1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package wsproxy
6

7
import (
8
	"fmt"
9
	"time"
10

11
	"github.com/gitpod-io/gitpod/installer/pkg/components/workspace"
12
	wsmanagermk2 "github.com/gitpod-io/gitpod/installer/pkg/components/ws-manager-mk2"
13
	configv1 "github.com/gitpod-io/gitpod/installer/pkg/config/v1"
14
	"github.com/gitpod-io/gitpod/installer/pkg/config/v1/experimental"
15

16
	"github.com/gitpod-io/gitpod/common-go/baseserver"
17
	"github.com/gitpod-io/gitpod/common-go/util"
18
	"github.com/gitpod-io/gitpod/installer/pkg/common"
19
	"github.com/gitpod-io/gitpod/ws-proxy/pkg/config"
20
	"github.com/gitpod-io/gitpod/ws-proxy/pkg/proxy"
21

22
	corev1 "k8s.io/api/core/v1"
23
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
24
	"k8s.io/apimachinery/pkg/runtime"
25
)
26

27
func configmap(ctx *common.RenderContext) ([]runtime.Object, error) {
28
	header := HostHeader
29
	blobServeHost := fmt.Sprintf("ide.%s", ctx.Config.Domain)
30
	gitpodInstallationHostName := ctx.Config.Domain
31

32
	installationShortNameSuffix := ""
33
	if ctx.Config.Metadata.InstallationShortname != "" && ctx.Config.Metadata.InstallationShortname != configv1.InstallationShortNameOldDefault {
34
		installationShortNameSuffix = "-" + ctx.Config.Metadata.InstallationShortname
35
	}
36

37
	gitpodInstallationWorkspaceHostSuffix := fmt.Sprintf(".ws%s.%s", installationShortNameSuffix, ctx.Config.Domain)
38
	gitpodInstallationWorkspaceHostSuffixRegex := fmt.Sprintf("\\.ws[^\\.]*\\.%s", ctx.Config.Domain)
39

40
	wsManagerConfig := &config.WorkspaceManagerConn{
41
		Addr: fmt.Sprintf("ws-manager-mk2:%d", wsmanagermk2.RPCPort),
42
		TLS: struct {
43
			CA   string "json:\"ca\""
44
			Cert string "json:\"crt\""
45
			Key  string "json:\"key\""
46
		}{
47
			CA:   "/ws-manager-client-tls-certs/ca.crt",
48
			Cert: "/ws-manager-client-tls-certs/tls.crt",
49
			Key:  "/ws-manager-client-tls-certs/tls.key",
50
		},
51
	}
52

53
	ctx.WithExperimental(func(ucfg *experimental.Config) error {
54
		if ucfg.Workspace == nil {
55
			return nil
56
		}
57
		if ucfg.Workspace.WSProxy.IngressHeader != "" {
58
			header = ucfg.Workspace.WSProxy.IngressHeader
59
		}
60
		if ucfg.Workspace.WSProxy.BlobServeHost != "" {
61
			blobServeHost = ucfg.Workspace.WSProxy.BlobServeHost
62
		}
63
		if ucfg.Workspace.WSProxy.GitpodInstallationHostName != "" {
64
			gitpodInstallationHostName = ucfg.Workspace.WSProxy.GitpodInstallationHostName
65
		}
66
		if ucfg.Workspace.WSProxy.GitpodInstallationWorkspaceHostSuffix != "" {
67
			gitpodInstallationWorkspaceHostSuffix = ucfg.Workspace.WSProxy.GitpodInstallationWorkspaceHostSuffix
68
		}
69
		if ucfg.Workspace.WSProxy.GitpodInstallationWorkspaceHostSuffixRegex != "" {
70
			gitpodInstallationWorkspaceHostSuffixRegex = ucfg.Workspace.WSProxy.GitpodInstallationWorkspaceHostSuffixRegex
71
		}
72

73
		return nil
74
	})
75

76
	// todo(sje): wsManagerProxy seems to be unused
77
	wspcfg := config.Config{
78
		Namespace: ctx.Namespace,
79
		Ingress: proxy.HostBasedIngressConfig{
80
			HTTPAddress:  fmt.Sprintf("0.0.0.0:%d", HTTPProxyPort),
81
			HTTPSAddress: fmt.Sprintf("0.0.0.0:%d", HTTPSProxyPort),
82
			Header:       header,
83
		},
84
		Proxy: proxy.Config{
85
			HTTPS: struct {
86
				Key         string `json:"key"`
87
				Certificate string `json:"crt"`
88
			}{
89
				Key:         "/mnt/certificates/tls.key",
90
				Certificate: "/mnt/certificates/tls.crt",
91
			},
92
			TransportConfig: &proxy.TransportConfig{
93
				ConnectTimeout:      util.Duration(time.Second * 10),
94
				IdleConnTimeout:     util.Duration(time.Minute),
95
				MaxIdleConns:        0,
96
				MaxIdleConnsPerHost: 100,
97
			},
98
			BlobServer: &proxy.BlobServerConfig{
99
				Scheme:     "https",
100
				Host:       blobServeHost,
101
				PathPrefix: "/blobserve",
102
			},
103
			GitpodInstallation: &proxy.GitpodInstallation{
104
				Scheme:                   "https",
105
				HostName:                 gitpodInstallationHostName,
106
				WorkspaceHostSuffix:      gitpodInstallationWorkspaceHostSuffix,
107
				WorkspaceHostSuffixRegex: gitpodInstallationWorkspaceHostSuffixRegex,
108
			},
109
			WorkspacePodConfig: &proxy.WorkspacePodConfig{
110
				TheiaPort:               workspace.ContainerPort,
111
				IDEDebugPort:            workspace.IDEDebugPort,
112
				SupervisorPort:          workspace.SupervisorPort,
113
				SupervisorDebugPort:     workspace.SupervisorDebugPort,
114
				DebugWorkspaceProxyPort: workspace.DebugWorkspaceProxyPort,
115
				SupervisorImage:         ctx.ImageName(ctx.Config.Repository, workspace.SupervisorImage, ctx.VersionManifest.Components.Workspace.Supervisor.Version),
116
			},
117
			BuiltinPages: proxy.BuiltinPagesConfig{
118
				Location: "/app/public",
119
			},
120
		},
121
		PProfAddr:          common.LocalhostAddressFromPort(baseserver.BuiltinDebugPort),
122
		PrometheusAddr:     common.LocalhostPrometheusAddr(),
123
		ReadinessProbeAddr: fmt.Sprintf(":%v", ReadinessPort),
124
		WorkspaceManager:   wsManagerConfig,
125
	}
126

127
	if ctx.Config.SSHGatewayCAKey != nil {
128
		wspcfg.Proxy.SSHGatewayCAKeyFile = "/mnt/ca-key/ca.key"
129
	}
130

131
	fc, err := common.ToJSONString(wspcfg)
132
	if err != nil {
133
		return nil, fmt.Errorf("failed to marshal ws-proxy config: %w", err)
134
	}
135

136
	return []runtime.Object{
137
		&corev1.ConfigMap{
138
			TypeMeta: common.TypeMetaConfigmap,
139
			ObjectMeta: metav1.ObjectMeta{
140
				Name:        Component,
141
				Namespace:   ctx.Namespace,
142
				Labels:      common.CustomizeLabel(ctx, Component, common.TypeMetaConfigmap),
143
				Annotations: common.CustomizeAnnotation(ctx, Component, common.TypeMetaConfigmap),
144
			},
145
			Data: map[string]string{
146
				"config.json": string(fc),
147
			},
148
		},
149
	}, nil
150
}
151

152