[server] Expose gRPC API port to public-api & usage (#17032)

easyCZ · web-flow · commit 2c1ff94ceaf9 · 2023-03-27T10:55:25.000+02:00
diff --git a/install/installer/pkg/common/constants.go b/install/installer/pkg/common/constants.go
@@ -43,6 +43,7 @@ const (
 	SystemNodeCritical              = "system-node-critical"
 	PaymentEndpointComponent        = "payment-endpoint"
 	PublicApiComponent              = "public-api-server"
+	UsageComponent                  = "usage"
 	WSManagerComponent              = "ws-manager"
 	WSManagerMk2Component           = "ws-manager-mk2"
 	WSManagerBridgeComponent        = "ws-manager-bridge"
diff --git a/install/installer/pkg/components/server/constants.go b/install/installer/pkg/components/server/constants.go
@@ -29,4 +29,7 @@ const (
 	AdminCredentialsSecretName      = "admin-credentials"
 	AdminCredentialsSecretMountPath = "/credentials/admin"
 	AdminCredentialsSecretKey       = "admin.json"
+
+	GRPCAPIName = "grpc"
+	GRPCAPIPort = 9877
 )
diff --git a/install/installer/pkg/components/server/deployment.go b/install/installer/pkg/components/server/deployment.go
@@ -351,6 +351,9 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
 							}, {
 								Name:          DebugNodePortName,
 								ContainerPort: common.DebugNodePort,
+							}, {
+								Name:          GRPCAPIName,
+								ContainerPort: GRPCAPIPort,
 							},
 							},
 							// todo(sje): do we need to cater for serverContainer.env from values.yaml?
diff --git a/install/installer/pkg/components/server/networkpolicy.go b/install/installer/pkg/components/server/networkpolicy.go
@@ -121,6 +121,32 @@ func Networkpolicy(ctx *common.RenderContext, component string) ([]runtime.Objec
 							},
 						},
 					},
+					{
+						Ports: []networkingv1.NetworkPolicyPort{
+							{
+								Protocol: common.TCPProtocol,
+								Port:     &intstr.IntOrString{IntVal: GRPCAPIPort},
+							},
+						},
+						From: []networkingv1.NetworkPolicyPeer{
+							{
+								PodSelector: &metav1.LabelSelector{
+									MatchLabels: map[string]string{
+										"app":       "gitpod",
+										"component": common.PublicApiComponent,
+									},
+								},
+							},
+							{
+								PodSelector: &metav1.LabelSelector{
+									MatchLabels: map[string]string{
+										"app":       "gitpod",
+										"component": common.UsageComponent,
+									},
+								},
+							},
+						},
+					},
 				},
 			},
 		},
diff --git a/install/installer/pkg/components/server/objects.go b/install/installer/pkg/components/server/objects.go
@@ -53,6 +53,11 @@ var Objects = common.CompositeRenderFunc(
 			ContainerPort: common.DebugNodePort,
 			ServicePort:   common.DebugNodePort,
 		},
+		{
+			Name:          GRPCAPIName,
+			ContainerPort: GRPCAPIPort,
+			ServicePort:   GRPCAPIPort,
+		},
 	}),
 	common.DefaultServiceAccount(Component),
 )

Original file line number	Diff line number	Diff line change
`@@ -29,4 +29,7 @@ const (`
`29`	`29`	`AdminCredentialsSecretName = "admin-credentials"`
`30`	`30`	`AdminCredentialsSecretMountPath = "/credentials/admin"`
`31`	`31`	`AdminCredentialsSecretKey = "admin.json"`
	`32`	`+`
	`33`	`+ GRPCAPIName = "grpc"`
	`34`	`+ GRPCAPIPort = 9877`
`32`	`35`	`)`