use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project che-server by eclipse-che.
the class OpenShiftInfraModule method configure.
@Override
protected void configure() {
Multibinder<WorkspaceAttributeValidator> workspaceAttributeValidators = Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
workspaceAttributeValidators.addBinding().to(K8sInfraNamespaceWsAttributeValidator.class);
workspaceAttributeValidators.addBinding().to(AsyncStorageModeValidator.class);
Multibinder<NamespaceConfigurator> namespaceConfigurators = Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
namespaceConfigurators.addBinding().to(PreferencesConfigMapConfigurator.class);
namespaceConfigurators.addBinding().to(OpenShiftWorkspaceServiceAccountConfigurator.class);
namespaceConfigurators.addBinding().to(OpenShiftStopWorkspaceRoleConfigurator.class);
namespaceConfigurators.addBinding().to(SshKeysConfigurator.class);
bind(KubernetesNamespaceService.class);
MapBinder<String, InternalEnvironmentFactory> factories = MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
factories.addBinding(OpenShiftEnvironment.TYPE).to(OpenShiftEnvironmentFactory.class);
factories.addBinding(KubernetesEnvironment.TYPE).to(KubernetesEnvironmentFactory.class);
factories.addBinding(Constants.NO_ENVIRONMENT_RECIPE_TYPE).to(NoEnvironmentFactory.class);
bind(InconsistentRuntimesDetector.class).asEagerSingleton();
bind(RuntimeInfrastructure.class).to(OpenShiftInfrastructure.class);
bind(KubernetesNamespaceFactory.class).to(OpenShiftProjectFactory.class);
bind(KubernetesClientFactory.class).to(OpenShiftClientFactory.class);
bind(CheServerOpenshiftClientFactory.class);
install(new FactoryModuleBuilder().build(OpenShiftRuntimeContextFactory.class));
install(new FactoryModuleBuilder().build(OpenShiftRuntimeFactory.class));
install(new FactoryModuleBuilder().build(StartSynchronizerFactory.class));
bind(WorkspacePVCCleaner.class).asEagerSingleton();
bind(RemoveProjectOnWorkspaceRemove.class).asEagerSingleton();
bind(TrustedCAProvisioner.class).to(OpenshiftTrustedCAProvisioner.class);
bind(CheApiInternalEnvVarProvider.class).to(KubernetesCheApiInternalEnvVarProvider.class);
bind(CheApiExternalEnvVarProvider.class).to(KubernetesCheApiExternalEnvVarProvider.class);
MapBinder<String, WorkspaceVolumesStrategy> volumesStrategies = MapBinder.newMapBinder(binder(), String.class, WorkspaceVolumesStrategy.class);
volumesStrategies.addBinding(COMMON_STRATEGY).to(CommonPVCStrategy.class);
volumesStrategies.addBinding(PER_WORKSPACE_STRATEGY).to(PerWorkspacePVCStrategy.class);
volumesStrategies.addBinding(UNIQUE_STRATEGY).to(UniqueWorkspacePVCStrategy.class);
bind(WorkspaceVolumesStrategy.class).toProvider(WorkspaceVolumeStrategyProvider.class);
MapBinder<WorkspaceExposureType, ExternalServerExposer<OpenShiftEnvironment>> exposureStrategies = MapBinder.newMapBinder(binder(), new TypeLiteral<>() {
}, new TypeLiteral<>() {
});
exposureStrategies.addBinding(WorkspaceExposureType.NATIVE).to(RouteServerExposer.class);
exposureStrategies.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayServerExposer<OpenShiftEnvironment>>() {
});
bind(new TypeLiteral<ExternalServerExposer<OpenShiftEnvironment>>() {
}).annotatedWith(com.google.inject.name.Names.named("multihost-exposer")).to(RouteServerExposer.class);
bind(new TypeLiteral<ExternalServerExposerProvider<OpenShiftEnvironment>>() {
}).to(OpenShiftExternalServerExposerProvider.class);
bind(ServersConverter.class).to(new TypeLiteral<ServersConverter<OpenShiftEnvironment>>() {
});
bind(PreviewUrlExposer.class).to(new TypeLiteral<OpenShiftPreviewUrlExposer>() {
});
bind(PreviewUrlCommandProvisioner.class).to(new TypeLiteral<OpenShiftPreviewUrlCommandProvisioner>() {
});
Multibinder<EnvVarProvider> envVarProviders = Multibinder.newSetBinder(binder(), EnvVarProvider.class);
