gitpod

mirror of https://github.com/gitpod-io/gitpod.git synced 2025-12-08 17:36:30 +00:00

Author	SHA1	Message	Date
iQQBot	52a7727b4f	[node-labeler] Refactor node labeling to use taints instead of labels (#20652 ) * [node-labeler] Refactor node labeling to use taints instead of labels * [agent-smith] Add toleration to daemonset * Add workspace component tolerations to various Gitpod components if it running in Full installation * Apply suggestions from code review Co-authored-by: Kyle Brennan <kyle@gitpod.io> * Update components/node-labeler/cmd/run.go Co-authored-by: Kyle Brennan <kyle@gitpod.io> --------- Co-authored-by: Kyle Brennan <kyle@gitpod.io>	2025-03-11 03:30:39 -04:00
Gero Posmyk-Leinemann	76781bf322	[dev] Update workspace libraries to match kubernetes (containerd, runc, buildkit) (#20526 ) * [workspace] Set lib versions: containerd to 1.6.36, runc 1.1.14 and buildkit to 0.12.5 Reasoning: https://linear.app/gitpod/issue/CLC-982/update-containerd-to-latest-patch-16x-k8s-and-runc-libs-in-gitpod-mono#comment-d5450e2c * [golangci] Remove superfluous notlint and checks * [image-builder-mk3] Fix incomplete tests where a library made the field "mediaType" non-optimal Original change: https://github.com/opencontainers/image-spec/pull/1091 * [docker] Switch from github.com/docker/distribution/reference to github.com/distribution/reference * [ws-daemon] Internalize libcontainer/specconv because it got dropped between runc 1.1.10 and 1.1.14	2025-01-20 09:32:10 -05:00
Gero Posmyk-Leinemann	7a27ea0839	[installer] Mount custom CA certs into all relevant places (#20469 ) * [installer] Add custom CA cert to papi-server * [installer] Add custom CA cert to proxy	2024-12-19 11:22:05 -05:00
Filip Troníček	da1053e101	Make auth cookie stricter (#19973 ) * Use `__Host-` prefix for cookie * Fix tests * Remove domain from cookie * Fix logout * remove unused fn * fix user logout properly * [server] Make domain-only cookie work for GitHub oauth login ... by adding additional step so we can set the cookie for the base domain only * test: fix by redirecting before callbacl/authorize * [server] SessionHandler: Allow to login with both primary and secondary cookies * [server] Clear 2ndary cookie on logout * Fix filtering cookie values when primary cookie is empty * Fix logouts * Fix tests --------- Co-authored-by: Gero Posmyk-Leinemann <gero@gitpod.io>	2024-07-01 08:53:14 +02:00
Pudong	6cc2aae832	[service-waiter] add addition image condition in annotation (#19494 ) * [service-waiter] add addition image condition in annotation * use common-go package remove spec.image check * change download source for kubectl	2024-03-05 16:08:15 +02:00
Manuel Alejandro de Brito Fontes	692963d2e9	Update containerd and buildkit go modules (#19376 ) * Update containerd and buildkit go modules * Fix build * Fix typecheck errors --------- Co-authored-by: Thomas Schubart <thomas@gitpod.io>	2024-02-01 20:22:44 +02:00
Huiwen	1ec7186ff9	Make sure dashboard is deployed after server and public api server (#18995 ) * [service-waiter] add cli to wait deployments server and public-api-server * [installer] make dashboard to wait server and papi * Implement TODOs * fixup * [installer] change service account name * fix build * fix rate limit hit * improve * remove debug cli env * Skip with empty image and change attempt duration * fixup	2023-11-06 10:12:44 +02:00
