Example 16 with ServerConfig
use of org.eclipse.che.api.core.model.workspace.config.ServerConfig in project devspaces-images by redhat-developer.
the class KubernetesServerExposer method exposeSecureServers.
private void exposeSecureServers(Map<String, ServerConfig> securedServers, Map<String, ServicePort> securedPorts) throws InfrastructureException {
if (securedPorts.isEmpty()) {
return;
}
Optional<Service> secureService = secureServerExposer.createService(securedPorts.values(), pod, machineName, securedServers);
String secureServiceName = secureService.map(s -> {
String n = s.getMetadata().getName();
k8sEnv.getServices().put(n, s);
return n;
}).orElse(null);
for (ServicePort servicePort : securedPorts.values()) {
// expose service port related secure servers if exist
Map<String, ServerConfig> matchedSecureServers = match(securedServers, servicePort);
if (!matchedSecureServers.isEmpty()) {
onEachExposableServerSet(matchedSecureServers, (serverId, srvrs) -> {
secureServerExposer.expose(k8sEnv, pod, machineName, secureServiceName, serverId, servicePort, srvrs);
});
}
}
}
Also used :
NameGenerator.generate(org.eclipse.che.commons.lang.NameGenerator.generate)
Container(io.fabric8.kubernetes.api.model.Container)
ConfigurationProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.ConfigurationProvisioner)
ExternalServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServerExposer)
LoggerFactory(org.slf4j.LoggerFactory)
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
KubernetesEnvironment(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
HashMap(java.util.HashMap)
SERVER_NAME_ATTRIBUTE(org.eclipse.che.api.core.model.workspace.config.ServerConfig.SERVER_NAME_ATTRIBUTE)
ArrayList(java.util.ArrayList)
Collectors.toMap(java.util.stream.Collectors.toMap)
Map(java.util.Map)
Service(io.fabric8.kubernetes.api.model.Service)
UniqueNamesProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.UniqueNamesProvisioner)
Constants(org.eclipse.che.workspace.infrastructure.kubernetes.Constants)
Logger(org.slf4j.Logger)
ImmutableMap(com.google.common.collect.ImmutableMap)
SecureServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.SecureServerExposer)
Integer.parseInt(java.lang.Integer.parseInt)
ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig)
Annotations(org.eclipse.che.workspace.infrastructure.kubernetes.Annotations)
ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort)
InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException)
CHE_ORIGINAL_NAME_LABEL(org.eclipse.che.workspace.infrastructure.kubernetes.Constants.CHE_ORIGINAL_NAME_LABEL)
Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress)
RuntimeIdentity(org.eclipse.che.api.core.model.workspace.runtime.RuntimeIdentity)
PodData(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData)
Optional(java.util.Optional)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
Collections(java.util.Collections)
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig)
Service(io.fabric8.kubernetes.api.model.Service)
Example 17 with ServerConfig
use of org.eclipse.che.api.core.model.workspace.config.ServerConfig in project devspaces-images by redhat-developer.
the class KubernetesServerExposer method expose.
/**
* Exposes specified servers.
*
* <p>Note that created Kubernetes objects will select the corresponding pods by {@link
* Constants#CHE_ORIGINAL_NAME_LABEL} label. That should be added by {@link
* UniqueNamesProvisioner}.
*
* @param servers servers to expose
* @see ConfigurationProvisioner#provision(KubernetesEnvironment, RuntimeIdentity)
*/
public void expose(Map<String, ? extends ServerConfig> servers) throws InfrastructureException {
Map<String, ServerConfig> internalServers = new HashMap<>();
Map<String, ServerConfig> externalServers = new HashMap<>();
Map<String, ServerConfig> secureServers = new HashMap<>();
Map<String, ServicePort> unsecuredPorts = new HashMap<>();
Map<String, ServicePort> securedPorts = new HashMap<>();
splitServersAndPortsByExposureType(servers, internalServers, externalServers, secureServers, unsecuredPorts, securedPorts);
provisionServicesForDiscoverableServers(servers);
Optional<Service> serviceOpt = createService(internalServers, unsecuredPorts);
if (serviceOpt.isPresent()) {
Service service = serviceOpt.get();
String serviceName = service.getMetadata().getName();
k8sEnv.getServices().put(serviceName, service);
exposeNonSecureServers(serviceName, externalServers, unsecuredPorts);
}
exposeSecureServers(secureServers, securedPorts);
}
Also used :
ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig)
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
HashMap(java.util.HashMap)
Service(io.fabric8.kubernetes.api.model.Service)
Example 18 with ServerConfig
use of org.eclipse.che.api.core.model.workspace.config.ServerConfig in project devspaces-images by redhat-developer.
the class AbstractJwtProxyProvisioner method expose.
/**
* Modifies Kubernetes environment to expose the specified service port via JWTProxy.
