Search in sources :

Example 1 with ExternalServiceExposureStrategy

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project che-server by eclipse-che.

the class OpenShiftInfraModule method configure.

@Override
protected void configure() {
    Multibinder<WorkspaceAttributeValidator> workspaceAttributeValidators = Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
    workspaceAttributeValidators.addBinding().to(K8sInfraNamespaceWsAttributeValidator.class);
    workspaceAttributeValidators.addBinding().to(AsyncStorageModeValidator.class);
    Multibinder<NamespaceConfigurator> namespaceConfigurators = Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
    namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
    namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
    namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
    namespaceConfigurators.addBinding().to(PreferencesConfigMapConfigurator.class);
    namespaceConfigurators.addBinding().to(OpenShiftWorkspaceServiceAccountConfigurator.class);
    namespaceConfigurators.addBinding().to(OpenShiftStopWorkspaceRoleConfigurator.class);
    namespaceConfigurators.addBinding().to(SshKeysConfigurator.class);
    bind(KubernetesNamespaceService.class);
    MapBinder<String, InternalEnvironmentFactory> factories = MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
    factories.addBinding(OpenShiftEnvironment.TYPE).to(OpenShiftEnvironmentFactory.class);
    factories.addBinding(KubernetesEnvironment.TYPE).to(KubernetesEnvironmentFactory.class);
    factories.addBinding(Constants.NO_ENVIRONMENT_RECIPE_TYPE).to(NoEnvironmentFactory.class);
    bind(InconsistentRuntimesDetector.class).asEagerSingleton();
    bind(RuntimeInfrastructure.class).to(OpenShiftInfrastructure.class);
    bind(KubernetesNamespaceFactory.class).to(OpenShiftProjectFactory.class);
    bind(KubernetesClientFactory.class).to(OpenShiftClientFactory.class);
    bind(CheServerOpenshiftClientFactory.class);
    install(new FactoryModuleBuilder().build(OpenShiftRuntimeContextFactory.class));
    install(new FactoryModuleBuilder().build(OpenShiftRuntimeFactory.class));
    install(new FactoryModuleBuilder().build(StartSynchronizerFactory.class));
    bind(WorkspacePVCCleaner.class).asEagerSingleton();
    bind(RemoveProjectOnWorkspaceRemove.class).asEagerSingleton();
    bind(TrustedCAProvisioner.class).to(OpenshiftTrustedCAProvisioner.class);
    bind(CheApiInternalEnvVarProvider.class).to(KubernetesCheApiInternalEnvVarProvider.class);
    bind(CheApiExternalEnvVarProvider.class).to(KubernetesCheApiExternalEnvVarProvider.class);
    MapBinder<String, WorkspaceVolumesStrategy> volumesStrategies = MapBinder.newMapBinder(binder(), String.class, WorkspaceVolumesStrategy.class);
    volumesStrategies.addBinding(COMMON_STRATEGY).to(CommonPVCStrategy.class);
    volumesStrategies.addBinding(PER_WORKSPACE_STRATEGY).to(PerWorkspacePVCStrategy.class);
    volumesStrategies.addBinding(UNIQUE_STRATEGY).to(UniqueWorkspacePVCStrategy.class);
    bind(WorkspaceVolumesStrategy.class).toProvider(WorkspaceVolumeStrategyProvider.class);
    MapBinder<WorkspaceExposureType, ExternalServerExposer<OpenShiftEnvironment>> exposureStrategies = MapBinder.newMapBinder(binder(), new TypeLiteral<>() {
    }, new TypeLiteral<>() {
    });
    exposureStrategies.addBinding(WorkspaceExposureType.NATIVE).to(RouteServerExposer.class);
    exposureStrategies.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayServerExposer<OpenShiftEnvironment>>() {
    });
    bind(new TypeLiteral<ExternalServerExposer<OpenShiftEnvironment>>() {
    }).annotatedWith(com.google.inject.name.Names.named("multihost-exposer")).to(RouteServerExposer.class);
    bind(new TypeLiteral<ExternalServerExposerProvider<OpenShiftEnvironment>>() {
    }).to(OpenShiftExternalServerExposerProvider.class);
    bind(ServersConverter.class).to(new TypeLiteral<ServersConverter<OpenShiftEnvironment>>() {
    });
    bind(PreviewUrlExposer.class).to(new TypeLiteral<OpenShiftPreviewUrlExposer>() {
