seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: Run DWCO and CO in a same pod but different containers (#745) 

Co-authored-by: Lukas Krejci <lkrejci@redhat.com>
pull/868/head
Anatolii Bazko 2021-07-01 23:36:56 +03:00 committed by GitHub
parent f8fd11b28e
commit 65e3cac0a8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
27 changed files with 5050 additions and 823 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
.github/bin/check-resources.sh vendored
View File

@ -13,6 +13,8 @@
# Checks if repository resources are up to date:
# - CRDs
# - nightly olm bundle
# - Dockerfile & operator.yaml
# - DW resources
set -e
@ -27,13 +29,17 @@ installOperatorSDK() {
if [[ ! -x "${OPERATOR_SDK_BINARY}" ]]; then
OPERATOR_SDK_TEMP_DIR="$(mktemp -q -d -t "OPERATOR_SDK_XXXXXX" 2>/dev/null || mktemp -q -d)"
pushd "${OPERATOR_SDK_TEMP_DIR}" || exit
echo "[INFO] Downloading 'operator-sdk' cli tool..."
OPERATOR_SDK=$(yq -r ".\"operator-sdk\"" "${ROOT_PROJECT_DIR}/REQUIREMENTS")
curl -sLo operator-sdk $(curl -sL https://api.github.com/repos/operator-framework/operator-sdk/releases/tags/${OPERATOR_SDK} | jq -r "[.assets[] | select(.name == \"operator-sdk-${OPERATOR_SDK}-x86_64-linux-gnu\")] | first | .browser_download_url")
export OPERATOR_SDK_BINARY="${OPERATOR_SDK_TEMP_DIR}/operator-sdk"
chmod +x "${OPERATOR_SDK_BINARY}"
echo "[INFO] Downloading completed!"
echo "[INFO] $(${OPERATOR_SDK_BINARY} version)"
popd || exit
fi
}
@ -41,10 +47,7 @@ installOperatorSDK() {
updateResources() {
export NO_DATE_UPDATE="true"
export NO_INCREMENT="true"
pushd "${ROOT_PROJECT_DIR}" || true
source "${ROOT_PROJECT_DIR}/olm/update-resources.sh"
popd || true
. "${ROOT_PROJECT_DIR}/olm/update-resources.sh"
}
# check_che_types function check first if pkg/apis/org/v1/che_types.go file suffer modifications and
@ -63,10 +66,9 @@ checkCRDs() {
local checlusterbackup_CRD_V1BETA1="deploy/crds/org.eclipse.che_checlusterbackups_crd-v1beta1.yaml"
local checlusterrestore_CRD_V1BETA1="deploy/crds/org.eclipse.che_checlusterrestores_crd-v1beta1.yaml"
pushd "${ROOT_PROJECT_DIR}"
source "${ROOT_PROJECT_DIR}/olm/update-resources.sh"
changedFiles=($(git diff --name-only))
changedFiles=(
$(git diff --name-only)
)
# Check if there are any difference in the crds. If yes, then fail check.
if [[ " ${changedFiles[*]} " =~ $checluster_CRD_V1 ]] || [[ " ${changedFiles[*]} " =~ $checluster_CRD_V1BETA1 ]] || \
@ -80,7 +82,6 @@ checkCRDs() {
else
echo "[INFO] CRDs files are up to date."
fi
popd
}
checkNightlyOlmBundle() {
@ -90,9 +91,9 @@ checkNightlyOlmBundle() {
local CRD_FILE_KUBERNETES="deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml"
local CRD_FILE_OPENSHIFT="deploy/olm-catalog/nightly/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml"
pushd "${ROOT_PROJECT_DIR}" || true
changedFiles=($(git diff --name-only))
changedFiles=(
$(git diff --name-only)
)
if [[ " ${changedFiles[*]} " =~ $CSV_FILE_OPENSHIFT ]] || [[ " ${changedFiles[*]} " =~ $CSV_FILE_OPENSHIFT ]] || \
[[ " ${changedFiles[*]} " =~ $CRD_FILE_KUBERNETES ]] || [[ " ${changedFiles[*]} " =~ $CRD_FILE_OPENSHIFT ]]; then
echo "[ERROR] Nighlty bundle is not up to date: ${BASH_REMATCH}"
@ -101,17 +102,15 @@ checkNightlyOlmBundle() {
else
echo "[INFO] Nightly bundles are up to date."
fi
popd || true
}
checkDockerfile() {
# files to check
local Dockerfile="Dockerfile"
pushd "${ROOT_PROJECT_DIR}" || true
changedFiles=($(git diff --name-only))
changedFiles=(
$(git diff --name-only)
)
if [[ " ${changedFiles[*]} " =~ $Dockerfile ]]; then
echo "[ERROR] Dockerfile is not up to date"
echo "[ERROR] Run 'olm/update-resources.sh' to update Dockerfile"
@ -119,17 +118,15 @@ checkDockerfile() {
else
echo "[INFO] Dockerfile is up to date."
fi
popd || true
}
checkOperatorYaml() {
# files to check
local OperatorYaml="deploy/operator.yaml"
pushd "${ROOT_PROJECT_DIR}" || true
changedFiles=($(git diff --name-only))
changedFiles=(
$(git diff --name-only)
)
if [[ " ${changedFiles[*]} " =~ $OperatorYaml ]]; then
echo "[ERROR] $OperatorYaml is not up to date"
echo "[ERROR] Run 'olm/update-resources.sh' to update $OperatorYaml"
@ -137,15 +134,37 @@ checkOperatorYaml() {
else
echo "[INFO] $OperatorYaml is up to date."
fi
}
popd || true
checkRoles() {
# files to check
local RoleYaml="deploy/role.yaml"
local ClusterRoleYaml="deploy/cluster_role.yaml"
local ProxyClusterRoleYaml="deploy/proxy_cluster_role.yaml"
changedFiles=(
$(git diff --name-only)
)
if [[ " ${changedFiles[*]} " =~ $RoleYaml ]] || [[ " ${changedFiles[*]} " =~ $ClusterRoleYaml ]] || [[ " ${changedFiles[*]} " =~ $ProxyClusterRoleYaml ]]; then
echo "[ERROR] Roles are not up to date: ${BASH_REMATCH}"
echo "[ERROR] Run 'olm/update-resources.sh' to update them."
exit 1
else
echo "[INFO] Roles are up to date."
fi
}
installOperatorSDK
pushd "${ROOT_PROJECT_DIR}" || true
updateResources
checkCRDs
checkRoles
checkNightlyOlmBundle
checkDockerfile
checkOperatorYaml
popd || true
echo "[INFO] Done."

1
Dockerfile
View File

@ -57,6 +57,7 @@ COPY --from=builder /che-operator/templates/keycloak-update.sh /tmp/keycloak-upd
COPY --from=builder /che-operator/templates/oauth-provision.sh /tmp/oauth-provision.sh
COPY --from=builder /che-operator/templates/delete-identity-provider.sh /tmp/delete-identity-provider.sh
COPY --from=builder /che-operator/templates/create-github-identity-provider.sh /tmp/create-github-identity-provider.sh
COPY --from=builder /tmp/devworkspace-operator/templates/deploy /tmp/devworkspace-operator/templates
COPY --from=builder /tmp/devworkspace-che-operator/templates/deploy /tmp/devworkspace-che-operator/templates
COPY --from=builder /tmp/restic/restic /usr/local/bin/restic

1
cmd/manager/main.go
View File

@ -119,6 +119,7 @@ func main() {
// Create a new Cmd to provide shared dependencies and start components
options := manager.Options{
Namespace: namespace,
MetricsBindAddress: ":8081",
HealthProbeBindAddress: ":6789",
}

23
deploy.sh
View File

@ -11,18 +11,27 @@
# Red Hat, Inc. - initial API and implementation
set -e
set -x
BASE_DIR=$(cd "$(dirname "$0")"; pwd)
NAMESPACE="eclipse-che"
CHE_OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly"
NAMESPACE=$1
while [[ "$#" -gt 0 ]]; do
case $1 in
'--namespace'|'-n') NAMESPACE=$2; shift 1;;
'--che-operator-image'|'-i') CHE_OPERATOR_IMAGE=$2; shift 1;;
esac
shift 1
done
set +e; oc create namespace $NAMESPACE; set -e
oc apply -f ${BASE_DIR}/deploy/service_account.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/role.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/role_binding.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/cluster_role.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/cluster_role_binding.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/proxy_cluster_role.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/proxy_cluster_role_binding.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/crds/org_v1_che_crd.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml -n $NAMESPACE
@ -30,5 +39,11 @@ oc apply -f ${BASE_DIR}/deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml
# sometimes the operator cannot get CRD right away
sleep 2
oc apply -f ${BASE_DIR}/deploy/operator.yaml -n $NAMESPACE
cp -f ${BASE_DIR}/deploy/operator.yaml /tmp/operator.yaml
yq -riyY "( .spec.template.spec.containers[] | select(.name == \"che-operator\") | .image ) = \"${CHE_OPERATOR_IMAGE}\"" /tmp/operator.yaml
oc apply -f /tmp/operator.yaml -n $NAMESPACE
oc apply -f ${BASE_DIR}/deploy/crds/org_v1_che_cr.yaml -n $NAMESPACE
echo "[INFO] Start printing logs..."
oc wait --for=condition=ready pod -l app.kubernetes.io/component=che-operator -n $NAMESPACE --timeout=60s
oc logs $(oc get pods -o json -n $NAMESPACE | jq -r '.items[] | select(.metadata.name | test("che-operator-")).metadata.name') -n $NAMESPACE --all-containers -f

