Workspace Daemon (ws-daemon) Component
Overview
The Workspace Daemon (ws-daemon) is a critical component that runs on each Kubernetes node in the Gitpod cluster. It manages workspace-related operations at the node level, including workspace initialization, content synchronization, backup, and resource management.
Purpose
The primary purposes of the Workspace Daemon are:
Initialize workspace content on the node
Manage workspace backups and snapshots
Enforce workspace resource limits (disk space, etc.)
Monitor workspace health and status
Provide low-level workspace operations that require node-level access
Synchronize workspace content with storage backends
Architecture
The Workspace Daemon operates as a node-level daemon with several key components:
Content Manager: Handles workspace content initialization and synchronization
Backup System: Manages periodic backups of workspace content
Resource Controller: Enforces resource limits and quotas
gRPC API Server: Provides an API for workspace operations
Health Monitoring: Monitors workspace and node health
The daemon runs with elevated privileges on each node to perform operations that require system-level access, such as managing LVM volumes, enforcing disk quotas, and accessing workspace filesystems.
Key Files and Structure
main.go: Entry point that calls the Execute function from the cmd packagecmd/root.go: Defines the root command and basic service configurationcmd/run.go: Implements the main daemon servicecmd/client*.go: Client commands for interacting with the daemonpkg/daemon/: Core daemon implementationpkg/content/: Workspace content managementnsinsider/: Namespace operations helper
Dependencies
Internal Dependencies
components/common-go:lib: Common Go utilitiescomponents/content-service-api/go:lib: Content service API definitionscomponents/content-service:lib: Content service clientcomponents/ws-daemon-api/go:lib: Workspace daemon API definitionscomponents/ws-manager-api/go:lib: Workspace manager API definitionscomponents/ws-manager-mk2:crd: Workspace manager custom resource definitions
External Dependencies
Kubernetes client libraries
Storage backend libraries (Minio, GCloud)
System-level libraries for resource management
gRPC for API communication
Configuration
The Workspace Daemon is configured via a JSON configuration file that includes:
Content Configuration
Working area location
Backup period
Workspace size limits
Storage backend configuration (Minio, GCloud)
Service Configuration
API server address
TLS settings
Monitoring Configuration
Prometheus metrics endpoint
Health check settings
Integration Points
The Workspace Daemon integrates with:
Workspace Manager: Receives workspace lifecycle events
Content Service: For workspace content storage and retrieval
Supervisor: For workspace-level operations
Storage Backends: For content backup and synchronization
Kubernetes: For node and pod information
Security Considerations
Runs with elevated privileges on the node
Manages sensitive workspace content
Enforces isolation between workspaces
Handles resource limits and quotas
Requires secure communication with other components
Common Usage Patterns
The Workspace Daemon is typically used to:
Initialize workspace content when a workspace starts
Perform periodic backups of workspace content
Enforce disk quotas and resource limits
Provide workspace snapshots for persistence
Clean up workspace resources when a workspace is deleted
Resource Management
The Workspace Daemon implements sophisticated resource management:
Disk Quotas: Enforces workspace disk usage limits
Disk Space Monitoring: Ensures sufficient disk space is available on the node
LVM Management: Creates and manages LVM volumes for workspaces (when applicable)
Related Components
Workspace Manager: Orchestrates workspace lifecycle, interacts with ws-daemon for node-level operations
Supervisor: Runs inside workspace containers, interacts with ws-daemon for content operations
Content Service: Provides storage for workspace content