April 2022 release of Gitpod Installer

See the docs for installation & update instructions: https://www.gitpod.io/docs/self-hosted/latest

Docker image: eu.gcr.io/gitpod-core-dev/build/installer:release-2022.4.0.3

New Feature Highlights

Self-signed certificates (beta)

You can now use self-signed certificates (certificates that are not signed by a known public certificate authority) for your self-hosted Gitpod installation. This is especially useful if you want to run Gitpod in a corporate environment that uses a corporate certificate authority. We've tested this in AWS (EKS), Azure (AKS) and K3s.

Note: Self-signed certs are currently not supported on Google Cloud Platform (GKE) because you cannot get containerd to trust other certificates without being restarted. Tracking issue here. We are in contact with Google for a fix.

Support for installing Gitpod in air-gapped Environments

We've made it easier to install Gitpod in air-gapped environments (an environment that is isolated to and from the internet). You can now get everything that you need to install Gitpod in a single bundle that you can then install into your air-gapped environment.

What's Changed

• [image-bob-builder] Add support for stargz by @aledbf in #8941
• [Analytics] Enrich 'workspace_started' call with projectId and type by @jakobhero in #8794
• [Analytics] Include Invite ID with Team created Call by @jakobhero in #8949
• Update team deletion confirmation modal by @gtsiolis in #8772
• Avoid using process.exit as we need to flush telemetry by @mads-hartmann in #8873
• ui: enlarge search box on dashboard by @tnir in #8813
• Revert "ui: enlarge search box on dashboard" by @easyCZ in #8969
• [installer] set the ServiceType as LB for ws-proxy by @nandajavarma in #8759
• [dashboard] Show prebuild status based on prebuild workspace record by @easyCZ in #8805
• telemetry: Enable data fields that were disabled by @Pothulapati in #8915
• Ignore VNC related ports on boot by @mads-hartmann in #8993
• Improve sidebar menu colors by @gtsiolis in #9002
• Iterate through pages of Bitbucket API's response by @laushinka in #8891
• Add health probes to GRPC servers validating network access by @aledbf in #8777
• [idea] ignore compiled files in gitpod repo by @easyCZ in #9008
• [changelog] updated changelog by @roboquat in #9009
• .werft/build: Refactor installer steps into dedicated class by @ArthurSens in #8884
• [installer] Add docs for workspace SSH access by @corneliusludmann in #8761
• Add epic issue template by @gtsiolis in #7556
• [idea] Ignore .idea/misc.xml which contains opened editor config by @easyCZ in #9015
• Extend compatibility of JetBrains Gateway plugin to the EAP version by @felladrin in #8917
• Push to KOTS on each branch by @MrSimonEmms in #9014
• [install]: document installing via kots by @MrSimonEmms in #8996
• [code] point code nightly to gp-code main release 1.66 by @filiptronicek in #9027
• Bump node version by @jeanp413 in #9029
• [changelog] updated changelog by @roboquat in #9032
• [ws-daemon] Remove tar file size limit by @csweichel in #9039
• [helm] Fix ws-daemon readiness probe by @csweichel in #9040
• [jb-gw]: add workspace branch & creation timespan column for workspace panel by @yaohui-wyh in #8940
• [code] Build stable image for 1.66 and use it in Insiders by @filiptronicek in #9044
• Fix auth providers by @AlexTugarev in #9046
• [code] Update stable to 1.66.0 by @filiptronicek in #9048
• [changelog] updated changelog by @roboquat in #9055
• [dashboard] Fix Settings menu colors in Dark theme by @jankeromnes in #9052
• [KOTS]: extract images from the Installer and put in the additionalImages array by @MrSimonEmms in #8962