    });
    bind(PreviewUrlCommandProvisioner.class).to(new TypeLiteral<OpenShiftPreviewUrlCommandProvisioner>() {
    });
    Multibinder<EnvVarProvider> envVarProviders = Multibinder.newSetBinder(binder(), EnvVarProvider.class);
    envVarProviders.addBinding().to(LogsRootEnvVariableProvider.class);
    install(new JpaKubernetesRuntimeCacheModule());
    Multibinder.newSetBinder(binder(), ServiceTermination.class).addBinding().to(KubernetesClientTermination.class);
    MapBinder<String, ChePluginsApplier> pluginsAppliers = MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
    pluginsAppliers.addBinding(OpenShiftEnvironment.TYPE).to(KubernetesPluginsToolingApplier.class);
    bind(SecureServerExposerFactoryProvider.class).to(new TypeLiteral<SecureServerExposerFactoryProvider<OpenShiftEnvironment>>() {
    });
    bind(BrokerService.class);
    bind(new TypeLiteral<BrokerEnvironmentFactory<OpenShiftEnvironment>>() {
    }).to(OpenshiftBrokerEnvironmentFactory.class);
    bind(PluginBrokerManager.class).to(new TypeLiteral<PluginBrokerManager<OpenShiftEnvironment>>() {
    });
    bind(SidecarToolingProvisioner.class).to(new TypeLiteral<SidecarToolingProvisioner<OpenShiftEnvironment>>() {
    });
    MapBinder<WorkspaceExposureType, TlsProvisioner<OpenShiftEnvironment>> tlsProvisioners = MapBinder.newMapBinder(binder(), new TypeLiteral<WorkspaceExposureType>() {
    }, new TypeLiteral<TlsProvisioner<OpenShiftEnvironment>>() {
    });
    tlsProvisioners.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayTlsProvisioner<OpenShiftEnvironment>>() {
    });
    tlsProvisioners.addBinding(WorkspaceExposureType.NATIVE).to(RouteTlsProvisioner.class);
    bind(new TypeLiteral<KubernetesEnvironmentProvisioner<OpenShiftEnvironment>>() {
    }).to(OpenShiftEnvironmentProvisioner.class);
    DevfileBindings.onComponentIntegrityValidatorBinder(binder(), binder -> {
        binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
        binder.addBinding(OPENSHIFT_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
        binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(NoopComponentIntegrityValidator.class);
    });
    DevfileBindings.onWorkspaceApplierBinder(binder(), binder -> {
        binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentToWorkspaceApplier.class);
        binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(DockerimageComponentToWorkspaceApplier.class);
        binder.addBinding(OPENSHIFT_COMPONENT_TYPE).to(OpenshiftComponentToWorkspaceApplier.class);
    });
    KubernetesDevfileBindings.addKubernetesBasedEnvironmentTypeBindings(binder(), KubernetesEnvironment.TYPE, OpenShiftEnvironment.TYPE);
    KubernetesDevfileBindings.addKubernetesBasedComponentTypeBindings(binder(), KUBERNETES_COMPONENT_TYPE, OPENSHIFT_COMPONENT_TYPE);
    KubernetesDevfileBindings.addAllowedEnvironmentTypeUpgradeBindings(binder(), OpenShiftEnvironment.TYPE, KubernetesEnvironment.TYPE);
    MapBinder<String, ExternalServiceExposureStrategy> ingressStrategies = MapBinder.newMapBinder(binder(), String.class, ExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(MULTI_HOST_STRATEGY).to(OpenShiftServerExposureStrategy.class);
    ingressStrategies.addBinding(SINGLE_HOST_STRATEGY).to(SingleHostExternalServiceExposureStrategy.class);
    bind(ExternalServiceExposureStrategy.class).toProvider(ServiceExposureStrategyProvider.class);
    bind(CookiePathStrategy.class).to(OpenShiftCookiePathStrategy.class);
    bind(NonTlsDistributedClusterModeNotifier.class);
    bind(AsyncStorageProvisioner.class);
    bind(AsyncStoragePodInterceptor.class);
    bind(AsyncStoragePodWatcher.class);
}