envVarProviders.addBinding().to(LogsRootEnvVariableProvider.class);
install(new JpaKubernetesRuntimeCacheModule());
Multibinder.newSetBinder(binder(), ServiceTermination.class).addBinding().to(KubernetesClientTermination.class);
MapBinder<String, ChePluginsApplier> pluginsAppliers = MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
pluginsAppliers.addBinding(OpenShiftEnvironment.TYPE).to(KubernetesPluginsToolingApplier.class);
bind(SecureServerExposerFactoryProvider.class).to(new TypeLiteral<SecureServerExposerFactoryProvider<OpenShiftEnvironment>>() {
});
bind(BrokerService.class);
bind(new TypeLiteral<BrokerEnvironmentFactory<OpenShiftEnvironment>>() {
}).to(OpenshiftBrokerEnvironmentFactory.class);
bind(PluginBrokerManager.class).to(new TypeLiteral<PluginBrokerManager<OpenShiftEnvironment>>() {
});
bind(SidecarToolingProvisioner.class).to(new TypeLiteral<SidecarToolingProvisioner<OpenShiftEnvironment>>() {
});
MapBinder<WorkspaceExposureType, TlsProvisioner<OpenShiftEnvironment>> tlsProvisioners = MapBinder.newMapBinder(binder(), new TypeLiteral<WorkspaceExposureType>() {
}, new TypeLiteral<TlsProvisioner<OpenShiftEnvironment>>() {
});
tlsProvisioners.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayTlsProvisioner<OpenShiftEnvironment>>() {
});
tlsProvisioners.addBinding(WorkspaceExposureType.NATIVE).to(RouteTlsProvisioner.class);
bind(new TypeLiteral<KubernetesEnvironmentProvisioner<OpenShiftEnvironment>>() {
}).to(OpenShiftEnvironmentProvisioner.class);
DevfileBindings.onComponentIntegrityValidatorBinder(binder(), binder -> {
binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
binder.addBinding(OPENSHIFT_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(NoopComponentIntegrityValidator.class);
});
DevfileBindings.onWorkspaceApplierBinder(binder(), binder -> {
binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentToWorkspaceApplier.class);
binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(DockerimageComponentToWorkspaceApplier.class);
binder.addBinding(OPENSHIFT_COMPONENT_TYPE).to(OpenshiftComponentToWorkspaceApplier.class);
});
KubernetesDevfileBindings.addKubernetesBasedEnvironmentTypeBindings(binder(), KubernetesEnvironment.TYPE, OpenShiftEnvironment.TYPE);
KubernetesDevfileBindings.addKubernetesBasedComponentTypeBindings(binder(), KUBERNETES_COMPONENT_TYPE, OPENSHIFT_COMPONENT_TYPE);
KubernetesDevfileBindings.addAllowedEnvironmentTypeUpgradeBindings(binder(), OpenShiftEnvironment.TYPE, KubernetesEnvironment.TYPE);
MapBinder<String, ExternalServiceExposureStrategy> ingressStrategies = MapBinder.newMapBinder(binder(), String.class, ExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(MULTI_HOST_STRATEGY).to(OpenShiftServerExposureStrategy.class);
ingressStrategies.addBinding(SINGLE_HOST_STRATEGY).to(SingleHostExternalServiceExposureStrategy.class);
bind(ExternalServiceExposureStrategy.class).toProvider(ServiceExposureStrategyProvider.class);
bind(CookiePathStrategy.class).to(OpenShiftCookiePathStrategy.class);
bind(NonTlsDistributedClusterModeNotifier.class);
bind(AsyncStorageProvisioner.class);
bind(AsyncStoragePodInterceptor.class);
bind(AsyncStoragePodWatcher.class);
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project che-server by eclipse-che.
the class KubernetesInfraModule method configure.
@Override
protected void configure() {
Multibinder<WorkspaceAttributeValidator> workspaceAttributeValidators = Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
workspaceAttributeValidators.addBinding().to(K8sInfraNamespaceWsAttributeValidator.class);
workspaceAttributeValidators.addBinding().to(AsyncStorageModeValidator.class);
// order matters here!
// We first need to grant permissions to user, only then we can run other configurators with
// user's client.