• Add new VS Code domain to config maps by @filiptronicek in #9024
• [dashboard] Remove prebuild status errors from prebuild logs by @easyCZ in #9045
• .werft: Refactoring to use constant kubeconfig files instead of overrides by @ArthurSens in #9016
• [kots]: add distribution check to the KOTS preflights by @MrSimonEmms in #9060
• Switch KOTS publish to use envvars by @MrSimonEmms in #9061
• fix #9065: Blobserve does not launch in preview envs due to syntax er… by @meysholdt in #9066
• Add "publish-to-kots" flag in werft by @MrSimonEmms in #9070
• Fix db-migrations in Helm chart by @meysholdt in #9068
• [registry-facade] Add IPFS support by @csweichel in #9005
• Properly declare analytics variable by @ArthurSens in #9047
• [changelog] updated changelog by @roboquat in #9086
• Fix dead link for the source of docs by @tnir in #9087
• [cgroupv2] Enable fuse device by @Furisto in #8769
• Change reviewers for some workspace components by @kylos101 in #9092
• [bitbucket-server] support for projects and prebuilds by @AlexTugarev in #8896
• [registry-facade] Fix stored MF download failures by @csweichel in #9095
• [dashboard] Update success criteria dashboard by @princerachit in #9098
• [installer] Fix registry facade env variables for IPFS and redis by @aledbf in #9104
• Fix prebuild base selection by @laushinka in #9109
• [server] For GitLab projects without an owner avatar, fall back to the namespace avatar, or generate the default GitLab avatar by @jankeromnes in #8824
• [bitbucket-server] reuse icon from bitbucket by @AlexTugarev in #9099
• [dashboard] Update variable refresh option by @princerachit in #9105
• [changelog] updated changelog by @roboquat in #9119
• [ws-manager-bridge] Add spans for prebuild state and error by @easyCZ in #9120
• .werft/build: Issue certificates during preparation phase by @ArthurSens in #9076
• [db] Add statusVersion to prebuilds to track status version by @easyCZ in #9114
• [kots]: add a kernel version check to the preflights by @MrSimonEmms in #9083
• [dev] Add yq v4.23.1 as yq4 binary in dev image by @corneliusludmann in #9110
• Add ws-manager-bridge to pre-commit prettier checks by @easyCZ in #9123
• werft/observability: Address FIXME by @ArthurSens in #9124
• Added requirements to KOTS installation by @lucasvaltl in #9125
• [ws-manager-bridge] Publish metrics with stale prebuild events by @easyCZ in #9115
• [server] log client region on bad bearer auth requests by @AlexTugarev in #9130
• [gitpod-db] Don't consider garbage-collected prebuilds as potential bases for incremental prebuilds by @jankeromnes in #9121
• [ws-manager-bridge] Fix counting of stale prebuild events by @easyCZ in #9129
• [dashboard] Remove Prebuild logs and button from Project Settings by @easyCZ in #8831
• Install pre-commit hooks during prebuild by @easyCZ in #9134
• [ws-manager] Support custom CA certs by @csweichel in #9081
• [registry-facade] Configure credentials for Redis Sentinel by @aledbf in #9106
• add PVC feature flag by @sagor999 in #9118
• [ws-manager-bridge] Skip stale prebuild events by @easyCZ in #9116
• [changelog] updated changelog by @roboquat in #9144
• [local-app] Cleanup run command, apply recommended go style by @easyCZ in #8956
• [installer] Allow to set default workspace timeout by @corneliusludmann in #8576
• Properly update response in openvsx proxy by @jeanp413 in #9113
• [ws-manager-bridge] Log handling of prebuild update events by @easyCZ in #9151
• Revert '[ws-manager-bridge] Skip stale prebuild events' by @easyCZ in #9153
• [supervisor] remove supervisor_readiness for headless workspaces by @mustard-mh in #9154
• [observability] Update success criteria formula by @princerachit in #9146