*
* @param k8sEnv Kubernetes environment to modify
* @param pod the pod that runs the server being exposed
* @param backendServiceName service name that will be exposed
* @param backendServicePort service port that will be exposed
* @param protocol protocol that will be used for exposed port
* @param secureServers secure servers to expose
* @return JWTProxy service port that expose the specified one
* @throws InfrastructureException if any exception occurs during port exposing
*/
@Override
public ServicePort expose(KubernetesEnvironment k8sEnv, PodData pod, String machineName, String backendServiceName, ServicePort backendServicePort, String protocol, boolean requireSubdomain, Map<String, ServerConfig> secureServers) throws InfrastructureException {
Preconditions.checkArgument(secureServers != null && !secureServers.isEmpty(), "Secure servers are missing");
ensureJwtProxyInjected(k8sEnv, machineName, pod);
Set<String> excludes = new HashSet<>();
Boolean cookiesAuthEnabled = null;
for (ServerConfig serverConfig : secureServers.values()) {
ExposureConfiguration config = getExposureConfiguration(serverConfig);
// accumulate unsecured paths
if (config.excludedPaths != null) {
excludes.addAll(config.excludedPaths);
}
// calculate `cookiesAuthEnabled` attributes
if (detectCookieAuth) {
if (cookiesAuthEnabled == null) {
cookiesAuthEnabled = config.cookiesAuthEnabled;
} else {
if (!cookiesAuthEnabled.equals(config.cookiesAuthEnabled)) {
throw new InfrastructureException("Secure servers which expose the same port should have the same `cookiesAuthEnabled` value.");
}
}
}
}
int listenPort = availablePort++;
ServicePort exposedPort = new ServicePortBuilder().withName("server-" + listenPort).withPort(listenPort).withProtocol(protocol).withNewTargetPort(listenPort).build();
k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
CookiePathStrategy actualCookiePathStrategy = requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
ExternalServiceExposureStrategy actualExposureStrategy = requireSubdomain ? multiHostExternalServiceExposureStrategy : externalServiceExposureStrategy;
// JwtProxySecureServerExposer creates no service for the exposed secure servers and
// assumes everything will be proxied from localhost, because JWT proxy is collocated
// with the workspace pod (because it is added to the environment as an injectable pod).
// This method historically supported proxying secure servers exposed through a service
// (which is not secure in absence of a appropriate network policy). The support for
// accessing the backend server through a service was kept here because it doesn't add
// any additional complexity to this method and keeps the door open for the
// JwtProxySecureServerExposer to be enhanced in the future with support for service-handled
// secure servers.
backendServiceName = backendServiceName == null ? "127.0.0.1" : backendServiceName;
proxyConfigBuilder.addVerifierProxy(listenPort, "http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(), excludes, cookiesAuthEnabled == null ? false : cookiesAuthEnabled, actualCookiePathStrategy.get(serviceName, exposedPort), actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
k8sEnv.getConfigMaps().get(getConfigMapName()).getData().put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build());
return exposedPort;
}
Also used :
ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig)
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
ExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy)
InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException)
HashSet(java.util.HashSet)
Example 19 with ServerConfig
use of org.eclipse.che.api.core.model.workspace.config.ServerConfig in project devspaces-images by redhat-developer.
the class KubernetesServerExposerTest method assertThatExternalServersAreExposed.
@SuppressWarnings("SameParameterValue")
private void assertThatExternalServersAreExposed(String machineName, String portProtocol, Integer port, Map<String, ServerConfig> expectedServers) {
// then
assertThatContainerPortIsExposed(portProtocol, port);
// ensure that service is created
Service service = findContainerRelatedService();
assertNotNull(service);
// ensure that required service port is exposed
ServicePort servicePort = assertThatServicePortIsExposed(port, service);
Annotations.Deserializer serviceAnnotations = Annotations.newDeserializer(service.getMetadata().getAnnotations());
assertEquals(serviceAnnotations.machineName(), machineName);
// check that we did not create servers for public endpoints
assertFalse(serviceAnnotations.servers().keySet().stream().anyMatch(key -> expectedServers.containsKey(key)));
verify(externalServerExposer).expose(eq(kubernetesEnvironment), eq(machineName), eq(service.getMetadata().getName()), any(), eq(servicePort), eq(expectedServers));
}
Also used :
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Listeners(org.testng.annotations.Listeners)
Container(io.fabric8.kubernetes.api.model.Container)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq)
Mock(org.mockito.Mock)
Assert.assertEquals(org.testng.Assert.assertEquals)
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