Milan Pavlik	f09c35a02d	[installer] Change cookie name (#18958 ) * [installer] Change cookie name * fix test * fix	2023-10-19 17:35:28 +03:00
Laurie T. Malau	4ac15c7ae3	Change issuer identifier address for OIDC (#18693 ) * Change issuer identifier address for OIDC * Fix test --------- Co-authored-by: Milan Pavlik <pavlik.mil@gmail.com>	2023-09-18 10:40:57 +02:00
Manuel Alejandro de Brito Fontes	f27b16ee31	Add support for pod disruption budget (#18547 )	2023-08-25 22:06:51 +02:00
Huiwen	700b6050ba	Make db waiter to wait latest migration (#18455 ) * Make db waiter to wait latest migration * Move generate out of build * Remove conn require * Allow to ignore migration check * Use shell * Use fail and remote useless log * Generate service-waiter txt when create migration * Revert "Generate service-waiter txt when create migration" This reverts commit 11c12b83544a448f9784f8aa94cdfd69cfb15f45. * Add log	2023-08-10 13:51:36 +02:00
Nandaja Varma	8c03e12dee	Make public URL prefix configurable (#18344 ) * Make public URL prefix configurable * making the prefix url configurable instead of just the prefix	2023-07-25 20:11:41 +08:00
Milan Pavlik	a3d54e2a13	[service-waiter] Extend to support redis WEB-602 (#18196 ) * [service-waiter] Extend to support redis * hook up to installer	2023-07-07 17:59:24 +08:00
Milan Pavlik	6328d8f602	[server] Setup redis mutex to replace leader election (#17369 ) * [server] Setup redis mutex to replace leader election * injectable * fix * fix * fix	2023-04-26 02:16:46 +08:00
Milan Pavlik	1cdb7ab142	[installer] Remove OIDC secret from public-api WEB-206 (#17331 ) * Fix * retest * [installer] Remove OIDC secret from public-api * fix * remove ci secret * fix	2023-04-24 20:51:45 +08:00
Milan Pavlik	233ec9457a	[installer] Add JWT cookie opts to config WEB-101 (#17332 ) * retest * retest * [installer] Add cookie name to config * Fix * fix	2023-04-24 17:46:45 +08:00
Milan Pavlik	b57424a76f	[jwt] Installer configures expiry & issuer WEB-102 (#17314 ) * [jwt] Installer configures expiry & issuer * Fix * Fix * retest * Fix * Fix * Fix	2023-04-24 17:07:45 +08:00
Milan Pavlik	0bf91e58fd	[installer] Add key id for each auth keypair - WEB-100 (#17219 ) * [installer] Add key id for each auth keypair * retest * fix * fix	2023-04-17 18:41:49 +08:00
Milan Pavlik	ac0dbf8c52	[papi] Mount Auth PKI - WEB-101 (#17218 ) * [papi] Mount Auth PKI * Fix * Fix test	2023-04-14 15:39:54 +02:00
Milan Pavlik	41c14a137c	[usage] Add server address to config - WEB-94 (#17094 ) * [usage] Add server address to config * Fix * Fix	2023-04-11 10:42:50 +02:00
Manuel Alejandro de Brito Fontes	97f8d4b802	Ensure the spread of pods on different nodes (#16810 ) * Ensure the spread of pods on different nodes * Replace string ClusterFirst * Replace Always string in DNSPolicy * Fix registry-facade affinity * Fix ws-proxy affinity * Address feedback * Update golden files	2023-03-15 10:21:07 +01:00
Christian Weichel	da4cafd5e5	Gitpod OIDC Identity Provider (#16482 ) * Prototype IDP provider * [gp cli] Add IDP commands * [public-api] Remove zitadel based IDP implementation * [gitpod-cli] Add IDP support for Vault * [idp] Remove per-org IDP * [idp] Add key cache and random key IDs * [idp] Defer GetIDToken authorisation to server * [idp] Add Redis public key cache * [gitpod-cli] Hide IDP commands * [idp] Add key ID to JWT * [idp] Add unit tests * [idp] Adress review comments * [public-api-server] Use logging middleware globally * [public-api-server] Simplify service registration * [idp] Add Redis outage resilience	2023-03-03 17:11:01 +01:00