• Point Insiders back to gp-code/main by @filiptronicek in #9158
• Redirect web page when instance changed by @mustard-mh in #9004
• [changelog] updated changelog by @roboquat in #9166
• [dashboard] Implement a PaymentContext and use it to hide payment features when payment is disabled by @jankeromnes in #9051
• Fix werft job wipe-devstaging by @iQQBot in #9169
• [ws-proxy] Deny HTTP ACME challenges by @aledbf in #9176
• [db] Add transformer to map MySQL BIGINT to Number, use for Prebuild.statusVersion by @easyCZ in #9152
• [kots]: update the logo by @MrSimonEmms in #9159
• [licensor] fix fallback for defaultlicense by @nandajavarma in #9175
• [jetbrains] repo plugins support by @akosyakov in #8630
• [code] Build stable image for 1.66.1 by @jeanp413 in #9184
• [code] Update stable to 1.66.1 by @jeanp413 in #9185
• Remove checkoutLocation from StartWorkspaceReq by @csweichel in #9007
• [image-builder-bob] Update buildkit to v0.10.1 by @aledbf in #9186
• [changelog] updated changelog by @roboquat in #9187
• [dashboard]: Use prebuild record when determining prebuild actions by @easyCZ in #8841
• [dashboard] support connect via SSH by @iQQBot in #9003
• [webapp] move admin redirects to App.tsx by @Pothulapati in #8925
• ws-daemon: Use a pair of veths instead of slirp4netns by @utam0k in #8955
• [dashboard] replace dev configuration with env vars by @trumbitta in #8970
• enable indexing with GoLand in prebuilds by @akosyakov in #9193
• Revert "ws-daemon: Use a pair of veths instead of slirp4netns" by @akosyakov in #9194
• Bitbucket Server: add token validator by @AlexTugarev in #9108
• [registry-facade] Refactoring by @aledbf in #9162
• werft: fix typo. by @utam0k in #9211
• [ws-manager-bridge] Skip stale prebuild events by @easyCZ in #9191
• [analytics] Fix default notification settings in analytics call by @jankeromnes in #9199
• [registry-facade] Fix IPFS/Redis validation by @aledbf in #9200
• [ci] fix jetbrains auto update error by @iQQBot in #9216
• Use veth instead of slirp4netns without affecting the supervisor by @utam0k in #9212
• Move publish Kots method under buildAndPublish by @ArthurSens in #9202
• [dashboard] display warning for latest IDE versions by @mustard-mh in #8783
• [installer] (optionally) surface "metadata.shortname" by @geropl in #9218
• werft: Replace terraform with gcloud nodejs lib by @ArthurSens in #9133
• Setup component (and dir) for public API server by @easyCZ in #9228
• [installer] Add custom CA secret support by @csweichel in #9082
• [ws-manager-bridge] Fix statusVersion comparison by @easyCZ in #9233
• [kots]: change the CPU and memory checks to be min not sum by @MrSimonEmms in #9071
• Remove slirp4netns from docker-up. by @utam0k in #9243
• [server] add vscode(-insiders) ouath2 clients by @filiptronicek in #6272
• Autofix: upgrade-nvm-tools by @autofix-bot in #9206
• [installer] Connect custom CA certs with wsman by @csweichel in #9239
• Update Readme Header's elements alignment by @felladrin in #9222
• [jb-gw]: disable new workspace button when url is blank by @yaohui-wyh in #9197
• [public-api-server] Setup leeway by @easyCZ in #9234
• Add maximumBackupCount and blobQuota configuration surface to the installer by @andrew-farries in #9227
• [installer] open-vsx: configure redis by @geropl in #9215
• [public-api-server] Serve a hello world over http by @easyCZ in #9251
• Fix memory leak in server by @AlexTugarev in #9255
• [installer] Allow composed render funcs to output no object by @easyCZ in #9254
• Stop running prebuilds for inactive projects (10+ weeks) by @jankeromnes in #9219
• [bitbucket-server] add to Git Integrations UI by @AlexTugarev in #9135
• [ws-daemon] Enable workspace IP forwarding by @csweichel in #9266
