archive-gh-me/gitpod
1
0
Fork 0
mirror of https://github.com/gitpod-io/gitpod.git synced 2025-12-08 17:36:30 +00:00
Code Issues Projects Releases Wiki Activity
4,130 Commits 1,231 Branches 1,883 Tags
Commit Graph

49 Commits

Author SHA1 Message Date
utam0k
fa49f33dfa Use veth instead of slirp4netns while preventing impact on supervisor. 2022-04-11 16:07:24 +05:30
utam0k
f046782319 ws-dameon: implement the SetupPairVeths function. 2022-04-11 16:07:24 +05:30
Anton Kosyakov
b3ea6db43e Revert "ws-dameon: implement the SetupPairVeths function." 
This reverts commit a960121dce48a80c3e5919f4fe7f056781ef9504.
 2022-04-08 18:19:21 +05:30
Anton Kosyakov
5bdf47767e Revert "ws-daemon: Use a pair of veths instead of slirp4netns" 
This reverts commit 4fef102695684ad3e98ed90c7f368d79aa1e304d.
 2022-04-08 18:19:21 +05:30
utam0k
4fef102695 ws-daemon: Use a pair of veths instead of slirp4netns 
Pod Network Namespace(ring1)
+------------------------------------------------+
|                                                |
|       Workspace Network Namesapce(ring2)       |
| +--------------------------------------------+ |
| |                                            | |
| |              default via veth0             | |
| |                                            | |
| |                                            | |
| |     +------+  +--------------+             | |
| |     |  lo  |  |    ceth0     | 10.0.2.2/24 | |
| |     +------+  +--^--------+--+             | |
| |                  |        |                | |
| +------------------+--------+----------------+ |
|                    |        |                  |
|                 +--+--------v--+               |
|   +-----------> |    veth0     | 10.0.2.1/24   |
|   |             +-----------+--+               |
|   |                         |                  |
|   |          +--------------v-----+            |
|   |          |                    |            |
|   |          |      nftables      |            |
|   |          |   (ip masquerade)  |            |
|   |          +--------------+-----+            |
|   |                         |                  |
|   |   +------+  +-----------v--+               |
|   |   |  lo  |  |     eth0     |               |
|   |   +------+  +--^--------+--+               |
|   |                |        |                  |
|   |          +-----+--------v-----+            |
|   |          |                    |            |
|   +----------+      nftables      |            |
| if with port | (port redirecter)  |            |
|              +-----^--------+-----+            |
|                    |        |                  |
+--------------------+--------+------------------+
                     |        |
                     |        |
                     |        v
                    o u t s i d e
 2022-04-08 13:41:21 +05:30
utam0k
a960121dce ws-dameon: implement the SetupPairVeths function. 2022-04-08 13:41:21 +05:30
Christian Weichel
01c257f1e8 [supervisor] Mount custom CA in ring2 
if it exists
 2022-04-05 21:28:19 +05:30
Thomas Schubart
948080914e Discard log output from slirp4netns 2022-03-16 16:44:23 +05:30
Christian Weichel
4085202362 [workspacekit] Establish ring1 cgroup namespace 2022-03-04 04:08:11 +05:30
Thomas Schubart
4af0e0dfb4 Ensure docker in workspace works with fuse 2022-02-14 10:14:35 +01:00
Pudong Zheng
0c31ecd7a8 modify supervisor entry to init 2022-02-09 17:35:31 +01:00
mustard
877e8b7fa9 [workspacekit] make /etc/hosts modifiable 2022-02-08 13:28:29 +01:00
Pavel Tumik
a1505511f3 improve error logging for receiveSeccmpFd 
Fixes #7696
 2022-01-20 10:49:12 +01:00
Christian Weichel
cff922bf8a [workspacekit] Make the enclave join ring2 netns 2021-12-08 18:42:33 +01:00
Manuel Alejandro de Brito Fontes
537672b058 Enable experimentalNetwork by default 2021-12-07 16:53:33 +01:00
Christian Weichel
