* [node-labeler] Refactor node labeling to use taints instead of labels
* [agent-smith] Add toleration to daemonset
* Add workspace component tolerations to various Gitpod components if it running in Full installation
* Apply suggestions from code review
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
* Update components/node-labeler/cmd/run.go
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
---------
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
This PR manually sets the `allowPrivilegeEscalation` container
config to false where we don't need extra capabilities. This
is needed as not setting this explicitely could mean that
it could still be `true` based on other settings.
This also helps us future proof on any behaviour changes around
this.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
Fixes https://github.com/gitpod-io/gitpod/issues/14529
Currently, OpenVSXProxy is the only non-optional component
that needs PVC's to get things working. The usage of a PVC
in AWS reference architecture, means that components can't
get restarted in a different zone anymore as PVC's with EBS
are specific to a zone.
As EKS reference architecture does not enable any other
component that uses PVC's (i.e minio), This is a problem
specific to `OpenVSXProxy`.
By disabling this, OpenVSXProxy's redis now will have
lost the cache once a restart occurs which does not
seems like a big deal for self-hosted customers.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
Fixes#8224
This PR adds a new `OpenVSX` object into the top-level `Config` field
to support configurations of the `openvsx-proxy` component. Currently,
Only `URL` field is present. This is needed to support air-gap
instlalations where people are expected to host their own open-vsx.
This config is top-level and not under the workspace or IDE as this
configures the proxy, but not the IDE.
The URL is validated by using the validate go tags.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
