* [node-labeler] Refactor node labeling to use taints instead of labels
* [agent-smith] Add toleration to daemonset
* Add workspace component tolerations to various Gitpod components if it running in Full installation
* Apply suggestions from code review
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
* Update components/node-labeler/cmd/run.go
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
---------
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
* [sshgateway] use ssh CA to auth
* change name
* add error log
* fix
* mark volume optional
* [installer] validate ssh-ca secret
* Revert "[installer] validate ssh-ca secret"
This reverts commit ca6ede78a7b5a720fd315eca32eb277cb5063069.
We must support the scenario where the installer has the secret, but, it is not in the cluster yet.
---------
Co-authored-by: Kyle Brennan <kyle@gitpod.io>
* [wsman-mk2] Remove ws-manager-mk2 from experimental
* [ws-daemon] Remove readiness check for service
* [ws-daemon] Use mk2 working area only
* [preview] Remove mk2 customization
* [installer] Remove constant
* Add trust.cert-manager.io for to bundle CA certificates
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Configure CA volume and volumemount in components
* Update ws-manager golden files
* Deploy trust manager in preview
* Remove duplicated volume
* Update installer golden files
* Generate a bundle only for registry-facade
* Update golden files
* Fix initcontainer volume mounts
* Update golden files
* Fix registry-facade certificate
* Update golden files
* Disable skip_verify
* Enable force conflict with apply server side
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
* Avoid random werft namespace errors
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
---------
Signed-off-by: Manuel de Brito Fontes <aledbf@gmail.com>
Workspace image builds
Update golden output
Deploy ws-manager tls secret in webapp
Remove ws-manager secrets
Update golden outputs
Enable movedImageBuilder by default
Add wsmanager tls to server if not meta install
Update output.golden
Install ws-proxy in meta
Update golden
Move wsproxy to IDE objs
Create experimental flag
Move ws-proxy to idecomponents
Remove ws-manager TLS cert from ws-proxy
skipSelf if WithoutWorkspaceComponents enabled
Fix ws-proxy config
This PR manually sets the `allowPrivilegeEscalation` container
config to false where we don't need extra capabilities. This
is needed as not setting this explicitely could mean that
it could still be `true` based on other settings.
This also helps us future proof on any behaviour changes around
this.
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
