use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project che-server by eclipse-che.
the class KubernetesInternalRuntime method doStartMachine.
/**
* Creates Kubernetes pods and resolves servers using the specified serverResolver.
*
* @param serverResolver server resolver that provide servers by container
* @throws InfrastructureException when any error occurs while creating Kubernetes pods
*/
@Traced
protected void doStartMachine(ServerResolver serverResolver) throws InfrastructureException {
final KubernetesEnvironment environment = getContext().getEnvironment();
final Map<String, InternalMachineConfig> machineConfigs = environment.getMachines();
final String workspaceId = getContext().getIdentity().getWorkspaceId();
LOG.debug("Begin pods creation for workspace '{}'", workspaceId);
PodMerger podMerger = new PodMerger();
Map<String, Map<String, Pod>> injectablePods = environment.getInjectablePodsCopy();
for (Pod toCreate : environment.getPodsCopy().values()) {
ObjectMeta toCreateMeta = toCreate.getMetadata();
List<PodData> injectables = getAllInjectablePods(toCreate, injectablePods);
Pod createdPod;
if (injectables.isEmpty()) {
createdPod = namespace.deployments().deploy(toCreate);
} else {
try {
injectables.add(new PodData(toCreate));
Deployment merged = podMerger.merge(injectables);
merged.getMetadata().setName(toCreate.getMetadata().getName());
createdPod = namespace.deployments().deploy(merged);
} catch (ValidationException e) {
throw new InfrastructureException(e);
}
}
LOG.debug("Creating pod '{}' in workspace '{}'", toCreateMeta.getName(), workspaceId);
storeStartingMachine(createdPod, createdPod.getMetadata(), machineConfigs, serverResolver);
}
for (Deployment toCreate : environment.getDeploymentsCopy().values()) {
PodTemplateSpec template = toCreate.getSpec().getTemplate();
List<PodData> injectables = getAllInjectablePods(template.getMetadata(), template.getSpec().getContainers(), injectablePods);
Pod createdPod;
if (injectables.isEmpty()) {
createdPod = namespace.deployments().deploy(toCreate);
} else {
try {
injectables.add(new PodData(toCreate));
Deployment deployment = podMerger.merge(injectables);
deployment.getMetadata().setName(toCreate.getMetadata().getName());
putAnnotations(deployment.getMetadata(), toCreate.getMetadata().getAnnotations());
putLabels(deployment.getMetadata(), toCreate.getMetadata().getLabels());
createdPod = namespace.deployments().deploy(deployment);
} catch (ValidationException e) {
throw new InfrastructureException(e);
}
}
LOG.debug("Creating deployment '{}' in workspace '{}'", createdPod.getMetadata().getName(), workspaceId);
storeStartingMachine(createdPod, createdPod.getMetadata(), machineConfigs, serverResolver);
}
LOG.debug("Pods creation finished in workspace '{}'", workspaceId);
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.
the class CertificateProvisioner method provision.
@Override
public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity) throws InfrastructureException {
if (!isConfigured()) {
return;
}
String selfSignedCertSecretName = identity.getWorkspaceId() + CHE_SELF_SIGNED_CERT_SECRET_SUFFIX;
k8sEnv.getSecrets().put(selfSignedCertSecretName, new SecretBuilder().withNewMetadata().withName(selfSignedCertSecretName).endMetadata().withStringData(ImmutableMap.of(CA_CERT_FILE, certificate)).build());
for (PodData pod : k8sEnv.getPodsData().values()) {
if (pod.getRole() == PodRole.DEPLOYMENT) {
if (pod.getSpec().getVolumes().stream().noneMatch(v -> v.getName().equals(CHE_SELF_SIGNED_CERT_VOLUME))) {
pod.getSpec().getVolumes().add(buildCertSecretVolume(selfSignedCertSecretName));
}
}
for (Container container : pod.getSpec().getInitContainers()) {
provisionCertVolumeMountIfNeeded(container);
}
for (Container container : pod.getSpec().getContainers()) {
provisionCertVolumeMountIfNeeded(container);
}
}
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.
the class VcsSslCertificateProvisioner method provision.
