The Workspace Daemon (ws-daemon) is a critical component that runs on each Kubernetes node in the Gitpod cluster. It manages workspace-related operations at the node level, including workspace initialization, content synchronization, backup, and resource management.
The primary purposes of the Workspace Daemon are:
- Initialize workspace content on the node
- Manage workspace backups and snapshots
- Enforce workspace resource limits (disk space, etc.)
- Monitor workspace health and status
- Provide low-level workspace operations that require node-level access
- Synchronize workspace content with storage backends
The Workspace Daemon operates as a node-level daemon with several key components:
- Content Manager: Handles workspace content initialization and synchronization
- Backup System: Manages periodic backups of workspace content
- Resource Controller: Enforces resource limits and quotas
- gRPC API Server: Provides an API for workspace operations
- Health Monitoring: Monitors workspace and node health
The daemon runs with elevated privileges on each node to perform operations that require system-level access, such as managing LVM volumes, enforcing disk quotas, and accessing workspace filesystems.
main.go: Entry point that calls the Execute function from the cmd packagecmd/root.go: Defines the root command and basic service configurationcmd/run.go: Implements the main daemon servicecmd/client*.go: Client commands for interacting with the daemonpkg/daemon/: Core daemon implementationpkg/content/: Workspace content managementnsinsider/: Namespace operations helper
components/common-go:lib: Common Go utilitiescomponents/content-service-api/go:lib: Content service API definitionscomponents/content-service:lib: Content service clientcomponents/ws-daemon-api/go:lib: Workspace daemon API definitionscomponents/ws-manager-api/go:lib: Workspace manager API definitionscomponents/ws-manager-mk2:crd: Workspace manager custom resource definitions
- Kubernetes client libraries
- Storage backend libraries (Minio, GCloud)
- System-level libraries for resource management
- gRPC for API communication
The Workspace Daemon is configured via a JSON configuration file that includes:
- Working area location
- Backup period
- Workspace size limits
- Storage backend configuration (Minio, GCloud)
- API server address
- TLS settings
- Prometheus metrics endpoint
- Health check settings
The Workspace Daemon integrates with:
- Workspace Manager: Receives workspace lifecycle events
- Content Service: For workspace content storage and retrieval
- Supervisor: For workspace-level operations
- Storage Backends: For content backup and synchronization
- Kubernetes: For node and pod information
- Runs with elevated privileges on the node
- Manages sensitive workspace content
- Enforces isolation between workspaces
- Handles resource limits and quotas
- Requires secure communication with other components
The Workspace Daemon is typically used to:
- Initialize workspace content when a workspace starts
- Perform periodic backups of workspace content
- Enforce disk quotas and resource limits
- Provide workspace snapshots for persistence
- Clean up workspace resources when a workspace is deleted
The Workspace Daemon implements sophisticated resource management:
- Disk Quotas: Enforces workspace disk usage limits
- Disk Space Monitoring: Ensures sufficient disk space is available on the node
- LVM Management: Creates and manages LVM volumes for workspaces (when applicable)
- Workspace Manager: Orchestrates workspace lifecycle, interacts with ws-daemon for node-level operations
- Supervisor: Runs inside workspace containers, interacts with ws-daemon for content operations
- Content Service: Provides storage for workspace content