Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/blobserve/deployment.go
2501 views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package blobserve

6


7
import (

8
	"fmt"

9


10
	"github.com/gitpod-io/gitpod/installer/pkg/cluster"

11
	"github.com/gitpod-io/gitpod/installer/pkg/common"

12
	dockerregistry "github.com/gitpod-io/gitpod/installer/pkg/components/docker-registry"

13
	appsv1 "k8s.io/api/apps/v1"

14
	corev1 "k8s.io/api/core/v1"

15
	"k8s.io/apimachinery/pkg/api/resource"

16
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

17
	"k8s.io/apimachinery/pkg/runtime"

18
	"k8s.io/apimachinery/pkg/util/intstr"

19
	"k8s.io/utils/pointer"

20
)

21


22
func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {

23
	labels := common.CustomizeLabel(ctx, Component, common.TypeMetaDeployment)

24


25
	volumeName := "pull-secret"

26
	var secretName string

27
	if pointer.BoolDeref(ctx.Config.ContainerRegistry.InCluster, false) {

28
		secretName = dockerregistry.BuiltInRegistryAuth

29
	} else if ctx.Config.ContainerRegistry.External != nil {

30
		if ctx.Config.ContainerRegistry.External.Certificate != nil {

31
			secretName = ctx.Config.ContainerRegistry.External.Certificate.Name

32
		}

33
	} else {

34
		return nil, fmt.Errorf("%s: invalid container registry config", Component)

35
	}

36


37
	var hashObj []runtime.Object

38
	if objs, err := configmap(ctx); err != nil {

39
		return nil, err

40
	} else {

41
		hashObj = append(hashObj, objs...)

42
	}

43


44
	if objs, err := common.DockerRegistryHash(ctx); err != nil {

45
		return nil, err

46
	} else {

47
		hashObj = append(hashObj, objs...)

48
	}

49


50
	configHash, err := common.ObjectHash(hashObj, nil)

51
	if err != nil {

52
		return nil, err

53
	}

54


55
	return []runtime.Object{

56
		&appsv1.Deployment{

57
			TypeMeta: common.TypeMetaDeployment,

58
			ObjectMeta: metav1.ObjectMeta{

59
				Name:        Component,

60
				Namespace:   ctx.Namespace,

61
				Labels:      labels,

62
				Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaDeployment),

63
			},

64
			Spec: appsv1.DeploymentSpec{

65
				Selector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(Component)},

66
				Replicas: common.Replicas(ctx, Component),

67
				Strategy: common.DeploymentStrategy,

68
				Template: corev1.PodTemplateSpec{

69
					ObjectMeta: metav1.ObjectMeta{

70
						Name:      Component,

71
						Namespace: ctx.Namespace,

72
						Labels:    labels,

73
						Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaDeployment, func() map[string]string {

74
							return map[string]string{

75
								common.AnnotationConfigChecksum: configHash,

76
							}

77
						}),

78
					},

79
					Spec: corev1.PodSpec{

80
						Affinity:                  cluster.WithNodeAffinityHostnameAntiAffinity(Component, cluster.AffinityLabelIDE),

81
						TopologySpreadConstraints: cluster.WithHostnameTopologySpread(Component),

82
						ServiceAccountName:        Component,

83
						EnableServiceLinks:        pointer.Bool(false),

84
						Volumes: []corev1.Volume{

85
							{

86
								Name:         "cache",

87
								VolumeSource: corev1.VolumeSource{EmptyDir: &corev1.EmptyDirVolumeSource{}},

88
							}, {

89
								Name: "config",

90
								VolumeSource: corev1.VolumeSource{

91
									ConfigMap: &corev1.ConfigMapVolumeSource{

92
										LocalObjectReference: corev1.LocalObjectReference{Name: Component},

93
									},

94
								},

95
							}, {

96
								Name: volumeName,

97
								VolumeSource: corev1.VolumeSource{

98
									Secret: &corev1.SecretVolumeSource{

99
										SecretName: secretName,

100
										Items:      []corev1.KeyToPath{{Key: ".dockerconfigjson", Path: "pull-secret.json"}},

101
									},

102
								},

103
							},

104
							common.CAVolume(),

105
						},

106
						Containers: []corev1.Container{{

107
							Name:            Component,

108
							Args:            []string{"run", "/mnt/config/config.json"},

109
							Image:           ctx.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.Blobserve.Version),

110
							ImagePullPolicy: corev1.PullIfNotPresent,

111
							Ports: []corev1.ContainerPort{{

112
								Name:          ServicePortName,

113
								ContainerPort: ContainerPort,

114
							}},

115
							Resources: common.ResourceRequirements(ctx, Component, Component, corev1.ResourceRequirements{

116
								Requests: corev1.ResourceList{

117
									"cpu":    resource.MustParse("100m"),

118
									"memory": resource.MustParse("32Mi"),

119
								},

120
							}),

121
							SecurityContext: &corev1.SecurityContext{

122
								Privileged: pointer.Bool(false),

123
								RunAsUser:  pointer.Int64(1000),

124
							},

125
							Env: common.CustomizeEnvvar(ctx, Component, common.MergeEnv(

126
								common.DefaultEnv(&ctx.Config),

127
								common.WorkspaceTracingEnv(ctx, Component),

128
							)),

129
							VolumeMounts: []corev1.VolumeMount{

130
								{

131
									Name:      "config",

132
									MountPath: "/mnt/config",

133
									ReadOnly:  true,

134
								}, {

135
									Name:      "cache",

136
									MountPath: "/mnt/cache",

137
								}, {

138
									Name:      volumeName,

139
									MountPath: "/mnt/pull-secret",

140
								},

141
								common.CAVolumeMount(),

142
							},

143


144
							ReadinessProbe: &corev1.Probe{

145
								ProbeHandler: corev1.ProbeHandler{

146
									HTTPGet: &corev1.HTTPGetAction{

147
										Path: "/ready",

148
										Port: intstr.IntOrString{IntVal: ReadinessPort},

149
									},

150
								},

151
								InitialDelaySeconds: 5,

152
								PeriodSeconds:       5,

153
								TimeoutSeconds:      2,

154
								SuccessThreshold:    1,

155
								FailureThreshold:    3,

156
							},

157
							LivenessProbe: &corev1.Probe{

158
								ProbeHandler: corev1.ProbeHandler{

159
									HTTPGet: &corev1.HTTPGetAction{

160
										Path: "/live",

161
										Port: intstr.IntOrString{IntVal: ReadinessPort},

162
									},

163
								},

164
								InitialDelaySeconds: 5,

165
								PeriodSeconds:       10,

166
								TimeoutSeconds:      2,

167
								SuccessThreshold:    1,

168
								FailureThreshold:    3,

169
							},

170
						}, *common.KubeRBACProxyContainer(ctx)},

171
						Tolerations: common.WithTolerationWorkspaceComponentNotReady(ctx),

172
					},

173
				},

174
			},

175
		},

176
	}, nil

177
}

178


179