diff --git a/install/installer/cmd/testdata/render/aws-setup/output.golden b/install/installer/cmd/testdata/render/aws-setup/output.golden index f4d5a286713acb..e41e1511cf34fc 100644 --- a/install/installer/cmd/testdata/render/aws-setup/output.golden +++ b/install/installer/cmd/testdata/render/aws-setup/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -6497,7 +6485,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/azure-setup/output.golden b/install/installer/cmd/testdata/render/azure-setup/output.golden index cd9efc7b58b41a..35bdbfc2d885b0 100644 --- a/install/installer/cmd/testdata/render/azure-setup/output.golden +++ b/install/installer/cmd/testdata/render/azure-setup/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -6337,7 +6325,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/customization/output.golden b/install/installer/cmd/testdata/render/customization/output.golden index 0e894644d6cfb7..1daa28ef201221 100644 --- a/install/installer/cmd/testdata/render/customization/output.golden +++ b/install/installer/cmd/testdata/render/customization/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -7705,7 +7693,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/external-registry/output.golden b/install/installer/cmd/testdata/render/external-registry/output.golden index 0a62160e46a297..adfc661fb3ab69 100644 --- a/install/installer/cmd/testdata/render/external-registry/output.golden +++ b/install/installer/cmd/testdata/render/external-registry/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -6778,7 +6766,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/gcp-setup/output.golden b/install/installer/cmd/testdata/render/gcp-setup/output.golden index 6a5085b639ed6f..57fa3e4593668f 100644 --- a/install/installer/cmd/testdata/render/gcp-setup/output.golden +++ b/install/installer/cmd/testdata/render/gcp-setup/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -6317,7 +6305,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/minimal/output.golden b/install/installer/cmd/testdata/render/minimal/output.golden index fde36bed58d6bf..27c42811e91ab5 100644 --- a/install/installer/cmd/testdata/render/minimal/output.golden +++ b/install/installer/cmd/testdata/render/minimal/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -7058,7 +7046,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/statefulset-customization/output.golden b/install/installer/cmd/testdata/render/statefulset-customization/output.golden index d63f8e73a7890d..4e8d193d72ecc3 100644 --- a/install/installer/cmd/testdata/render/statefulset-customization/output.golden +++ b/install/installer/cmd/testdata/render/statefulset-customization/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -7070,7 +7058,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden b/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden index 9be51e78a3a6ea..fbd68d412bcc22 100644 --- a/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden +++ b/install/installer/cmd/testdata/render/use-pod-security-policies/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -7502,7 +7490,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/cmd/testdata/render/workspace-requests-limits/output.golden b/install/installer/cmd/testdata/render/workspace-requests-limits/output.golden index 051bf3a31d4ce1..4620e860af5205 100644 --- a/install/installer/cmd/testdata/render/workspace-requests-limits/output.golden +++ b/install/installer/cmd/testdata/render/workspace-requests-limits/output.golden @@ -30,19 +30,7 @@ metadata: namespace: default spec: ingress: - - from: - - podSelector: - matchLabels: - component: proxy - - podSelector: - matchLabels: - component: ws-proxy - - podSelector: - matchLabels: - component: ide-proxy - ports: - - port: 32224 - protocol: TCP + - {} podSelector: matchLabels: app: gitpod @@ -7061,7 +7049,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: gitpod.io/workload_workspace_services + - key: gitpod.io/workload_ide operator: Exists containers: - args: diff --git a/install/installer/pkg/components/blobserve/deployment.go b/install/installer/pkg/components/blobserve/deployment.go index 7dbdd1d512a2ae..6c84926d886cc6 100644 --- a/install/installer/pkg/components/blobserve/deployment.go +++ b/install/installer/pkg/components/blobserve/deployment.go @@ -75,7 +75,7 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) { }), }, Spec: corev1.PodSpec{ - Affinity: common.NodeAffinity(cluster.AffinityLabelWorkspaceServices), + Affinity: common.NodeAffinity(cluster.AffinityLabelIDE), ServiceAccountName: Component, EnableServiceLinks: pointer.Bool(false), Volumes: []corev1.Volume{{ diff --git a/install/installer/pkg/components/blobserve/networkpolicy.go b/install/installer/pkg/components/blobserve/networkpolicy.go index 31a1714513ecaf..00fbd4962913e6 100644 --- a/install/installer/pkg/components/blobserve/networkpolicy.go +++ b/install/installer/pkg/components/blobserve/networkpolicy.go @@ -6,14 +6,10 @@ package blobserve import ( "github.com/gitpod-io/gitpod/installer/pkg/common" - ideproxy "github.com/gitpod-io/gitpod/installer/pkg/components/ide-proxy" - "github.com/gitpod-io/gitpod/installer/pkg/components/proxy" - wsproxy "github.com/gitpod-io/gitpod/installer/pkg/components/ws-proxy" networkingv1 "k8s.io/api/networking/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/util/intstr" ) func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) { @@ -29,26 +25,7 @@ func networkpolicy(ctx *common.RenderContext) ([]runtime.Object, error) { Spec: networkingv1.NetworkPolicySpec{ PodSelector: metav1.LabelSelector{MatchLabels: labels}, PolicyTypes: []networkingv1.PolicyType{"Ingress"}, - Ingress: []networkingv1.NetworkPolicyIngressRule{{ - Ports: []networkingv1.NetworkPolicyPort{{ - Protocol: common.TCPProtocol, - Port: &intstr.IntOrString{IntVal: ContainerPort}, - }}, - From: []networkingv1.NetworkPolicyPeer{{ - PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{ - "component": proxy.Component, - }}, - }, { - // TODO: (pd) delete this after all workspace cluster deployed - PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{ - "component": wsproxy.Component, - }}, - }, { - PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{ - "component": ideproxy.Component, - }}, - }}, - }}, + Ingress: []networkingv1.NetworkPolicyIngressRule{{}}, }, }}, nil }