feat: Import Devworkspace Che Operator (#925)

* Import of DWCO into CO.

Co-authored-by: Anatolii Bazko <[email protected]>
Co-authored-by: Michal Vala <[email protected]>

.ci/cico_updates_openshift.sh

@@ -39,10 +39,6 @@ runTests() {
   sleep 10s
   createWorkspaceDevWorkspaceController
   waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
-
-  sleep 10s
-  createWorkspaceDevWorkspaceCheOperator
-  waitAllPodsRunning ${DEVWORKSPACE_CHE_OPERATOR_TEST_NAMESPACE}
 }
 
 initDefaults

.ci/oci-devworkspace-happy-path.sh

@@ -48,7 +48,6 @@ function bumpPodsInfo() {
 function Catch_Finish() {
     # grab devworkspace-controller namespace events after running e2e
     bumpPodsInfo "devworkspace-controller"
-    bumpPodsInfo "devworkspace-che"
     bumpPodsInfo "admin-che"
     oc get devworkspaces -n "admin-che" -o=yaml > $ARTIFACTS_DIR/devworkspaces.yaml
 

.ci/oci-multi-host.sh

@@ -48,14 +48,9 @@ runTests() {
     enableDevWorkspaceEngine
     waitDevWorkspaceControllerStarted
 
-  sleep 10s
-  createWorkspaceDevWorkspaceController
-  waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
-
-  sleep 10s
-  createWorkspaceDevWorkspaceCheOperator
-  waitAllPodsRunning ${DEVWORKSPACE_CHE_OPERATOR_TEST_NAMESPACE}
-
+    sleep 10s
+    createWorkspaceDevWorkspaceController
+    waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
 }
 
 initDefaults

.ci/oci-single-host.sh

@@ -51,10 +51,6 @@ runTests() {
   sleep 10s
   createWorkspaceDevWorkspaceController
   waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
-
-  sleep 10s
-  createWorkspaceDevWorkspaceCheOperator
-  waitAllPodsRunning ${DEVWORKSPACE_CHE_OPERATOR_TEST_NAMESPACE}
 }
 
 initDefaults

.github/bin/common.sh

@@ -487,7 +487,6 @@ waitDevWorkspaceControllerStarted() {
 
   OPERATOR_POD=$(oc get pods -o json -n ${NAMESPACE} | jq -r '.items[] | select(.metadata.name | test("che-operator-")).metadata.name')
   oc logs ${OPERATOR_POD} -c che-operator -n ${NAMESPACE}
-  oc logs ${OPERATOR_POD} -c devworkspace-che-operator -n ${NAMESPACE}
 
   exit 1
 }
@@ -500,7 +499,7 @@ createWorkspaceDevWorkspaceController () {
   CURRENT_TIME=$(date +%s)
   ENDTIME=$(($CURRENT_TIME + 180))
   while [ $(date +%s) -lt $ENDTIME ]; do
-      if oc apply -f https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/samples/flattened_theia-nodejs.yaml -n ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}; then
+      if oc apply -f ${OPERATOR_REPO}/config/samples/devworkspace_flattened_theia-nodejs.yaml -n ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}; then
           break
       fi
       sleep 10
@@ -528,12 +527,6 @@ waitAllPodsRunning() {
   exit 1
 }
 
-createWorkspaceDevWorkspaceCheOperator() {
-  oc create namespace ${DEVWORKSPACE_CHE_OPERATOR_TEST_NAMESPACE}
-  sleep 10s
-  oc apply -f https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/samples/flattened_theia-nodejs.yaml -n ${DEVWORKSPACE_CHE_OPERATOR_TEST_NAMESPACE}
-}
-
 enableDevWorkspaceEngine() {
   kubectl patch checluster/eclipse-che -n ${NAMESPACE} --type=merge -p "{\"spec\":{\"server\":{\"customCheProperties\": {\"CHE_INFRA_KUBERNETES_ENABLE__UNSUPPORTED__K8S\": \"true\"}}}}"
   kubectl patch checluster/eclipse-che -n ${NAMESPACE} --type=merge -p '{"spec":{"devWorkspace":{"enable": true}}}'

