Examples with PodData org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData used on opensource projects

Example 46 with PodData

use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.

the class FileSecretApplier method applySecret.

/**
 * Applies secret as file into workspace containers, respecting automount attribute and optional
 * devfile automount property and/or mount path override.
 *
 * @param env kubernetes environment with workspace containers configuration
 * @param runtimeIdentity identity of current runtime
 * @param secret source secret to apply
 * @throws InfrastructureException on misconfigured secrets or other apply error
 */
@Override
public void applySecret(KubernetesEnvironment env, RuntimeIdentity runtimeIdentity, Secret secret) throws InfrastructureException {
    final String secretMountPath = secret.getMetadata().getAnnotations().get(ANNOTATION_MOUNT_PATH);
    boolean secretAutomount = Boolean.parseBoolean(secret.getMetadata().getAnnotations().get(ANNOTATION_AUTOMOUNT));
    if (secretMountPath == null) {
        throw new InfrastructureException(format("Unable to mount secret '%s': It is configured to be mounted as a file but the mount path was not specified. Please define the '%s' annotation on the secret to specify it.", secret.getMetadata().getName(), ANNOTATION_MOUNT_PATH));
    }
    Volume volumeFromSecret = new VolumeBuilder().withName(secret.getMetadata().getName()).withSecret(new SecretVolumeSourceBuilder().withSecretName(secret.getMetadata().getName()).build()).build();
    for (PodData podData : env.getPodsData().values()) {
        if (!podData.getRole().equals(PodRole.DEPLOYMENT)) {
            continue;
        }
        if (podData.getSpec().getVolumes().stream().anyMatch(v -> v.getName().equals(volumeFromSecret.getName()))) {
            volumeFromSecret.setName(volumeFromSecret.getName() + "_" + NameGenerator.generate("", 6));
        }
        podData.getSpec().getVolumes().add(volumeFromSecret);
        for (Container container : podData.getSpec().getContainers()) {
            Optional<ComponentImpl> component = getComponent(env, container.getName());
            // skip components that explicitly disable automount
            if (component.isPresent() && isComponentAutomountFalse(component.get())) {
                continue;
            }
            // if automount disabled globally and not overridden in component
            if (!secretAutomount && (!component.isPresent() || !isComponentAutomountTrue(component.get()))) {
                continue;
            }
            // find path override if any
            Optional<String> overridePathOptional = Optional.empty();
            if (component.isPresent()) {
                overridePathOptional = getOverridenComponentPath(component.get(), secret.getMetadata().getName());
            }
            final String componentMountPath = overridePathOptional.orElse(secretMountPath);
            // remove the existing mount here to replace it with new one.
            if (k8sVersion.olderThan(1, 13)) {
                LOG.debug("Unable to mount multiple VolumeMounts on same path on this k8s version. Removing conflicting volumes in favor of secret mounts.");
                container.getVolumeMounts().removeIf(vm -> Paths.get(vm.getMountPath()).equals(Paths.get(componentMountPath)));
            }
            container.getVolumeMounts().addAll(secret.getData().keySet().stream().map(secretFile -> buildVolumeMount(volumeFromSecret, componentMountPath, secretFile)).collect(Collectors.toList()));
        }
    }
}

Example 47 with PodData

use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.

the class ServersConverter method provision.

@Override
@Traced
public void provision(T k8sEnv, RuntimeIdentity identity) throws InfrastructureException {
    TracingTags.WORKSPACE_ID.set(identity::getWorkspaceId);
    SecureServerExposer<T> secureServerExposer = secureServerExposerFactoryProvider.get(k8sEnv).create(identity);
    for (PodData podConfig : k8sEnv.getPodsData().values()) {
        final PodSpec podSpec = podConfig.getSpec();
        for (Container containerConfig : podSpec.getContainers()) {
            String machineName = Names.machineName(podConfig, containerConfig);
            InternalMachineConfig machineConfig = k8sEnv.getMachines().get(machineName);
            if (!machineConfig.getServers().isEmpty()) {
                KubernetesServerExposer kubernetesServerExposer = new KubernetesServerExposer<>(externalServerExposer, secureServerExposer, machineName, podConfig, containerConfig, k8sEnv);
                kubernetesServerExposer.expose(machineConfig.getServers());
            }
        }
    }
}

Example 48 with PodData

use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.

the class KubernetesTrustedCAProvisioner method provision.

