1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
// experimental bundles all internal bits of configuration for which we do not offer
6
// support. We use those flags internally to operate SaaS, but do not expect anyone
7
// outside of Gitpod to use.
8
//
9
// Changes in this section will NOT be backwards compatible change at will without prior notice.
10
// If you use any setting herein, you forfeit support from Gitpod.
11
package experimental
12

13
import (
14
	"time"
15

16
	agentSmith "github.com/gitpod-io/gitpod/agent-smith/pkg/config"
17
	"github.com/gitpod-io/gitpod/common-go/grpc"
18
	db "github.com/gitpod-io/gitpod/components/gitpod-db/go"
19
	"github.com/gitpod-io/gitpod/ws-daemon/pkg/cpulimit"
20
	corev1 "k8s.io/api/core/v1"
21
	"k8s.io/apimachinery/pkg/api/resource"
22
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
23
)
24

25
// Config contains all experimental configuration.
26
type Config struct {
27
	Workspace  *WorkspaceConfig   `json:"workspace,omitempty"`
28
	WebApp     *WebAppConfig      `json:"webapp,omitempty"`
29
	IDE        *IDEConfig         `json:"ide,omitempty"`    // @deprecated
30
	Common     *CommonConfig      `json:"common,omitempty"` // @deprecated
31
	Overrides  *[]Overrides       `json:"overrides,omitempty"`
32
	AgentSmith *agentSmith.Config `json:"agentSmith,omitempty"` // @deprecated
33
}
34

35
type CommonConfig struct {
36
	// Deprecated.
37
	PodConfig map[string]*PodConfig `json:"podConfig,omitempty"`
38
}
39

40
type PodConfig struct {
41
	Replicas  *int32                                  `json:"replicas,omitempty"`
42
	Resources map[string]*corev1.ResourceRequirements `json:"resources,omitempty"`
43
}
44

45
type NodeToContainerMappingValues struct {
46
	Path  string `json:"path"`
47
	Value string `json:"value"`
48
}
49

50
type WorkspaceConfig struct {
51
	Tracing                  *Tracing `json:"tracing,omitempty"`
52
	Stage                    string   `json:"stage,omitempty"`
53
	SchedulerName            string   `json:"schedulerName,omitempty"`
54
	HostURL                  string   `json:"hostURL,omitempty"`
55
	WorkspaceClusterHost     string   `json:"workspaceClusterHost,omitempty"`
56
	WorkspaceURLTemplate     string   `json:"workspaceURLTemplate,omitempty"`
57
	WorkspacePortURLTemplate string   `json:"workspacePortURLTemplate,omitempty"`
58

59
	WorkspaceCIDR string `json:"workspaceCIDR,omitempty"`
60

61
	CPULimits struct {
62
		Enabled          bool              `json:"enabled"`
63
		NodeCPUBandwidth resource.Quantity `json:"nodeBandwidth"`
64
		Limit            resource.Quantity `json:"limit"`
65
		BurstLimit       resource.Quantity `json:"burstLimit"`
66
	}
67
	IOLimits struct {
68
		WriteBWPerSecond resource.Quantity `json:"writeBandwidthPerSecond"`
69
		ReadBWPerSecond  resource.Quantity `json:"readBandwidthPerSecond"`
70
		WriteIOPS        int64             `json:"writeIOPS"`
71
		ReadIOPS         int64             `json:"readIOPS"`
72
	} `json:"ioLimits"`
73
	NetworkLimits struct {
74
		Enabled              bool  `json:"enabled"`
75
		Enforce              bool  `json:"enforce"`
76
		ConnectionsPerMinute int64 `json:"connectionsPerMinute"`
77
		BucketSize           int64 `json:"bucketSize"`
78
	} `json:"networkLimits"`
79
	OOMScores struct {
80
		Enabled bool `json:"enabled"`
81
		Tier1   int  `json:"tier1"`
82
		Tier2   int  `json:"tier2"`
83
	} `json:"oomScores"`
84

85
	ProcLimit int64 `json:"procLimit"`
86

87
	WSManagerRateLimits map[string]grpc.RateLimit `json:"wsManagerRateLimits,omitempty"`
88

89
	RegistryFacade struct {
90
		IPFSCache struct {
91
			Enabled  bool   `json:"enabled"`
92
			IPFSAddr string `json:"ipfsAddr"`
93
		} `json:"ipfsCache"`
94
		RedisCache struct {
95
			Enabled            bool   `json:"enabled"`
96
			SingleHostAddress  string `json:"singleHostAddr"`
97
			Username           string `json:"username"`
98
			PasswordSecret     string `json:"passwordSecret"`
99
			UseTLS             bool   `json:"useTLS"`
100
			InsecureSkipVerify bool   `json:"insecureSkipVerify"`
101
		} `json:"redisCache"`
102
	} `json:"registryFacade"`
103