Also used : RemoveProjectOnWorkspaceRemove(org.eclipse.che.workspace.infrastructure.openshift.project.RemoveProjectOnWorkspaceRemove) OpenShiftPreviewUrlExposer(org.eclipse.che.workspace.infrastructure.openshift.server.OpenShiftPreviewUrlExposer) PreviewUrlExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.PreviewUrlExposer) CheApiExternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider) KubernetesCheApiExternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider) OpenShiftPreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.openshift.provision.OpenShiftPreviewUrlCommandProvisioner) PreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.PreviewUrlCommandProvisioner) StartSynchronizerFactory(org.eclipse.che.workspace.infrastructure.kubernetes.StartSynchronizerFactory) SingleHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.SingleHostExternalServiceExposureStrategy) ExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy) ServersConverter(org.eclipse.che.workspace.infrastructure.kubernetes.provision.server.ServersConverter) GatewayTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner) InconsistentRuntimesDetector(org.eclipse.che.workspace.infrastructure.kubernetes.InconsistentRuntimesDetector) WorkspacePVCCleaner(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspacePVCCleaner) CheApiInternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider) KubernetesCheApiInternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider) GatewayServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.GatewayServerExposer) OpenShiftPreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.openshift.provision.OpenShiftPreviewUrlCommandProvisioner) CheApiExternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider) EnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.EnvVarProvider) CheApiInternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider) KubernetesCheApiExternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider) KubernetesCheApiInternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider) RuntimeInfrastructure(org.eclipse.che.api.workspace.server.spi.RuntimeInfrastructure) CookiePathStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.jwtproxy.CookiePathStrategy) OpenShiftCookiePathStrategy(org.eclipse.che.workspace.infrastructure.openshift.server.OpenShiftCookiePathStrategy) NamespaceConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator) TlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.TlsProvisioner) GatewayTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner) RouteTlsProvisioner(org.eclipse.che.workspace.infrastructure.openshift.provision.RouteTlsProvisioner) KubernetesNamespaceFactory(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) WorkspaceExposureType(org.eclipse.che.workspace.infrastructure.kubernetes.server.WorkspaceExposureType) OpenShiftPreviewUrlExposer(org.eclipse.che.workspace.infrastructure.openshift.server.OpenShiftPreviewUrlExposer) OpenShiftEnvironment(org.eclipse.che.workspace.infrastructure.openshift.environment.OpenShiftEnvironment) SidecarToolingProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.wsplugins.SidecarToolingProvisioner) SecureServerExposerFactoryProvider(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.SecureServerExposerFactoryProvider) TypeLiteral(com.google.inject.TypeLiteral) JpaKubernetesRuntimeCacheModule(org.eclipse.che.workspace.infrastructure.kubernetes.cache.jpa.JpaKubernetesRuntimeCacheModule) ExternalServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServerExposer) ChePluginsApplier(org.eclipse.che.api.workspace.server.wsplugins.ChePluginsApplier) WorkspaceVolumesStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspaceVolumesStrategy) WorkspaceAttributeValidator(org.eclipse.che.api.workspace.server.WorkspaceAttributeValidator) InternalEnvironmentFactory(org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironmentFactory) PluginBrokerManager(org.eclipse.che.workspace.infrastructure.kubernetes.wsplugins.PluginBrokerManager) KubernetesClientFactory(org.eclipse.che.workspace.infrastructure.kubernetes.KubernetesClientFactory) OpenshiftTrustedCAProvisioner(org.eclipse.che.workspace.infrastructure.openshift.provision.OpenshiftTrustedCAProvisioner) TrustedCAProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.TrustedCAProvisioner)

