* Add trust.cert-manager.io for to bundle CA certificates
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Configure CA volume and volumemount in components
* Update ws-manager golden files
* Deploy trust manager in preview
* Remove duplicated volume
* Update installer golden files
* Generate a bundle only for registry-facade
* Update golden files
* Fix initcontainer volume mounts
* Update golden files
* Fix registry-facade certificate
* Update golden files
* Disable skip_verify
* Enable force conflict with apply server side
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Avoid random werft namespace errors
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
---------
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
Workspace image builds
Update golden output
Deploy ws-manager tls secret in webapp
Remove ws-manager secrets
Update golden outputs
Enable movedImageBuilder by default
Add wsmanager tls to server if not meta install
Update output.golden
Install ws-proxy in meta
Update golden
Move wsproxy to IDE objs
Create experimental flag
Move ws-proxy to idecomponents
Remove ws-manager TLS cert from ws-proxy
skipSelf if WithoutWorkspaceComponents enabled
Fix ws-proxy config
This PR manually sets the `allowPrivilegeEscalation` container
config to false where we don't need extra capabilities. This
is needed as not setting this explicitely could mean that
it could still be `true` based on other settings.
This also helps us future proof on any behaviour changes around
this.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
