gitpod-io · roboquat · Nov 5, 2021 · Nov 3, 2021 · Nov 3, 2021 · Nov 3, 2021
diff --git a/chart/templates/ws-proxy-configmap.yaml b/chart/templates/ws-proxy-configmap.yaml
@@ -17,20 +17,12 @@ metadata:
 data:
   config.json: |-
     {
+        "namespace": {{ .Release.Namespace | quote }},
         "ingress": {
             "httpAddress": ":{{- $comp.ports.httpProxy.containerPort -}}",
             "httpsAddress": ":{{- $comp.ports.httpsProxy.containerPort -}}",
             "header": "{{- $comp.hostHeader -}}"
         },
-        "workspaceInfoProviderConfig": {
-            "wsManagerAddr": "ws-manager:8080",
-            "reconnectInterval": "3s",
-            "tls": {
-                "ca": "/ws-manager-client-tls-certs/ca.crt",
-                "crt": "/ws-manager-client-tls-certs/tls.crt",
-                "key": "/ws-manager-client-tls-certs/tls.key"
-            }
-        },
         "proxy": {
             "https": {
                 "crt": "/mnt/certificates/tls.crt",
@@ -53,8 +45,6 @@ data:
                 "workspaceHostSuffixRegex": {{ ($comp.workspaceHostSuffixRegex | default (printf "%s%s" "\\.ws[^\\.]*\\." ($.Values.hostname | replace "." "\\."))) | quote }}
             },
             "workspacePodConfig": {
-                "serviceTemplate": "http://ws-{{"{{ .workspaceID }}"}}-theia.{{- .Release.Namespace -}}.svc.cluster.local:{{"{{ .port }}"}}",
-                "portServiceTemplate": "http://ws-{{"{{ .workspaceID }}"}}-ports.{{- .Release.Namespace -}}.svc.cluster.local:{{"{{ .port }}"}}",
                 "theiaPort": {{ .Values.components.workspace.ports.http.containerPort }},
                 "supervisorPort": {{ .Values.components.workspace.ports.http.supervisorPort }},
                 "supervisorImage": "{{ template "gitpod.comp.imageFull" (dict "root" . "gp" $.Values "comp" .Values.components.workspace.supervisor) }}"

diff --git a/chart/templates/ws-proxy-deployment.yaml b/chart/templates/ws-proxy-deployment.yaml
@@ -66,7 +66,7 @@ spec:
           periodSeconds: 5
           failureThreshold: 10
           httpGet:
-            path: /
+            path: /readyz
             port: 60088
         livenessProbe:
           initialDelaySeconds: 2
@@ -75,15 +75,12 @@ spec:
           successThreshold: 1
           timeoutSeconds: 2
           httpGet:
-            path: /
+            path: /healthz
             port: 60088
         volumeMounts:
         - name: config
           mountPath: "/config"
           readOnly: true
-        - mountPath: /ws-manager-client-tls-certs
-          name: ws-manager-client-tls-certs
-          readOnly: true
 {{- if $.Values.certificatesSecret.secretName }}
         - name: config-certificates
           mountPath: "/mnt/certificates"
@@ -93,4 +90,4 @@ spec:
 {{ include "gitpod.container.defaultEnv" $this | indent 8 }}
 {{ include "gitpod.container.tracingEnv" $this | indent 8 }}
 {{ toYaml .Values.defaults | indent 6 }}
-{{ end }}
+{{ end }}
diff --git a/chart/templates/ws-proxy-role.yaml b/chart/templates/ws-proxy-role.yaml
@@ -0,0 +1,21 @@
+# Copyright (c) 2020 Gitpod GmbH. All rights reserved.
+# Licensed under the MIT License. See License-MIT.txt in the project root for license information.
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app: {{ template "gitpod.fullname" . }}
+    component: ws-proxy
+    kind: role
+    stage: {{ .Values.installation.stage }}
+  name: ws-proxy
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
diff --git a/chart/templates/ws-proxy-rolebinding.yaml b/chart/templates/ws-proxy-rolebinding.yaml
@@ -20,4 +20,23 @@ roleRef:
   kind: ClusterRole
   name: {{ .Release.Namespace }}-ns-psp:unprivileged
   apiGroup: rbac.authorization.k8s.io
-{{ end }}
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ws-proxy-api
+  labels:
+    app: {{ template "gitpod.fullname" . }}
+    component: ws-proxy
+    kind: role-binding
+    stage: {{ .Values.installation.stage }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ws-proxy
+subjects:
+- kind: ServiceAccount
+  name: ws-proxy
+
+{{ end }}
@@ -57,6 +57,22 @@ const (
 	// ContainerIsGoneAnnotation is used as workaround for containerd https://github.com/containerd/containerd/pull/4214
 	// which might cause workspace container status propagation to fail, which in turn would keep a workspace running indefinitely.
 	ContainerIsGoneAnnotation = "gitpod.io/containerIsGone"
+
+	// WorkspaceURLAnnotation is the annotation on the WS pod which contains the public workspace URL.
+	WorkspaceURLAnnotation = "gitpod/url"
+
+	// OwnerTokenAnnotation contains the owner token of the workspace.
+	OwnerTokenAnnotation = "gitpod/ownerToken"
+
+	// WorkspaceAdmissionAnnotation determines the user admission to a workspace, i.e. if it can be accessed by everyone without token.
+	WorkspaceAdmissionAnnotation = "gitpod/admission"
+
+	// WorkspaceImageSpecAnnotation contains the protobuf serialized image spec in base64 encoding. We need to keep this around post-request
+	// to provide this information to the registry facade later in the workspace's lifecycle.
+	WorkspaceImageSpecAnnotation = "gitpod/imageSpec"
+
+	// WorkspaceExposedPorts contains the exposed ports in the workspace
+	WorkspaceExposedPorts = "gitpod/exposedPorts"
 )
 
 // WorkspaceSupervisorEndpoint produces the supervisor endpoint of a workspace.