@Override
public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity) throws InfrastructureException {
if (!isConfigured()) {
return;
}
String selfSignedCertConfigMapName = identity.getWorkspaceId() + CHE_GIT_SELF_SIGNED_CERT_CONFIG_MAP_SUFFIX;
k8sEnv.getConfigMaps().put(selfSignedCertConfigMapName, new ConfigMapBuilder().withNewMetadata().withName(selfSignedCertConfigMapName).endMetadata().withData(singletonMap(CA_CERT_FILE, certificate)).build());
for (PodData pod : k8sEnv.getPodsData().values()) {
if (pod.getRole() != PodRole.INJECTABLE) {
if (pod.getSpec().getVolumes().stream().noneMatch(v -> v.getName().equals(CHE_GIT_SELF_SIGNED_VOLUME))) {
pod.getSpec().getVolumes().add(buildCertVolume(selfSignedCertConfigMapName));
}
}
for (Container container : pod.getSpec().getInitContainers()) {
provisionCertVolumeMountIfNeeded(container);
}
for (Container container : pod.getSpec().getContainers()) {
provisionCertVolumeMountIfNeeded(container);
}
}
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.
the class ContainerResourceProvisioner method provision.
@Override
@Traced
public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity) throws InfrastructureException {
TracingTags.WORKSPACE_ID.set(identity::getWorkspaceId);
final Map<String, InternalMachineConfig> machines = k8sEnv.getMachines();
for (PodData pod : k8sEnv.getPodsData().values()) {
for (Container container : pod.getSpec().getContainers()) {
// make sure that machine configs have settings for RAM limit and request
InternalMachineConfig machineConfig = machines.get(machineName(pod, container));
ResourceLimitAttributesProvisioner.provisionMemory(machineConfig, Containers.getRamLimit(container), Containers.getRamRequest(container), defaultMachineMaxMemorySizeAttribute, defaultMachineRequestMemorySizeAttribute);
// make sure that machine configs have settings for CPU limit and request
ResourceLimitAttributesProvisioner.provisionCPU(machineConfig, Containers.getCpuLimit(container), Containers.getCpuRequest(container), defaultMachineCpuLimitAttribute, defaultMachineCpuRequestAttribute);
// reapply memory and CPU settings to k8s container to make sure that provisioned
// values above are set. Non-positive value means that limit is disabled, so just
// ignoring them.
final Map<String, String> attributes = machineConfig.getAttributes();
long memLimit = Long.parseLong(attributes.get(MEMORY_LIMIT_ATTRIBUTE));
if (memLimit > 0) {
Containers.addRamLimit(container, memLimit);
}
long memRequest = Long.parseLong(attributes.get(MEMORY_REQUEST_ATTRIBUTE));
if (memRequest > 0) {
Containers.addRamRequest(container, memRequest);
}
float cpuLimit = Float.parseFloat(attributes.get(CPU_LIMIT_ATTRIBUTE));
if (cpuLimit > 0) {
Containers.addCpuLimit(container, cpuLimit);
}
float cpuRequest = Float.parseFloat(attributes.get(CPU_REQUEST_ATTRIBUTE));
if (cpuRequest > 0)
Containers.addCpuRequest(container, cpuRequest);
}
}
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData in project devspaces-images by redhat-developer.
the class EnvironmentVariableSecretApplier method applySecret.
/**
* Applies secret as environment variable into workspace containers, respecting automount
* attribute and optional devfile automount property override.
*
* @param env kubernetes environment with workspace containers configuration
* @param runtimeIdentity identity of current runtime
* @param secret source secret to apply
* @throws InfrastructureException on misconfigured secrets or other apply error
*/
@Override
public void applySecret(KubernetesEnvironment env, RuntimeIdentity runtimeIdentity, Secret secret) throws InfrastructureException {
boolean secretAutomount = Boolean.parseBoolean(secret.getMetadata().getAnnotations().get(ANNOTATION_AUTOMOUNT));
for (PodData podData : env.getPodsData().values()) {
if (!podData.getRole().equals(PodRole.DEPLOYMENT)) {
continue;
}
for (Container container : podData.getSpec().getContainers()) {
Optional<ComponentImpl> component = getComponent(env, container.getName());
// skip components that explicitly disable automount
if (component.isPresent() && isComponentAutomountFalse(component.get())) {
continue;
}
// if automount disabled globally and not overridden in component
if (!secretAutomount && (!component.isPresent() || !isComponentAutomountTrue(component.get()))) {
continue;
}
for (Entry<String, String> secretDataEntry : secret.getData().entrySet()) {
final String mountEnvName = envName(secret, secretDataEntry.getKey(), runtimeIdentity);
container.getEnv().add(new EnvVarBuilder().withName(mountEnvName).withValueFrom(new EnvVarSourceBuilder().withSecretKeyRef(new SecretKeySelectorBuilder().withName(secret.getMetadata().getName()).withKey(secretDataEntry.getKey()).build()).build()).build());
}
}
}
}
Aggregations