Example 2 with ExternalServiceExposureStrategy

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project che-server by eclipse-che.

the class KubernetesInfraModule method configure.

@Override
protected void configure() {
    Multibinder<WorkspaceAttributeValidator> workspaceAttributeValidators = Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
    workspaceAttributeValidators.addBinding().to(K8sInfraNamespaceWsAttributeValidator.class);
    workspaceAttributeValidators.addBinding().to(AsyncStorageModeValidator.class);
    // order matters here!
    // We first need to grant permissions to user, only then we can run other configurators with
    // user's client.
    Multibinder<NamespaceConfigurator> namespaceConfigurators = Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
    namespaceConfigurators.addBinding().to(UserPermissionConfigurator.class);
    namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
    namespaceConfigurators.addBinding().to(PreferencesConfigMapConfigurator.class);
    namespaceConfigurators.addBinding().to(WorkspaceServiceAccountConfigurator.class);
    namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
    namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
    namespaceConfigurators.addBinding().to(SshKeysConfigurator.class);
    bind(KubernetesNamespaceService.class);
    MapBinder<String, InternalEnvironmentFactory> factories = MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
    factories.addBinding(KubernetesEnvironment.TYPE).to(KubernetesEnvironmentFactory.class);
    factories.addBinding(Constants.NO_ENVIRONMENT_RECIPE_TYPE).to(NoEnvironmentFactory.class);
    bind(RuntimeInfrastructure.class).to(KubernetesInfrastructure.class);
    bind(InconsistentRuntimesDetector.class).asEagerSingleton();
    bind(TrustedCAProvisioner.class).to(KubernetesTrustedCAProvisioner.class);
    MapBinder<WorkspaceExposureType, TlsProvisioner<KubernetesEnvironment>> tlsProvisioners = MapBinder.newMapBinder(binder(), new TypeLiteral<WorkspaceExposureType>() {
    }, new TypeLiteral<TlsProvisioner<KubernetesEnvironment>>() {
    });
    tlsProvisioners.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayTlsProvisioner<KubernetesEnvironment>>() {
    });
    tlsProvisioners.addBinding(WorkspaceExposureType.NATIVE).to(IngressTlsProvisioner.class);
    bind(new TypeLiteral<KubernetesEnvironmentProvisioner<KubernetesEnvironment>>() {
    }).to(KubernetesEnvironmentProvisioner.KubernetesEnvironmentProvisionerImpl.class);
    install(new FactoryModuleBuilder().build(KubernetesRuntimeContextFactory.class));
    install(new FactoryModuleBuilder().build(new TypeLiteral<KubernetesRuntimeFactory<KubernetesEnvironment>>() {
    }));
    install(new FactoryModuleBuilder().build(StartSynchronizerFactory.class));
    bind(WorkspacePVCCleaner.class).asEagerSingleton();
    bind(RemoveNamespaceOnWorkspaceRemove.class).asEagerSingleton();
    bind(CheApiInternalEnvVarProvider.class).to(KubernetesCheApiInternalEnvVarProvider.class);
    bind(CheApiExternalEnvVarProvider.class).to(KubernetesCheApiExternalEnvVarProvider.class);
    MapBinder<String, WorkspaceVolumesStrategy> volumesStrategies = MapBinder.newMapBinder(binder(), String.class, WorkspaceVolumesStrategy.class);
    volumesStrategies.addBinding(COMMON_STRATEGY).to(CommonPVCStrategy.class);
    volumesStrategies.addBinding(PER_WORKSPACE_STRATEGY).to(PerWorkspacePVCStrategy.class);
    volumesStrategies.addBinding(UNIQUE_STRATEGY).to(UniqueWorkspacePVCStrategy.class);
    bind(WorkspaceVolumesStrategy.class).toProvider(WorkspaceVolumeStrategyProvider.class);
    Multibinder.newSetBinder(binder(), ServiceTermination.class).addBinding().to(KubernetesClientTermination.class);
    MapBinder<String, ExternalServiceExposureStrategy> ingressStrategies = MapBinder.newMapBinder(binder(), String.class, ExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(MULTI_HOST_STRATEGY).to(MultiHostExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(SINGLE_HOST_STRATEGY).to(SingleHostExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(DEFAULT_HOST_STRATEGY).to(DefaultHostExternalServiceExposureStrategy.class);
    bind(ExternalServiceExposureStrategy.class).toProvider(ServiceExposureStrategyProvider.class);
    MapBinder<WorkspaceExposureType, ExternalServerExposer<KubernetesEnvironment>> exposureStrategies = MapBinder.newMapBinder(binder(), new TypeLiteral<>() {
    }, new TypeLiteral<>() {
    });
    exposureStrategies.addBinding(WorkspaceExposureType.NATIVE).to(new TypeLiteral<IngressServerExposer<KubernetesEnvironment>>() {
    });
    exposureStrategies.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayServerExposer<KubernetesEnvironment>>() {
    });
    bind(new TypeLiteral<ExternalServerExposer<KubernetesEnvironment>>() {
    }).annotatedWith(com.google.inject.name.Names.named("multihost-exposer")).to(new TypeLiteral<MultihostIngressServerExposer<KubernetesEnvironment>>() {
    });
    bind(new TypeLiteral<ExternalServerExposerProvider<KubernetesEnvironment>>() {
    }).to(new TypeLiteral<KubernetesExternalServerExposerProvider<KubernetesEnvironment>>() {
    });
    bind(ServersConverter.class).to(new TypeLiteral<ServersConverter<KubernetesEnvironment>>() {
    });
    bind(PreviewUrlExposer.class).to(new TypeLiteral<PreviewUrlExposer<KubernetesEnvironment>>() {
    });
    bind(PreviewUrlCommandProvisioner.class).to(new TypeLiteral<KubernetesPreviewUrlCommandProvisioner>() {
    });
    Multibinder<EnvVarProvider> envVarProviders = Multibinder.newSetBinder(binder(), EnvVarProvider.class);
    envVarProviders.addBinding().to(LogsRootEnvVariableProvider.class);
    bind(new TypeLiteral<Map<String, String>>() {
    }).annotatedWith(named("infra.kubernetes.ingress.annotations")).toProvider(IngressAnnotationsProvider.class);
    install(new JpaKubernetesRuntimeCacheModule());
