Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[workspaces] Support workspace-wide network namespace #6409

Merged
merged 3 commits into from
Oct 26, 2021
Merged

[workspaces] Support workspace-wide network namespace #6409

merged 3 commits into from
Oct 26, 2021

Conversation

csweichel
Copy link
Contributor

@csweichel csweichel commented Oct 26, 2021
edited
Loading

Description

This PR introduces an "experimental network" mode for workspaces whereby the entire workspace is wrapped in a network namespace. This enables a seamless tailscale experience in a Gitpod workspace, at the cost of networking performance.

Once we have seccomp_addfd available in prod we can make this GA and remove the config flag.

How to test

Open https://cw-wskit-netns.staging.gitpod-dev.com/#https://github.com/gitpod-io/template-tailscale/tree/cw/demo

Release Notes

Experimental support for `CAP_NET_ADMIN` in workspaces

Documentation

@roboquat roboquat added team: IDE team: webapp Issue belongs to the WebApp team team: workspace Issue belongs to the Workspace team size/L labels Oct 26, 2021
@csweichel csweichel marked this pull request as ready for review October 26, 2021 18:02
@csweichel
Copy link
Contributor Author

/approve

@csweichel
Copy link
Contributor Author

/approve no-issue

@JanKoehnlein
Copy link
Contributor

/lgtm

@roboquat roboquat added the lgtm label Oct 26, 2021
@roboquat
Copy link
Contributor

LGTM label has been added.

Git tree hash: 8e386fd65d58aae051999405afdc9e81001b6622

@AlexTugarev
Copy link
Member

/approve

protocol and server changes LGTM

@roboquat roboquat removed the lgtm label Oct 26, 2021
@corneliusludmann
Copy link
Contributor

/approve

@csweichel
Copy link
Contributor Author

/lgtm

@codecov
Copy link

codecov bot commented Oct 26, 2021
edited by werft-gitpod-dev-com bot
Loading

Codecov Report

Merging #6409 (3dcfb86) into main (e7c93eb) will decrease coverage by 1.64%.
The diff coverage is 15.06%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #6409      +/-   ##
==========================================
- Coverage   40.03%   38.38%   -1.65%     
==========================================
  Files          55       18      -37     
  Lines       10721     4343    -6378     
==========================================
- Hits         4292     1667    -2625     
+ Misses       6097     2544    -3553     
+ Partials      332      132     -200
Flag Coverage Δ
components-blobserve-app ?
components-blobserve-lib ?
components-ee-ws-scheduler-app ?
components-ee-ws-scheduler-lib ?
components-image-builder-mk3-app ?
components-local-app-app-darwin-amd64 ?
components-local-app-app-darwin-arm64 ?
components-local-app-app-linux-amd64 ?
components-local-app-app-linux-arm64 ?
components-local-app-app-windows-386 ?
components-local-app-app-windows-amd64 ?
components-local-app-app-windows-arm64 ?
components-registry-facade-app ?
components-registry-facade-lib ?
components-supervisor-app 38.38% <15.06%> (?)
components-ws-manager-api-go-lib ?
components-ws-manager-app ?
components-ws-proxy-app ?
components-ws-proxy-lib ?
dev-loadgen-app ?
installer-app ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
components/supervisor/pkg/ports/slirp4netns.go 0.00% <0.00%> (ø)
components/supervisor/pkg/supervisor/supervisor.go 6.16% <0.00%> (ø)
components/supervisor/pkg/ports/ports.go 60.20% <55.00%> (ø)
components/ws-manager/pkg/manager/manager.go
components/ws-proxy/pkg/proxy/cookies.go
components/ws-proxy/pkg/proxy/proxy.go
components/blobserve/pkg/blobserve/blobserve.go
...onents/registry-facade/pkg/registry/layersource.go
installer/pkg/components/ws-manager/role.go
components/ws-manager/pkg/manager/status.go
... and 65 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e7c93eb...3dcfb86. Read the comment docs.

@roboquat
Copy link
Contributor

@csweichel: you cannot LGTM your own PR.

In response to this:

/lgtm

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@corneliusludmann
Copy link
Contributor

/lgtm

@roboquat roboquat added the lgtm label Oct 26, 2021
@roboquat
Copy link
Contributor

LGTM label has been added.

Git tree hash: d586c0ec9c91edb9452a6ad955049d79a431c0ec

@roboquat
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AlexTugarev, corneliusludmann, csweichel, JanKoehnlein

Associated issue requirement bypassed by: csweichel

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@roboquat roboquat merged commit 46c7237 into main Oct 26, 2021
@roboquat roboquat deleted the cw/wskit-netns branch October 26, 2021 18:42
@roboquat roboquat added deployed: workspace Workspace team change is running in production deployed: IDE IDE change is running in production deployed: webapp Meta team change is running in production deployed Change is completely running in production labels Oct 31, 2021
@iQQBot iQQBot mentioned this pull request Nov 28, 2021
Closed
This was referenced Dec 3, 2021
Closed
Closed
@mustard-mh mustard-mh mentioned this pull request Feb 8, 2022
Merged
@nooobcoder nooobcoder mentioned this pull request Jun 8, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aledbf aledbf Awaiting requested review from aledbf

@AlexTugarev AlexTugarev Awaiting requested review from AlexTugarev

@geropl geropl Awaiting requested review from geropl

@jeanp413 jeanp413 Awaiting requested review from jeanp413

@mrsimonemms mrsimonemms Awaiting requested review from mrsimonemms

@princerachit princerachit Awaiting requested review from princerachit

Assignees

@JanKoehnlein JanKoehnlein

@corneliusludmann corneliusludmann

Labels
approved deployed: IDE IDE change is running in production deployed: webapp Meta team change is running in production deployed: workspace Workspace team change is running in production deployed Change is completely running in production release-note size/L team: IDE team: webapp Issue belongs to the WebApp team team: workspace Issue belongs to the Workspace team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@csweichel @JanKoehnlein @roboquat @AlexTugarev @corneliusludmann @geropl