Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/public-api-server/deployment.go
2501 views
1
// Copyright (c) 2022 Gitpod GmbH. All rights reserved.

2
/// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package public_api_server

6


7
import (

8
	"fmt"

9


10
	"github.com/gitpod-io/gitpod/installer/pkg/components/auth"

11
	"github.com/gitpod-io/gitpod/installer/pkg/config/v1/experimental"

12


13
	"github.com/gitpod-io/gitpod/common-go/baseserver"

14
	"github.com/gitpod-io/gitpod/common-go/kubernetes"

15


16
	"github.com/gitpod-io/gitpod/installer/pkg/cluster"

17
	"github.com/gitpod-io/gitpod/installer/pkg/common"

18
	appsv1 "k8s.io/api/apps/v1"

19
	corev1 "k8s.io/api/core/v1"

20
	"k8s.io/apimachinery/pkg/api/resource"

21
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

22
	"k8s.io/apimachinery/pkg/runtime"

23
	"k8s.io/apimachinery/pkg/util/intstr"

24
	"k8s.io/utils/pointer"

25
)

26


27
const (

28
	configmapVolume = "config"

29
	configMountPath = "/config.json"

30
)

31


32
func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {

33
	configHash, err := common.ObjectHash(configmap(ctx))

34
	if err != nil {

35
		return nil, err

36
	}

37


38
	databaseSecretVolume, databaseSecretMount, _ := common.DatabaseEnvSecret(ctx.Config)

39


40
	volumes := []corev1.Volume{

41
		{

42
			Name: configmapVolume,

43
			VolumeSource: corev1.VolumeSource{

44
				ConfigMap: &corev1.ConfigMapVolumeSource{

45
					LocalObjectReference: corev1.LocalObjectReference{

46
						Name: Component,

47
					},

48
				},

49
			},

50
		},

51
		databaseSecretVolume,

52
		common.CAVolume(),

53
	}

54
	volumeMounts := []corev1.VolumeMount{

55
		{

56
			Name:      configmapVolume,

57
			ReadOnly:  true,

58
			MountPath: configMountPath,

59
			SubPath:   configJSONFilename,

60
		},

61
		databaseSecretMount,

62
		common.CAVolumeMount(),

63
	}

64


65
	_ = ctx.WithExperimental(func(cfg *experimental.Config) error {

66
		volume, mount, _, ok := getStripeConfig(cfg)

67
		if !ok {

68
			return nil

69
		}

70


71
		volumes = append(volumes, volume)

72
		volumeMounts = append(volumeMounts, mount)

73
		return nil

74
	})

75


76
	_ = ctx.WithExperimental(func(cfg *experimental.Config) error {

77
		volume, mount, _, ok := getPersonalAccessTokenSigningKey(cfg)

78
		if !ok {

79
			return nil

80
		}

81


82
		volumes = append(volumes, volume)

83
		volumeMounts = append(volumeMounts, mount)

84
		return nil

85
	})

86


87
	authVolumes, authMounts, _ := auth.GetConfig(ctx)

88
	volumes = append(volumes, authVolumes...)

89
	volumeMounts = append(volumeMounts, authMounts...)

90


91
	labels := common.CustomizeLabel(ctx, Component, common.TypeMetaDeployment)

92


93
	imageName := ctx.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.PublicAPIServer.Version)

94
	return []runtime.Object{

95
		&appsv1.Deployment{

96
			TypeMeta: common.TypeMetaDeployment,

97
			ObjectMeta: metav1.ObjectMeta{

98
				Name:        Component,

99
				Namespace:   ctx.Namespace,

100
				Labels:      labels,

101
				Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaDeployment),

102
			},

103
			Spec: appsv1.DeploymentSpec{

104
				Selector: &metav1.LabelSelector{MatchLabels: common.DefaultLabels(Component)},

105
				Replicas: common.Replicas(ctx, Component),

106
				Strategy: common.DeploymentStrategy,

107
				Template: corev1.PodTemplateSpec{

108
					ObjectMeta: metav1.ObjectMeta{

109
						Name:      Component,

110
						Namespace: ctx.Namespace,

111
						Labels:    labels,

112
						Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaDeployment, func() map[string]string {