    bind(SecureServerExposerFactoryProvider.class).to(new TypeLiteral<SecureServerExposerFactoryProvider<KubernetesEnvironment>>() {
    });
    MapBinder<String, ChePluginsApplier> chePluginsAppliers = MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
    chePluginsAppliers.addBinding(KubernetesEnvironment.TYPE).to(KubernetesPluginsToolingApplier.class);
    bind(BrokerService.class);
    bind(new TypeLiteral<BrokerEnvironmentFactory<KubernetesEnvironment>>() {
    }).to(KubernetesBrokerEnvironmentFactory.class);
    bind(PluginBrokerManager.class).to(new TypeLiteral<PluginBrokerManager<KubernetesEnvironment>>() {
    });
    bind(SidecarToolingProvisioner.class).to(new TypeLiteral<SidecarToolingProvisioner<KubernetesEnvironment>>() {
    });
    DevfileBindings.onComponentIntegrityValidatorBinder(binder(), binder -> {
        binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
        binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(NoopComponentIntegrityValidator.class);
    });
    DevfileBindings.onWorkspaceApplierBinder(binder(), binder -> {
        binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentToWorkspaceApplier.class);
        binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(DockerimageComponentToWorkspaceApplier.class);
    });
    KubernetesDevfileBindings.addKubernetesBasedEnvironmentTypeBindings(binder(), KubernetesEnvironment.TYPE);
    KubernetesDevfileBindings.addKubernetesBasedComponentTypeBindings(binder(), KUBERNETES_COMPONENT_TYPE);
    // We need to initialize the bindings somehow. Because no other environment type is upgradable
    // to kubernetes, we just call this in a way that initializes the binding with an empty map.
    KubernetesDevfileBindings.addAllowedEnvironmentTypeUpgradeBindings(binder(), KubernetesEnvironment.TYPE);
    bind(NonTlsDistributedClusterModeNotifier.class);
    bind(AsyncStorageProvisioner.class);
}
Also used : PreviewUrlExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.PreviewUrlExposer) CheApiExternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider) KubernetesCheApiExternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider) KubernetesPreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesPreviewUrlCommandProvisioner) KubernetesPreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesPreviewUrlCommandProvisioner) PreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.PreviewUrlCommandProvisioner) SingleHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.SingleHostExternalServiceExposureStrategy) MultiHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy) DefaultHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.DefaultHostExternalServiceExposureStrategy) ExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy) ServersConverter(org.eclipse.che.workspace.infrastructure.kubernetes.provision.server.ServersConverter) GatewayTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner) MultihostIngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultihostIngressServerExposer) WorkspacePVCCleaner(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspacePVCCleaner) CheApiInternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider) KubernetesCheApiInternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider) GatewayServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.GatewayServerExposer) CheApiExternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider) EnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.EnvVarProvider) CheApiInternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider) KubernetesCheApiExternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider) KubernetesCheApiInternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider) Map(java.util.Map) RuntimeInfrastructure(org.eclipse.che.api.workspace.server.spi.RuntimeInfrastructure) NamespaceConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator) TlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.TlsProvisioner) IngressTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.IngressTlsProvisioner) GatewayTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) WorkspaceExposureType(org.eclipse.che.workspace.infrastructure.kubernetes.server.WorkspaceExposureType) SidecarToolingProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.wsplugins.SidecarToolingProvisioner) SecureServerExposerFactoryProvider(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.SecureServerExposerFactoryProvider) TypeLiteral(com.google.inject.TypeLiteral) JpaKubernetesRuntimeCacheModule(org.eclipse.che.workspace.infrastructure.kubernetes.cache.jpa.JpaKubernetesRuntimeCacheModule) ExternalServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServerExposer) ChePluginsApplier(org.eclipse.che.api.workspace.server.wsplugins.ChePluginsApplier) RemoveNamespaceOnWorkspaceRemove(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.RemoveNamespaceOnWorkspaceRemove) WorkspaceVolumesStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspaceVolumesStrategy) WorkspaceAttributeValidator(org.eclipse.che.api.workspace.server.WorkspaceAttributeValidator) InternalEnvironmentFactory(org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironmentFactory) PluginBrokerManager(org.eclipse.che.workspace.infrastructure.kubernetes.wsplugins.PluginBrokerManager) KubernetesEnvironment(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment) KubernetesExternalServerExposerProvider(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.KubernetesExternalServerExposerProvider) IngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.IngressServerExposer) MultihostIngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultihostIngressServerExposer) KubernetesTrustedCAProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesTrustedCAProvisioner) TrustedCAProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.TrustedCAProvisioner)

