[memory-bank] More components (ide-service, registry-facade, image-builder-mk3)

Tool: gitpod/catfood.gitpod.cloud

Author: geropl

memory-bank/activeContext.md

@@ -22,6 +22,9 @@ Key areas of focus include:
   - ws-manager-mk2: Kubernetes controller for managing workspace lifecycle
   - supervisor: Init process that runs inside each workspace container
   - ws-daemon: Node-level daemon for workspace operations
+  - ide-service: Manages IDE configurations and resolves workspace IDE requirements
+  - registry-facade: Modifies container images by adding layers for workspaces
+  - image-builder-mk3: Builds custom workspace images from user-defined Dockerfiles
 
 As work progresses, this section will continue to be updated to reflect:
 - Additional component documentation
@@ -34,15 +37,11 @@ As work progresses, this section will continue to be updated to reflect:
 
 The immediate next steps are:
 
-1. **Continue Component Documentation**: Document additional key components such as:
-   - ide-service
-   - registry-facade
-   - image-builder
-2. **Explore Component Interactions**: Understand how components interact with each other
-3. **Set Up Development Environment**: Configure a local development environment for effective testing
-4. **Identify Initial Tasks**: Determine specific tasks or improvements to focus on
-5. **Establish Testing Approach**: Define how changes will be tested and validated
-6. **Update Memory Bank**: Continue to refine and expand the memory bank as new information is discovered
+1. **Explore Component Interactions**: Understand how components interact with each other
+2. **Set Up Development Environment**: Configure a local development environment for effective testing
+3. **Identify Initial Tasks**: Determine specific tasks or improvements to focus on
+4. **Establish Testing Approach**: Define how changes will be tested and validated
+5. **Update Memory Bank**: Continue to refine and expand the memory bank as new information is discovered
 
 ## Active Decisions and Considerations
 

memory-bank/components/ide-service.md

@@ -0,0 +1,117 @@
+# IDE Service Component
+
+## Overview
+
+The IDE Service is a critical component in Gitpod that manages IDE configurations, resolves workspace IDE requirements, and provides information about available IDEs to other components in the system. It serves as the central authority for IDE-related information and decision-making.
+
+## Purpose
+
+The primary purposes of the IDE Service are:
+- Manage and serve IDE configuration information
+- Resolve which IDE images should be used for workspaces
+- Provide IDE configuration to clients and other services
+- Handle IDE version management and pinning
+- Support multiple IDE types (browser-based and desktop)
+- Integrate with various IDE clients (VS Code, JetBrains, etc.)
+
+## Architecture
+
+The IDE Service operates as a gRPC server with several key components:
+
+1. **Config Manager**: Manages and serves IDE configuration information
+2. **Workspace Config Resolver**: Determines the appropriate IDE configuration for workspaces
+3. **Docker Registry Integration**: Interacts with container registries for IDE images
+4. **Experiments Integration**: Supports feature flags and experiments for IDE features
+
+The service is designed to be lightweight and stateless, primarily serving configuration information and making decisions based on user preferences, workspace requirements, and system configuration.
+
+## Key Files and Structure
+
+- `main.go`: Entry point that calls the Execute function from the cmd package
+- `cmd/root.go`: Defines the root command and basic service configuration
+- `cmd/run.go`: Implements the main service functionality
+- `pkg/server/server.go`: Core server implementation
+- `pkg/server/ideconfig.go`: IDE configuration handling
+- `example-ide-config.json`: Example IDE configuration file
+
+## Dependencies
+
+### Internal Dependencies
+- `components/common-go:lib`: Common Go utilities
+- `components/gitpod-protocol/go:lib`: Gitpod protocol definitions
+- `components/ide-service-api/go:lib`: IDE service API definitions
+
+### External Dependencies
+- Docker registry client libraries
+- gRPC for service communication
+- JSON schema validation
+- Prometheus for metrics
+
+## Configuration
+
+The IDE Service is configured via two primary JSON configuration files:
+
+### Service Configuration
+- Server address and port
+- Docker registry authentication
+- IDE configuration file path
+
+### IDE Configuration
+- Available IDEs and their properties
+- IDE image references
+- IDE version information
+- Client configuration (VS Code, JetBrains Gateway, etc.)
+- Default IDE settings
+
+## API Services
+
+The IDE Service exposes a gRPC API that provides:
+
+1. **GetConfig**: Retrieves the current IDE configuration
+2. **ResolveWorkspaceConfig**: Determines the appropriate IDE configuration for a workspace based on:
+   - User preferences
+   - Workspace requirements
+   - IDE availability
+   - Client type (browser, desktop application)
+
+## Integration Points
+
+The IDE Service integrates with:
+1. **Workspace Manager**: Provides IDE configuration for workspace creation
+2. **Supervisor**: Supplies IDE configuration for workspace initialization
+3. **Dashboard**: Provides available IDE options for user selection
+4. **Docker Registry**: Retrieves IDE image information
+5. **Experiments Service**: For feature flags and A/B testing
+
+## IDE Management
+
+The IDE Service manages several types of IDEs:
+1. **Browser-based IDEs**:
+   - VS Code (browser version)
+   - Other web-based editors
+
+2. **Desktop IDEs**:
+   - VS Code Desktop
+   - JetBrains IDEs (IntelliJ, GoLand, PyCharm, PhpStorm)
+
+For each IDE, it manages:
+- Container images
+- Version information
+- Client integration details
+- Configuration options
+
+## Common Usage Patterns
+
+The IDE Service is typically used to:
+1. Provide IDE configuration to the dashboard for user selection
+2. Resolve which IDE images should be used for a workspace
+3. Handle IDE version pinning and updates
+4. Support different IDE clients (browser, desktop applications)
+5. Manage IDE-specific configuration options
+
+## Related Components
+
+- **Supervisor**: Uses IDE configuration to start the appropriate IDE
+- **Workspace Manager**: Incorporates IDE requirements into workspace creation
+- **Dashboard**: Displays IDE options to users
+- **Content Service**: May interact for IDE plugin management