760
deploy/cluster_role.yaml
View File

@ -17,6 +17,7 @@ metadata:
app.kubernetes.io/instance: che
app.kubernetes.io/component: che-operator
rules:
### CHE-OPERATOR ROLES ONLY: BEGIN
- apiGroups:
- oauth.openshift.io
resources:
@ -281,61 +282,6 @@ rules:
- subscriptions
verbs:
- get
# devworkspace requirements: devworkspace-controller-edit-workspaces cluster roles
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- create
- delete
- deletecollection
- patch
- update
# devworkspace requirements: devworkspace-controller-proxy-role cluster roles
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
# devworkspace requirements: devworkspace-controller-role cluster roles
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
@ -345,386 +291,460 @@ rules:
- get
- list
- watch
### CHE-OPERATOR ROLES ONLY: END
# devworkspace-controller-view-workspaces.ClusterRole.yaml
- apiGroups:
- batch
- ""
- workspace.devfile.io
resources:
- pods/exec
- devworkspaces
- devworkspacetemplates
verbs:
- create
- get
- list
- watch
- apiGroups:
- ""
- controller.devfile.io
resources:
- services
- devworkspaceroutings
- components
verbs:
- '*'
- get
- list
- watch
# devworkspace-controller-edit-workspaces.ClusterRole.yaml
- apiGroups:
- admissionregistration.k8s.io
- workspace.devfile.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
- devworkspaces
- devworkspacetemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- apps
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- create
- delete
- deletecollection
- patch
- update
# devworkspace-controller-leader-election-role.Role.yaml
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
# devworkspace-controller-proxy-role.ClusterRole.yaml
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
# devworkspace-controller-role.ClusterRole.yaml
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resourceNames:
- devworkspace-controller
- devworkspace-controller
resources:
- deployments/finalizers
- deployments/finalizers
verbs:
- update
- update
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controller.devfile.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiGroups:
- workspace.devfile.io
resources:
- '*'
verbs:
- '*'
# devworkspace requirements: devworkspace-controller-view-workspaces cluster roles
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch
# devworkspace requirements: devworkspace-controller-metrics-reader cluster roles
- nonResourceURLs:
- /metrics
verbs:
- get
# devworkspace requirements: devworkspace-controller-leader-election-role roles
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
# devworkspace-che requirements
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- devworkspace-che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
- extensions
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- get
- list
- watch
- apiGroups:
- apps
- extensions
- apps
- extensions
resources:
- deployments
- replicasets
- deployments
- replicasets
verbs:
- '*'
- '*'
- apiGroups:
- apps
- extensions
- apps
- extensions
resources:
- replicasets
- replicasets
verbs:
- get
- list
- watch
- get
- list
- watch
- apiGroups:
- batch
- batch
resources:
- jobs
- jobs
verbs:
- create
- delete
- get
- update
- watch
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- che.eclipse.org
- controller.devfile.io
resources:
- '*'
- '*'
verbs:
- '*'
- '*'
- apiGroups:
- che.eclipse.org
- controller.devfile.io
resources:
- chemanagers
- devworkspaceroutings
verbs:
- '*'
- '*'
- apiGroups:
- che.eclipse.org
- controller.devfile.io
resources:
- chemanagers/status
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- get
- patch
- update
- apiGroups:
- che.eclipse.org
- extensions
resources:
- chemanagers/finalizers
- ingresses
verbs:
- update
- '*'
- apiGroups:
- controller.devfile.io
- monitoring.coreos.com
resources:
- devworkspaceroutings
- servicemonitors
verbs:
- '*'
- create
- get
- apiGroups:
- controller.devfile.io
- oauth.openshift.io
resources:
- devworkspaceroutings/finalizers
- oauthclients
verbs:
- update
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- controller.devfile.io
- rbac.authorization.k8s.io
resources:
- devworkspaceroutings/status
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- get
- patch
- update
- create
- get
- list
- update
- watch
- apiGroups:
- ""
- route.openshift.io
resources:
- configmap
- routes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- '*'
- apiGroups:
- extensions
- route.openshift.io
resources:
- ingresses
- routes/custom-host
verbs:
- '*'
- create
- apiGroups:
- monitoring.coreos.com
- workspace.devfile.io
resources:
- servicemonitors
- '*'
verbs:
- create
- get
- '*'
# devworkspace-controller-view-workspaces.ClusterRole.yaml
- apiGroups:
- oauth.openshift.io
- workspace.devfile.io
resources:
- oauthclients
- devworkspaces
- devworkspacetemplates
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
- controller.devfile.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
- devworkspaceroutings
- components
verbs:
- create
- get
- list
- update
- watch
- get
- list
- watch
# devworkspace-che-role.ClusterRole.yaml
- apiGroups:
- route.openshift.io
- ""
resources:
- routes
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- '*'
- apiGroups:
- route.openshift.io
- ""
resources:
- routes/custom-host
- namespaces
verbs:
- create
- get
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- devworkspace-che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- apiGroups:
- che.eclipse.org
resources:
- '*'
verbs:
- '*'
- apiGroups:
- che.eclipse.org
resources:
- chemanagers
verbs:
- '*'
- apiGroups:
- che.eclipse.org
resources:
- chemanagers/status
verbs:
- get
- patch
- update
- apiGroups:
- che.eclipse.org
resources:
- chemanagers/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- configmap
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
# devworkspace-che-metrics-reader.ClusterRole.yaml
- nonResourceURLs:
- /metrics
verbs:
- get

145
deploy/crds/chemanagers.che.eclipse.org.CustomResourceDefinition.yaml Normal file
View File

@ -0,0 +1,145 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
labels:
app.kubernetes.io/name: devworkspace-che-operator
app.kubernetes.io/part-of: devworkspace-che-operator
name: chemanagers.che.eclipse.org
spec:
group: che.eclipse.org
names:
kind: CheManager
listKind: CheManagerList
plural: chemanagers
singular: chemanager
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: CheManager is the configuration of the CheManager layer of Devworkspace.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CheManagerSpec holds the configuration of the Che controller.
properties:
gatewayConfigurerImage:
description: GatewayConfigurerImage is the docker image to use for
the sidecar of the Che gateway that is used to configure it. This
is only used when GatewayDisabled is false. If not defined in the
CR, it is taken from the `RELATED_IMAGE_gateway_configurer` environment
variable of the che operator deployment/pod. If not defined there,
it defaults to a hardcoded value.
type: string
gatewayDisabled:
description: "GatewayDisabled enables or disables routing of the url
rewrite supporting devworkspace endpoints through a common gateway
(the hostname of which is defined by the GatewayHost). \n Default
value is \"false\" meaning that the gateway is enabled. \n If set
to false (i.e. the gateway is enabled), endpoints marked using the
\"urlRewriteSupported\" attribute are exposed on unique subpaths
of the GatewayHost, while the rest of the devworkspace endpoints
are exposed on subdomains of the RoutingSuffix specified by the
DevWorkspaceRouting of the devworkspace. \n If set to true (i.e.
the gateway is disabled), all endpoints are deployed on subdomains
of the RoutingSuffix."
type: boolean
gatewayHost:
description: "GatewayHost is the full host name used to expose devworkspace
endpoints that support url rewriting reverse proxy. See the GatewayDisabled
attribute for a more detailed description of where and how are devworkspace
endpoints exposed in various configurations. \n This attribute is
mandatory on Kubernetes, optional on OpenShift."
type: string
gatewayImage:
description: GatewayImage is the docker image to use for the Che gateway. This
is only used if GatewayDisabled is false. If not defined in the
CR, it is taken from the `RELATED_IMAGE_gateway` environment variable
of the che operator deployment/pod. If not defined there, it defaults
to a hardcoded value.
type: string
k8s:
description: K8s contains the configuration specific only to Kubernetes
properties:
ingressAnnotations:
additionalProperties:
type: string
description: "IngressAnnotations are the annotations to be put
on the generated ingresses. This can be used to configure the
ingress class and the ingress-controller-specific behavior for
both the gateway and the ingresses created to expose the Devworkspace
component endpoints. When not specified, this defaults to: \n
\ kubernetes.io/ingress.class: \"nginx\"
\ nginx.ingress.kubernetes.io/proxy-read-timeout: \"3600\",
\ nginx.ingress.kubernetes.io/proxy-connect-timeout: \"3600\",
\ nginx.ingress.kubernetes.io/ssl-redirect: \"true\""
type: object
type: object
tlsSecretName:
description: "Name of a secret that will be used to setup ingress/route
TLS certificate. When the field is empty string, the default cluster
certificate will be used. The same secret is assumed to exist in
the same namespace as the CheManager CR and is used for both the
gateway and all devworkspace endpoints. In case of the devworkspace
endpoints, the secret is copied to the namespace of the devworkspace.
\n The secret has to be of type \"tls\"."
type: string
workspaceBaseDomain:
description: The workspace endpoints that need to be deployed on a
subdomain will be deployed on subdomains of this base domain. This
is mandatory on Kubernetes. On OpenShift, an attempt is made to
automatically figure out the base domain of the routes. The resolved
value of this property is written to the status.
type: string
type: object
status:
properties:
gatewayHost:
description: GatewayHost is the resolved host of the ingress/route,
on which the gateway is accessible.
type: string
gatewayPhase:
description: GatewayPhase specifies the phase in which the singlehost
gateway deployment currently is. If the manager routing is not singlehost,
this is "Inactive"
type: string
message:
description: Message contains further human-readable info for why
the manager is in the phase it currently is.
type: string
phase:
description: Phase is the phase in which the manager as a whole finds
itself in.
type: string
workspaceBaseDomain:
description: The resolved workspace base domain. This is either the
copy of the explicitly defined property of the same name in the
spec or, if it is undefined in the spec and we're running on OpenShift,
the automatically resolved basedomain for routes.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

3684
deploy/crds/devworkspaceroutings.controller.devfile.io.CustomResourceDefinition.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

1
deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/build-roles.sh
View File

