[installer]: allow the telemetry component to connect to the server

Author: Simon Emms

installer/go.mod

@@ -225,14 +225,6 @@ require (
 
 replace github.com/gitpod-io/gitpod/image-builder => ../components/image-builder-mk3 // leeway
 
-replace github.com/gitpod-io/gitpod/image-builder/api => ../components/image-builder-api/go // leeway
-
-replace github.com/gitpod-io/gitpod/openvsx-proxy => ../components/openvsx-proxy // leeway
-
-replace github.com/gitpod-io/gitpod/ws-scheduler => ../components/ee/ws-scheduler // leeway
-
-replace github.com/gitpod-io/gitpod/ws-proxy => ../components/ws-proxy // leeway
-
 replace github.com/gitpod-io/gitpod/agent-smith => ../components/ee/agent-smith // leeway
 
 replace github.com/gitpod-io/gitpod/blobserve => ../components/blobserve // leeway
@@ -245,17 +237,25 @@ replace github.com/gitpod-io/gitpod/content-service/api => ../components/content
 
 replace github.com/gitpod-io/gitpod/gitpod-protocol => ../components/gitpod-protocol/go // leeway
 
+replace github.com/gitpod-io/gitpod/image-builder/api => ../components/image-builder-api/go // leeway
+
+replace github.com/gitpod-io/gitpod/openvsx-proxy => ../components/openvsx-proxy // leeway
+
 replace github.com/gitpod-io/gitpod/registry-facade => ../components/registry-facade // leeway
 
 replace github.com/gitpod-io/gitpod/registry-facade/api => ../components/registry-facade-api/go // leeway
 
+replace github.com/gitpod-io/gitpod/supervisor/api => ../components/supervisor-api/go // leeway
+
 replace github.com/gitpod-io/gitpod/ws-daemon => ../components/ws-daemon // leeway
 
 replace github.com/gitpod-io/gitpod/ws-daemon/api => ../components/ws-daemon-api/go // leeway
 
 replace github.com/gitpod-io/gitpod/ws-manager/api => ../components/ws-manager-api/go // leeway
 
-replace github.com/gitpod-io/gitpod/supervisor/api => ../components/supervisor-api/go // leeway
+replace github.com/gitpod-io/gitpod/ws-proxy => ../components/ws-proxy // leeway
+
+replace github.com/gitpod-io/gitpod/ws-scheduler => ../components/ee/ws-scheduler // leeway
 
 replace k8s.io/api => k8s.io/api v0.22.2 // leeway indirect from components/common-go:lib
 

installer/pkg/common/constants.go

@@ -38,6 +38,7 @@ const (
 	RegistryFacadeServicePort   = 30000
 	RegistryFacadeTLSCertSecret = "builtin-registry-facade-cert"
 	ServerComponent             = "server"
+	ServerInstallationAdminPort = 9000
 	SystemNodeCritical          = "system-node-critical"
 	WSManagerComponent          = "ws-manager"
 	WSManagerBridgeComponent    = "ws-manager-bridge"

installer/pkg/components/gitpod/cronjob.go

@@ -5,7 +5,6 @@
 package gitpod
 
 import (
-	"crypto/sha512"
 	"fmt"
 
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
@@ -55,14 +54,14 @@ func cronjob(ctx *common.RenderContext) ([]runtime.Object, error) {
 											"send",
 										},
 										Env: []v1.EnvVar{
-											{
-												Name:  "GITPOD_DOMAIN_HASH",
-												Value: fmt.Sprintf("%x", sha512.Sum512([]byte(ctx.Config.Domain))),
-											},
 											{
 												Name:  "GITPOD_INSTALLATION_VERSION",
 												Value: ctx.VersionManifest.Version,
 											},
+											{
+												Name:  "SERVER_URL",
+												Value: fmt.Sprintf("http://%s.%s.svc.cluster.local:%d", common.ServerComponent, ctx.Namespace, common.ServerInstallationAdminPort),
+											},
 										},
 									},
 								},

installer/pkg/components/server/constants.go

@@ -9,12 +9,14 @@ import (
 )
 
 const (
-	Component            = common.ServerComponent
-	ContainerPort        = 3000
-	ContainerPortName    = "http"
-	authProviderFilePath = "/gitpod/auth-providers"
-	licenseFilePath      = "/gitpod/license"
-	PrometheusPort       = 9500
-	PrometheusPortName   = "metrics"
-	ServicePort          = 3000
+	Component             = common.ServerComponent
+	ContainerPort         = 3000
+	ContainerPortName     = "http"
+	authProviderFilePath  = "/gitpod/auth-providers"
+	licenseFilePath       = "/gitpod/license"
+	PrometheusPort        = 9500
+	PrometheusPortName    = "metrics"
+	InstallationAdminPort = common.ServerInstallationAdminPort
+	InstallationAdminName = "installation-admin"
+	ServicePort           = 3000
 )

installer/pkg/components/server/networkpolicy.go

@@ -6,6 +6,7 @@ package server
 
 import (
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	"github.com/gitpod-io/gitpod/installer/pkg/components/gitpod"
 
