Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/ws-manager-mk2/deployment.go
2501 views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License-AGPL.txt in the project root for license information.

4


5
package wsmanagermk2

6


7
import (

8
	appsv1 "k8s.io/api/apps/v1"

9
	corev1 "k8s.io/api/core/v1"

10
	"k8s.io/apimachinery/pkg/api/resource"

11
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

12
	"k8s.io/apimachinery/pkg/runtime"

13
	"k8s.io/apimachinery/pkg/util/intstr"

14
	"k8s.io/utils/pointer"

15


16
	"github.com/gitpod-io/gitpod/installer/pkg/cluster"

17
	"github.com/gitpod-io/gitpod/installer/pkg/common"

18
	wsdaemon "github.com/gitpod-io/gitpod/installer/pkg/components/ws-daemon"

19
	"github.com/gitpod-io/gitpod/installer/pkg/config/v1"

20
)

21


22
func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {

23
	labels := common.DefaultLabels(Component)

24


25
	configHash, err := common.ObjectHash(configmap(ctx))

26
	if err != nil {

27
		return nil, err

28
	}

29


30
	var volumes []corev1.Volume

31
	var volumeMounts []corev1.VolumeMount

32
	if ctx.Config.Kind == config.InstallationWorkspace {

33
		// Image builder TLS is only enabled in workspace clusters. This check

34
		// can be removed once image-builder-mk3 has been removed from application clusters

35
		// (https://github.com/gitpod-io/gitpod/issues/7845).

36
		volumes = append(volumes, corev1.Volume{

37
			Name: common.ImageBuilderVolumeTLSCerts,

38
			VolumeSource: corev1.VolumeSource{

39
				Secret: &corev1.SecretVolumeSource{SecretName: common.ImageBuilderTLSSecret},

40
			},

41
		})

42
		volumeMounts = append(volumeMounts, corev1.VolumeMount{

43
			Name:      common.ImageBuilderVolumeTLSCerts,

44
			MountPath: "/image-builder-mk3-tls-certs",

45
			ReadOnly:  true,

46
		})

47
	}

48
	if ctx.Config.SSHGatewayCAKey != nil {

49
		volumes = append(volumes, corev1.Volume{

50
			Name: "ca-key",

51
			VolumeSource: corev1.VolumeSource{

52
				Secret: &corev1.SecretVolumeSource{

53
					SecretName: ctx.Config.SSHGatewayCAKey.Name,

54
					Optional:   pointer.Bool(true),

55
				},

56
			},

57
		})

58


59
		volumeMounts = append(volumeMounts, corev1.VolumeMount{

60
			Name:      "ca-key",

61
			MountPath: "/mnt/ca-key/ca.pem",

62
			SubPath:   "ca.pem",

63
			ReadOnly:  true,

64
		})

65
	}

66


67
	podSpec := corev1.PodSpec{

68
		PriorityClassName:         common.SystemNodeCritical,

69
		Affinity:                  cluster.WithNodeAffinityHostnameAntiAffinity(Component, cluster.AffinityLabelServices),

70
		TopologySpreadConstraints: cluster.WithHostnameTopologySpread(Component),

71
		EnableServiceLinks:        pointer.Bool(false),

72
		ServiceAccountName:        Component,

73
		SecurityContext: &corev1.PodSecurityContext{

74
			RunAsUser: pointer.Int64(31002),

75
		},

76
		Containers: []corev1.Container{{

77
			Name: Component,

78
			Args: []string{

79
				"--config", "/config/config.json",

80
			},

81
			Image:           ctx.ImageName(ctx.Config.Repository, Component, ctx.VersionManifest.Components.WSManagerMk2.Version),

