f90d9 100644 --- a/installer/third_party/charts/docker-registry/values.yaml +++ b/installer/third_party/charts/docker-registry/values.yaml @@ -2,5 +2,4 @@ # Licensed under the GNU Affero General Public License (AGPL). # See License-AGPL.txt in the project root for license information. -docker-registry: - fullnameOverride: registry +docker-registry: { }