 	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -16,40 +17,76 @@ import (
 func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) {
 	labels := common.DefaultLabels(Component)
 
-	return []runtime.Object{&networkingv1.NetworkPolicy{
-		TypeMeta: common.TypeMetaNetworkPolicy,
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      Component,
-			Namespace: ctx.Namespace,
-			Labels:    labels,
+	return []runtime.Object{
+		&networkingv1.NetworkPolicy{
+			TypeMeta: common.TypeMetaNetworkPolicy,
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      Component,
+				Namespace: ctx.Namespace,
+				Labels:    labels,
+			},
+			Spec: networkingv1.NetworkPolicySpec{
+				PodSelector: metav1.LabelSelector{MatchLabels: labels},
+				PolicyTypes: []networkingv1.PolicyType{"Ingress"},
+				Ingress: []networkingv1.NetworkPolicyIngressRule{
+					{
+						Ports: []networkingv1.NetworkPolicyPort{
+							{
+								Protocol: common.TCPProtocol,
+								Port:     &intstr.IntOrString{IntVal: ContainerPort},
+							},
+						},
+						From: []networkingv1.NetworkPolicyPeer{
+							{
+								PodSelector: &metav1.LabelSelector{
+									MatchLabels: map[string]string{
+										"component": common.ProxyComponent,
+									},
+								},
+							},
+						},
+					},
+					{
+						Ports: []networkingv1.NetworkPolicyPort{
+							{
+								Protocol: common.TCPProtocol,
+								Port:     &intstr.IntOrString{IntVal: PrometheusPort},
+							},
+						},
+						From: []networkingv1.NetworkPolicyPeer{
+							{
+								NamespaceSelector: &metav1.LabelSelector{
+									MatchLabels: map[string]string{
+										"chart": common.MonitoringChart,
+									},
+								},
+								PodSelector: &metav1.LabelSelector{
+									MatchLabels: map[string]string{
+										"component": common.ProxyComponent,
+									},
+								},
+							},
+						},
+					},
+					{
+						Ports: []networkingv1.NetworkPolicyPort{
+							{
+								Protocol: common.TCPProtocol,
+								Port:     &intstr.IntOrString{IntVal: InstallationAdminPort},
+							},
+						},
+						From: []networkingv1.NetworkPolicyPeer{
+							{
+								PodSelector: &metav1.LabelSelector{
+									MatchLabels: map[string]string{
+										"component": gitpod.Component,
+									},
+								},
+							},
+						},
+					},
+				},
+			},
 		},
-		Spec: networkingv1.NetworkPolicySpec{
-			PodSelector: metav1.LabelSelector{MatchLabels: labels},
-			PolicyTypes: []networkingv1.PolicyType{"Ingress"},
-			Ingress: []networkingv1.NetworkPolicyIngressRule{{
-				Ports: []networkingv1.NetworkPolicyPort{{
-					Protocol: common.TCPProtocol,
-					Port:     &intstr.IntOrString{IntVal: ContainerPort},
-				}},
-				From: []networkingv1.NetworkPolicyPeer{{
-					PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
-						"component": common.ProxyComponent,
-					}},
-				}},
-			}, {
-				Ports: []networkingv1.NetworkPolicyPort{{
-					Protocol: common.TCPProtocol,
-					Port:     &intstr.IntOrString{IntVal: PrometheusPort},
-				}},
-				From: []networkingv1.NetworkPolicyPeer{{
-					NamespaceSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
-						"chart": common.MonitoringChart,
-					}},
-					PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{
-						"component": common.ProxyComponent,
-					}},
-				}},
-			}},
-		},
-	}}, nil
+	}, nil
 }

installer/pkg/components/server/objects.go

@@ -25,6 +25,10 @@ var Objects = common.CompositeRenderFunc(
 			ContainerPort: PrometheusPort,
 			ServicePort:   PrometheusPort,
 		},
+		InstallationAdminName: {
+			ContainerPort: InstallationAdminPort,
+			ServicePort:   InstallationAdminPort,
+		},
 	}),
 	common.DefaultServiceAccount(Component),
 )