This post documents the process of self-hosting Gitpod (with a Community plan). There is also a Professional plan offering available at https://www.gitpod.io/self-hosted. Please check it out.
One of the reasons I tried self-hosting Gitpod is to better understand its workspace orchestration & provision capability, which is hard to have a thorough understanding of, by just observing the user-space behavior. The widespread adoption of the Cloud is changing the Engineering Productivity landscape (which I’ve been working on), Gitpod demonstrates a path to a cloud-based development experience, which is fascinating to me. Also I need to setup a testbed to finish working on some PR for Gitpod’s OSS repository. So that’s how it began.
The underlying host machine I was using is a Tencent Cloud Virtual Machine (CVM) with the SA2.2XLARGE16
specification, which is a standard model with balanced performance. The VM is an 8-core 16GB instance, and it supports a pay-as-you-go billing model. Note that Gitpod has a requirement on the Node’s Kernel version (≥ 5.4.0), so better choose Ubuntu Server 20.04 LTS for OS Image.
To setup a Kubernetes cluster:
kubeconfig
file, so export the KUBECONFIG
envvar for other tools like helm
to access the k3s cluster. Note that k3s comes with kubectl
baked in, so setting an alias to k3s kubectl
is handier.calico-config
based on the Gitpod installation guide.The Certificate and Networking managements are well-known hard problems for software developers, even without the complexity of Kubernetes. I tried several approaches to avoid this particular rabbit hole, and later found out it’s better just to learn the necessary prior knowledge and follow the installation guide.
Some basic understanding I got:
cert-manager
is the “Certificates as a Service” in the Kubernetes ecosystem. It introduces CRDs like Certificate
/ Issuer
into the Kubernetes API.ACME
(Automated Certificate Management Environment) is a protocol proposed by Let’s Encrypt
. It allows an ACME
client (e.g. cert-manager
) to request (also renew/revoke) a certificate automatically from CA (e.g. Let’s Encrypt
)DNS-01 challenge
is a domain validation procedure, as you prove to CA that you control the domain name by putting a specific TXT record under it (by making API calls to the DNS provider). Different from other challenge types (such as HTTP-01
), DNS-01
allows issuing wildcard certificates (which Gitpod requires).Move on to the installation:
@
) and two wildcard subdomains (*
and *.ws
) from the DNS provider, pointing to the public IP of the VM. Make some digs to check if the settings work.cert-manager
.