@ -16,6 +16,7 @@ mkdir -p "${BASE_DIR}/generated/roles"
cp "${BASE_DIR}/../../../role.yaml" "${BASE_DIR}/generated/roles/role.yaml"
cp "${BASE_DIR}/../../../cluster_role.yaml" "${BASE_DIR}/generated/roles/cluster_role.yaml"
cp "${BASE_DIR}/../../../proxy_cluster_role.yaml" "${BASE_DIR}/generated/roles/proxy_cluster_role.yaml"
for role in ${BASE_DIR}/generated/roles/*.yaml; do
index=0

2
deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/csv-config.yaml
View File

@ -1,3 +1,3 @@
role-paths: [ "deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/generated/roles/role.yaml", "deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/generated/roles/cluster_role.yaml" ]
role-paths: [ "deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/generated/roles/role.yaml", "deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/generated/roles/cluster_role.yaml", "deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/generated/roles/proxy_cluster_role.yaml"]
operator-path: deploy/operator.yaml
crd-cr-paths: ["deploy/crds/org_v1_che_crd.yaml", "deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml", deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml", "deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml"]

198
deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml
View File

@ -1,3 +1,13 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
@ -76,13 +86,13 @@ metadata:
categories: Developer Tools
certified: "false"
containerImage: quay.io/eclipse/che-operator:next
createdAt: "2021-06-29T12:30:28Z"
createdAt: "2021-06-30T12:42:36Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-kubernetes.v7.33.0-242.nightly
name: eclipse-che-preview-kubernetes.v7.33.0-244.nightly
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -436,6 +446,33 @@ spec:
- subscriptions
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch
- apiGroups:
- workspace.devfile.io
resources:
@ -458,6 +495,33 @@ spec:
- deletecollection
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- authentication.k8s.io
resources:
@ -489,16 +553,6 @@ spec:
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- batch
- ""
resources:
- pods/exec
@ -664,37 +718,6 @@ spec:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
@ -876,7 +899,25 @@ spec:
- routes/custom-host
verbs:
- create
- nonResourceURLs:
- /metrics
verbs:
- get
serviceAccountName: che-operator
- rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: default
deployments:
- name: che-operator
spec:
@ -922,7 +963,7 @@ spec:
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
value: registry.access.redhat.com/ubi8-minimal:8.4-205
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_keycloak
@ -999,6 +1040,47 @@ spec:
- ALL
privileged: false
readOnlyRootFilesystem: false
- args:
- --enable-leader-election
- --metrics-addr
- "0"
command:
- /usr/local/bin/devworkspace-che-operator
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: devworkspace-operator
- name: MAX_CONCURRENT_RECONCILES
value: "1"
- name: CONTROLLER_SERVICE_ACCOUNT_NAME
value: che-operator
- name: RELATED_IMAGE_gateway
value: quay.io/eclipse/che--traefik:v2.3.2-6e6d4dc5a19afe06778ca092cdbbb98e31cb9f9c313edafa23f81a0e6ddf8a23
- name: RELATED_IMAGE_gateway_configurer
value: quay.io/che-incubator/configbump:0.1.4
image: quay.io/che-incubator/devworkspace-che-operator:ci
imagePullPolicy: Always
name: devworkspace-che-operator
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 32Mi
securityContext:
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
hostIPC: false
hostNetwork: false
hostPID: false
@ -1113,6 +1195,32 @@ spec:
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
serviceAccountName: che-operator
strategy: deployment
installModes:
@ -1144,4 +1252,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.33.0-242.nightly
version: 7.33.0-244.nightly

1
deploy/olm-catalog/nightly/eclipse-che-preview-openshift/build-roles.sh
View File

@ -15,3 +15,4 @@ rm -Rf "${BASE_DIR}/generated/roles"
mkdir -p "${BASE_DIR}/generated/roles"
cp "${BASE_DIR}/../../../role.yaml" "${BASE_DIR}/generated/roles/role.yaml"
cp "${BASE_DIR}/../../../cluster_role.yaml" "${BASE_DIR}/generated/roles/cluster_role.yaml"
cp "${BASE_DIR}/../../../proxy_cluster_role.yaml" "${BASE_DIR}/generated/roles/proxy_cluster_role.yaml"

2
deploy/olm-catalog/nightly/eclipse-che-preview-openshift/csv-config.yaml
View File

@ -1,3 +1,3 @@
operator-path: deploy/operator.yaml
role-paths: [ "deploy/olm-catalog/nightly/eclipse-che-preview-openshift/generated/roles/role.yaml", "deploy/olm-catalog/nightly/eclipse-che-preview-openshift/generated/roles/cluster_role.yaml"]
role-paths: [ "deploy/olm-catalog/nightly/eclipse-che-preview-openshift/generated/roles/role.yaml", "deploy/olm-catalog/nightly/eclipse-che-preview-openshift/generated/roles/cluster_role.yaml", "deploy/olm-catalog/nightly/eclipse-che-preview-openshift/generated/roles/proxy_cluster_role.yaml"]
crd-cr-paths: ["deploy/crds/org_v1_che_crd.yaml", "deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml", "deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml", "deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml"]

200
deploy/olm-catalog/nightly/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
View File

@ -1,3 +1,13 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
@ -67,13 +77,13 @@ metadata:
categories: Developer Tools, OpenShift Optional
certified: "false"
containerImage: quay.io/eclipse/che-operator:next
createdAt: "2021-06-29T12:30:36Z"
createdAt: "2021-06-30T12:42:43Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces in OpenShift.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-openshift.v7.33.0-242.nightly
name: eclipse-che-preview-openshift.v7.33.0-244.nightly
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -505,6 +515,33 @@ spec:
- subscriptions
verbs:
- get
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch
- apiGroups:
- workspace.devfile.io
resources:
@ -527,6 +564,33 @@ spec:
- deletecollection
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- authentication.k8s.io
resources:
@ -558,16 +622,6 @@ spec:
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- batch
- ""
resources:
- pods/exec
@ -733,37 +787,6 @@ spec:
- get
- list
- watch
- nonResourceURLs:
- /metrics
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
@ -945,7 +968,25 @@ spec:
- routes/custom-host
verbs:
- create
- nonResourceURLs:
- /metrics
verbs:
- get
serviceAccountName: che-operator
- rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: default
deployments:
- name: che-operator
spec:
@ -989,7 +1030,7 @@ spec:
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:next
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
value: registry.access.redhat.com/ubi8-minimal:8.4-205
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_keycloak
@ -1068,6 +1109,49 @@ spec:
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
- args:
- --enable-leader-election
- --metrics-addr
- "0"
command:
- /usr/local/bin/devworkspace-che-operator
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.annotations['olm.targetNamespaces']
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: devworkspace-operator
- name: MAX_CONCURRENT_RECONCILES
value: "1"
- name: CONTROLLER_SERVICE_ACCOUNT_NAME
value: che-operator
- name: RELATED_IMAGE_gateway
value: quay.io/eclipse/che--traefik:v2.3.2-6e6d4dc5a19afe06778ca092cdbbb98e31cb9f9c313edafa23f81a0e6ddf8a23
- name: RELATED_IMAGE_gateway_configurer
value: quay.io/che-incubator/configbump:0.1.4
image: quay.io/che-incubator/devworkspace-che-operator:ci
imagePullPolicy: Always
name: devworkspace-che-operator
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 32Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
hostIPC: false
hostNetwork: false
hostPID: false
@ -1189,6 +1273,32 @@ spec:
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
serviceAccountName: che-operator
strategy: deployment
installModes:
@ -1219,4 +1329,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.33.0-242.nightly
version: 7.33.0-244.nightly

47
deploy/operator.yaml
View File

@ -12,6 +12,10 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: che-operator
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/component: che-operator
spec:
replicas: 1
selector:
@ -60,7 +64,7 @@ spec:
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
value: registry.access.redhat.com/ubi8-minimal:8.4-205
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_keycloak
@ -131,6 +135,47 @@ spec:
limits:
memory: 256Mi
cpu: 500m
- args:
- --enable-leader-election
- --metrics-addr
- '0'
command:
- /usr/local/bin/devworkspace-che-operator
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: devworkspace-operator
- name: MAX_CONCURRENT_RECONCILES
value: "1"
- name: CONTROLLER_SERVICE_ACCOUNT_NAME
value: che-operator
- name: RELATED_IMAGE_gateway
value: quay.io/eclipse/che--traefik:v2.3.2-6e6d4dc5a19afe06778ca092cdbbb98e31cb9f9c313edafa23f81a0e6ddf8a23
- name: RELATED_IMAGE_gateway_configurer
value: quay.io/che-incubator/configbump:0.1.4
image: quay.io/che-incubator/devworkspace-che-operator:ci
imagePullPolicy: Always
name: devworkspace-che-operator
resources:
limits:
cpu: 100m
memory: 256Mi
requests:
cpu: 100m
memory: 32Mi
securityContext:
privileged: false
readOnlyRootFilesystem: false
capabilities:
drop:
- ALL
hostIPC: false
hostNetwork: false
hostPID: false

21
deploy/proxy_cluster_role.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: che-operator-proxy
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/component: che-operator
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

16
deploy/proxy_cluster_role_binding.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: che-operator-proxy
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/component: che-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: che-operator-proxy
subjects:
- kind: ServiceAccount
name: default
namespace: eclipse-che

29
deploy/role.yaml
View File

@ -8,6 +8,7 @@ metadata:
app.kubernetes.io/name: che
name: che-operator
rules:
### CHE-OPERATOR ROLES ONLY: BEGIN
- apiGroups:
- extensions
resources:
@ -121,3 +122,31 @@ rules:
verbs:
- get
- list
### CHE-OPERATOR ROLES ONLY: END
# devworkspace-che-leader-election-role.Role.yaml
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create