KubernetesEnvironment(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
Test(org.testng.annotations.Test)
SERVER_NAME_ATTRIBUTE(org.eclipse.che.api.core.model.workspace.config.ServerConfig.SERVER_NAME_ATTRIBUTE)
IngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.IngressServerExposer)
Collections.singletonList(java.util.Collections.singletonList)
ArrayList(java.util.ArrayList)
ArgumentCaptor(org.mockito.ArgumentCaptor)
PodBuilder(io.fabric8.kubernetes.api.model.PodBuilder)
Map(java.util.Map)
ContainerBuilder(io.fabric8.kubernetes.api.model.ContainerBuilder)
Collections.singletonMap(java.util.Collections.singletonMap)
Service(io.fabric8.kubernetes.api.model.Service)
Assert.assertFalse(org.testng.Assert.assertFalse)
ServerConfigImpl(org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl)
ArgumentMatchers.isNull(org.mockito.ArgumentMatchers.isNull)
DISCOVERABLE_SERVER_ATTRIBUTE(org.eclipse.che.api.core.model.workspace.config.ServerConfig.DISCOVERABLE_SERVER_ATTRIBUTE)
MockitoTestNGListener(org.mockito.testng.MockitoTestNGListener)
ImmutableMap(com.google.common.collect.ImmutableMap)
BeforeMethod(org.testng.annotations.BeforeMethod)
Pod(io.fabric8.kubernetes.api.model.Pod)
Mockito.times(org.mockito.Mockito.times)
SecureServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.SecureServerExposer)
Assert.assertNotNull(org.testng.Assert.assertNotNull)
Mockito.verify(org.mockito.Mockito.verify)
ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig)
SERVER_UNIQUE_PART_SIZE(org.eclipse.che.workspace.infrastructure.kubernetes.server.KubernetesServerExposer.SERVER_UNIQUE_PART_SIZE)
Annotations(org.eclipse.che.workspace.infrastructure.kubernetes.Annotations)
SERVER_PREFIX(org.eclipse.che.workspace.infrastructure.kubernetes.server.KubernetesServerExposer.SERVER_PREFIX)
InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException)
Entry(java.util.Map.Entry)
PodData(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData)
Assert.assertTrue(org.testng.Assert.assertTrue)
Optional(java.util.Optional)
Pattern(java.util.regex.Pattern)
ContainerPortBuilder(io.fabric8.kubernetes.api.model.ContainerPortBuilder)
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
Annotations(org.eclipse.che.workspace.infrastructure.kubernetes.Annotations)
Service(io.fabric8.kubernetes.api.model.Service)
Example 20 with ServerConfig
use of org.eclipse.che.api.core.model.workspace.config.ServerConfig in project devspaces-images by redhat-developer.
the class KubernetesServerExposerTest method shouldCreateIngressPerUniqueServerWithTheSamePort.
@Test
public void shouldCreateIngressPerUniqueServerWithTheSamePort() throws Exception {
// given
ServerConfigImpl httpServerConfig = new ServerConfigImpl("8080/tcp", "http", "/api", UNIQUE_SERVER_ATTRIBUTES);
ServerConfigImpl wsServerConfig = new ServerConfigImpl("8080/tcp", "ws", "/connect", UNIQUE_SERVER_ATTRIBUTES);
ServicePort servicePort = new ServicePortBuilder().withName("server-8080").withPort(8080).withProtocol("TCP").withTargetPort(new IntOrString(8080)).build();
Map<String, ServerConfig> serversToExpose = ImmutableMap.of("http-server", httpServerConfig, "ws-server", wsServerConfig);
// when
serverExposer.expose(serversToExpose);
// then
assertThatExternalServerIsExposed(MACHINE_NAME, "tcp", 8080, "http-server", new ServerConfigImpl(httpServerConfig).withAttributes(UNIQUE_SERVER_ATTRIBUTES));
assertThatExternalServerIsExposed(MACHINE_NAME, "tcp", 8080, "ws-server", new ServerConfigImpl(wsServerConfig).withAttributes(UNIQUE_SERVER_ATTRIBUTES));
}
Also used :
ServicePort(io.fabric8.kubernetes.api.model.ServicePort)
ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig)
ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
ServerConfigImpl(org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl)
IntOrString(io.fabric8.kubernetes.api.model.IntOrString)
Test(org.testng.annotations.Test)
Aggregations
ServerConfig (org.eclipse.che.api.core.model.workspace.config.ServerConfig)74
Test (org.testng.annotations.Test)54
ServerConfigImpl (org.eclipse.che.api.workspace.server.model.impl.ServerConfigImpl)42
ServicePort (io.fabric8.kubernetes.api.model.ServicePort)30
IntOrString (io.fabric8.kubernetes.api.model.IntOrString)28
EndpointImpl (org.eclipse.che.api.workspace.server.model.impl.devfile.EndpointImpl)20
ServicePortBuilder (io.fabric8.kubernetes.api.model.ServicePortBuilder)18
HashMap (java.util.HashMap)16
Annotations (org.eclipse.che.workspace.infrastructure.kubernetes.Annotations)16
Service (io.fabric8.kubernetes.api.model.Service)14
KubernetesEnvironment (org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment)12
Map (java.util.Map)10
ImmutableMap (com.google.common.collect.ImmutableMap)8
InfrastructureException (org.eclipse.che.api.workspace.server.spi.InfrastructureException)8
Container (io.fabric8.kubernetes.api.model.Container)6
ContainerPortBuilder (io.fabric8.kubernetes.api.model.ContainerPortBuilder)6
Ingress (io.fabric8.kubernetes.api.model.networking.v1.Ingress)6
ArrayList (java.util.ArrayList)6
Collections.singletonMap (java.util.Collections.singletonMap)6
Optional (java.util.Optional)6
