Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/agent-smith/daemonset.go
2501 views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package agentsmith

6


7
import (

8
	"github.com/gitpod-io/gitpod/installer/pkg/cluster"

9
	"github.com/gitpod-io/gitpod/installer/pkg/common"

10
	wsmanagermk2 "github.com/gitpod-io/gitpod/installer/pkg/components/ws-manager-mk2"

11


12
	appsv1 "k8s.io/api/apps/v1"

13
	corev1 "k8s.io/api/core/v1"

14
	"k8s.io/apimachinery/pkg/api/resource"

15
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

16
	"k8s.io/apimachinery/pkg/runtime"

17
	"k8s.io/utils/pointer"

18
)

19


20
func daemonset(ctx *common.RenderContext) ([]runtime.Object, error) {

21
	labels := common.CustomizeLabel(ctx, Component, common.TypeMetaDaemonset)

22


23
	configHash, err := common.ObjectHash(configmap(ctx))

24
	if err != nil {

25
		return nil, err

26
	}

27
	volumeMounts := []corev1.VolumeMount{

28
		{

29
			Name:      "config",

30
			MountPath: "/config",

31
		},

32
		{

33
			Name:      "wsman-tls-certs",

34
			MountPath: "/wsman-certs",

35
			ReadOnly:  true,

36
		},

37
		common.CAVolumeMount(),

38
	}

39


40
	filesystemScanningEnabled := ctx.Config.Components != nil &&

41
		ctx.Config.Components.AgentSmith != nil &&

42
		ctx.Config.Components.AgentSmith.FilesystemScanning != nil &&

43
		ctx.Config.Components.AgentSmith.FilesystemScanning.Enabled

44


45
	if filesystemScanningEnabled {

46
		volumeMounts = append(volumeMounts, corev1.VolumeMount{

47
			Name:      "working-area",

48
			MountPath: ContainerWorkingAreaMk2,

49
			ReadOnly:  true,

50
		})

51
	}

52


53
	volumes := []corev1.Volume{

54
		{

55
			Name: "config",

56
			VolumeSource: corev1.VolumeSource{ConfigMap: &corev1.ConfigMapVolumeSource{

57
				LocalObjectReference: corev1.LocalObjectReference{Name: Component},

58
			}},

59
		},

60
		{

61
			Name: "wsman-tls-certs",

62
			VolumeSource: corev1.VolumeSource{

63
				Secret: &corev1.SecretVolumeSource{

64
					SecretName: wsmanagermk2.TLSSecretNameClient,

65
				},

66
			},

67
		},

68
		common.CAVolume(),

69
	}

70


71
	if filesystemScanningEnabled {

72
		volumes = append(volumes, corev1.Volume{

73
			Name: "working-area",

74
			VolumeSource: corev1.VolumeSource{

75
				HostPath: &corev1.HostPathVolumeSource{

76
					Path: HostWorkingAreaMk2,

77
					Type: func() *corev1.HostPathType { t := corev1.HostPathDirectory; return &t }(),

78
				},

79
			},

80
		})

81
	}

82


83
	return []runtime.Object{&appsv1.DaemonSet{

84
		TypeMeta: common.TypeMetaDaemonset,

85
		ObjectMeta: metav1.ObjectMeta{

86
			Name:      Component,

87
			Namespace: ctx.Namespace,

88
			Labels:    labels,

89
			Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaDaemonset, func() map[string]string {

90
				return map[string]string{

91
					common.AnnotationConfigChecksum: configHash,

92
				}

93
			}),

94
		},

95
		Spec: appsv1.DaemonSetSpec{

96
			Selector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(Component)},

97
			Template: corev1.PodTemplateSpec{

98
				ObjectMeta: metav1.ObjectMeta{

99
					Name:        Component,

100
					Labels:      labels,

101
					Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaDaemonset),

102
				},

103
				Spec: corev1.PodSpec{

104
					Affinity:                      cluster.WithNodeAffinity(cluster.AffinityLabelWorkspacesRegular, cluster.AffinityLabelWorkspacesHeadless),

105
					ServiceAccountName:            Component,

106
					HostPID:                       true,

107
					EnableServiceLinks:            pointer.Bool(false),

108
					DNSPolicy:                     corev1.DNSClusterFirst,

109
					RestartPolicy:                 corev1.RestartPolicyAlways,

110
					TerminationGracePeriodSeconds: pointer.Int64(30),

111
					Containers: []corev1.Container{{

112
						Name:            Component,

113
						Image:           ctx.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.AgentSmith.Version),

114
						ImagePullPolicy: corev1.PullIfNotPresent,

115
						Args:            []string{"run", "--config", "/config/config.json"},

116
						Resources: common.ResourceRequirements(ctx, Component, Component, corev1.ResourceRequirements{

117
							Requests: corev1.ResourceList{

118
								"cpu":    resource.MustParse("100m"),

119
								"memory": resource.MustParse("32Mi"),

120
							},

121
						}),

122
						VolumeMounts: volumeMounts,

123
						Env: common.CustomizeEnvvar(ctx, Component, common.MergeEnv(

124
							common.DefaultEnv(&ctx.Config),

125
							common.WorkspaceTracingEnv(ctx, Component),

126
							common.NodeNameEnv(ctx),

127
						)),

128
						SecurityContext: &corev1.SecurityContext{

129
							Privileged: pointer.Bool(true),

130
							ProcMount:  func() *corev1.ProcMountType { r := corev1.DefaultProcMount; return &r }(),

131
						},

132
					},

133
						*common.KubeRBACProxyContainer(ctx),

134
					},

135
					Volumes: volumes,

136
					Tolerations: []corev1.Toleration{

137
						{

138
							Effect:   corev1.TaintEffectNoSchedule,

139
							Operator: corev1.TolerationOpExists,

140
						},

141
					},

142
				},

143
			},

144
			UpdateStrategy: common.DaemonSetRolloutStrategy(),

145
		},

146
	}}, nil

147
}

148


149