.github/bin/minikube/test-olm.sh

@@ -39,6 +39,10 @@ runTest() {
   # Dev Workspace controller tests
   enableDevWorkspaceEngine
   waitDevWorkspaceControllerStarted
+
+  sleep 10s
+  createWorkspaceDevWorkspaceController
+  waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
 }
 
 initDefaults

.github/bin/minikube/test-operator-singlehost-gateway.sh

@@ -48,6 +48,10 @@ runTest() {
   # Dev Workspace controller tests
   enableDevWorkspaceEngine
   waitDevWorkspaceControllerStarted
+
+  sleep 10s
+  createWorkspaceDevWorkspaceController
+  waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
 }
 
 initDefaults

.github/bin/minikube/test-operator-singlehost-native.sh

@@ -47,6 +47,10 @@ runTest() {
   # Dev Workspace controller tests
   enableDevWorkspaceEngine
   waitDevWorkspaceControllerStarted
+
+  sleep 10s
+  createWorkspaceDevWorkspaceController
+  waitAllPodsRunning ${DEVWORKSPACE_CONTROLLER_TEST_NAMESPACE}
 }
 
 initDefaults

.github/workflows/release.yml

@@ -73,8 +73,6 @@ jobs:
           CHE_VERSION=${{ github.event.inputs.version }}
           DWO_VERSION=${{ github.event.inputs.dwoVersion }}
           if [[ ${DWO_VERSION} != "v"* ]]; then DWO_VERSION="v${DWO_VERSION}"; fi
-          DWO_CHE_VERSION=${{ github.event.inputs.dwoCheVersion }}
-          if [[ ${DWO_CHE_VERSION} != "v"* ]]; then DWO_CHE_VERSION="v${DWO_CHE_VERSION}"; fi
           echo "CHE_VERSION=${CHE_VERSION}"
           BRANCH=${CHE_VERSION%.*}.x
           echo "BRANCH=${BRANCH}"
@@ -93,10 +91,10 @@ jobs:
           export QUAY_ECLIPSE_CHE_PASSWORD=${{ secrets.QUAY_PASSWORD }}
 
           if [[ ${CHE_VERSION} == *".0" ]]; then
-            ./make-release.sh ${CHE_VERSION} --release --check-resources --release-olm-files --dev-workspace-controller-version ${DWO_VERSION} --dev-workspace-che-operator-version ${DWO_CHE_VERSION}
+            ./make-release.sh ${CHE_VERSION} --release --check-resources --release-olm-files --dev-workspace-controller-version ${DWO_VERSION}
           else
             git checkout ${BRANCH}
-            ./make-release.sh ${CHE_VERSION} --release --release-olm-files --dev-workspace-controller-version ${DWO_VERSION} --dev-workspace-che-operator-version ${DWO_CHE_VERSION}
+            ./make-release.sh ${CHE_VERSION} --release --release-olm-files --dev-workspace-controller-version ${DWO_VERSION}
           fi
 
           # default robot account on quay does not have permissions for application repos

Dockerfile

@@ -14,7 +14,6 @@ FROM registry.access.redhat.com/ubi8/go-toolset:1.15.13-4 as builder
 ENV GOPATH=/go/
 ENV RESTIC_TAG=v0.12.0
 ARG DEV_WORKSPACE_CONTROLLER_VERSION="main"
-ARG DEV_WORKSPACE_CHE_OPERATOR_VERSION="main"
 ARG DEV_HEADER_REWRITE_TRAEFIK_PLUGIN="main"
 USER root
 
@@ -52,10 +51,6 @@ RUN unzip /tmp/asset-devworkspace-operator.zip */deploy/deployment/* -d /tmp &&
     mkdir -p /tmp/devworkspace-operator/templates/ && \
     mv /tmp/devfile-devworkspace-operator-*/deploy /tmp/devworkspace-operator/templates/
 