14
local-debug.sh
View File

@ -21,6 +21,7 @@ ECLIPSE_CHE_CRD="./deploy/crds/org_v1_che_crd.yaml"
ECLIPSE_CHE_BACKUP_SERVER_CONFIGURATION_CRD="./deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml"
ECLIPSE_CHE_BACKUP_CRD="./deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml"
ECLIPSE_CHE_RESTORE_CRD="./deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml"
ECLIPSE_CHE_CRD_V1BETA1="./deploy/crds/org_v1_che_crd-v1beta1.yaml"
DEV_WORKSPACE_CONTROLLER_VERSION="main"
DEV_WORKSPACE_CHE_OPERATOR_VERSION="main"
@ -65,8 +66,8 @@ prepareTemplates() {
curl -sL https://api.github.com/repos/devfile/devworkspace-operator/zipball/${DEV_WORKSPACE_CONTROLLER_VERSION} > /tmp/devworkspace-operator.zip
unzip /tmp/devworkspace-operator.zip '*/deploy/deployment/*' -d /tmp
cp -r /tmp/devfile-devworkspace-operator*/deploy/* /tmp/devworkspace-operator/templates
unzip -q /tmp/devworkspace-operator.zip '*/deploy/deployment/*' -d /tmp
cp -rf /tmp/devfile-devworkspace-operator*/deploy/* /tmp/devworkspace-operator/templates
echo "[INFO] Downloading Dev Workspace operator templates completed."
# Download Dev Workspace Che operator templates
@ -78,9 +79,9 @@ prepareTemplates() {
curl -sL https://api.github.com/repos/che-incubator/devworkspace-che-operator/zipball/${DEV_WORKSPACE_CHE_OPERATOR_VERSION} > /tmp/devworkspace-che-operator.zip
unzip /tmp/devworkspace-che-operator.zip '*/deploy/deployment/*' -d /tmp
unzip -q /tmp/devworkspace-che-operator.zip '*/deploy/deployment/*' -d /tmp
cp -r /tmp/che-incubator-devworkspace-che-operator*/deploy/* /tmp/devworkspace-che-operator/templates
echo "[INFO] Downloading Dev Workspace Che operator templates completed."
echo "[INFO] Downloading Dev Workspace operator templates completed."
}
createNamespace() {
@ -89,7 +90,8 @@ createNamespace() {
set -e
}
applyCRandCRD() {
applyResources() {
# kubectl apply -f ${ECLIPSE_CHE_CRD_V1BETA1}
kubectl apply -f ${ECLIPSE_CHE_CRD}
kubectl apply -f ${ECLIPSE_CHE_BACKUP_SERVER_CONFIGURATION_CRD}
kubectl apply -f ${ECLIPSE_CHE_BACKUP_CRD}
@ -118,5 +120,5 @@ runDebug() {
prepareTemplates
createNamespace
applyCRandCRD
applyResources
runDebug

6
make-release.sh
View File

@ -130,8 +130,13 @@ if ! grep -q "value: quay.io/eclipse/che-dashboard:$RELEASE" $filename; then
echo "[ERROR] Unable to find ubi8_minimal image in the $filename"; exit 1
fi
# use ${RELEASE} instead of master
wget https://raw.githubusercontent.com/eclipse-che/che-server/${RELEASE}/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties -q -O /tmp/che.properties
if ! grep -q "value: quay.io/che-incubator/devworkspace-che-operator:$RELEASE" $filename; then
echo "[ERROR] Unable to find devworkspace che operator image with version ${RELEASE} in the $filename"; exit 1
fi
plugin_broker_meta_image=$(cat /tmp/che.properties | grep che.workspace.plugin_broker.metadata.image | cut -d '=' -f2)
if ! grep -q "value: $plugin_broker_meta_image" $filename; then
echo "[ERROR] Unable to find plugin broker meta image '$plugin_broker_meta_image' in the $filename"; exit 1
@ -202,6 +207,7 @@ replaceImagesTags() {
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_keycloak\") | .value ) = \"${KEYCLOAK_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"devworkspace-che-operator\") | .image ) = \"quay.io/che-incubator/devworkspace-che-operator:${RELEASE}\"" | \
>> "${NEW_OPERATOR_YAML}"
mv "${NEW_OPERATOR_YAML}" "${OPERATOR_YAML}"
}

76
olm/buildOLMBundlesFromReleaseManifestFiles.sh
View File

@ -1,76 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2012-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
set -e
set -x
unset PLATFORM
unset FROM_INDEX_IMAGE
SCRIPT=$(readlink -f "$0")
OPERATOR_REPO=$(dirname "$(dirname "$SCRIPT")")
BASE_DIR="${OPERATOR_REPO}/olm"
source "${BASE_DIR}/olm.sh"
usage () {
echo "Usage: $0 -p platform [-i from-index-image]"
echo "Example: $0 -p openshift -i quay.io/eclipse/eclipse-che-openshift-opm-catalog:preview"
}
while [[ "$#" -gt 0 ]]; do
case $1 in
'-p') PLATFORM="$2"; shift 1;;
'-i') FROM_INDEX_IMAGE="$2"; shift 1;;
'--help'|'-h') usage; exit;;
esac
shift 1
done
run() {
manifestsFormatRootFolder="${OPERATOR_REPO}/olm/eclipse-che-preview-${PLATFORM}/deploy/olm-catalog/eclipse-che-preview-${PLATFORM}"
pushd "${manifestsFormatRootFolder}" || exit 1
stableBundleDir=$(getBundlePath "${PLATFORM}" "stable")
echo "[INFO] Stable bundle directory: ${stableBundleDir}"
bundle_dir=$(mktemp -d -t che-releases-XXX)
echo "[INFO] Bundle directory ${bundle_dir}"
readarray -t dirs < <(find . -maxdepth 1 -type d -printf '%P\n' | sort)
for versionDir in ${dirs[*]} ; do
if [[ "${versionDir}" =~ [0-9]+\.[0-9]+\.[0-9]+ ]]; then
echo "[INFO] Converting manifest format folder ${versionDir} to the bundle format..."
manifestFormatDir="${manifestsFormatRootFolder}/${versionDir}"
bundleDir="${bundle_dir}/${versionDir}"
mkdir -p "${bundleDir}/manifests"
cp -rf "${stableBundleDir}/bundle.Dockerfile" "${stableBundleDir}/metadata" "${bundleDir}"
packageName=$(getPackageName "${PLATFORM}")
# Copying resources to bundle directory
cp -rf "${manifestFormatDir}/${packageName}.v${versionDir}.clusterserviceversion.yaml" "${bundleDir}/manifests/che-operator.clusterserviceversion.yaml"
cp -rf "${manifestFormatDir}/${packageName}.crd.yaml" "${bundleDir}/manifests/org_v1_che_crd.yaml"
cp -rf "${manifestFormatDir}/${packageName}.v${versionDir}.clusterserviceversion.yaml.diff" "${bundleDir}/manifests/che-operator.clusterserviceversion.yaml.diff"
cp -rf "${manifestFormatDir}/${packageName}.crd.yaml.diff" "${bundleDir}/manifests/org_v1_che_crd.yaml.diff"
OPM_BUNDLE_DIR="${bundle_dir}/${versionDir}"
export OPM_BUNDLE_DIR
# Build and push images
"${OPERATOR_REPO}/olm/buildAndPushBundleImages.sh" -c "stable" -p $PLATFORM -i $FROM_INDEX_IMAGE
fi
done
popd || true
}
installOPM
run

1
olm/release-olm-files.sh
View File

@ -90,6 +90,7 @@ do
-e 's/imagePullPolicy: *Always/imagePullPolicy: IfNotPresent/' \
-e 's/"cheImageTag": *"nightly"/"cheImageTag": ""/' \
-e 's|quay.io/eclipse/che-dashboard:next|quay.io/eclipse/che-dashboard:'${RELEASE}'|' \
-e 's|quay.io/che-incubator/devworkspace-che-operator:ci|quay.io/che-incubator/devworkspace-che-operator:'${RELEASE}'|' \
-e 's|"identityProviderImage": *"quay.io/eclipse/che-keycloak:nightly"|"identityProviderImage": ""|' \
-e 's|"devfileRegistryImage": *"quay.io/eclipse/che-devfile-registry:nightly"|"devfileRegistryImage": ""|' \
-e 's|"pluginRegistryImage": *"quay.io/eclipse/che-plugin-registry:nightly"|"pluginRegistryImage": ""|' \

