diff --git a/install/installer/cmd/testdata/render/http-proxy/output.golden b/install/installer/cmd/testdata/render/http-proxy/output.golden index 86c5125da3eed7..4bda0b05712cd4 100644 --- a/install/installer/cmd/testdata/render/http-proxy/output.golden +++ b/install/installer/cmd/testdata/render/http-proxy/output.golden @@ -116,6 +116,29 @@ spec: policyTypes: - Ingress +--- +# networking.k8s.io/v1/NetworkPolicy ide-service +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default +spec: + ingress: + - ports: + - port: 9001 + protocol: TCP + podSelector: + matchLabels: + app: gitpod + component: ide-service + policyTypes: + - Ingress + --- # networking.k8s.io/v1/NetworkPolicy image-builder-mk3 apiVersion: networking.k8s.io/v1 @@ -808,6 +831,18 @@ metadata: name: ide-proxy namespace: default --- +# v1/ServiceAccount ide-service +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default +--- # v1/ServiceAccount image-builder-mk3 apiVersion: v1 automountServiceAccountToken: true @@ -1455,6 +1490,9 @@ data: "ideMetrics": { "version": "test" }, + "ideService": { + "version": "test" + }, "imageBuilder": { "version": "" }, @@ -2052,6 +2090,85 @@ data: name: ide-metrics namespace: default --- + apiVersion: v1 + kind: ConfigMap + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: default-ide-service-kube-rbac-proxy + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default + --- + apiVersion: v1 + kind: Service + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + kind: service + name: ide-service + namespace: default + --- + apiVersion: networking.k8s.io/v1 + kind: NetworkPolicy + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default + --- apiVersion: apps/v1 kind: Deployment metadata: @@ -4014,6 +4131,29 @@ metadata: name: ide-metrics namespace: default --- +# v1/ConfigMap ide-service +apiVersion: v1 +data: + config.json: |- + { + "server": { + "services": { + "grpc": { + "address": "0.0.0.0:9001" + } + } + }, + "ideConfigPath": "/ide-config/config.json" + } +kind: ConfigMap +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default +--- # v1/ConfigMap image-builder-mk3-config apiVersion: v1 data: @@ -5141,6 +5281,24 @@ subjects: name: ide-metrics namespace: default --- +# rbac.authorization.k8s.io/v1/ClusterRoleBinding default-ide-service-kube-rbac-proxy +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: default-ide-service-kube-rbac-proxy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: default-kube-rbac-proxy +subjects: +- kind: ServiceAccount + name: ide-service + namespace: default +--- # rbac.authorization.k8s.io/v1/ClusterRoleBinding default-image-builder-mk3-proxy-kube-rbac-proxy apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -5357,6 +5515,24 @@ subjects: name: ide-metrics namespace: default --- +# rbac.authorization.k8s.io/v1/ClusterRoleBinding ide-service +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ide-service +subjects: +- kind: ServiceAccount + name: ide-service + namespace: default +--- # rbac.authorization.k8s.io/v1/ClusterRoleBinding ws-manager apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -5701,6 +5877,24 @@ subjects: - kind: ServiceAccount name: ide-proxy --- +# rbac.authorization.k8s.io/v1/RoleBinding ide-service +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: default-ns-psp:restricted-root-user +subjects: +- kind: ServiceAccount + name: ide-service +--- # rbac.authorization.k8s.io/v1/RoleBinding image-builder-mk3 apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -6118,6 +6312,30 @@ spec: status: loadBalancer: {} --- +# v1/Service ide-service +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + kind: service + name: ide-service + namespace: default +spec: + ports: + - name: grpc + port: 9001 + protocol: TCP + targetPort: 9001 + selector: + app: gitpod + component: ide-service + type: ClusterIP +status: + loadBalancer: {} +--- # v1/Service image-builder-mk3 apiVersion: v1 kind: Service @@ -8968,6 +9186,210 @@ spec: terminationGracePeriodSeconds: 30 status: {} --- +# apps/v1/Deployment ide-service +apiVersion: apps/v1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: gitpod + component: ide-service + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: + gitpod.io/checksum_config: 96f0e9e2b0ef57685361631147d448545bddf8e1230493ac99530513b2fe7783 + creationTimestamp: null + labels: + app: gitpod + component: ide-service + name: ide-service + namespace: default + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: gitpod.io/workload_meta + operator: Exists + containers: + - args: + - run + - --config + - /config/config.json + env: + - name: GITPOD_DOMAIN + value: gitpod.example.com + - name: GITPOD_INSTALLATION_SHORTNAME + value: default + - name: GITPOD_REGION + value: local + - name: HOST_URL + value: https://gitpod.example.com + - name: KUBE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_DOMAIN + value: svc.cluster.local + - name: LOG_LEVEL + value: info + - name: HTTP_PROXY + valueFrom: + secretKeyRef: + key: httpProxy + name: http-proxy-settings + optional: true + - name: http_proxy + valueFrom: + secretKeyRef: + key: httpProxy + name: http-proxy-settings + optional: true + - name: HTTPS_PROXY + valueFrom: + secretKeyRef: + key: httpsProxy + name: http-proxy-settings + optional: true + - name: https_proxy + valueFrom: + secretKeyRef: + key: httpsProxy + name: http-proxy-settings + optional: true + - name: CUSTOM_NO_PROXY + valueFrom: + secretKeyRef: + key: noProxy + name: http-proxy-settings + optional: true + - name: custom_no_proxy + valueFrom: + secretKeyRef: + key: noProxy + name: http-proxy-settings + optional: true + - name: NO_PROXY + value: ws-manager,wsdaemon,$(CUSTOM_NO_PROXY) + - name: no_proxy + value: ws-manager,wsdaemon,$(CUSTOM_NO_PROXY) + image: eu.gcr.io/gitpod-core-dev/build/ide-service:test + imagePullPolicy: IfNotPresent + name: ide-service + ports: + - containerPort: 9001 + name: grpc + readinessProbe: + failureThreshold: 3 + httpGet: + path: /ready + port: 9501 + successThreshold: 1 + timeoutSeconds: 1 + resources: + requests: + cpu: 100m + memory: 128Mi + securityContext: + privileged: false + volumeMounts: + - mountPath: /config + name: config + readOnly: true + - mountPath: /ide-config + name: ide-config + readOnly: true + - args: + - --logtostderr + - --insecure-listen-address=[$(IP)]:9500 + - --upstream=http://127.0.0.1:9500/ + env: + - name: IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HTTP_PROXY + valueFrom: + secretKeyRef: + key: httpProxy + name: http-proxy-settings + optional: true + - name: http_proxy + valueFrom: + secretKeyRef: + key: httpProxy + name: http-proxy-settings + optional: true + - name: HTTPS_PROXY + valueFrom: + secretKeyRef: + key: httpsProxy + name: http-proxy-settings + optional: true + - name: https_proxy + valueFrom: + secretKeyRef: + key: httpsProxy + name: http-proxy-settings + optional: true + - name: CUSTOM_NO_PROXY + valueFrom: + secretKeyRef: + key: noProxy + name: http-proxy-settings + optional: true + - name: custom_no_proxy + valueFrom: + secretKeyRef: + key: noProxy + name: http-proxy-settings + optional: true + - name: NO_PROXY + value: ws-manager,wsdaemon,$(CUSTOM_NO_PROXY) + - name: no_proxy + value: ws-manager,wsdaemon,$(CUSTOM_NO_PROXY) + image: quay.io/brancz/kube-rbac-proxy:v0.12.0 + name: kube-rbac-proxy + ports: + - containerPort: 9500 + name: metrics + resources: + requests: + cpu: 1m + memory: 30Mi + securityContext: + runAsGroup: 65532 + runAsNonRoot: true + runAsUser: 65532 + terminationMessagePolicy: FallbackToLogsOnError + dnsPolicy: ClusterFirst + enableServiceLinks: false + restartPolicy: Always + serviceAccountName: ide-service + terminationGracePeriodSeconds: 30 + volumes: + - configMap: + name: ide-service + name: config + - configMap: + name: server-ide-config + name: ide-config +status: {} +--- # apps/v1/Deployment image-builder-mk3 apiVersion: apps/v1 kind: Deployment