Multibinder<NamespaceConfigurator> namespaceConfigurators = Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
namespaceConfigurators.addBinding().to(UserPermissionConfigurator.class);
namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
namespaceConfigurators.addBinding().to(PreferencesConfigMapConfigurator.class);
namespaceConfigurators.addBinding().to(WorkspaceServiceAccountConfigurator.class);
namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
namespaceConfigurators.addBinding().to(SshKeysConfigurator.class);
bind(KubernetesNamespaceService.class);
MapBinder<String, InternalEnvironmentFactory> factories = MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
factories.addBinding(KubernetesEnvironment.TYPE).to(KubernetesEnvironmentFactory.class);
factories.addBinding(Constants.NO_ENVIRONMENT_RECIPE_TYPE).to(NoEnvironmentFactory.class);
bind(RuntimeInfrastructure.class).to(KubernetesInfrastructure.class);
bind(InconsistentRuntimesDetector.class).asEagerSingleton();
bind(TrustedCAProvisioner.class).to(KubernetesTrustedCAProvisioner.class);
MapBinder<WorkspaceExposureType, TlsProvisioner<KubernetesEnvironment>> tlsProvisioners = MapBinder.newMapBinder(binder(), new TypeLiteral<WorkspaceExposureType>() {
}, new TypeLiteral<TlsProvisioner<KubernetesEnvironment>>() {
});
tlsProvisioners.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayTlsProvisioner<KubernetesEnvironment>>() {
});
tlsProvisioners.addBinding(WorkspaceExposureType.NATIVE).to(IngressTlsProvisioner.class);
bind(new TypeLiteral<KubernetesEnvironmentProvisioner<KubernetesEnvironment>>() {
}).to(KubernetesEnvironmentProvisioner.KubernetesEnvironmentProvisionerImpl.class);
install(new FactoryModuleBuilder().build(KubernetesRuntimeContextFactory.class));
install(new FactoryModuleBuilder().build(new TypeLiteral<KubernetesRuntimeFactory<KubernetesEnvironment>>() {
}));
install(new FactoryModuleBuilder().build(StartSynchronizerFactory.class));
bind(WorkspacePVCCleaner.class).asEagerSingleton();
bind(RemoveNamespaceOnWorkspaceRemove.class).asEagerSingleton();
bind(CheApiInternalEnvVarProvider.class).to(KubernetesCheApiInternalEnvVarProvider.class);
bind(CheApiExternalEnvVarProvider.class).to(KubernetesCheApiExternalEnvVarProvider.class);
MapBinder<String, WorkspaceVolumesStrategy> volumesStrategies = MapBinder.newMapBinder(binder(), String.class, WorkspaceVolumesStrategy.class);
volumesStrategies.addBinding(COMMON_STRATEGY).to(CommonPVCStrategy.class);
volumesStrategies.addBinding(PER_WORKSPACE_STRATEGY).to(PerWorkspacePVCStrategy.class);
volumesStrategies.addBinding(UNIQUE_STRATEGY).to(UniqueWorkspacePVCStrategy.class);
bind(WorkspaceVolumesStrategy.class).toProvider(WorkspaceVolumeStrategyProvider.class);
Multibinder.newSetBinder(binder(), ServiceTermination.class).addBinding().to(KubernetesClientTermination.class);
MapBinder<String, ExternalServiceExposureStrategy> ingressStrategies = MapBinder.newMapBinder(binder(), String.class, ExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(MULTI_HOST_STRATEGY).to(MultiHostExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(SINGLE_HOST_STRATEGY).to(SingleHostExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(DEFAULT_HOST_STRATEGY).to(DefaultHostExternalServiceExposureStrategy.class);
bind(ExternalServiceExposureStrategy.class).toProvider(ServiceExposureStrategyProvider.class);
MapBinder<WorkspaceExposureType, ExternalServerExposer<KubernetesEnvironment>> exposureStrategies = MapBinder.newMapBinder(binder(), new TypeLiteral<>() {
}, new TypeLiteral<>() {
});
exposureStrategies.addBinding(WorkspaceExposureType.NATIVE).to(new TypeLiteral<IngressServerExposer<KubernetesEnvironment>>() {
});
exposureStrategies.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayServerExposer<KubernetesEnvironment>>() {
});
bind(new TypeLiteral<ExternalServerExposer<KubernetesEnvironment>>() {
}).annotatedWith(com.google.inject.name.Names.named("multihost-exposer")).to(new TypeLiteral<MultihostIngressServerExposer<KubernetesEnvironment>>() {
});
bind(new TypeLiteral<ExternalServerExposerProvider<KubernetesEnvironment>>() {
}).to(new TypeLiteral<KubernetesExternalServerExposerProvider<KubernetesEnvironment>>() {
});
bind(ServersConverter.class).to(new TypeLiteral<ServersConverter<KubernetesEnvironment>>() {
});
bind(PreviewUrlExposer.class).to(new TypeLiteral<PreviewUrlExposer<KubernetesEnvironment>>() {
});
bind(PreviewUrlCommandProvisioner.class).to(new TypeLiteral<KubernetesPreviewUrlCommandProvisioner>() {
});
Multibinder<EnvVarProvider> envVarProviders = Multibinder.newSetBinder(binder(), EnvVarProvider.class);
