Skip to content

Commit

Permalink
feat: configure workspace start timeout from Che Cluster CR (#1576)
Browse files Browse the repository at this point in the history
* feat: configure workspace security context for container builds

Fix eclipse-che/che#21770

Signed-off-by: Andrew Obuchowicz <[email protected]>

* feat: add spec.devEnvironments.startTimeout to Che Cluster CR

Signed-off-by: Andrew Obuchowicz <[email protected]>

* chore: add tests for configuring DWO progressTimeout with Che Cluster CR

Signed-off-by: Andrew Obuchowicz <[email protected]>

* chore: update deployment, bundle, CSV and CRD

Signed-off-by: Andrew Obuchowicz <[email protected]>

* Update resources

Signed-off-by: Anatolii Bazko <[email protected]>

Signed-off-by: Andrew Obuchowicz <[email protected]>
Signed-off-by: Anatolii Bazko <[email protected]>
Co-authored-by: Anatolii Bazko <[email protected]>
  • Loading branch information
AObuchow and tolusha authored Dec 28, 2022
1 parent 4774568 commit 571cd1e
Show file tree
Hide file tree
Showing 13 changed files with 408 additions and 7 deletions.
9 changes: 8 additions & 1 deletion api/v2/checluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ type CheClusterSpec struct {
// +optional
// +operator-sdk:csv:customresourcedefinitions:type=spec,order=1
// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Development environments"
// +kubebuilder:default:={disableContainerBuildCapabilities: true, defaultComponents: {{name: universal-developer-image, container: {image: "quay.io/devfile/universal-developer-image:ubi8-38da5c2"}}}, defaultEditor: che-incubator/che-code/insiders, storage: {pvcStrategy: per-user}, defaultNamespace: {template: <username>-che, autoProvision: true}, secondsOfInactivityBeforeIdling:1800, secondsOfRunBeforeIdling:-1}
// +kubebuilder:default:={disableContainerBuildCapabilities: true, defaultComponents: {{name: universal-developer-image, container: {image: "quay.io/devfile/universal-developer-image:ubi8-38da5c2"}}}, defaultEditor: che-incubator/che-code/insiders, storage: {pvcStrategy: per-user}, defaultNamespace: {template: <username>-che, autoProvision: true}, secondsOfInactivityBeforeIdling:1800, secondsOfRunBeforeIdling:-1, startTimeoutSeconds:300}
DevEnvironments CheClusterDevEnvironments `json:"devEnvironments"`
// Che components configuration.
// +optional
Expand Down Expand Up @@ -123,6 +123,13 @@ type CheClusterDevEnvironments struct {
// If not specified, the pod scheduler is set to the default scheduler on the cluster.
// +optional
PodSchedulerName string `json:"podSchedulerName,omitempty"`
// StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start
// before it is automatically failed.
// If not specified, the default value of 300 seconds (5 minutes) is used.
// +optional
// +kubebuilder:validation:Minimum:=1
// +kubebuilder:default:=300
StartTimeoutSeconds *int32 `json:"startTimeoutSeconds,omitempty"`
}

// Che components configuration.
Expand Down
5 changes: 5 additions & 0 deletions api/v2/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che.v7.59.0-742.next
name: eclipse-che.v7.59.0-744.next
namespace: placeholder
spec:
apiservicedefinitions: {}
Expand Down Expand Up @@ -1233,7 +1233,7 @@ spec:
minKubeVersion: 1.19.0
provider:
name: Eclipse Foundation
version: 7.59.0-742.next
version: 7.59.0-744.next
webhookdefinitions:
- admissionReviewVersions:
- v1
Expand Down
10 changes: 10 additions & 0 deletions bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5410,6 +5410,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -7005,6 +7006,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it
is automatically failed. If not specified, the default value
of 300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
10 changes: 10 additions & 0 deletions config/crd/bases/org.eclipse.che_checlusters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5271,6 +5271,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -6815,6 +6816,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
10 changes: 10 additions & 0 deletions deploy/deployment/kubernetes/combined.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5290,6 +5290,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -6834,6 +6835,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5285,6 +5285,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -6829,6 +6830,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
10 changes: 10 additions & 0 deletions deploy/deployment/openshift/combined.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5290,6 +5290,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -6834,6 +6835,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5285,6 +5285,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -6829,6 +6830,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5285,6 +5285,7 @@ spec:
disableContainerBuildCapabilities: true
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
Expand Down Expand Up @@ -6829,6 +6830,15 @@ spec:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
Expand Down
15 changes: 15 additions & 0 deletions pkg/common/constants/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,11 @@