157
olm/update-resources.sh
View File

@ -10,10 +10,6 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
# Generated CRDs based on pkg/apis/org/v1/che_types.go:
# - deploy/crds/org_v1_che_crd.yaml
# - deploy/crds/org_v1_che_crd-v1beta1.yaml
set -e
unset UBI8_MINIMAL_IMAGE
@ -45,15 +41,13 @@ checkOperatorSDKVersion() {
generateCRD() {
version=$1
pushd "${ROOT_PROJECT_DIR}" || true
"${OPERATOR_SDK_BINARY}" generate k8s
"${OPERATOR_SDK_BINARY}" generate crds --crd-version $version
popd
addLicenseHeader ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusters_crd.yaml
addLicenseHeader ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml
addLicenseHeader ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml
addLicenseHeader ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml
ensureLicense ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusters_crd.yaml
ensureLicense ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml
ensureLicense ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml
ensureLicense ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml
if [[ $version == "v1" ]]; then
mv ${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusters_crd.yaml ${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_crd.yaml
@ -120,13 +114,105 @@ detectImages() {
echo "[INFO] Plugin broker jwt proxy image: $JWT_PROXY_IMAGE"
}
updateRoles() {
echo "[INFO] Updating roles with DW and DWCO roles"
CLUSTER_ROLES=(
https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-view-workspaces.ClusterRole.yaml
https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-edit-workspaces.ClusterRole.yaml
https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-leader-election-role.Role.yaml
https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-proxy-role.ClusterRole.yaml
https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-role.ClusterRole.yaml
https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/openshift/objects/devworkspace-controller-view-workspaces.ClusterRole.yaml
https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-role.ClusterRole.yaml
https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-metrics-reader.ClusterRole.yaml
)
# Updates cluster_role.yaml based on DW and DWCO roles
## Removes old cluster roles
cat $ROOT_PROJECT_DIR/deploy/cluster_role.yaml | sed '/CHE-OPERATOR ROLES ONLY: END/q0' > $ROOT_PROJECT_DIR/deploy/cluster_role.yaml.tmp
mv $ROOT_PROJECT_DIR/deploy/cluster_role.yaml.tmp $ROOT_PROJECT_DIR/deploy/cluster_role.yaml
## Copy new cluster roles
for roles in "${CLUSTER_ROLES[@]}"; do
echo " # "$(basename $roles) >> $ROOT_PROJECT_DIR/deploy/cluster_role.yaml
CONTENT=$(curl -sL $roles | sed '1,/rules:/d')
while IFS= read -r line; do
echo " $line" >> $ROOT_PROJECT_DIR/deploy/cluster_role.yaml
done <<< "$CONTENT"
done
ROLES=(
https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-leader-election-role.Role.yaml
)
# Updates role.yaml
## Removes old roles
cat $ROOT_PROJECT_DIR/deploy/role.yaml | sed '/CHE-OPERATOR ROLES ONLY: END/q0' > $ROOT_PROJECT_DIR/deploy/role.yaml.tmp
mv $ROOT_PROJECT_DIR/deploy/role.yaml.tmp $ROOT_PROJECT_DIR/deploy/role.yaml
## Copy new roles
for roles in "${ROLES[@]}"; do
echo "# "$(basename $roles) >> $ROOT_PROJECT_DIR/deploy/role.yaml
CONTENT=$(curl -sL $roles | sed '1,/rules:/d')
while IFS= read -r line; do
echo "$line" >> $ROOT_PROJECT_DIR/deploy/role.yaml
done <<< "$CONTENT"
done
# Updates proxy_cluster_role.yaml based on DWCO
## Remove old roles
cat $ROOT_PROJECT_DIR/deploy/proxy_cluster_role.yaml | sed '/rules:/q0' > $ROOT_PROJECT_DIR/deploy/proxy_cluster_role.yaml.tmp
mv $ROOT_PROJECT_DIR/deploy/proxy_cluster_role.yaml.tmp $ROOT_PROJECT_DIR/deploy/proxy_cluster_role.yaml
## Copy new roles
CLUSTER_PROXY_ROLES=https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-proxy-role.ClusterRole.yaml
CONTENT=$(curl -sL $CLUSTER_PROXY_ROLES | sed '1,/rules:/d')
while IFS= read -r line; do
echo "$line" >> $ROOT_PROJECT_DIR/deploy/proxy_cluster_role.yaml
done <<< "$CONTENT"
}
updateOperatorYaml() {
OPERATOR_YAML="${ROOT_PROJECT_DIR}/deploy/operator.yaml"
yq -riY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_pvc_jobs\") | .value ) = \"${UBI8_MINIMAL_IMAGE}\"" ${OPERATOR_YAML}
yq -riY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_workspace_plugin_broker_metadata\") | .value ) = \"${PLUGIN_BROKER_METADATA_IMAGE}\"" ${OPERATOR_YAML}
yq -riY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_workspace_plugin_broker_artifacts\") | .value ) = \"${PLUGIN_BROKER_ARTIFACTS_IMAGE}\"" ${OPERATOR_YAML}
yq -riY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image\") | .value ) = \"${JWT_PROXY_IMAGE}\"" ${OPERATOR_YAML}
addLicenseHeader $OPERATOR_YAML
# Deletes old DWCO container
yq -riY "del(.spec.template.spec.containers[1])" $OPERATOR_YAML
yq -riY ".spec.template.spec.containers[1] = \"devworkspace-container\"" $OPERATOR_YAML
# Extract DWCO container spec from deployment
DWCO_CONTAINER=$(curl -sL https://raw.githubusercontent.com/che-incubator/devworkspace-che-operator/main/deploy/deployment/openshift/objects/devworkspace-che-manager.Deployment.yaml \
| sed '1,/containers:/d' \
| sed -n '/serviceAccountName:/q;p' \
| sed -e 's/^/ /')
echo "$DWCO_CONTAINER" > dwcontainer
# Add DWCO container to operator.yaml
sed -i -e '/- devworkspace-container/{r dwcontainer' -e 'd}' $OPERATOR_YAML
rm dwcontainer
# update securityContext
yq -riY ".spec.template.spec.containers[1].securityContext.privileged = false" ${OPERATOR_YAML}
yq -riY ".spec.template.spec.containers[1].securityContext.readOnlyRootFilesystem = false" ${OPERATOR_YAML}
yq -riY ".spec.template.spec.containers[1].securityContext.capabilities.drop[0] = \"ALL\"" ${OPERATOR_YAML}
# update env variable
yq -riY "del( .spec.template.spec.containers[1].env[] | select(.name == \"CONTROLLER_SERVICE_ACCOUNT_NAME\") | .valueFrom)" ${OPERATOR_YAML}
yq -riY "( .spec.template.spec.containers[1].env[] | select(.name == \"CONTROLLER_SERVICE_ACCOUNT_NAME\") | .value) = \"che-operator\"" ${OPERATOR_YAML}
yq -riY "del( .spec.template.spec.containers[1].env[] | select(.name == \"WATCH_NAMESPACE\") | .value)" ${OPERATOR_YAML}
yq -riY "( .spec.template.spec.containers[1].env[] | select(.name == \"WATCH_NAMESPACE\") | .valueFrom.fieldRef.fieldPath) = \"metadata.namespace\"" ${OPERATOR_YAML}
yq -riY ".spec.template.spec.containers[1].args[1] = \"--metrics-addr\"" ${OPERATOR_YAML}
yq -riY ".spec.template.spec.containers[1].args[2] = \"0\"" ${OPERATOR_YAML}
ensureLicense $OPERATOR_YAML
}
updateDockerfile() {
@ -146,29 +232,27 @@ updateNighltyBundle() {
echo "[INFO] Updating OperatorHub bundle for platform '${platform}'"
pushd "${ROOT_PROJECT_DIR}" || true
NIGHTLY_BUNDLE_PATH=$(getBundlePath "${platform}" "nightly")
bundleCSVName="che-operator.clusterserviceversion.yaml"
NEW_CSV=${NIGHTLY_BUNDLE_PATH}/manifests/${bundleCSVName}
NEW_CSV=${NIGHTLY_BUNDLE_PATH}/manifests/che-operator.clusterserviceversion.yaml
newNightlyBundleVersion=$(yq -r ".spec.version" "${NEW_CSV}")
echo "[INFO] Creation new nightly bundle version: ${newNightlyBundleVersion}"
csv_config=${NIGHTLY_BUNDLE_PATH}/csv-config.yaml
generateFolder=${NIGHTLY_BUNDLE_PATH}/generated
rm -rf "${generateFolder}"
mkdir -p "${generateFolder}"
mkdir -p "${generateFolder}/crds"
# copy roles
"${NIGHTLY_BUNDLE_PATH}/build-roles.sh"
operatorYaml=$(yq -r ".\"operator-path\"" "${csv_config}")
cp -rf "${operatorYaml}" "${generateFolder}/"
# copy operator.yaml
operatorYaml=$(yq -r ".\"operator-path\"" "${NIGHTLY_BUNDLE_PATH}/csv-config.yaml")
cp -rf "${operatorYaml}" "${generateFolder}"
crdsDir=${ROOT_PROJECT_DIR}/deploy/crds
mkdir -p ${generateFolder}/crds
cp -f "${crdsDir}/org_v1_che_cr.yaml" "${generateFolder}/crds"
cp -f "${crdsDir}/org_v1_che_crd.yaml" "${generateFolder}/crds"
# copy CR/CRD
cp -f "${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_cr.yaml" "${generateFolder}/crds"
cp -f "${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_crd.yaml" "${generateFolder}/crds"
# generate a new CSV
"${OPERATOR_SDK_BINARY}" generate csv \
--csv-version "${newNightlyBundleVersion}" \
--deploy-dir "${generateFolder}" \
@ -191,16 +275,13 @@ updateNighltyBundle() {
incrementNightlyVersion "${platform}"
fi
templateCRD="${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_crd.yaml"
platformCRD="${NIGHTLY_BUNDLE_PATH}/manifests/org_v1_che_crd.yaml"
cp -rf $templateCRD $platformCRD
cp -f "${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_crd.yaml" "${NIGHTLY_BUNDLE_PATH}/manifests"
cp -f "${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml" "${NIGHTLY_BUNDLE_PATH}/manifests/org.eclipse.che_chebackupserverconfigurations_crd.yaml"
cp -f "${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusterbackups_crd.yaml" "${NIGHTLY_BUNDLE_PATH}/manifests/org.eclipse.che_checlusterbackups_crd.yaml"
cp -f "${ROOT_PROJECT_DIR}/deploy/crds/org.eclipse.che_checlusterrestores_crd.yaml" "${NIGHTLY_BUNDLE_PATH}/manifests/org.eclipse.che_checlusterrestores_crd.yaml"
CRD="${NIGHTLY_BUNDLE_PATH}/manifests/org_v1_che_crd.yaml"
if [[ $platform == "openshift" ]]; then
yq -riSY '.spec.preserveUnknownFields = false' $platformCRD
eval head -10 $templateCRD | cat - ${platformCRD} > tmp.crd && mv tmp.crd ${platformCRD}
yq -riSY '.spec.preserveUnknownFields = false' $CRD
fi
echo "Done for ${platform}"
@ -223,6 +304,9 @@ updateNighltyBundle() {
done
fi
# Fix account name
sed -i 's|serviceAccountName: che-operator-proxy|serviceAccountName: default|g' $NEW_CSV
# Fix sample
if [ "${platform}" == "openshift" ]; then
echo "[INFO] Fix openshift sample"
@ -251,17 +335,21 @@ updateNighltyBundle() {
if [ "${platform}" == "openshift" ]; then
yq -riSY '(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext."allowPrivilegeEscalation") = false' "${NEW_CSV}"
yq -riSY '(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext."runAsNonRoot") = true' "${NEW_CSV}"
yq -riSY '(.spec.install.spec.deployments[0].spec.template.spec.containers[1].securityContext."allowPrivilegeEscalation") = false' "${NEW_CSV}"
yq -riSY '(.spec.install.spec.deployments[0].spec.template.spec.containers[1].securityContext."runAsNonRoot") = true' "${NEW_CSV}"
fi
# Format code.
yq -rY "." "${NEW_CSV}" > "${NEW_CSV}.old"
mv "${NEW_CSV}.old" "${NEW_CSV}"
popd || true
ensureLicense "${NIGHTLY_BUNDLE_PATH}/manifests/org_v1_che_crd.yaml"
ensureLicense "${NIGHTLY_BUNDLE_PATH}/manifests/che-operator.clusterserviceversion.yaml"
done
}
addLicenseHeader() {
ensureLicense() {
if [[ $(sed -n '/^#$/p;q' $1) != "#" ]]; then
echo -e "#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
@ -273,12 +361,19 @@ echo -e "#
# Contributors:
# Red Hat, Inc. - initial API and implementation
$(cat $1)" > $1
fi
}
checkOperatorSDKVersion
detectImages
pushd "${ROOT_PROJECT_DIR}" || true
generateCRD "v1beta1"
generateCRD "v1"
updateRoles
updateOperatorYaml
updateDockerfile
updateNighltyBundle
popd || true