envVarProviders.addBinding().to(LogsRootEnvVariableProvider.class);
bind(new TypeLiteral<Map<String, String>>() {
}).annotatedWith(named("infra.kubernetes.ingress.annotations")).toProvider(IngressAnnotationsProvider.class);
install(new JpaKubernetesRuntimeCacheModule());
bind(SecureServerExposerFactoryProvider.class).to(new TypeLiteral<SecureServerExposerFactoryProvider<KubernetesEnvironment>>() {
});
MapBinder<String, ChePluginsApplier> chePluginsAppliers = MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
chePluginsAppliers.addBinding(KubernetesEnvironment.TYPE).to(KubernetesPluginsToolingApplier.class);
bind(BrokerService.class);
bind(new TypeLiteral<BrokerEnvironmentFactory<KubernetesEnvironment>>() {
}).to(KubernetesBrokerEnvironmentFactory.class);
bind(PluginBrokerManager.class).to(new TypeLiteral<PluginBrokerManager<KubernetesEnvironment>>() {
});
bind(SidecarToolingProvisioner.class).to(new TypeLiteral<SidecarToolingProvisioner<KubernetesEnvironment>>() {
});
DevfileBindings.onComponentIntegrityValidatorBinder(binder(), binder -> {
binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(NoopComponentIntegrityValidator.class);
});
DevfileBindings.onWorkspaceApplierBinder(binder(), binder -> {
binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentToWorkspaceApplier.class);
binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(DockerimageComponentToWorkspaceApplier.class);
});
KubernetesDevfileBindings.addKubernetesBasedEnvironmentTypeBindings(binder(), KubernetesEnvironment.TYPE);
KubernetesDevfileBindings.addKubernetesBasedComponentTypeBindings(binder(), KUBERNETES_COMPONENT_TYPE);
// We need to initialize the bindings somehow. Because no other environment type is upgradable
// to kubernetes, we just call this in a way that initializes the binding with an empty map.
KubernetesDevfileBindings.addAllowedEnvironmentTypeUpgradeBindings(binder(), KubernetesEnvironment.TYPE);
bind(NonTlsDistributedClusterModeNotifier.class);
bind(AsyncStorageProvisioner.class);
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project devspaces-images by redhat-developer.
the class AbstractJwtProxyProvisioner method expose.
/**
* Modifies Kubernetes environment to expose the specified service port via JWTProxy.
*
* @param k8sEnv Kubernetes environment to modify
* @param pod the pod that runs the server being exposed
* @param backendServiceName service name that will be exposed
* @param backendServicePort service port that will be exposed
* @param protocol protocol that will be used for exposed port
* @param secureServers secure servers to expose
* @return JWTProxy service port that expose the specified one
* @throws InfrastructureException if any exception occurs during port exposing
*/
@Override
public ServicePort expose(KubernetesEnvironment k8sEnv, PodData pod, String machineName, String backendServiceName, ServicePort backendServicePort, String protocol, boolean requireSubdomain, Map<String, ServerConfig> secureServers) throws InfrastructureException {
Preconditions.checkArgument(secureServers != null && !secureServers.isEmpty(), "Secure servers are missing");
ensureJwtProxyInjected(k8sEnv, machineName, pod);
Set<String> excludes = new HashSet<>();
Boolean cookiesAuthEnabled = null;
for (ServerConfig serverConfig : secureServers.values()) {
ExposureConfiguration config = getExposureConfiguration(serverConfig);
// accumulate unsecured paths
if (config.excludedPaths != null) {
excludes.addAll(config.excludedPaths);
}
// calculate `cookiesAuthEnabled` attributes
if (detectCookieAuth) {
if (cookiesAuthEnabled == null) {
cookiesAuthEnabled = config.cookiesAuthEnabled;
} else {
if (!cookiesAuthEnabled.equals(config.cookiesAuthEnabled)) {
throw new InfrastructureException("Secure servers which expose the same port should have the same `cookiesAuthEnabled` value.");
}
}
}
}
int listenPort = availablePort++;
ServicePort exposedPort = new ServicePortBuilder().withName("server-" + listenPort).withPort(listenPort).withProtocol(protocol).withNewTargetPort(listenPort).build();
k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
CookiePathStrategy actualCookiePathStrategy = requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
ExternalServiceExposureStrategy actualExposureStrategy = requireSubdomain ? multiHostExternalServiceExposureStrategy : externalServiceExposureStrategy;
// JwtProxySecureServerExposer creates no service for the exposed secure servers and
// assumes everything will be proxied from localhost, because JWT proxy is collocated
// with the workspace pod (because it is added to the environment as an injectable pod).