memory-bank/components/image-builder-mk3.md

@@ -0,0 +1,123 @@
+# Image Builder MK3 Component
+
+## Overview
+
+The Image Builder MK3 is a service that runs in Gitpod clusters and is responsible for building custom workspace images based on user-defined configurations. It provides APIs to create and list workspace image builds, resolve workspace Docker image references, and listen to build updates and logs.
+
+## Purpose
+
+The primary purposes of the Image Builder MK3 are:
+- Build custom workspace images based on user-defined Dockerfiles
+- Manage the lifecycle of image builds
+- Provide APIs for creating and monitoring image builds
+- Resolve workspace Docker image references
+- Cache frequently used base images
+- Stream build logs to clients
+
+## Architecture
+
+The Image Builder MK3 operates as a gRPC service with several key components:
+
+1. **Orchestrator**: Manages the image build process
+2. **Reference Resolver**: Resolves Docker image references
+3. **Build Manager**: Handles build creation and status tracking
+4. **Log Streamer**: Streams build logs to clients
+5. **Cache Manager**: Manages caching of frequently used images
+
+The service interacts with the Workspace Manager to coordinate image builds and with container registries to store and retrieve images.
+
+## Key Files and Structure
+
+- `main.go`: Entry point that calls the Execute function from the cmd package
+- `cmd/root.go`: Defines the root command and basic service configuration
+- `cmd/run.go`: Implements the main service functionality
+- `pkg/orchestrator/`: Core orchestration logic for image builds
+- `pkg/resolve/`: Image reference resolution
+
+## Dependencies
+
+### Internal Dependencies
+- `components/common-go:lib`: Common Go utilities
+- `components/content-service-api/go:lib`: Content service API definitions
+- `components/content-service:lib`: Content service client
+- `components/image-builder-api/go:lib`: Image builder API definitions
+- `components/supervisor-api/go:lib`: Supervisor API definitions
+- `components/ws-manager-api/go:lib`: Workspace manager API definitions
+- `components/registry-facade-api/go:lib`: Registry facade API definitions
+
+### External Dependencies
+- Docker registry client libraries
+- Kubernetes client libraries
+- gRPC for service communication
+- Prometheus for metrics
+
+## Configuration
+
+The Image Builder MK3 is configured via a JSON configuration file that includes:
+
+### Orchestrator Configuration
+- Workspace Manager connection details
+- Pull secret for accessing private registries
+- Base image repository
+- Workspace image repository
+- Builder image reference
+
+### Reference Cache Configuration
+- Cache interval
+- References to cache
+
+### Server Configuration
+- gRPC server address and port
+- TLS settings
+
+## API Services
+
+The Image Builder MK3 exposes a gRPC API that provides:
+
+1. **BuildImage**: Initiates a new image build
+2. **ListBuilds**: Lists existing image builds
+3. **BuildStatus**: Retrieves the status of a specific build
+4. **BuildLogs**: Streams logs from a build
+5. **ResolveWorkspaceImage**: Resolves a workspace image reference
+
+## Build Process
+
+The image build process follows these steps:
+
+1. Client requests an image build via the API
+2. Image Builder creates a build record and initiates the build
+3. Builder container is created to execute the build
+4. Build logs are streamed back to the client
+5. Built image is pushed to the configured registry
+6. Build status is updated and made available to clients
+
+## Integration Points
+
+The Image Builder MK3 integrates with:
+1. **Workspace Manager**: For workspace coordination
+2. **Container Registries**: For storing and retrieving images
+3. **Kubernetes**: For running builder containers
+4. **Content Service**: For accessing workspace content
+
+## Security Considerations
+
+- Handles authentication with private registries
+- Requires proper IAM permissions when using cloud-based registries
+- Manages sensitive build context and credentials
+- Implements proper isolation for build processes
+
+## Common Usage Patterns
+
+The Image Builder MK3 is typically used to:
+1. Build custom workspace images from user-defined Dockerfiles
+2. Resolve workspace image references for workspace creation
+3. Monitor the progress of image builds
+4. Stream build logs to users
+5. Cache frequently used base images
+
+## Related Components
+
+- **Workspace Manager**: Coordinates with Image Builder for workspace creation
+- **Registry Facade**: Serves images built by Image Builder
+- **Content Service**: Provides content for image builds
+- **Supervisor**: Uses images built by Image Builder