-RUN unzip /tmp/asset-devworkspace-che-operator.zip */deploy/deployment/* -d /tmp && \
-    mkdir -p /tmp/devworkspace-che-operator/templates/ && \
-    mv /tmp/che-incubator-devworkspace-che-operator-*/deploy /tmp/devworkspace-che-operator/templates/
-
 RUN unzip /tmp/asset-header-rewrite-traefik-plugin.zip -d /tmp && \
     mkdir -p /tmp/header-rewrite-traefik-plugin && \
     mv /tmp/*-header-rewrite-traefik-plugin-*/headerRewrite.go /tmp/*-header-rewrite-traefik-plugin-*/.traefik.yml /tmp/header-rewrite-traefik-plugin
@@ -71,7 +66,6 @@ FROM registry.access.redhat.com/ubi8-minimal:8.4-205.1626828526
 COPY --from=builder /che-operator/che-operator /manager
 COPY --from=builder /che-operator/templates/*.sh /tmp/
 COPY --from=builder /tmp/devworkspace-operator/templates/deploy /tmp/devworkspace-operator/templates
-COPY --from=builder /tmp/devworkspace-che-operator/templates/deploy /tmp/devworkspace-che-operator/templates
 COPY --from=builder /tmp/header-rewrite-traefik-plugin /tmp/header-rewrite-traefik-plugin
 COPY --from=builder /tmp/restic/restic /usr/local/bin/restic
 COPY --from=builder /go/restic/LICENSE /usr/local/bin/restic-LICENSE.txt

Makefile

@@ -331,19 +331,6 @@ prepare-templates:
 	cp -rf /tmp/devfile-devworkspace-operator*/deploy/* /tmp/devworkspace-operator/templates
 	echo "[INFO] Downloading Dev Workspace operator templates completed."
 
-	# Download Dev Workspace Che operator templates
-	echo "[INFO] Downloading Dev Workspace Che operator templates ..."
-	rm -f /tmp/devworkspace-che-operator.zip
-	rm -rf /tmp/che-incubator-devworkspace-che-operator-*
-	rm -rf /tmp/devworkspace-che-operator/
-	mkdir -p /tmp/devworkspace-che-operator/templates
-
-	curl -sL https://api.github.com/repos/che-incubator/devworkspace-che-operator/zipball/${DEV_WORKSPACE_CHE_OPERATOR_VERSION} > /tmp/devworkspace-che-operator.zip
-
-	unzip -q /tmp/devworkspace-che-operator.zip '*/deploy/deployment/*' -d /tmp
-	cp -r /tmp/che-incubator-devworkspace-che-operator*/deploy/* /tmp/devworkspace-che-operator/templates
-	echo "[INFO] Downloading Dev Workspace operator templates completed."
-
 create-namespace:
 	set +e
 	kubectl create namespace ${ECLIPSE_CHE_NAMESPACE} || true
@@ -432,7 +419,7 @@ rm -rf $$TMP_DIR ;\
 endef
 
 update-roles:
-	echo "[INFO] Updating roles with DW and DWCO roles"
+	echo "[INFO] Updating roles with DW roles"
 
 	CLUSTER_ROLES=(
 	https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-view-workspaces.ClusterRole.yaml
@@ -441,11 +428,9 @@ update-roles:
 	https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-proxy-role.ClusterRole.yaml
 	https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-role.ClusterRole.yaml
 	https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-view-workspaces.ClusterRole.yaml
-	https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-role.ClusterRole.yaml
-	https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-metrics-reader.ClusterRole.yaml
 	)
 
-	# Updates cluster_role.yaml based on DW and DWCO roles
+	# Updates cluster_role.yaml based on DW roles
 	## Removes old cluster roles
 	cat config/rbac/cluster_role.yaml | sed '/CHE-OPERATOR ROLES ONLY: END/q0' > config/rbac/cluster_role.yaml.tmp
 	mv config/rbac/cluster_role.yaml.tmp config/rbac/cluster_role.yaml
@@ -461,7 +446,7 @@ update-roles:
 	done
 
 	ROLES=(
-	https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-leader-election-role.Role.yaml
+		# currently, there are no other roles we need to incorporate
 	)
 