// This method historically supported proxying secure servers exposed through a service
// (which is not secure in absence of a appropriate network policy). The support for
// accessing the backend server through a service was kept here because it doesn't add
// any additional complexity to this method and keeps the door open for the
// JwtProxySecureServerExposer to be enhanced in the future with support for service-handled
// secure servers.
backendServiceName = backendServiceName == null ? "127.0.0.1" : backendServiceName;
proxyConfigBuilder.addVerifierProxy(listenPort, "http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(), excludes, cookiesAuthEnabled == null ? false : cookiesAuthEnabled, actualCookiePathStrategy.get(serviceName, exposedPort), actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
k8sEnv.getConfigMaps().get(getConfigMapName()).getData().put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build());
return exposedPort;
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project devspaces-images by redhat-developer.
the class KubernetesInfraModule method configure.
@Override
protected void configure() {
Multibinder<WorkspaceAttributeValidator> workspaceAttributeValidators = Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
workspaceAttributeValidators.addBinding().to(K8sInfraNamespaceWsAttributeValidator.class);
workspaceAttributeValidators.addBinding().to(AsyncStorageModeValidator.class);
// order matters here!
// We first need to grant permissions to user, only then we can run other configurators with
// user's client.
Multibinder<NamespaceConfigurator> namespaceConfigurators = Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
namespaceConfigurators.addBinding().to(UserPermissionConfigurator.class);
namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
namespaceConfigurators.addBinding().to(PreferencesConfigMapConfigurator.class);
namespaceConfigurators.addBinding().to(WorkspaceServiceAccountConfigurator.class);
namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
namespaceConfigurators.addBinding().to(SshKeysConfigurator.class);
bind(KubernetesNamespaceService.class);
MapBinder<String, InternalEnvironmentFactory> factories = MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
factories.addBinding(KubernetesEnvironment.TYPE).to(KubernetesEnvironmentFactory.class);
factories.addBinding(Constants.NO_ENVIRONMENT_RECIPE_TYPE).to(NoEnvironmentFactory.class);
bind(RuntimeInfrastructure.class).to(KubernetesInfrastructure.class);
bind(InconsistentRuntimesDetector.class).asEagerSingleton();
bind(TrustedCAProvisioner.class).to(KubernetesTrustedCAProvisioner.class);
MapBinder<WorkspaceExposureType, TlsProvisioner<KubernetesEnvironment>> tlsProvisioners = MapBinder.newMapBinder(binder(), new TypeLiteral<WorkspaceExposureType>() {
}, new TypeLiteral<TlsProvisioner<KubernetesEnvironment>>() {
});
tlsProvisioners.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayTlsProvisioner<KubernetesEnvironment>>() {
});
tlsProvisioners.addBinding(WorkspaceExposureType.NATIVE).to(IngressTlsProvisioner.class);
bind(new TypeLiteral<KubernetesEnvironmentProvisioner<KubernetesEnvironment>>() {
}).to(KubernetesEnvironmentProvisioner.KubernetesEnvironmentProvisionerImpl.class);
install(new FactoryModuleBuilder().build(KubernetesRuntimeContextFactory.class));
install(new FactoryModuleBuilder().build(new TypeLiteral<KubernetesRuntimeFactory<KubernetesEnvironment>>() {
}));
install(new FactoryModuleBuilder().build(StartSynchronizerFactory.class));
bind(WorkspacePVCCleaner.class).asEagerSingleton();
bind(RemoveNamespaceOnWorkspaceRemove.class).asEagerSingleton();
bind(CheApiInternalEnvVarProvider.class).to(KubernetesCheApiInternalEnvVarProvider.class);
bind(CheApiExternalEnvVarProvider.class).to(KubernetesCheApiExternalEnvVarProvider.class);
MapBinder<String, WorkspaceVolumesStrategy> volumesStrategies = MapBinder.newMapBinder(binder(), String.class, WorkspaceVolumesStrategy.class);