/**
 * Propagates additional CA certificates into config map and mounts them into all pods of given
 * namespace
 *
 * @param k8sEnv available objects in the scope
 * @param runtimeID defines namespace into which config map should be provisioned
 * @throws InfrastructureException if failed to CRUD a resource
 */
public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity runtimeID) throws InfrastructureException {
    if (!trustedStoreInitialized) {
        return;
    }
    ConfigMap allCaCertsConfigMap = cheServerClientFactory.create().configMaps().inNamespace(installationLocationNamespace).withName(caBundleConfigMap).get();
    if (allCaCertsConfigMap == null) {
        return;
    }
    k8sEnv.getConfigMaps().put(configMapName, new ConfigMapBuilder().withMetadata(new ObjectMetaBuilder().withName(configMapName).withAnnotations(allCaCertsConfigMap.getMetadata().getAnnotations()).withLabels(configMapLabelKeyValue).build()).withApiVersion(allCaCertsConfigMap.getApiVersion()).withData(allCaCertsConfigMap.getData()).build());
    for (PodData pod : k8sEnv.getPodsData().values()) {
        if (pod.getRole() == PodRole.DEPLOYMENT) {
            if (pod.getSpec().getVolumes().stream().noneMatch(v -> v.getName().equals(CHE_TRUST_STORE_VOLUME))) {
                pod.getSpec().getVolumes().add(new VolumeBuilder().withName(CHE_TRUST_STORE_VOLUME).withConfigMap(new ConfigMapVolumeSourceBuilder().withName(configMapName).build()).build());
            }
        }
        for (Container container : pod.getSpec().getInitContainers()) {
            provisionTrustStoreVolumeMountIfNeeded(container);
        }
        for (Container container : pod.getSpec().getContainers()) {
            provisionTrustStoreVolumeMountIfNeeded(container);
        }
    }
}

Example 49 with PodData

use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.

the class ServiceAccountProvisioner method provision.

@Override
@Traced
public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity) throws InfrastructureException {
    TracingTags.WORKSPACE_ID.set(identity::getWorkspaceId);
    if (!isNullOrEmpty(serviceAccount)) {
        for (PodData pod : k8sEnv.getPodsData().values()) {
            pod.getSpec().setServiceAccountName(serviceAccount);
            pod.getSpec().setAutomountServiceAccountToken(true);
        }
    }
}

Example 50 with PodData

use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.

the class ContainerResourceProvisionerTest method setup.

@BeforeMethod
public void setup() {
    resourceProvisioner = new ContainerResourceProvisioner(1024, 512, "500m", "100m");
    container = new Container();
    container.setName(CONTAINER_NAME);
    when(k8sEnv.getMachines()).thenReturn(of(MACHINE_NAME, internalMachineConfig));
    when(internalMachineConfig.getAttributes()).thenReturn(of(MEMORY_LIMIT_ATTRIBUTE, RAM_LIMIT_VALUE, MEMORY_REQUEST_ATTRIBUTE, RAM_REQUEST_VALUE, CPU_LIMIT_ATTRIBUTE, CPU_LIMIT_VALUE, CPU_REQUEST_ATTRIBUTE, CPU_REQUEST_VALUE));
    final ObjectMeta podMetadata = mock(ObjectMeta.class);
    when(podMetadata.getName()).thenReturn(POD_NAME);
    final PodSpec podSpec = mock(PodSpec.class);
    when(podSpec.getContainers()).thenReturn(Collections.singletonList(container));
    when(k8sEnv.getPodsData()).thenReturn(of(POD_NAME, new PodData(podSpec, podMetadata)));
}