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 goog.exportSymbol('proto.contentservice.DeleteRequest', null, global);
 goog.exportSymbol('proto.contentservice.DeleteRequest.NameCase', null, global);

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 goog.exportSymbol('proto.contentservice.DeleteUserContentRequest', null, global);
 goog.exportSymbol('proto.contentservice.DeleteUserContentResponse', null, global);

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 goog.exportSymbol('proto.contentservice.ListLogsRequest', null, global);
 goog.exportSymbol('proto.contentservice.ListLogsResponse', null, global);

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 goog.exportSymbol('proto.ideplugin.PluginDownloadURLRequest', null, global);
 goog.exportSymbol('proto.ideplugin.PluginDownloadURLResponse', null, global);

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 goog.exportSymbol('proto.contentservice.CloneTargetMode', null, global);
 goog.exportSymbol('proto.contentservice.CompositeInitializer', null, global);

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 goog.exportSymbol('proto.contentservice.DeleteWorkspaceRequest', null, global);
 goog.exportSymbol('proto.contentservice.DeleteWorkspaceResponse', null, global);

@@ -1747,7 +1747,6 @@ type WorkspaceInstanceConditions struct {
 	FirstUserActivity string `json:"firstUserActivity,omitempty"`
 	NeededImageBuild  bool   `json:"neededImageBuild,omitempty"`
 	PullingImages     bool   `json:"pullingImages,omitempty"`
-	ServiceExists     bool   `json:"serviceExists,omitempty"`
 	Timeout           string `json:"timeout,omitempty"`
 }
 
@@ -1795,7 +1794,6 @@ type GetWorkspaceTimeoutResult struct {
 // WorkspaceInstancePort is the WorkspaceInstancePort message type
 type WorkspaceInstancePort struct {
 	Port       float64 `json:"port,omitempty"`
-	TargetPort float64 `json:"targetPort,omitempty"`
 	URL        string  `json:"url,omitempty"`
 	Visibility string  `json:"visibility,omitempty"`
 }

@@ -134,9 +134,6 @@ export interface WorkspaceInstanceConditions {
     // PullingImages marks if the workspace is currently pulling its images. This condition can only be set during PhaseCreating
     pullingImages?: boolean
 
-    // ServiceExists denotes if the workspace theia-/ports- services exist. This condition will be true if either of the two services exist.
-    serviceExists?: boolean
-
     // deployed marks that a workspace instance was sent/deployed at a workspace manager
     deployed?: boolean;
 
@@ -164,9 +161,6 @@ export interface WorkspaceInstancePort {
     // The outward-facing port number
     port: number;
 
-    // An optional inward-facing port number. If not present we'll use port.
-    targetPort?: number;
-
     // The visiblity of this port. Optional for backwards compatibility.
     visibility?: PortVisibility;
 

@@ -4,7 +4,7 @@
  * See License-AGPL.txt in the project root for license information.
  */
 
-// generated using github.com/32leaves/bel on 2021-10-28 22:18:05.015278404 +0000 UTC m=+0.005187484
+// generated using github.com/32leaves/bel on 2021-11-04 12:16:53.917570766 +0000 UTC m=+0.006002884
 // DO NOT MODIFY
 
 export enum WorkspaceInitSource {

@@ -19,7 +19,13 @@
 
 var jspb = require('google-protobuf');
 var goog = jspb;
-var global = (function() { return this || window || global || self || Function('return this')(); }).call(null);
+var global = (function() {
+  if (this) { return this; }
+  if (typeof window !== 'undefined') { return window; }
+  if (typeof global !== 'undefined') { return global; }
+  if (typeof self !== 'undefined') { return self; }
+  return Function('return this')();
+}.call(null));
 
 var content$service$api_initializer_pb = require('@gitpod/content-service/lib');
 goog.object.extend(proto, content$service$api_initializer_pb);

@@ -185,11 +185,6 @@ export type WorkspaceInstanceConditions = {
    * condition can only be set during PhaseCreating
    */
   pullingImages?: Maybe<Scalars['Boolean']>;
-  /**
-   *  ServiceExists denotes if the workspace theia-/ports- services exist. This
-   * condition will be true if either of the two services exist.
-   */
-  serviceExists?: Maybe<Scalars['Boolean']>;
   /**  deployed marks that a workspace instance was sent/deployed at a workspace manager  */
   deployed?: Maybe<Scalars['Boolean']>;
   /**  Whether the workspace start triggered an image build  */
@@ -401,7 +396,6 @@ export type WorkspaceInstanceConditionsResolvers<ContextType = Context, ParentTy
   failed?: Resolver<Maybe<ResolversTypes['String']>, ParentType, ContextType>,
   timeout?: Resolver<Maybe<ResolversTypes['String']>, ParentType, ContextType>,
   pullingImages?: Resolver<Maybe<ResolversTypes['Boolean']>, ParentType, ContextType>,
-  serviceExists?: Resolver<Maybe<ResolversTypes['Boolean']>, ParentType, ContextType>,
   deployed?: Resolver<Maybe<ResolversTypes['Boolean']>, ParentType, ContextType>,
   neededImageBuild?: Resolver<Maybe<ResolversTypes['Boolean']>, ParentType, ContextType>,
   firstUserActivity?: Resolver<Maybe<ResolversTypes['String']>, ParentType, ContextType>,