• [ws-daemon] Enable workspace IP forwarding by @csweichel in #9270
• [ws-daemon] Introduce IO limiting by @Furisto in #9271
• [devenv] Bump werft CLI by @csweichel in #9237
• [changelog] updated changelog by @roboquat in #9272
• ws-daemon: Update the workspacekit documentation by @utam0k in #9273
• Enable integration test for JetBrains IDEs by @iQQBot in #9203
• [installer] Disable definitely-gp by default by @Pothulapati in #9094
• [ws-daemon] Git configure safe.directory by @aledbf in #9279
• [public-api-server] Setup component in installer with experimental conf by @easyCZ in #9252
• enable indexing with GoLand latest in prebuild as well by @akosyakov in #9246
• [public-api-server] Simple gRPC server by @easyCZ in #9290
• [nsinsider] Make veth0 match container MTU by @csweichel in #9294
• Use dynamic links for downloading the latest version of JetBrains Tools by @felladrin in #9268
• [ws-daemon] Apply IO limits continuosly by @csweichel in #9295
• [public-api-server] Add k8s deployment into installer by @easyCZ in #9258
• [intellij] Update IDE image to build version 221.5080.210 by @github-actions in #9298
• Add experimental config values for the Server component by @andrew-farries in #9297
• [public-api-server] Enable in preview environments by @easyCZ in #9260
• [kubecdl] Set default project name by @aledbf in #9288
• [installer]: use fully qualified image name for redis image by @MrSimonEmms in #9304
• [registry-facade] remove supervisor from static layer by @iQQBot in #9315
• [changelog] updated changelog by @roboquat in #9312
• Make server githubApp.certSecretName configurable by @andrew-farries in #9305
• [ws-daemon] Improve cgroup plugin activation count by @csweichel in #9327
• [ws-daemon] Remove warning when cpu.stat does not exist by @aledbf in #9328
• [installer] Add missing ports to server, ws-manager-bridge by @geropl in #9330
• Add additional logging for io limiting by @Furisto in #9334
• Add WebApp to /components/common-go codeowners by @easyCZ in #9320
• [registry-facade] Do not log warning from local store already exist error by @aledbf in #9338
• Revert "[registry-facade] remove supervisor from static layer" by @sagor999 in #9344
• [supervisor] prevent slow clients to stale tasks in headless workspaces by @akosyakov in #9331
• [docker-up] Add docker-compose binary by @aledbf in #9360
• Update OpenSSH to v9.0 by @aledbf in #9367
• [observability] Add alert rule for high ws failure by @princerachit in #9220
• Automatically block users that are running blacklisted workloads by @Furisto in #9366
• [installer] fix redis pvc name incorrect by @mustard-mh in #9379
• [code] Build stable image for 1.66.2 by @jeanp413 in #9378
• [code] Update stable to 1.66.2 by @jeanp413 in #9381
• Revert "[ws-daemon] Fix CPU limit annotation" by @aledbf in #9382
• [ws-manager] add metrics to track initialize and finalize of workspaces by @sagor999 in #9355
• [ws-proxy] fix ACME challenge handler by @sagor999 in #9358
• Fix the shell error by @jenting in #9388
• [docker-up] Set the MTU using ceth0 value by @aledbf in #9356
• Add some missing component: labels to various helm chart templates by @andrew-farries in #9336
• [public-api-server] Group http and grpc servers into a baseserver package by @easyCZ in #9300
• [changelog] updated changelog by @roboquat in #9368
• [dashboard] add notice for stable back and change latest desc by @mustard-mh in #9293
• make vm support ssh gateway by @iQQBot in #9391
• [changelog] updated changelog by @roboquat in #9365
• [baseserver] Add prometheus metrics by @easyCZ in #9313
• [server] disallow deauthorization if account is blocked by @geropl in #9372