2
pkg/apis/org/conversion_test.go
View File

@ -563,7 +563,7 @@ func TestExposureStrategyConversions(t *testing.T) {
if old.Spec.Server.ServerExposureStrategy != "" {
t.Errorf("The server exposure strategy should have been left empty after conversion but was: %v", old.Spec.Server.ServerExposureStrategy)
}
if old.Spec.K8s.IngressStrategy != "multi-host" {
if old.Spec.K8s.IngressStrategy != "single-host" {
t.Errorf("The ingress strategy should have been unchanged after conversion but was: %v", old.Spec.K8s.IngressStrategy)
}
})

156
pkg/deploy/dev-workspace/dev_workspace.go
View File

@ -22,6 +22,7 @@ import (
"github.com/eclipse-che/che-operator/pkg/deploy"
"github.com/eclipse-che/che-operator/pkg/util"
operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
"github.com/sirupsen/logrus"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
@ -47,9 +48,9 @@ var (
CheManagerResourcename = "chemanagers"
OpenshiftDevWorkspaceTemplatesPath = "/tmp/devworkspace-operator/templates/deployment/openshift/objects"
OpenshiftDevWorkspaceCheTemplatesPath = "/tmp/devworkspace-che-operator/templates/deployment/openshift/objects/"
OpenshiftDevWorkspaceCheTemplatesPath = "/tmp/devworkspace-che-operator/templates/deployment/openshift/objects"
KubernetesDevWorkspaceTemplatesPath = "/tmp/devworkspace-operator/templates/deployment/kubernetes/objects"
KubernetesDevWorkspaceCheTemplatesPath = "/tmp/devworkspace-che-operator/templates/deployment/kubernetes/objects/"
KubernetesDevWorkspaceCheTemplatesPath = "/tmp/devworkspace-che-operator/templates/deployment/kubernetes/objects"
DevWorkspaceTemplates = devWorkspaceTemplatesPath()
DevWorkspaceCheTemplates = devWorkspaceCheTemplatesPath()
@ -113,28 +114,24 @@ var (
}
syncDwCheItems = []func(*deploy.DeployContext) (bool, error){
createDwCheNamespace,
syncDwCheServiceAccount,
syncDwCheClusterRole,
syncDwCheProxyClusterRole,
syncDwCheMetricsClusterRole,
syncDwCheLeaderRole,
syncDwCheLeaderRoleBinding,
syncDwCheProxyRoleBinding,
syncDwCheRoleBinding,
syncDwCheCRD,
synDwCheCR,
syncDwCheConfigMap,
syncDwCheCR,
syncDwCheMetricsService,
synDwCheDeployment,
}
)
func ReconcileDevWorkspace(deployContext *deploy.DeployContext) (bool, error) {
if util.IsOpenShift && !util.IsOpenShift4 {
// OpenShift 3.x is not supported
return true, nil
}
// do nothing if dev workspace is disabled
if !deployContext.CheCluster.Spec.DevWorkspace.Enable {
return true, nil
}
// check if DW exists on the cluster
devWorkspaceWebhookExists, err := deploy.Get(
deployContext,
client.ObjectKey{Name: DevWorkspaceWebhookName},
@ -145,6 +142,7 @@ func ReconcileDevWorkspace(deployContext *deploy.DeployContext) (bool, error) {
}
if devWorkspaceWebhookExists {
// if DW exists then check if version matches
if err := checkWebTerminalSubscription(deployContext); err != nil {
return false, err
}
@ -159,6 +157,11 @@ func ReconcileDevWorkspace(deployContext *deploy.DeployContext) (bool, error) {
}
}
if !util.IsOpenShift && util.GetServerExposureStrategy(deployContext.CheCluster) == "single-host" {
logrus.Warn(`DevWorkspace Che operator can't be enabled in 'single-host' mode on a Kubernetes cluster. See https://github.com/eclipse/che/issues/19714 for more details. To enable DevWorkspace Che operator set 'spec.server.serverExposureStrategy' to 'multi-host'.`)
return true, nil
}
for _, syncItem := range syncDwCheItems {
done, err := syncItem(deployContext)
if !util.IsTestMode() {
@ -211,60 +214,60 @@ func createDwNamespace(deployContext *deploy.DeployContext) (bool, error) {
}
func syncDwServiceAccount(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceServiceAccountFile, &corev1.ServiceAccount{})
return readAndSyncObject(deployContext, DevWorkspaceServiceAccountFile, &corev1.ServiceAccount{}, DevWorkspaceNamespace)
}
func syncDwRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceRoleFile, &rbacv1.Role{})
return readAndSyncObject(deployContext, DevWorkspaceRoleFile, &rbacv1.Role{}, DevWorkspaceNamespace)
}
func syncDwRoleBinding(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceRoleBindingFile, &rbacv1.RoleBinding{})
return readAndSyncObject(deployContext, DevWorkspaceRoleBindingFile, &rbacv1.RoleBinding{}, DevWorkspaceNamespace)
}
func syncDwClusterRoleBinding(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceClusterRoleBindingFile, &rbacv1.ClusterRoleBinding{})
return readAndSyncObject(deployContext, DevWorkspaceClusterRoleBindingFile, &rbacv1.ClusterRoleBinding{}, "")
}
func syncDwProxyClusterRoleBinding(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceProxyClusterRoleBindingFile, &rbacv1.ClusterRoleBinding{})
return readAndSyncObject(deployContext, DevWorkspaceProxyClusterRoleBindingFile, &rbacv1.ClusterRoleBinding{}, "")
}
func syncDwClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceClusterRoleFile, &rbacv1.ClusterRole{})
return readAndSyncObject(deployContext, DevWorkspaceClusterRoleFile, &rbacv1.ClusterRole{}, "")
}
func syncDwProxyClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceProxyClusterRoleFile, &rbacv1.ClusterRole{})
return readAndSyncObject(deployContext, DevWorkspaceProxyClusterRoleFile, &rbacv1.ClusterRole{}, "")
}
func syncDwViewWorkspacesClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceViewWorkspacesClusterRoleFile, &rbacv1.ClusterRole{})
return readAndSyncObject(deployContext, DevWorkspaceViewWorkspacesClusterRoleFile, &rbacv1.ClusterRole{}, "")
}
func syncDwEditWorkspacesClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceEditWorkspacesClusterRoleFile, &rbacv1.ClusterRole{})
return readAndSyncObject(deployContext, DevWorkspaceEditWorkspacesClusterRoleFile, &rbacv1.ClusterRole{}, "")
}
func syncDwWorkspaceRoutingCRD(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceWorkspaceRoutingCRDFile, &apiextensionsv1.CustomResourceDefinition{})
return readAndSyncObject(deployContext, DevWorkspaceWorkspaceRoutingCRDFile, &apiextensionsv1.CustomResourceDefinition{}, "")
}
func syncDwTemplatesCRD(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceTemplatesCRDFile, &apiextensionsv1.CustomResourceDefinition{})
return readAndSyncObject(deployContext, DevWorkspaceTemplatesCRDFile, &apiextensionsv1.CustomResourceDefinition{}, "")
}
func syncDwCRD(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCRDFile, &apiextensionsv1.CustomResourceDefinition{})
return readAndSyncObject(deployContext, DevWorkspaceCRDFile, &apiextensionsv1.CustomResourceDefinition{}, "")
}
func syncDwConfigMap(deployContext *deploy.DeployContext) (bool, error) {
devObject, err := readK8SObject(DevWorkspaceConfigMapFile, &corev1.ConfigMap{})