volumesStrategies.addBinding(COMMON_STRATEGY).to(CommonPVCStrategy.class);
volumesStrategies.addBinding(PER_WORKSPACE_STRATEGY).to(PerWorkspacePVCStrategy.class);
volumesStrategies.addBinding(UNIQUE_STRATEGY).to(UniqueWorkspacePVCStrategy.class);
bind(WorkspaceVolumesStrategy.class).toProvider(WorkspaceVolumeStrategyProvider.class);
Multibinder.newSetBinder(binder(), ServiceTermination.class).addBinding().to(KubernetesClientTermination.class);
MapBinder<String, ExternalServiceExposureStrategy> ingressStrategies = MapBinder.newMapBinder(binder(), String.class, ExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(MULTI_HOST_STRATEGY).to(MultiHostExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(SINGLE_HOST_STRATEGY).to(SingleHostExternalServiceExposureStrategy.class);
ingressStrategies.addBinding(DEFAULT_HOST_STRATEGY).to(DefaultHostExternalServiceExposureStrategy.class);
bind(ExternalServiceExposureStrategy.class).toProvider(ServiceExposureStrategyProvider.class);
MapBinder<WorkspaceExposureType, ExternalServerExposer<KubernetesEnvironment>> exposureStrategies = MapBinder.newMapBinder(binder(), new TypeLiteral<>() {
}, new TypeLiteral<>() {
});
exposureStrategies.addBinding(WorkspaceExposureType.NATIVE).to(new TypeLiteral<IngressServerExposer<KubernetesEnvironment>>() {
});
exposureStrategies.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayServerExposer<KubernetesEnvironment>>() {
});
bind(new TypeLiteral<ExternalServerExposer<KubernetesEnvironment>>() {
}).annotatedWith(com.google.inject.name.Names.named("multihost-exposer")).to(new TypeLiteral<MultihostIngressServerExposer<KubernetesEnvironment>>() {
});
bind(new TypeLiteral<ExternalServerExposerProvider<KubernetesEnvironment>>() {
}).to(new TypeLiteral<KubernetesExternalServerExposerProvider<KubernetesEnvironment>>() {
});
bind(ServersConverter.class).to(new TypeLiteral<ServersConverter<KubernetesEnvironment>>() {
});
bind(PreviewUrlExposer.class).to(new TypeLiteral<PreviewUrlExposer<KubernetesEnvironment>>() {
});
bind(PreviewUrlCommandProvisioner.class).to(new TypeLiteral<KubernetesPreviewUrlCommandProvisioner>() {
});
Multibinder<EnvVarProvider> envVarProviders = Multibinder.newSetBinder(binder(), EnvVarProvider.class);
envVarProviders.addBinding().to(LogsRootEnvVariableProvider.class);
bind(new TypeLiteral<Map<String, String>>() {
}).annotatedWith(named("infra.kubernetes.ingress.annotations")).toProvider(IngressAnnotationsProvider.class);
install(new JpaKubernetesRuntimeCacheModule());
bind(SecureServerExposerFactoryProvider.class).to(new TypeLiteral<SecureServerExposerFactoryProvider<KubernetesEnvironment>>() {
});
MapBinder<String, ChePluginsApplier> chePluginsAppliers = MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
chePluginsAppliers.addBinding(KubernetesEnvironment.TYPE).to(KubernetesPluginsToolingApplier.class);
bind(BrokerService.class);
bind(new TypeLiteral<BrokerEnvironmentFactory<KubernetesEnvironment>>() {
}).to(KubernetesBrokerEnvironmentFactory.class);
bind(PluginBrokerManager.class).to(new TypeLiteral<PluginBrokerManager<KubernetesEnvironment>>() {
});
bind(SidecarToolingProvisioner.class).to(new TypeLiteral<SidecarToolingProvisioner<KubernetesEnvironment>>() {
});
DevfileBindings.onComponentIntegrityValidatorBinder(binder(), binder -> {
binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(NoopComponentIntegrityValidator.class);
});
DevfileBindings.onWorkspaceApplierBinder(binder(), binder -> {
binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentToWorkspaceApplier.class);
binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(DockerimageComponentToWorkspaceApplier.class);
});
KubernetesDevfileBindings.addKubernetesBasedEnvironmentTypeBindings(binder(), KubernetesEnvironment.TYPE);
KubernetesDevfileBindings.addKubernetesBasedComponentTypeBindings(binder(), KUBERNETES_COMPONENT_TYPE);
// We need to initialize the bindings somehow. Because no other environment type is upgradable
// to kubernetes, we just call this in a way that initializes the binding with an empty map.