package constants

import (
corev1 "k8s.io/api/core/v1"
"k8s.io/utils/pointer"
)

const (
// PostgresSQL
DefaultPostgresUser = "pgche"
Expand Down Expand Up @@ -139,4 +144,14 @@ var (
"app": "che",
"component": "che-gateway-config",
}

DefaultWorkspaceContainerSecurityContext = corev1.SecurityContext{
Capabilities: &corev1.Capabilities{
Add: []corev1.Capability{
"SETGID",
"SETUID",
},
},
AllowPrivilegeEscalation: pointer.BoolPtr(false),
}
)
22 changes: 20 additions & 2 deletions pkg/deploy/dev-workspace-config/dev_workspace_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
package devworkspaceconfig

import (
"fmt"

controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
chev2 "github.com/eclipse-che/che-operator/api/v2"
"github.com/eclipse-che/che-operator/pkg/common/chetypes"
Expand Down Expand Up @@ -56,7 +58,7 @@ func (d *DevWorkspaceConfigReconciler) Reconcile(ctx *chetypes.DeployContext) (r
dwoc.Config = &controllerv1alpha1.OperatorConfiguration{}
}

if err := updateWorkspaceConfig(&ctx.CheCluster.Spec.DevEnvironments, dwoc.Config); err != nil {
if err := updateWorkspaceConfig(ctx.CheCluster, dwoc.Config); err != nil {
return reconcile.Result{}, false, err
}

Expand All @@ -71,7 +73,8 @@ func (d *DevWorkspaceConfigReconciler) Finalize(ctx *chetypes.DeployContext) boo
return true
}

func updateWorkspaceConfig(devEnvironments *chev2.CheClusterDevEnvironments, operatorConfig *controllerv1alpha1.OperatorConfiguration) error {
func updateWorkspaceConfig(cheCluster *chev2.CheCluster, operatorConfig *controllerv1alpha1.OperatorConfiguration) error {
devEnvironments := &cheCluster.Spec.DevEnvironments
if operatorConfig.Workspace == nil {
operatorConfig.Workspace = &controllerv1alpha1.WorkspaceConfig{}
}
Expand All @@ -88,9 +91,24 @@ func updateWorkspaceConfig(devEnvironments *chev2.CheClusterDevEnvironments, ope
return err
}

operatorConfig.Workspace.ContainerSecurityContext = nil
if cheCluster.IsContainerBuildCapabilitiesEnabled() {
operatorConfig.Workspace.ContainerSecurityContext = constants.DefaultWorkspaceContainerSecurityContext.DeepCopy()
}

updateStartTimeout(operatorConfig, devEnvironments.StartTimeoutSeconds)
return nil
}

func updateStartTimeout(operatorConfig *controllerv1alpha1.OperatorConfiguration, startTimeoutSeconds *int32) {
if startTimeoutSeconds == nil {
// Allow the default start timeout of 5 minutes to be used if devEnvironments.StartTimeoutSeconds is unset
operatorConfig.Workspace.ProgressTimeout = ""
} else {
operatorConfig.Workspace.ProgressTimeout = fmt.Sprintf("%ds", *startTimeoutSeconds)
}
}

func updateWorkspaceStorageConfig(devEnvironments *chev2.CheClusterDevEnvironments, workspaceConfig *controllerv1alpha1.WorkspaceConfig) error {
pvcStrategy := utils.GetValue(devEnvironments.Storage.PvcStrategy, constants.DefaultPvcStorageStrategy)
isPerWorkspacePVCStorageStrategy := pvcStrategy == constants.PerWorkspacePVCStorageStrategy
Expand Down
Loading

0 comments on commit 571cd1e

Please sign in to comment.