obj2sync, err := readK8SObject(DevWorkspaceConfigMapFile, &corev1.ConfigMap{})
if err != nil {
return false, err
}
configMap := devObject.obj.(*corev1.ConfigMap)
configMap := obj2sync.obj.(*corev1.ConfigMap)
// Remove when DevWorkspace controller should not care about DWR base host #373 https://github.com/devfile/devworkspace-operator/issues/373
if !util.IsOpenShift {
if configMap.Data == nil {
@ -273,82 +276,31 @@ func syncDwConfigMap(deployContext *deploy.DeployContext) (bool, error) {
configMap.Data["devworkspace.routing.cluster_host_suffix"] = deployContext.CheCluster.Spec.K8s.IngressDomain
}
return syncObject(deployContext, devObject)
return syncObject(deployContext, obj2sync, DevWorkspaceNamespace)
}
func syncDwDeployment(deployContext *deploy.DeployContext) (bool, error) {
devObject, err := readK8SObject(DevWorkspaceDeploymentFile, &appsv1.Deployment{})
obj2sync, err := readK8SObject(DevWorkspaceDeploymentFile, &appsv1.Deployment{})
if err != nil {
return false, err
}
devworkspaceControllerImage := util.GetValue(deployContext.CheCluster.Spec.DevWorkspace.ControllerImage, deploy.DefaultDevworkspaceControllerImage(deployContext.CheCluster))
deploymentObject := devObject.obj.(*appsv1.Deployment)
deploymentObject := obj2sync.obj.(*appsv1.Deployment)
deploymentObject.Spec.Template.Spec.Containers[0].Image = devworkspaceControllerImage
return syncObject(deployContext, devObject)
}
func createDwCheNamespace(deployContext *deploy.DeployContext) (bool, error) {
namespace := &corev1.Namespace{
TypeMeta: metav1.TypeMeta{
Kind: "Namespace",
APIVersion: corev1.SchemeGroupVersion.String(),
},
ObjectMeta: metav1.ObjectMeta{
Name: DevWorkspaceCheNamespace,
},
Spec: corev1.NamespaceSpec{},
}
return deploy.CreateIfNotExists(deployContext, namespace)
}
func syncDwCheServiceAccount(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheServiceAccountFile, &corev1.ServiceAccount{})
}
func syncDwCheClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheClusterRoleFile, &rbacv1.ClusterRole{})
}
func syncDwCheProxyClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheProxyClusterRoleFile, &rbacv1.ClusterRole{})
}
func syncDwCheMetricsClusterRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheMetricsReaderClusterRoleFile, &rbacv1.ClusterRole{})
}
func syncDwCheLeaderRole(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheRoleFile, &rbacv1.Role{})
}
func syncDwCheLeaderRoleBinding(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheRoleBindingFile, &rbacv1.RoleBinding{})
}
func syncDwCheProxyRoleBinding(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheProxyClusterRoleBindingFile, &rbacv1.ClusterRoleBinding{})
}
func syncDwCheRoleBinding(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheClusterRoleBindingFile, &rbacv1.ClusterRoleBinding{})
return syncObject(deployContext, obj2sync, DevWorkspaceNamespace)
}
func syncDwCheCRD(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheManagersCRDFile, &apiextensionsv1.CustomResourceDefinition{})
}
func syncDwCheConfigMap(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheConfigMapFile, &corev1.ConfigMap{})
return readAndSyncObject(deployContext, DevWorkspaceCheManagersCRDFile, &apiextensionsv1.CustomResourceDefinition{}, "")
}
func syncDwCheMetricsService(deployContext *deploy.DeployContext) (bool, error) {
return readAndSyncObject(deployContext, DevWorkspaceCheMetricsServiceFile, &corev1.Service{})
return readAndSyncObject(deployContext, DevWorkspaceCheMetricsServiceFile, &corev1.Service{}, deployContext.CheCluster.Namespace)
}
func synDwCheCR(deployContext *deploy.DeployContext) (bool, error) {
func syncDwCheCR(deployContext *deploy.DeployContext) (bool, error) {
// We want to create a default CheManager instance to be able to configure the che-specific
// parts of the installation, but at the same time we don't want to add a dependency on
// devworkspace-che-operator. Note that this way of initializing will probably see changes
@ -361,7 +313,7 @@ func synDwCheCR(deployContext *deploy.DeployContext) (bool, error) {
obj := &unstructured.Unstructured{}
obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "che.eclipse.org", Version: "v1alpha1", Kind: "CheManager"})
err := deployContext.ClusterAPI.Client.Get(context.TODO(), client.ObjectKey{Name: "devworkspace-che", Namespace: DevWorkspaceCheNamespace}, obj)
err := deployContext.ClusterAPI.Client.Get(context.TODO(), client.ObjectKey{Name: "devworkspace-che", Namespace: deployContext.CheCluster.Namespace}, obj)
if err != nil {
if apierrors.IsNotFound(err) {
obj = nil
@ -372,13 +324,20 @@ func synDwCheCR(deployContext *deploy.DeployContext) (bool, error) {
if obj == nil {
obj := &unstructured.Unstructured{}
if !util.IsOpenShift {
obj.SetUnstructuredContent(map[string]interface{}{
"spec": map[string]interface{}{
"gatewayHost": deployContext.CheCluster.Spec.K8s.IngressDomain,
},
})
}
obj.SetGroupVersionKind(schema.GroupVersionKind{
Group: "che.eclipse.org",
Version: "v1alpha1",
Kind: "CheManager",
})
obj.SetName("devworkspace-che")
obj.SetNamespace(DevWorkspaceCheNamespace)
obj.SetNamespace(deployContext.CheCluster.Namespace)
err = deployContext.ClusterAPI.Client.Create(context.TODO(), obj)
if err != nil {
@ -392,29 +351,18 @@ func synDwCheCR(deployContext *deploy.DeployContext) (bool, error) {
return true, nil
}
func synDwCheDeployment(deployContext *deploy.DeployContext) (bool, error) {
devObject, err := readK8SObject(DevWorkspaceCheDeploymentFile, &appsv1.Deployment{})
if err != nil {
return false, err
}
devworkspaceCheOperatorImage := deploy.DefaultDevworkspaceCheOperatorImage(deployContext.CheCluster)
deploymentObject := devObject.obj.(*appsv1.Deployment)
deploymentObject.Spec.Template.Spec.Containers[0].Image = devworkspaceCheOperatorImage
return syncObject(deployContext, devObject)
}
func readAndSyncObject(deployContext *deploy.DeployContext, yamlFile string, obj interface{}) (bool, error) {
func readAndSyncObject(deployContext *deploy.DeployContext, yamlFile string, obj interface{}, namespace string) (bool, error) {
obj2sync, err := readK8SObject(yamlFile, obj)
if err != nil {
return false, err
}
return syncObject(deployContext, obj2sync)
return syncObject(deployContext, obj2sync, namespace)
}
func syncObject(deployContext *deploy.DeployContext, obj2sync *Object2Sync) (bool, error) {
func syncObject(deployContext *deploy.DeployContext, obj2sync *Object2Sync, namespace string) (bool, error) {
obj2sync.obj.SetNamespace(namespace)
runtimeObject, ok := obj2sync.obj.(runtime.Object)
if !ok {
return false, fmt.Errorf("object %T is not a runtime.Object. Cannot sync it", runtimeObject)