KubernetesDevfileBindings.addAllowedEnvironmentTypeUpgradeBindings(binder(), KubernetesEnvironment.TYPE);
bind(NonTlsDistributedClusterModeNotifier.class);
bind(AsyncStorageProvisioner.class);
}
use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project che-server by eclipse-che.
the class AbstractJwtProxyProvisioner method expose.
/**
* Modifies Kubernetes environment to expose the specified service port via JWTProxy.
*
* @param k8sEnv Kubernetes environment to modify
* @param pod the pod that runs the server being exposed
* @param backendServiceName service name that will be exposed
* @param backendServicePort service port that will be exposed
* @param protocol protocol that will be used for exposed port
* @param secureServers secure servers to expose
* @return JWTProxy service port that expose the specified one
* @throws InfrastructureException if any exception occurs during port exposing
*/
@Override
public ServicePort expose(KubernetesEnvironment k8sEnv, PodData pod, String machineName, String backendServiceName, ServicePort backendServicePort, String protocol, boolean requireSubdomain, Map<String, ServerConfig> secureServers) throws InfrastructureException {
Preconditions.checkArgument(secureServers != null && !secureServers.isEmpty(), "Secure servers are missing");
ensureJwtProxyInjected(k8sEnv, machineName, pod);
Set<String> excludes = new HashSet<>();
Boolean cookiesAuthEnabled = null;
for (ServerConfig serverConfig : secureServers.values()) {
ExposureConfiguration config = getExposureConfiguration(serverConfig);
// accumulate unsecured paths
if (config.excludedPaths != null) {
excludes.addAll(config.excludedPaths);
}
// calculate `cookiesAuthEnabled` attributes
if (detectCookieAuth) {
if (cookiesAuthEnabled == null) {
cookiesAuthEnabled = config.cookiesAuthEnabled;
} else {
if (!cookiesAuthEnabled.equals(config.cookiesAuthEnabled)) {
throw new InfrastructureException("Secure servers which expose the same port should have the same `cookiesAuthEnabled` value.");
}
}
}
}
int listenPort = availablePort++;
ServicePort exposedPort = new ServicePortBuilder().withName("server-" + listenPort).withPort(listenPort).withProtocol(protocol).withNewTargetPort(listenPort).build();
k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
CookiePathStrategy actualCookiePathStrategy = requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
ExternalServiceExposureStrategy actualExposureStrategy = requireSubdomain ? multiHostExternalServiceExposureStrategy : externalServiceExposureStrategy;
// JwtProxySecureServerExposer creates no service for the exposed secure servers and
// assumes everything will be proxied from localhost, because JWT proxy is collocated
// with the workspace pod (because it is added to the environment as an injectable pod).
// This method historically supported proxying secure servers exposed through a service
// (which is not secure in absence of a appropriate network policy). The support for
// accessing the backend server through a service was kept here because it doesn't add
// any additional complexity to this method and keeps the door open for the
// JwtProxySecureServerExposer to be enhanced in the future with support for service-handled
// secure servers.
backendServiceName = backendServiceName == null ? "127.0.0.1" : backendServiceName;
proxyConfigBuilder.addVerifierProxy(listenPort, "http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(), excludes, cookiesAuthEnabled == null ? false : cookiesAuthEnabled, actualCookiePathStrategy.get(serviceName, exposedPort), actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
k8sEnv.getConfigMaps().get(getConfigMapName()).getData().put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build());
return exposedPort;
}
Aggregations