• [ws-daemon] Only limit storage device classes by @aledbf in #9309
• Fix deployments to core-dev-based preview environments by @mads-hartmann in #9403
• Fix default vscode settings sync value by @jeanp413 in #9278
• Ensure IO limits are written after first workspace is stopped by @Furisto in #9404
• Add installer-diff program by @andrew-farries in #9332
• [server] Stop signup for blocklisted email domains by @geropl in #9385
• [server] Cleanup (effectively) unused config: stage/KUBE_STAGE by @geropl in #9333
• [protocol] fix generate id for bad repo names by @svenefftinge in #9402
• [baseserver] Allow zero port to automatically assign port by @easyCZ in #9396
• [ws-manager] Support image-builder on ws-manager gRPC connection by @csweichel in #9335
• [installer] Rename common.Affinity to NodeAffinity by @andrew-farries in #9400
• ws-daemon: align to decide if cgroup v2. by @utam0k in #9390
• [phpstorm] Update IDE image to build version 221.5080.224 by @github-actions in #9349
• [pycharm] Update IDE image to build version 221.5080.212 by @github-actions in #9322
• [goland] Update IDE image to build version 221.5080.224 by @github-actions in #9348
• [changelog] updated changelog by @roboquat in #9415
• Blocking users by matching email domains suffixes by @geropl in #9409
• [werft] change routeros to kubectl port-forward by @iQQBot in #9416
• [server] Add priorization to repo URLs by @svenefftinge in #9317
• [public-api] Ensure no objects are rendered by installer without experimental config by @easyCZ in #9324
• [public-api] Add unimplemented workspace service by @easyCZ in #9397
• [public-api] Extend k8s definitions with a service by @easyCZ in #9362
• [werft] Improve findFreeHostPorts speed by @aledbf in #9361
• [ws-man-bridge] Document when unknown workspace instance occurs by @easyCZ in #9424
• Revert "Fix the shell error" by @mustard-mh in #9429
• Allow workspace timeouts to be extended when a user has workspaces in multiple regions by @andrew-farries in #9427
• [public-api] Route api. to public api service & deployment by @easyCZ in #9363
• Add I/O limit plugin for cgroup v1 by @aledbf in #9428
• [ws-daemon] Refactor configuration of I/O limits by @aledbf in #9437
• [ws-daemon] Support config reload for IO limits by @csweichel in #9440
• [changelog] updated changelog by @roboquat in #9441
• [ide] Initialize a shared terminal on JetBrains IDEs when a workspace starts by @felladrin in #9443
• [public-api] Register unimplemented Prebuild service by @easyCZ in #9398
• [baseserver] Helper for starting server in tests by @easyCZ in #9436
• [server, dashboard] Refactor User.getPrimaryEmail to return "string | undefined" instead of throwing an error by @geropl in #9446
• [werft] ensure add dns record after delete is done by @iQQBot in #9418
• [public-api] Fix semantic merge by @easyCZ in #9448
• [werft] Add cleanup unuse loadbalancer for cleanup job by @iQQBot in #9417
• [installer] reduce openvsx-proxy request memory by @mustard-mh in #9449
• [wsman-bridge] Lint typescript files by @easyCZ in #9447
• [kots]: enable use of a local registry by @MrSimonEmms in #9155
• [supervisor-api] New API endpoint to set active client by @andreafalzetti in #9224
• [Analytics] Track current user's subscription(s) at login by @jakobhero in #8660
• [jb] allow to specify plugins per a product by @akosyakov in #9445
• [Self-Hosted] Allow integrating with 'github.com' without a GitHub App by @jankeromnes in #9231
• [kots]: move dropImageRepo config to when using local registry by @MrSimonEmms in #9458
• [server] fix "floating promises" error by @svenefftinge in #9463
• [server] Optimization: Map GitHub API repositories during pagination, not after by @jankeromnes in #9462