82
			ImagePullPolicy: corev1.PullIfNotPresent,

83
			Resources: common.ResourceRequirements(ctx, Component, Component, corev1.ResourceRequirements{

84
				Requests: corev1.ResourceList{

85
					"cpu":    resource.MustParse("100m"),

86
					"memory": resource.MustParse("32Mi"),

87
				},

88
			}),

89
			LivenessProbe: &corev1.Probe{

90
				ProbeHandler: corev1.ProbeHandler{

91
					HTTPGet: &corev1.HTTPGetAction{

92
						Path: "/healthz",

93
						Port: intstr.FromInt(HealthPort),

94
					},

95
				},

96
				InitialDelaySeconds: 15,

97
				PeriodSeconds:       20,

98
			},

99
			ReadinessProbe: &corev1.Probe{

100
				ProbeHandler: corev1.ProbeHandler{

101
					HTTPGet: &corev1.HTTPGetAction{

102
						Path: "/readyz",

103
						Port: intstr.FromInt(HealthPort),

104
					},

105
				},

106
				InitialDelaySeconds: 5,

107
				PeriodSeconds:       10,

108
			},

109
			Ports: []corev1.ContainerPort{

110
				{

111
					Name:          RPCPortName,

112
					ContainerPort: RPCPort,

113
				},

114
			},

115
			SecurityContext: &corev1.SecurityContext{

116
				Privileged: pointer.Bool(false),

117
			},

118
			Env: common.MergeEnv(

119
				common.DefaultEnv(&ctx.Config),

120
				common.WorkspaceTracingEnv(ctx, Component),

121
				[]corev1.EnvVar{{Name: "GRPC_GO_RETRY", Value: "on"}},

122
			),

123
			VolumeMounts: append([]corev1.VolumeMount{

124
				{

125
					Name:      VolumeConfig,

126
					MountPath: "/config",

127
					ReadOnly:  true,

128
				},

129
				{

130
					Name:      VolumeWorkspaceTemplate,

131
					MountPath: WorkspaceTemplatePath,

132
					ReadOnly:  true,

133
				},

134
				{

135
					Name:      wsdaemon.VolumeTLSCerts,

136
					MountPath: "/ws-daemon-tls-certs",

137
					ReadOnly:  true,

138
				},

139
				{

140
					Name:      VolumeTLSCerts,

141
					MountPath: "/certs",

142
					ReadOnly:  true,

143
				},

144
				common.CAVolumeMount(),

145
			}, volumeMounts...),

146
		},

147
			*common.KubeRBACProxyContainer(ctx),

148
		},

149
		Tolerations: common.WithTolerationWorkspaceComponentNotReady(ctx),

150
		Volumes: append([]corev1.Volume{

151
			{

152
				Name: VolumeConfig,

153
				VolumeSource: corev1.VolumeSource{

154
					ConfigMap: &corev1.ConfigMapVolumeSource{

155
						LocalObjectReference: corev1.LocalObjectReference{Name: Component},

156
					},

157
				},

158
			},

159
			{

160
				Name: VolumeWorkspaceTemplate,

161
				VolumeSource: corev1.VolumeSource{

162
					ConfigMap: &corev1.ConfigMapVolumeSource{

163
						LocalObjectReference: corev1.LocalObjectReference{Name: WorkspaceTemplateConfigMap},

164
					},

165
				},

166
			},

167
			{

168
				Name: wsdaemon.VolumeTLSCerts,

169
				VolumeSource: corev1.VolumeSource{

170
					Secret: &corev1.SecretVolumeSource{SecretName: wsdaemon.TLSSecretName},

171
				},

172
			},

173
			{

174
				Name: VolumeTLSCerts,

175
				VolumeSource: corev1.VolumeSource{

176
					Secret: &corev1.SecretVolumeSource{SecretName: TLSSecretNameSecret},

177
				},

178
			},

179
			common.CAVolume(),

180
		}, volumes...),

181
	}

182


183
	err = common.AddStorageMounts(ctx, &podSpec, Component)

184
	if err != nil {

185
		return nil, err

186
	}

187


188
	return []runtime.Object{

189
		&appsv1.Deployment{

190
			TypeMeta: common.TypeMetaDeployment,

191
			ObjectMeta: metav1.ObjectMeta{

192
				Name:      Component,

193
				Namespace: ctx.Namespace,

194
				Labels:    labels,

195
			},

196
			Spec: appsv1.DeploymentSpec{

197
				Selector: &metav1.LabelSelector{MatchLabels: labels},

198
				Replicas: pointer.Int32(2),

199
				Strategy: common.DeploymentStrategy,

200
				Template: corev1.PodTemplateSpec{

201
					ObjectMeta: metav1.ObjectMeta{

202
						Name:      Component,

203
						Namespace: ctx.Namespace,

204
						Labels:    labels,

205
						Annotations: map[string]string{

206
							common.AnnotationConfigChecksum: configHash,

207
						},

208
					},

209
					Spec: podSpec,

210
				},

211
			},

212
		},

213
	}, nil

214
}

215


216