Milan Pavlik	849334dc5c	[spicedb] Add kube-rbac-proxy to expose metrics endpoint	2023-02-07 15:36:45 +01:00
Alex Tugarev	3ef29bf278	[papi] Add signing secret for JWTs Praparation to use with `golang-jwt/jwt`	2023-01-30 11:15:37 +01:00
Milan Pavlik	17e83b9985	[iam] Remove component	2023-01-23 17:33:31 +01:00
Milan Pavlik	0aad145ad4	[public-api] Bind OIDC HTTP service to Public API	2023-01-23 15:24:30 +01:00
Milan Pavlik	0d5cb6c3ff	[installer] Mount database secret to Public API	2023-01-19 10:03:27 +01:00
Alex Tugarev	d5e8899ce5	[intaller] add OIDCServiceAddress to papi config	2023-01-12 12:50:51 +01:00
Andrew Farries	b87f25e94f	[public-api] Set GitpodServiceURL to cluster-local Use a cluster-local websocket URL to connect to `server`.	2023-01-10 20:52:50 +01:00
Christian Weichel	478a75e744	Switch license to AGPL	2022-12-08 13:05:19 -03:00
Tarun Pothulapati	c2eb0c15d1	[installer] manually set `allowPrivilegeEscalation` to false This PR manually sets the `allowPrivilegeEscalation` container config to false where we don't need extra capabilities. This is needed as not setting this explicitely could mean that it could still be `true` based on other settings. This also helps us future proof on any behaviour changes around this. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>	2022-12-05 06:28:15 -03:00
Milan Pavlik	89104af0a3	[installer] Fix token signing key subpath	2022-11-22 09:28:51 -03:00
Milan Pavlik	bc23811665	[installer] Configure personal access token signing key	2022-11-21 17:12:51 -03:00
Andrew Farries	6839026b4b	Add DatabaseWaiterContainer init container	2022-11-18 13:31:48 +02:00
Milan Pavlik	0532f1df38	[public-api] Inject database environment	2022-11-15 16:25:45 +02:00
Laurie T. Malau	aa812d2650	[public api] Add configcat config	2022-11-14 18:08:44 +02:00
Milan Pavlik	cc233e41e6	[installer] Deploy Public API without experimental config	2022-11-09 15:30:39 +01:00
Milan Pavlik	2926d142ed	[public-api] Make publiic api package match path	2022-11-09 09:42:39 +01:00
Milan Pavlik	f5bbb50df0	[public-api] Parametrize connection URL based on token	2022-11-04 10:14:08 +01:00
Milan Pavlik	7f3e1e4c50	[public-api] Proxy Cookies to downstream for auth	2022-11-04 08:49:08 +01:00
Simon Emms	2f03c004a7	[installer]: explicitly set all host addresses to 0.0.0.0	2022-09-13 12:38:14 +02:00
Milan Pavlik	2b2dfabdff	[public-api] Fix stripe webhook secret mounting	2022-08-30 10:58:14 +02:00
Milan Pavlik	c831351367	[public-api] Fix Stripe Webhook Secret mount path	2022-08-29 12:01:13 +02:00
Milan Pavlik	3037016a2e	}}} This is a combination of 2 commits. [stripe] Inject stripe-webhook-secret into public-api	2022-08-26 13:49:11 +02:00
Manuel Alejandro de Brito Fontes	64b4d6fcf9	Fix typecheck errors	2022-08-23 08:18:39 +02:00
Andrew Farries	d4ad52596f	Set BillingServiceAddress in public api configmap	2022-08-10 15:55:56 +02:00
Simon Emms	2fd3dd3586	[installer]: remove the custom labels from the selector labels	2022-08-09 04:16:53 -03:00
Andrew Farries	7227cb3311	Add port to public_api_server networkpolicy Allow ingress from proxy to the http port 9002.	2022-08-04 07:01:48 -03:00
Andrew Farries	d0b7ffcbad	Add HTTP port to public api config	2022-08-04 03:36:48 -03:00
Simon Emms	8fad588e6b	[installer]: add customization functions to components	2022-06-24 17:02:33 +05:30

1 2

70 Commits