• [ws-manager] fix workspace status flipping pending to deleted by @sagor999 in #9438
• [code] Build stable image for 1.66.2 with proxy fix by @jeanp413 in #9464
• [baseserver] Add /ready and /live endpoints, with config by @easyCZ in #9319
• [server] enhance log message for image build by @svenefftinge in #9477
• [Observability] Add node resource consumption dashboards by @princerachit in #9480
• [public-api] Use /ready and /live for probes by @easyCZ in #9478
• [kots]: add an installation status pod by @MrSimonEmms in #9455
• Fix validation of user env vars by @geropl in #9460
• [ws-man-bridge] Add started and completed metrics to track health by @easyCZ in #9422
• [dashboard] Make sure we have the auth cookie set before redirecting to the workspace URL by @geropl in #9488
• [code] Update stable to 1.66.2 with proxy fix by @jeanp413 in #9470
• [ws-daemon] Check blkio throttle exists by @aledbf in #9493
• [jetbrains] experimental support of warm up in prebuilds by @akosyakov in #9450
• [changelog] updated changelog by @roboquat in #9512
• mess with tracing by @AlexTugarev in #9281
• Update dev image by @aledbf in #9465
• [ws-manager-bridge] Fix workspace instance update started total metric incrementing by @easyCZ in #9516
• [ws-man-bridge] Fix Workspace Instance status update dashboard to work across web-app clusters by @easyCZ in #9517
• [baseserver] Serve pprof on /debug/pprof by @easyCZ in #9476
• Fix issues with self-signed certificates by @Pothulapati in #9518
• [kots]: allow configuration of Open VSX URL by @MrSimonEmms in #9485
• [kots]: allow deployment whilst installer job running by @MrSimonEmms in #9471
• Fix check logic for I/O limits by @aledbf in #9527
• [bitbucket-server] handle pull-request context url by @AlexTugarev in #9524
• [gitpod-cli] Add README by @andreafalzetti in #9532
• [changelog] updated changelog by @roboquat in #9539
• [observability] Add alert when workspaces don't start by @princerachit in #9190
• [ide] Disable the exit dialog on JetBrains IDEs by @felladrin in #9528
• [build] Remove image check by @csweichel in #9533
• [installer]: Allow replica counts to be specified for all components by @andrew-farries in #9495
• [IDE] Run leeway link by @csweichel in #9519
• [observability] Fix Dashboard Error and add Nodepool by @princerachit in #9514
• [observability] Fix incorrect datasource by @princerachit in #9543
• Update Caddy to v2.5.0 by @aledbf in #9537
• [ws-daemon] Remove missing cpuacct.usage file log by @aledbf in #9548
• [workspacekit] Increase rin0 ws-daemon socket timeout by @aledbf in #9551
• Temporary fix for sporadic SSH connection issues by @mads-hartmann in #9552
• Use configured reverse proxy port rather than fixed port by @jenting in #9555
• [installer] Increase ws-daemon FailureThreshold by @aledbf in #9554
• Enhance heuristics to delete preview-environments by @wulfthimm in #9225
• [docker-up] Configure docker0 MTU by @aledbf in #9549
• enable IntelliJ and GoLand indexing in prebuilds by @akosyakov in #9561
• Fix E2E tests TestBaseImageBuild and TestParallelBaseImageBuild by @jenting in #9540
• [kots]: add configuration for using a custom CA certificate by @MrSimonEmms in #9566
• Speed up edit-compile-run loop for workspace components by @Furisto in #9569
• Fix go mod verify failed in test folder by @jenting in #9574
• [supervisor] Do not report error when the process is terminated by @aledbf in #9572
• [changelog] updated changelog by @roboquat in #9573
• Update registry-facade to use https-certificate by @Pothulapati in #9553

New Contributors

• @tnir made their first contribution in #8813
• @yaohui-wyh made their first contribution in #8940

Full Changelog: 2022.03.0...2022.04.0-rc0