182
pkg/deploy/dev-workspace/dev_workspace_test.go
View File

@ -20,6 +20,7 @@ import (
operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
@ -31,56 +32,144 @@ import (
)
func TestReconcileDevWorkspace(t *testing.T) {
cheCluster := &orgv1.CheCluster{
ObjectMeta: metav1.ObjectMeta{
Namespace: "eclipse-che",
},
Spec: orgv1.CheClusterSpec{
DevWorkspace: orgv1.CheClusterSpecDevWorkspace{
Enable: true,
},
Auth: orgv1.CheClusterSpecAuth{
OpenShiftoAuth: util.NewBoolPointer(true),
},
Server: orgv1.CheClusterSpecServer{
ServerExposureStrategy: "single-host",
},
},
type testCase struct {
name string
IsOpenShift bool
IsOpenShift4 bool
cheCluster *orgv1.CheCluster
}
deployContext := deploy.GetTestDeployContext(cheCluster, []runtime.Object{})
deployContext.ClusterAPI.Scheme.AddKnownTypes(operatorsv1alpha1.SchemeGroupVersion, &operatorsv1alpha1.Subscription{})
deployContext.ClusterAPI.DiscoveryClient.(*fakeDiscovery.FakeDiscovery).Fake.Resources = []*metav1.APIResourceList{
testCases := []testCase{
{
APIResources: []metav1.APIResource{
{Name: CheManagerResourcename},
name: "Reconcile DevWorkspace on OpenShift",
cheCluster: &orgv1.CheCluster{
ObjectMeta: metav1.ObjectMeta{
Namespace: "eclipse-che",
},
Spec: orgv1.CheClusterSpec{
DevWorkspace: orgv1.CheClusterSpecDevWorkspace{
Enable: true,
},
Auth: orgv1.CheClusterSpecAuth{
OpenShiftoAuth: util.NewBoolPointer(true),
},
Server: orgv1.CheClusterSpecServer{
ServerExposureStrategy: "single-host",
},
},
},
IsOpenShift: true,
IsOpenShift4: true,
},
{
name: "Reconcile DevWorkspace on K8S multi-host",
cheCluster: &orgv1.CheCluster{
ObjectMeta: metav1.ObjectMeta{
Namespace: "eclipse-che",
},
Spec: orgv1.CheClusterSpec{
DevWorkspace: orgv1.CheClusterSpecDevWorkspace{
Enable: true,
},
Auth: orgv1.CheClusterSpecAuth{
OpenShiftoAuth: util.NewBoolPointer(true),
},
Server: orgv1.CheClusterSpecServer{
ServerExposureStrategy: "multi-host",
},
K8s: orgv1.CheClusterSpecK8SOnly{
IngressDomain: "che.domain",
},
},
},
IsOpenShift: false,
IsOpenShift4: false,
},
{
name: "Reconcile DevWorkspace on K8S single-host",
cheCluster: &orgv1.CheCluster{
ObjectMeta: metav1.ObjectMeta{
Namespace: "eclipse-che",
},
Spec: orgv1.CheClusterSpec{
DevWorkspace: orgv1.CheClusterSpecDevWorkspace{
Enable: true,
},
Auth: orgv1.CheClusterSpecAuth{
OpenShiftoAuth: util.NewBoolPointer(true),
},
Server: orgv1.CheClusterSpecServer{
ServerExposureStrategy: "single-host",
},
K8s: orgv1.CheClusterSpecK8SOnly{
IngressDomain: "che.domain",
},
},
},
IsOpenShift: false,
IsOpenShift4: false,
},
}
util.IsOpenShift4 = true
done, err := ReconcileDevWorkspace(deployContext)
for _, testCase := range testCases {
t.Run(testCase.name, func(t *testing.T) {
deployContext := deploy.GetTestDeployContext(testCase.cheCluster, []runtime.Object{})
deployContext.ClusterAPI.Scheme.AddKnownTypes(operatorsv1alpha1.SchemeGroupVersion, &operatorsv1alpha1.Subscription{})
deployContext.ClusterAPI.DiscoveryClient.(*fakeDiscovery.FakeDiscovery).Fake.Resources = []*metav1.APIResourceList{
{
APIResources: []metav1.APIResource{
{Name: CheManagerResourcename},
},
},
}
if err != nil {
t.Fatalf("Error: %v", err)
util.IsOpenShift = testCase.IsOpenShift
util.IsOpenShift4 = testCase.IsOpenShift4
done, err := ReconcileDevWorkspace(deployContext)
if err != nil {
t.Fatalf("Error: %v", err)
}
if !done {
t.Fatalf("Dev Workspace operator has not been provisioned")
}
t.Run("defaultCheManagerDeployed", func(t *testing.T) {
obj := &unstructured.Unstructured{}
obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "che.eclipse.org", Version: "v1alpha1", Kind: "CheManager"})
err := deployContext.ClusterAPI.Client.Get(context.TODO(), client.ObjectKey{Name: "devworkspace-che", Namespace: deployContext.CheCluster.Namespace}, obj)
if testCase.IsOpenShift {
if err != nil {
t.Fatalf("Should have found a CheManager with default config but got an error: %s", err)
}
if obj.GetName() != "devworkspace-che" {
t.Fatalf("Should have found a CheManager with default config but found: %s", obj.GetName())
}
} else {
if testCase.cheCluster.Spec.Server.ServerExposureStrategy == "single-host" {
if err == nil || !apierrors.IsNotFound(err) {
t.Fatalf("Should not have found a CheManager")
}
} else {
if err != nil {
t.Fatalf("Should have found a CheManager with default config but got an error: %s", err)
}
if obj.GetName() != "devworkspace-che" {
t.Fatalf("Should have found a CheManager with default config but found: %s", obj.GetName())
}
spec := obj.Object["spec"].(map[string]interface{})
gatewayHost := spec["gatewayHost"].(string)
if gatewayHost != deployContext.CheCluster.Spec.K8s.IngressDomain {
t.Fatalf("gatewayHost wasn't set correctly, expected: %s, actual: %s", deployContext.CheCluster.Spec.K8s.IngressDomain, gatewayHost)
}
}
}
})
})
}
if !done {
t.Fatalf("Dev Workspace operator has not been provisioned")
}
t.Run("defaultCheManagerDeployed", func(t *testing.T) {
obj := &unstructured.Unstructured{}
obj.SetGroupVersionKind(schema.GroupVersionKind{Group: "che.eclipse.org", Version: "v1alpha1", Kind: "CheManager"})
err := deployContext.ClusterAPI.Client.Get(context.TODO(), client.ObjectKey{Name: "devworkspace-che", Namespace: DevWorkspaceCheNamespace}, obj)
if err != nil {
t.Fatalf("Should have found a CheManager with default config but got an error: %s", err)
}
if obj.GetName() != "devworkspace-che" {
t.Fatalf("Should have found a CheManager with default config but found: %s", obj.GetName())
}
})
}
func TestReconcileDevWorkspaceShouldThrowErrorIfWebTerminalSubscriptionExists(t *testing.T) {
@ -124,6 +213,7 @@ func TestReconcileDevWorkspaceShouldThrowErrorIfWebTerminalSubscriptionExists(t
},
}
util.IsOpenShift = true
util.IsOpenShift4 = true
_, err := ReconcileDevWorkspace(deployContext)
@ -142,7 +232,7 @@ func TestShouldSyncNewObject(t *testing.T) {
}
// tries to sync a new object
done, err := syncObject(deployContext, obj2sync)
done, err := syncObject(deployContext, obj2sync, "eclipse-che")
if err != nil {
t.Fatalf("Failed to sync object: %v", err)
} else if !done {
@ -194,7 +284,7 @@ func TestShouldSyncObjectIfItWasCreatedByAnotherOriginHashDifferent(t *testing.T
obj: newObject,
hash256: "hash",
}
_, err := syncObject(deployContext, obj2sync)
_, err := syncObject(deployContext, obj2sync, "eclipse-che")
if err != nil {
t.Fatalf("Failed to sync object: %v", err)
}
@ -238,7 +328,7 @@ func TestShouldSyncObjectIfItWasCreatedBySameOriginHashDifferent(t *testing.T) {
}
// tries to sync object with a new
_, err := syncObject(deployContext, obj2sync)
_, err := syncObject(deployContext, obj2sync, "eclipse-che")
if err != nil {
t.Fatalf("Failed to sync object: %v", err)
}
@ -303,7 +393,7 @@ func TestShouldNotSyncObjectIfThereIsAnotherCheCluster(t *testing.T) {
obj: newObject,
hash256: "hash-1",
}
done, err := syncObject(deployContext, obj2sync)
done, err := syncObject(deployContext, obj2sync, "eclipse-che")
if err != nil {
t.Fatalf("Failed to sync object: %v", err)
} else if !done {
@ -347,7 +437,7 @@ func TestShouldNotSyncObjectIfHashIsEqual(t *testing.T) {
obj: newObject,
hash256: "hash",
}
done, err := syncObject(deployContext, obj2sync)
done, err := syncObject(deployContext, obj2sync, "eclipse-che")
if err != nil {
t.Fatalf("Failed to sync object: %v", err)
} else if !done {

24
pkg/util/util.go
View File

@ -200,17 +200,21 @@ func MergeMaps(first map[string]string, second map[string]string) map[string]str
return ret
}
func GetServerExposureStrategy(c *orgv1.CheCluster) string {
strategy := c.Spec.Server.ServerExposureStrategy
if strategy != "" {
return strategy
} else if c.Spec.DevWorkspace.Enable {
return "single-host"
} else if IsOpenShift {
return "multi-host"
} else {
return GetValue(c.Spec.K8s.IngressStrategy, "multi-host")
func GetServerExposureStrategy(cheCluster *orgv1.CheCluster) string {
if cheCluster.Spec.Server.ServerExposureStrategy != "" {
return cheCluster.Spec.Server.ServerExposureStrategy
}
if !IsOpenShift && cheCluster.Spec.K8s.IngressStrategy != "" {
return cheCluster.Spec.K8s.IngressStrategy
}
// Explicitly switch to `single-host` mode
if cheCluster.Spec.DevWorkspace.Enable {
return "single-host"
}
return "multi-host"
}
func IsTestMode() (isTesting bool) {

59
replace-images-tags.sh
View File

@ -1,59 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# Updates images into:
# - deploy/operator.yaml
# Usage:
# ./release-operator-code.sh <RELEASE_TAG> <CHE_RELEASE_BRANCH>
set -e
function init() {
BASE_DIR=$(cd "$(dirname "$0")"; pwd)
RELEASE_TAG="$1"
CHE_RELEASE_BRANCH="$2"
}
function replaceImageTag() {
echo "${1}" | sed -e "s/\(.*:\).*/\1${2}/"
}
replaceImagesTags() {
OPERATOR_YAML="${BASE_DIR}"/deploy/operator.yaml
lastDefaultCheServerImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_che_server\") | .value" "${OPERATOR_YAML}")
lastDefaultKeycloakImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_keycloak\") | .value" "${OPERATOR_YAML}")
lastDefaultPluginRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value" "${OPERATOR_YAML}")
lastDefaultDevfileRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value" "${OPERATOR_YAML}")
CHE_SERVER_IMAGE_REALEASE=$(replaceImageTag "${lastDefaultCheServerImage}" "${RELEASE_TAG}")
KEYCLOAK_IMAGE_RELEASE=$(replaceImageTag "${lastDefaultKeycloakImage}" "${RELEASE_TAG}")
PLUGIN_REGISTRY_IMAGE_RELEASE=$(replaceImageTag "${lastDefaultPluginRegistryImage}" "${RELEASE_TAG}")
DEVFILE_REGISTRY_IMAGE_RELEASE=$(replaceImageTag "${lastDefaultDevfileRegistryImage}" "${RELEASE_TAG}")
NEW_OPERATOR_YAML="${OPERATOR_YAML}.new"
# copy licence header
eval head -10 "${OPERATOR_YAML}" > ${NEW_OPERATOR_YAML}
cat "${OPERATOR_YAML}" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\") | .image ) = \"quay.io/eclipse/che-operator:${RELEASE_TAG}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"CHE_VERSION\") | .value ) = \"${RELEASE_TAG}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server\") | .value ) = \"${CHE_SERVER_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_keycloak\") | .value ) = \"${KEYCLOAK_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" \
>> "${NEW_OPERATOR_YAML}"
mv "${NEW_OPERATOR_YAML}" "${OPERATOR_YAML}"
}
init "$@"
replaceImagesTags "$@"