 	# Updates role.yaml
@@ -669,8 +654,6 @@ bundle: generate manifests kustomize ## Generate bundle manifests and metadata,
 	if [ "$${platform}" = "openshift" ]; then
 		yq -riSY  '(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext."allowPrivilegeEscalation") = false' "$${NEW_CSV}"
 		yq -riSY  '(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext."runAsNonRoot") = true' "$${NEW_CSV}"
-		yq -riSY  '(.spec.install.spec.deployments[0].spec.template.spec.containers[1].securityContext."allowPrivilegeEscalation") = false' "$${NEW_CSV}"
-		yq -riSY  '(.spec.install.spec.deployments[0].spec.template.spec.containers[1].securityContext."runAsNonRoot") = true' "$${NEW_CSV}"
 	fi
 
 	# Format code.
@@ -809,39 +792,6 @@ update-deployment-yaml-images:
 	yq -riY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image\") | .value ) = \"$(JWT_PROXY_IMAGE)\"" $(OPERATOR_YAML)
 	$(MAKE) ensure-license-header FILE="config/manager/manager.yaml"
 
-update-devworkspace-container:
-	echo "[INFO] Update devworkspace container in the che-operator deployment"
-	# Deletes old DWCO container
-	yq -riY "del(.spec.template.spec.containers[1])" $(OPERATOR_YAML)
-	yq -riY ".spec.template.spec.containers[1].name = \"devworkspace-container\"" $(OPERATOR_YAML)
-
-	# Extract DWCO container spec from deployment
-	DWCO_CONTAINER=$$(curl -sL https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-manager.Deployment.yaml \
-	| sed '1,/containers:/d' \
-	| sed -n '/serviceAccountName:/q;p' \
-	| sed -e 's/^/  /')
-	echo "$${DWCO_CONTAINER}" > dwcontainer
-
-	# Add DWCO container to manager.yaml
-	sed -i -e '/- name: devworkspace-container/{r dwcontainer' -e 'd}' $(OPERATOR_YAML)
-	rm dwcontainer
-
-	# update securityContext
-	yq -riY ".spec.template.spec.containers[1].securityContext.privileged = false" $(OPERATOR_YAML)
-	yq -riY ".spec.template.spec.containers[1].securityContext.readOnlyRootFilesystem = false" $(OPERATOR_YAML)
-	yq -riY ".spec.template.spec.containers[1].securityContext.capabilities.drop[0] = \"ALL\"" $(OPERATOR_YAML)
-
-	# update env variable
-	yq -riY "del( .spec.template.spec.containers[1].env[] | select(.name == \"CONTROLLER_SERVICE_ACCOUNT_NAME\") | .valueFrom)" $(OPERATOR_YAML)
-	yq -riY "( .spec.template.spec.containers[1].env[] | select(.name == \"CONTROLLER_SERVICE_ACCOUNT_NAME\") | .value) = \"che-operator\"" $(OPERATOR_YAML)
-	yq -riY "del( .spec.template.spec.containers[1].env[] | select(.name == \"WATCH_NAMESPACE\") | .value)" $(OPERATOR_YAML)
-	yq -riY "( .spec.template.spec.containers[1].env[] | select(.name == \"WATCH_NAMESPACE\") | .valueFrom.fieldRef.fieldPath) = \"metadata.namespace\"" $(OPERATOR_YAML)
-
-	yq -riY ".spec.template.spec.containers[1].args[1] =  \"--metrics-addr\"" $(OPERATOR_YAML)
-	yq -riY ".spec.template.spec.containers[1].args[2] =  \"0\"" $(OPERATOR_YAML)
-
-	# $(MAKE) ensureLicense $(OPERATOR_YAML)
-
 update-dockerfile-image:
 	if [ -z $(UBI8_MINIMAL_IMAGE) ]; then
 		echo "[ERROR] Define `UBI8_MINIMAL_IMAGE` argument"
@@ -878,8 +828,6 @@ update-resource-images:
 	# Update che-operator Dockerfile
 	$(MAKE) update-dockerfile-image UBI8_MINIMAL_IMAGE="$${UBI8_MINIMAL_IMAGE}"
 
-	$(MAKE) update-devworkspace-container
-
 .PHONY: bundle-build
 bundle-build: ## Build the bundle image.
 	if [ -z "$(platform)" ]; then