113
							return map[string]string{

114
								common.AnnotationConfigChecksum: configHash,

115
								kubernetes.ImageNameAnnotation:  imageName,

116
							}

117
						}),

118
					},

119
					Spec: corev1.PodSpec{

120
						Affinity:                      cluster.WithNodeAffinityHostnameAntiAffinity(Component, cluster.AffinityLabelMeta),

121
						TopologySpreadConstraints:     cluster.WithHostnameTopologySpread(Component),

122
						ServiceAccountName:            Component,

123
						EnableServiceLinks:            pointer.Bool(false),

124
						DNSPolicy:                     corev1.DNSClusterFirst,

125
						RestartPolicy:                 corev1.RestartPolicyAlways,

126
						TerminationGracePeriodSeconds: pointer.Int64(30),

127
						InitContainers: []corev1.Container{

128
							*common.DatabaseMigrationWaiterContainer(ctx),

129
							*common.RedisWaiterContainer(ctx),

130
						},

131
						Containers: []corev1.Container{

132
							{

133
								Name:  Component,

134
								Image: imageName,

135
								Args: []string{

136
									"run",

137
									fmt.Sprintf("--config=%s", configMountPath),

138
									"--json-log=true",

139
								},

140
								ImagePullPolicy: corev1.PullIfNotPresent,

141
								Resources: common.ResourceRequirements(ctx, Component, Component, corev1.ResourceRequirements{

142
									Requests: corev1.ResourceList{

143
										"cpu":    resource.MustParse("100m"),

144
										"memory": resource.MustParse("32Mi"),

145
									},

146
								}),

147
								Ports: []corev1.ContainerPort{

148
									{

149
										ContainerPort: GRPCContainerPort,

150
										Name:          GRPCPortName,

151
									},

152
								},

153
								SecurityContext: &corev1.SecurityContext{

154
									Privileged:               pointer.Bool(false),

155
									AllowPrivilegeEscalation: pointer.Bool(false),

156
								},

157
								Env: common.CustomizeEnvvar(ctx, Component, common.MergeEnv(

158
									common.DefaultEnv(&ctx.Config),

159
									common.ConfigcatEnv(ctx),

160
									common.DatabaseEnv(&ctx.Config),

161
								)),

162
								LivenessProbe: &corev1.Probe{

163
									ProbeHandler: corev1.ProbeHandler{

164
										HTTPGet: &corev1.HTTPGetAction{

165
											Path:   "/live",

166
											Port:   intstr.IntOrString{IntVal: baseserver.BuiltinHealthPort},

167
											Scheme: corev1.URISchemeHTTP,

168
										},

169
									},

170
									FailureThreshold: 3,

171
									SuccessThreshold: 1,

172
									TimeoutSeconds:   1,

173
								},

174
								ReadinessProbe: &corev1.Probe{

175
									ProbeHandler: corev1.ProbeHandler{

176
										HTTPGet: &corev1.HTTPGetAction{

177
											Path:   "/ready",

178
											Port:   intstr.IntOrString{IntVal: baseserver.BuiltinHealthPort},

179
											Scheme: corev1.URISchemeHTTP,

180
										},

181
									},

182
									FailureThreshold: 3,

183
									SuccessThreshold: 1,

184
									TimeoutSeconds:   1,

185
								},

186
								VolumeMounts: volumeMounts,

187
							},

188
							*common.KubeRBACProxyContainer(ctx),

189
						},

190
						Volumes:     volumes,

191
						Tolerations: common.WithTolerationWorkspaceComponentNotReady(ctx),

192
					},

193
				},

194
			},

195
		},

196
	}, nil

197
}

198


199