104
	WSDaemon struct {
105
		Runtime struct {
106
			NodeToContainerMapping []NodeToContainerMappingValues `json:"nodeToContainerMapping"`
107
		} `json:"runtime"`
108
	} `json:"wsDaemon"`
109

110
	WorkspaceClasses        map[string]WorkspaceClass `json:"classes,omitempty"`
111
	PreferredWorkspaceClass string                    `json:"preferredWorkspaceClass,omitempty"`
112

113
	WSProxy struct {
114
		IngressHeader                              string `json:"ingressHeader"`
115
		BlobServeHost                              string `json:"blobServeHost"`
116
		GitpodInstallationHostName                 string `json:"gitpodInstallationHostName"`
117
		GitpodInstallationWorkspaceHostSuffix      string `json:"gitpodInstallationWorkspaceHostSuffix"`
118
		GitpodInstallationWorkspaceHostSuffixRegex string `json:"gitpodInstallationWorkspaceHostSuffixRegex"`
119
	} `json:"wsProxy"`
120

121
	ContentService struct {
122
		// Deprecated
123
		UsageReportBucketName string `json:"usageReportBucketName"`
124
	} `json:"contentService"`
125

126
	EnableProtectedSecrets *bool `json:"enableProtectedSecrets"`
127

128
	ImageBuilderMk3 struct {
129
		BaseImageRepositoryName      string `json:"baseImageRepositoryName"`
130
		WorkspaceImageRepositoryName string `json:"workspaceImageRepositoryName"`
131
	} `json:"imageBuilderMk3"`
132
}
133

134
type WorkspaceClass struct {
135
	Name        string             `json:"name" validate:"required"`
136
	Description string             `json:"description"`
137
	Resources   WorkspaceResources `json:"resources" validate:"required"`
138
	Templates   WorkspaceTemplates `json:"templates,omitempty"`
139
}
140

141
type WorkspaceResources struct {
142
	Requests corev1.ResourceList `json:"requests" validate:"required"`
143
	Limits   WorkspaceLimits     `json:"limits,omitempty"`
144
}
145

146
type WorkspaceLimits struct {
147
	Cpu              WorkspaceCpuLimits `json:"cpu"`
148
	Memory           string             `json:"memory"`
149
	Storage          string             `json:"storage"`
150
	EphemeralStorage string             `json:"ephemeral-storage"`
151
}
152

153
type WorkspaceCpuLimits struct {
154
	Buckets    []cpulimit.Bucket `json:"buckets"`
155
	MinLimit   string            `json:"min"`
156
	BurstLimit string            `json:"burst"`
157
}
158

159
type WorkspaceTemplates struct {
160
	Default    *corev1.Pod `json:"default"`
161
	Prebuild   *corev1.Pod `json:"prebuild"`
162
	ImageBuild *corev1.Pod `json:"imagebuild"`
163
	Regular    *corev1.Pod `json:"regular"`
164
}
165

166
type StripePriceIDs struct {
167
	EUR string `json:"eur"`
168
	USD string `json:"usd"`
169
}
170

171
type StripeConfig struct {
172
	IndividualUsagePriceIDs StripePriceIDs `json:"individualUsagePriceIds"`
173
	TeamUsagePriceIDs       StripePriceIDs `json:"teamUsagePriceIds"`
174
}
175

176
type IAMConfig struct {
177
	OIDCClientsSecretName string `json:"oidsClientsConfigSecret,omitempty"`
178
}
179

180
type SpiceDBConfig struct {
181
	Enabled bool `json:"enabled"`
182

183
	DisableMigrations bool `json:"disableMigrations"`
184

185
	// Reference to a k8s secret which contains a "presharedKey" for authentication with SpiceDB
186
	// Required.
187
	SecretRef string `json:"secretRef"`
188
}
189

190
type RedisConfig struct {
191
	Address   string `json:"address,omitempty"`
192
	Username  string `json:"username,omitempty"`
193
	SecretRef string `json:"secretRef,omitempty"`
194
}
195

196
type WebAppConfig struct {
197
	PublicAPI *PublicAPIConfig `json:"publicApi,omitempty"`
198

199
	// PublicURL lets you override the publically reachable endpoints of gitpod (currently only public api endpoint)
200
	// If not set, default will be api.${Domain}
201
	PublicURL string `json:"publicUrl,omitempty"`
202