2810f844ab [image-builder-mk3] Add push ring2 proxy 2021-11-12 10:58:09 +01:00
Pudong Zheng
c55bdc265f [supervisor] use internal slirp4netns 
Co-authored-by: Christian Weichel <chris@gitpod.io>
 2021-11-11 15:06:09 +01:00
Christian Weichel
c159a86f42 [docker-up] Sligh wrap netns cleanup 2021-11-09 17:47:07 +01:00
Pudong Zheng
53e22ed692 remove slirp4netns in ExperimentalNetwork 2021-11-08 20:13:07 +01:00
Christian Weichel
ec744db335 [workspacekit] Make resolv.conf writeable 2021-10-31 16:06:08 +01:00
Christian Weichel
cc38b8caff [workspacekit] Support workspace-wide netns 2021-10-26 20:42:04 +02:00
Christian Weichel
a996c987ea [workspacekit] Add ring2 enclave support 2021-10-21 21:46:59 +02:00
Manuel Alejandro de Brito Fontes
f25de2cdbf Log error changing default level 2021-09-22 10:15:47 -03:00
Manuel Alejandro de Brito Fontes
9255ef2aa2 [workspacekit] Check if process is already finished during termination 2021-09-19 16:48:44 -03:00
Manuel Alejandro de Brito Fontes
e6d1cea54d Enable GRPC logging 2021-09-13 21:09:39 +05:30
Manuel Alejandro de Brito Fontes
347ad95d80 Switch from fmt.Errorf to xerrors.Errorf 2021-08-30 02:47:28 -03:00
Christian Weichel
f8f7305896 [workspacekit] Establish IWS conn for proc mounts 2021-08-27 06:51:25 -03:00
Manuel Alejandro de Brito Fontes
2a4f7ddcb2 [workspacekit] Refactor ws-daemon grpc client connection 2021-08-25 17:40:24 +02:00
Manuel Alejandro de Brito Fontes
a1da634398 [ws-daemon] Refactor unmount 2021-08-25 16:09:24 +02:00
Manuel Alejandro de Brito Fontes
f647b66959 [workspacekit] Close lift unix socket on termination 2021-08-23 10:16:22 +02:00
Manuel Alejandro de Brito Fontes
877ec7300c [workspacekit] Remove debug log to avoid confusing message 2021-08-11 15:27:10 +02:00
Christian Weichel
fe2a87be1e [workspacekit] Don't sleep for debugging by default 2021-08-04 14:59:04 +02:00
Christian Weichel
4c5bce0484 [workspacekit] Discover bind mount paths 2021-07-22 20:34:26 +02:00
Gero Posmyk-Leinemann
8f0c24af66 [ws-manager, supervisor, bridge] Prebuild workspaces are done when their container stops 2021-07-08 09:27:34 +02:00
Christian Weichel
386abf3015 [test] Support ring1 in ws agent instrumentation 2021-06-25 08:27:37 +02:00
Manuel Alejandro de Brito Fontes
9d4f213d24 Bind mounting /workspace in ring1 only if not running FWB 2021-05-26 13:10:54 +02:00
Manuel Alejandro de Brito Fontes
001fde1661 [ws-daemon] Refactor full workspace backup 2021-05-26 13:10:54 +02:00
Manuel Alejandro de Brito Fontes
04dae3f519 [workspacekit] Refactor lift command 2021-05-18 09:12:33 -04:00
Christian Weichel
c2a2352f12 [supervisor] Add config change analytics 2021-05-06 16:21:40 +02:00
Christian Weichel
5cb54cf6ba [workspacekit] Relax IWS socket wait time 2021-04-22 14:20:12 +02:00
Christian Weichel
73a77ce051 [supervisor] Run as UID/GID 0 2021-04-21 13:24:08 +02:00
Manuel Alejandro de Brito Fontes
9e6635dbd3
[user-namespaces] Support FUSE FS shift (#3384) 
[user-namespaces] Support FUSE FS shift
 2021-03-25 08:13:30 -03:00
Christian Weichel
934319ad59 [workspacekit] Support command execution in ring1 2021-03-19 17:33:11 +01:00
Manuel Alejandro de Brito Fontes
3b4ebc9bad Migrate deprecated methods from ioutil package 2021-03-02 06:37:49 -03:00
Manuel Alejandro de Brito Fontes
2b6a56bc40 Update go imports 2021-03-02 06:37:49 -03:00
Christian Weichel
1046faf0f9 [registry-facade] Remove feature flag 
and enable registry-facade by default.
 2021-02-18 09:25:56 +01:00
Christian Weichel
7cc8e52725 [ws-daemon] Support proc mounts using open_tree/move_mount 2021-01-29 17:46:53 +01:00
Christian Weichel
7712280777 [workspacekit] Support mount proc in a workspace using seccomp-notify 2021-01-29 17:46:53 +01:00
Christian Weichel
e641afad2b [workspacekit] Move all user namespace setup stuff to its own component 
To keep supervisor free from CGO e.g. libcap or libseccomp
 2021-01-29 17:46:53 +01:00