If we allow the DevWorkspace Operator to handle proxy settings for workspaces,
it will add proxy environment variables to workspace containers with the
values it detects on the cluster (or through its own
DevWorkspaceOperatorConfig)
Since these environment variables are defined in the deployment yaml,
their values override values for proxy environment variables defined by
the automount 'proxy-config' configmap.
To avoid this, we configure DWO to not set any proxy settings for
workspaces we manage.
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
* feat: add Che Cluster CR fields for pod & container security context
Also modify devEnvironments.disableContainerBuildCapabilities field documentation
to mention it overrides devEnvironments.security.containerSecurityContext
when set to false.
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
* feat: configure DWOC pod & container security context from Che Cluster CR
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
* chore: Add tests for DWOC pod & security context configuration
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
* chore: update dev resources for Che Cluster CR devEnvironments.security field
Also updates dev resources for devEnvironments.disableContainerBuildCapabilities
field documentation.
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
* chore: split DevWorkspaceConfig tests into seperate functions
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
* chore: clean up DevWorkspaceConfig container builds tests
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
* chore: clean up unused error in DevWorkspaceOperatorConfig reconciler
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
---------
Signed-off-by: Andrew Obuchowicz <aobuchow@redhat.com>
Removing the last field from a CheCluster's
devEnvironments.projectCloneContainer results in the change not being
propagated to the DevWorkspaceOperatorConfig.
Instead, if the CheCluster's field is unset, the
DevWorkspaceOperatorConfig's corresponding field should also be unset.
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
* Update devworkspace-operator dependency version to v0.21.0
Update devworkspace-operator dependency to v0.21.0 and update vendor dir
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
* Add project clone container config field to CheCluster CR
Add field .spec.devEnvironments.projectCloneContainer to allow
configuring image, env, resources, and pull policy for the project clone
container.
This change reuses the existing Container struct for storing this
config, which means that
* The name field is ignored (it appears to be a discriminator for the
Deployment struct's containers[] field
* Defaults are handled differently:
* Default imagePullPolicy is the general pull policy for DWO, with
default value "Always" (instead of depending on tag as documented)
* Resource requirements set to "0" are interpreted as "do not set this
field"
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
* Add reconcile step that syncs CheCluster project clone to DevWorkspace
Sync the field CheCluster.devEnvironments.projectCloneConfig to the
DevWorkspaceOperatorConfig owned by the operator.
Update tests to cover new functionality.
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
---------
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
* Set SCC allowPrivilegeEscalation to true when container build enabled
Running Podman inside a container in OpenShift requires the pod to have
allowPrivilegeEscalation: true in its security context.
* Fix tests
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
Anatolii Bazko