gitpod-io · roboquat · Mar 29, 2022 · Mar 11, 2022 · corneliusludmann · Mar 14, 2022
diff --git a/install/installer/README.md b/install/installer/README.md
@@ -163,12 +163,21 @@ yq eval-all --inplace \
   gitpod.yaml
 ```
 
+Similarly, if you are doing a `Workspace` only install (specifying `Workspace`
+as the kind in config) you might want to change the service type of `ws-proxy` to `ClusterIP`
+instead of the default `LoadBalancer`. You can post-process the YAML to change that.
+
+```shell
+yq eval-all --inplace \
+  '(select(.kind == "Service" and .metadata.name == "ws-proxy") | .spec.type) |= "ClusterIP"' \
+  gitpod.yaml
+```
+
 ## Error validating `StatefulSet.status`
 
 ```shell
 error: error validating "gitpod.yaml": error validating data: ValidationError(StatefulSet.status): missing required field "availableReplicas" in io.k8s.api.apps.v1.StatefulSetStatus; if you choose to ignore these errors, turn validation off with --validate=false
 ```
-
 Depending upon your Kubernetes implementation, you may receive this error. This is
 due to a bug in the underlying StatefulSet dependency, which is used to generate the
 OpenVSX proxy (see [#8529](https://github.com/gitpod-io/gitpod/issues/8529)).

@@ -6,6 +6,9 @@ package wsproxy
 
 import (
 	"github.com/gitpod-io/gitpod/installer/pkg/common"
+	"github.com/gitpod-io/gitpod/installer/pkg/config/v1"
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/runtime"
 )
 
 var Objects = common.CompositeRenderFunc(
@@ -14,23 +17,33 @@ var Objects = common.CompositeRenderFunc(
 	networkpolicy,
 	rolebinding,
 	role,
+	func(cfg *common.RenderContext) ([]runtime.Object, error) {
+		ports := map[string]common.ServicePort{
+			HTTPProxyPortName: {
+				ContainerPort: HTTPProxyPort,
+				ServicePort:   HTTPProxyPort,
+			},
+			HTTPSProxyPortName: {
+				ContainerPort: HTTPSProxyPort,
+				ServicePort:   HTTPSProxyPort,
+			},
+			MetricsPortName: {
+				ContainerPort: MetricsPort,
+				ServicePort:   MetricsPort,
+			},
+			SSHPortName: {
+				ContainerPort: SSHTargetPort,
+				ServicePort:   SSHServicePort,
+			},
+		}
+		return common.GenerateService(Component, ports, func(service *corev1.Service) {
+			// In the case of Workspace only setup, `ws-proxy` service is the entrypoint
+			// Hence we use LoadBalancer type for the service
+			if cfg.Config.Kind == config.InstallationWorkspace {
+				service.Spec.Type = corev1.ServiceTypeLoadBalancer
+				service.Annotations["cloud.google.com/neg"] = `{"exposed_ports": {"80":{},"443": {}}}`
+			}
+		})(cfg)
+	},
 	common.DefaultServiceAccount(Component),
-	common.GenerateService(Component, map[string]common.ServicePort{
-		HTTPProxyPortName: {
-			ContainerPort: HTTPProxyPort,
-			ServicePort:   HTTPProxyPort,
-		},
-		HTTPSProxyPortName: {
-			ContainerPort: HTTPSProxyPort,
-			ServicePort:   HTTPSProxyPort,
-		},
-		MetricsPortName: {
-			ContainerPort: MetricsPort,
-			ServicePort:   MetricsPort,
-		},
-		SSHPortName: {
-			ContainerPort: SSHTargetPort,
-			ServicePort:   SSHServicePort,
-		},
-	}),
 )