Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid automatic creation of users namespaces through a configuration option #21582

Closed
Tracked by #21615
, #21653
...
l0rd opened this issue Jul 25, 2022 · 3 comments
Closed
Tracked by #21615
, #21653
...

Avoid automatic creation of users namespaces through a configuration option #21582

l0rd opened this issue Jul 25, 2022 · 3 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard kind/enhancement A feature request - must adhere to the feature request template. new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes severity/P1 Has a major impact to usage or development of the system.
Milestone
7.54

Comments

@l0rd
Copy link
Contributor

l0rd commented Jul 25, 2022
edited
Loading

Is your enhancement related to a problem? Please describe

In some cases administrators want to pre-create their namespaces and don't want to have Eclispe Che to automatically create them.

Describe the solution you'd like

Add a new property in CheCluster CR:

spec:
   components
   containerRegistry
   devEnvironments:
     defaultNamespace:
+      autoProvision: true   # <= true by default
       template
   networking

If spec.devEnvironments.defaultNamespace.disabled: true then Eclispe Che should not create namespaces if it doesn't exist. Eclispe Che should fail to start the workspace if the namespace doesn't exist:

⚠️
You are allowed to start a workspace as there is no Kubernetes Namespace assigned
to user <username> and the automatic creation of Namespaces is disabled in Che (
CheCluster spec.devEnvironments.defaultNamespace.autoProvision is set to false).

Read the documentation to create Namespaces in advance or contact your administrator to fix that.

Current workaround

To disable the automatic creation of users namespaces:

spec:
  components:
    cheServer:
      extraProperties:
        CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED: 'false'

Release Notes Text

A new field in CheCluster has been added to avoid that users namespaces get created automatically. If devEnvironments.defaultNamespace.autoProvision is set to false and a user doesn't have a Che namespace, workspace creation will fail. autoProvision is set to true by default.
@l0rd l0rd added the kind/enhancement A feature request - must adhere to the feature request template. label Jul 25, 2022
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jul 25, 2022
@l0rd l0rd added severity/P1 Has a major impact to usage or development of the system. area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Jul 25, 2022
@tolusha tolusha mentioned this issue Aug 6, 2022
Closed
67 tasks
@tolusha tolusha mentioned this issue Aug 25, 2022
Closed
82 tasks
@ibuziuk
Copy link
Member

ibuziuk commented Aug 31, 2022
edited
Loading

In order to prevent namespace creation currently one can specify the following CR property:

spec:
  components:
    cheServer:
      extraProperties:
        CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED: 'false'

When a user starts the workspace the following error will be shown if the admin has not provisioned the namespace for the user in advance:

image

Also, in CheCluster v1 we had a dedicated property allowUserDefinedWorkspaceNamespaces: false but it looks like it cease to exist in v2

In general, as part of this issue, we can probably improve the error message to make it more intuitive e.g. Failed to create a workspace. Namespace for 'username' has not been provisioned. Please, contact the cluster administrator

From the semantics perspective, we can also have a dedicated property autoProvision (true by default) in DevEnvironments (I personally find disabled proposal unintuitive)

 devEnvironments:
    defaultNamespace:
      autoProvision: false
      template: <username>-devspaces

@l0rd
Copy link
Contributor Author

l0rd commented Sep 1, 2022

+1 to autoProvision: false. I have updated the description.

This was referenced Sep 2, 2022
Merged
Merged
@tolusha tolusha added this to the 7.54 milestone Sep 5, 2022
@tolusha tolusha closed this as completed Sep 5, 2022
@l0rd l0rd added new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording labels Sep 8, 2022
@l0rd l0rd changed the title Add a CheCluster property to avoid automatic creation of users namespaces Avoid automatic creation of users namespaces through a configuration option Sep 8, 2022
@max-cx max-cx removed the status/release-notes-review-needed Issues that needs to be reviewed by the doc team for the Release Notes wording label Jan 12, 2023
@devstudio-release
Copy link

sync'd to Red Hat JIRA https://issues.redhat.com/browse/CRW-3317

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/dashboard kind/enhancement A feature request - must adhere to the feature request template. new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.54
Development

No branches or pull requests
6 participants
@l0rd @ibuziuk @tolusha @devstudio-release @che-bot @max-cx