203
	Server                       *ServerConfig          `json:"server,omitempty"`
204
	ProxyConfig                  *ProxyConfig           `json:"proxy,omitempty"`
205
	WorkspaceManagerBridge       *WsManagerBridgeConfig `json:"wsManagerBridge,omitempty"`
206
	Tracing                      *Tracing               `json:"tracing,omitempty"`
207
	UsePodAntiAffinity           bool                   `json:"usePodAntiAffinity"`
208
	DisableMigration             bool                   `json:"disableMigration"`
209
	Usage                        *UsageConfig           `json:"usage,omitempty"`
210
	ConfigcatKey                 string                 `json:"configcatKey"`
211
	WorkspaceClasses             []WebAppWorkspaceClass `json:"workspaceClasses"`
212
	Stripe                       *StripeConfig          `json:"stripe,omitempty"`
213
	IAM                          *IAMConfig             `json:"iam,omitempty"`
214
	SpiceDB                      *SpiceDBConfig         `json:"spicedb,omitempty"`
215
	CertmanagerNamespaceOverride string                 `json:"certmanagerNamespaceOverride,omitempty"`
216
	Redis                        *RedisConfig           `json:"redis"`
217

218
	// ProxySettings is used if the gitpod cell uses some proxy for connectivity
219
	ProxySettings *ProxySettings `json:"proxySettings"`
220
}
221

222
type ProxySettings struct {
223
	HttpProxy  string `json:"http_proxy"`
224
	HttpsProxy string `json:"https_proxy"`
225
	// NoProxy setting should be used for the CIDRs and hostnames that should be not using the proxy URLs
226
	NoProxy string `json:"no_proxy"`
227
}
228

229
type WorkspaceDefaults struct {
230
	// @deprecated use workspace.workspaceImage instead
231
	WorkspaceImage string `json:"workspaceImage"`
232
}
233

234
type OAuthServer struct {
235
	JWTSecret string `json:"jwtSecret"`
236
}
237

238
type Session struct {
239
	Secret string `json:"secret"`
240
}
241

242
type GithubApp struct {
243
	AppId           int32  `json:"appId"`
244
	AuthProviderId  string `json:"authProviderId"`
245
	BaseUrl         string `json:"baseUrl"`
246
	CertPath        string `json:"certPath"`
247
	Enabled         bool   `json:"enabled"`
248
	LogLevel        string `json:"logLevel"`
249
	MarketplaceName string `json:"marketplaceName"`
250
	WebhookSecret   string `json:"webhookSecret"`
251
	CertSecretName  string `json:"certSecretName"`
252
}
253

254
type WsManagerBridgeConfig struct {
255
	SkipSelf bool `json:"skipSelf"`
256
}
257

258
type ServerConfig struct {
259
	WorkspaceDefaults                 WorkspaceDefaults `json:"workspaceDefaults"`
260
	OAuthServer                       OAuthServer       `json:"oauthServer"`
261
	Session                           Session           `json:"session"`
262
	GithubApp                         *GithubApp        `json:"githubApp"`
263
	StripeSecret                      string            `json:"stripeSecret"`
264
	StripeConfig                      string            `json:"stripeConfig"`
265
	LinkedInSecret                    string            `json:"linkedInSecret"`
266
	DisableDynamicAuthProviderLogin   bool              `json:"disableDynamicAuthProviderLogin"`
267
	EnableLocalApp                    *bool             `json:"enableLocalApp"`
268
	RunDbDeleter                      *bool             `json:"runDbDeleter"`
269
	DisableWorkspaceGarbageCollection bool              `json:"disableWorkspaceGarbageCollection"`
270
	DisableCompleteSnapshotJob        bool              `json:"disableCompleteSnapshotJob"`
271
	InactivityPeriodForReposInDays    *int              `json:"inactivityPeriodForReposInDays"`
272
	// deprecated: use IsDedicatedInstallation instead
273
	IsSingleOrgInstallation bool `json:"isSingleOrgInstallation"`
274
	IsDedicatedInstallation bool `json:"isDedicatedInstallation"`
275

276
	// @deprecated use containerRegistry.privateBaseImageAllowList instead
277
	DefaultBaseImageRegistryWhiteList []string `json:"defaultBaseImageRegistryWhitelist"`
278

279
	GoogleCloudProfilerEnabled bool `json:"gcpProfilerEnabled,omitempty"`
280
}
281

282
type ProxyConfig struct {
283
	StaticIP           string            `json:"staticIP"`
284
	ServiceAnnotations map[string]string `json:"serviceAnnotations"`
285

286
	// @deprecated use components.proxy.service.serviceType instead
287
	ServiceType *corev1.ServiceType `json:"serviceType,omitempty" validate:"omitempty,service_config_type"`
288