memory-bank/components/registry-facade.md

@@ -0,0 +1,111 @@
+# Registry Facade Component
+
+## Overview
+
+The Registry Facade is a specialized component in Gitpod that acts as an intermediary between the container runtime and container registries. It dynamically modifies container images by adding layers required for Gitpod workspaces, such as the supervisor, IDE, and other tools, without actually modifying the original images.
+
+## Purpose
+
+The primary purposes of the Registry Facade are:
+- Intercept container image pulls from the container runtime
+- Dynamically add layers to workspace images (supervisor, IDE, tools)
+- Provide a unified view of modified images to the container runtime
+- Cache image layers for improved performance
+- Handle authentication with upstream container registries
+- Support various image sources and layer types
+
+## Architecture
+
+The Registry Facade operates as a Docker registry-compatible service with several key components:
+
+1. **Registry Server**: Implements the Docker Registry API to serve modified images
+2. **Layer Manager**: Handles the addition of static and dynamic layers to images
+3. **Authentication Handler**: Manages authentication with upstream registries
+4. **Caching System**: Caches image layers for improved performance
+5. **IPFS Integration**: Optional integration with IPFS for distributed layer storage
+
+The component acts as an "image layer smuggler," inserting layers into container images in a specific order to create the complete workspace environment.
+
+## Key Files and Structure
+
+- `main.go`: Entry point that calls the Execute function from the cmd package
+- `cmd/root.go`: Defines the root command and basic service configuration
+- `cmd/run.go`: Implements the main registry service
+- `cmd/setup.go`: Handles service setup and configuration
+- `pkg/registry/`: Core registry implementation
+
+## Dependencies
+
+### Internal Dependencies
+- `components/common-go:lib`: Common Go utilities
+- `components/registry-facade-api/go:lib`: Registry facade API definitions
+
+### External Dependencies
+- Docker registry client libraries
+- Containerd remote libraries
+- Prometheus for metrics
+- HTTP libraries for registry communication
+
+## Configuration
+
+The Registry Facade is configured via a JSON configuration file that includes:
+
+### Registry Configuration
+- Port for the registry server
+- Static layers to add to images
+- Storage location for the registry
+- Authentication requirements
+- IPFS integration settings
+
+### Blobserve Configuration
+- Port for the blobserve service
+- Repository configurations
+- Caching settings
+- Pre-pull configurations
+
+### Authentication Configuration
+- Docker authentication configuration file path
+
+## Layer Management
+
+The Registry Facade manages several types of layers that are added to workspace images:
+
+1. **Base Image**: The original container image for the workspace
+2. **Supervisor**: The Gitpod supervisor component
+3. **Workspacekit**: Tools for workspace management
+4. **DockerUp**: Docker support in workspaces
+5. **IDE**: The IDE (VS Code, JetBrains, etc.)
+6. **Desktop IDE**: Desktop versions of IDEs
+
+These layers are added in a specific order to create the complete workspace environment.
+
+## Integration Points
+
+The Registry Facade integrates with:
+1. **Container Runtime**: Serves modified images to the container runtime
+2. **Workspace Manager**: Consults with workspace manager for layer information
+3. **Upstream Registries**: Pulls base images from upstream registries
+4. **Blobserve**: Works with blobserve for static content serving
+5. **IPFS**: Optional integration for distributed layer storage
+
+## Security Considerations
+
+- Handles authentication with upstream registries
+- Manages sensitive Docker credentials
+- Requires proper IAM permissions when using cloud-based registries
+- Implements proper caching and storage security
+
+## Common Usage Patterns
+
+The Registry Facade is typically used to:
+1. Serve workspace images with added layers to the container runtime
+2. Cache frequently used layers for improved performance
+3. Handle authentication with private registries
+4. Provide a unified view of modified images
+
+## Related Components
+
+- **Workspace Manager**: Provides information about required layers
+- **Supervisor**: One of the layers added to workspace images
+- **Blobserve**: Works with Registry Facade for static content
+- **IDE Service**: Provides IDE layers that are added to images