289
	Configcat *ConfigcatProxyConfig `json:"configcat,omitempty"`
290

291
	AnalyticsPlugin *AnalyticsPluginConfig `json:"analyticsPlugin,omitempty"`
292

293
	FrontendDevEnabled bool `json:"frontendDevEnabled"`
294
}
295

296
type ConfigcatProxyConfig struct {
297
	BaseUrl       string `json:"baseUrl"`
298
	PollInterval  string `json:"pollInterval"`
299
	FromConfigMap string `json:"fromConfigMap"`
300
}
301

302
type AnalyticsPluginConfig struct {
303
	TrustedSegmentKey   string `json:"trustedSegmentKey"`
304
	UntrustedSegmentKey string `json:"untrustedSegmentKey"`
305
	SegmentEndpoint     string `json:"segmentEndpoint,omitempty"`
306
}
307

308
type PublicAPIConfig struct {
309
	// Name of the kubernetes secret to use for Stripe secrets
310
	StripeSecretName string `json:"stripeSecretName"`
311

312
	// Name of the kubernetes secret to use for signature of Personal Access Tokens
313
	PersonalAccessTokenSigningKeySecretName string `json:"personalAccessTokenSigningKeySecretName"`
314
}
315

316
type UsageConfig struct {
317
	Enabled                          bool                     `json:"enabled"`
318
	Schedule                         string                   `json:"schedule"`
319
	ResetUsageSchedule               string                   `json:"resetUsageSchedule"`
320
	BillInstancesAfter               *time.Time               `json:"billInstancesAfter"`
321
	DefaultSpendingLimit             *db.DefaultSpendingLimit `json:"defaultSpendingLimit"`
322
	CreditsPerMinuteByWorkspaceClass map[string]float64       `json:"creditsPerMinuteByWorkspaceClass"`
323
}
324

325
type WebAppWorkspaceClass struct {
326
	Id          string                 `json:"id"`
327
	Category    string                 `json:"category"`
328
	DisplayName string                 `json:"displayName"`
329
	Description string                 `json:"description"`
330
	PowerUps    uint32                 `json:"powerups"`
331
	IsDefault   bool                   `json:"isDefault"`
332
	Deprecated  bool                   `json:"deprecated"`
333
	Marker      map[string]bool        `json:"marker,omitempty"`
334
	Credits     *WorkspaceClassCredits `json:"credits,omitempty"`
335
}
336

337
type WorkspaceClassCredits struct {
338
	PerMinute float64 `json:"perMinute,omitempty"`
339
}
340

341
// @deprecated
342
type IDEConfig struct {
343
	// Disable resolution of latest images and use bundled latest versions instead
344
	ResolveLatest    *bool             `json:"resolveLatest,omitempty"`
345
	IDEProxyConfig   *IDEProxyConfig   `json:"ideProxy,omitempty"`
346
	VSXProxyConfig   *VSXProxyConfig   `json:"openvsxProxy,omitempty"`
347
	IDEMetricsConfig *IDEMetricsConfig `json:"ideMetrics,omitempty"`
348
}
349

350
// @deprecated
351
type IDEProxyConfig struct {
352
	ServiceAnnotations map[string]string `json:"serviceAnnotations"`
353
}
354

355
// @deprecated
356
type IDEMetricsConfig struct {
357
	EnabledErrorReporting bool `json:"enabledErrorReporting,omitempty"`
358
}
359

360
// @deprecated
361
type VSXProxyConfig struct {
362
	ServiceAnnotations map[string]string `json:"serviceAnnotations"`
363
}
364

365
type TracingSampleType string
366

367
type Tracing struct {
368
	SamplerType  *TracingSampleType `json:"samplerType,omitempty" validate:"omitempty,tracing_sampler_type"`
369
	SamplerParam *float64           `json:"samplerParam,omitempty" validate:"required_with=SamplerType"`
370
}
371

372
// Values taken from https://github.com/jaegertracing/jaeger-client-go/blob/967f9c36f0fa5a2617c9a0993b03f9a3279fadc8/config/config.go#L71
373
const (
374
	TracingSampleTypeConst         TracingSampleType = "const"
375
	TracingSampleTypeProbabilistic TracingSampleType = "probabilistic"
376
	TracingSampleTypeRateLimiting  TracingSampleType = "rateLimiting"
377
	TracingSampleTypeRemote        TracingSampleType = "remote"
378
)
379

380
type Overrides struct {
381
	metav1.TypeMeta `json:",inline"`
382
	Metadata        metav1.ObjectMeta `json:"metadata"`
383
	Override        map[string]any    `json:"override"`
384
}
385

386