Example 3 with ExternalServiceExposureStrategy

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project devspaces-images by redhat-developer.

the class AbstractJwtProxyProvisioner method expose.

/**
 * Modifies Kubernetes environment to expose the specified service port via JWTProxy.
 *
 * @param k8sEnv Kubernetes environment to modify
 * @param pod the pod that runs the server being exposed
 * @param backendServiceName service name that will be exposed
 * @param backendServicePort service port that will be exposed
 * @param protocol protocol that will be used for exposed port
 * @param secureServers secure servers to expose
 * @return JWTProxy service port that expose the specified one
 * @throws InfrastructureException if any exception occurs during port exposing
 */
@Override
public ServicePort expose(KubernetesEnvironment k8sEnv, PodData pod, String machineName, String backendServiceName, ServicePort backendServicePort, String protocol, boolean requireSubdomain, Map<String, ServerConfig> secureServers) throws InfrastructureException {
    Preconditions.checkArgument(secureServers != null && !secureServers.isEmpty(), "Secure servers are missing");
    ensureJwtProxyInjected(k8sEnv, machineName, pod);
    Set<String> excludes = new HashSet<>();
    Boolean cookiesAuthEnabled = null;
    for (ServerConfig serverConfig : secureServers.values()) {
        ExposureConfiguration config = getExposureConfiguration(serverConfig);
        // accumulate unsecured paths
        if (config.excludedPaths != null) {
            excludes.addAll(config.excludedPaths);
        }
        // calculate `cookiesAuthEnabled` attributes
        if (detectCookieAuth) {
            if (cookiesAuthEnabled == null) {
                cookiesAuthEnabled = config.cookiesAuthEnabled;
            } else {
                if (!cookiesAuthEnabled.equals(config.cookiesAuthEnabled)) {
                    throw new InfrastructureException("Secure servers which expose the same port should have the same `cookiesAuthEnabled` value.");
                }
            }
        }
    }
    int listenPort = availablePort++;
    ServicePort exposedPort = new ServicePortBuilder().withName("server-" + listenPort).withPort(listenPort).withProtocol(protocol).withNewTargetPort(listenPort).build();
    k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
    CookiePathStrategy actualCookiePathStrategy = requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
    ExternalServiceExposureStrategy actualExposureStrategy = requireSubdomain ? multiHostExternalServiceExposureStrategy : externalServiceExposureStrategy;
    // JwtProxySecureServerExposer creates no service for the exposed secure servers and
    // assumes everything will be proxied from localhost, because JWT proxy is collocated
    // with the workspace pod (because it is added to the environment as an injectable pod).
    // This method historically supported proxying secure servers exposed through a service
    // (which is not secure in absence of a appropriate network policy). The support for
    // accessing the backend server through a service was kept here because it doesn't add
    // any additional complexity to this method and keeps the door open for the
    // JwtProxySecureServerExposer to be enhanced in the future with support for service-handled
    // secure servers.
    backendServiceName = backendServiceName == null ? "127.0.0.1" : backendServiceName;
    proxyConfigBuilder.addVerifierProxy(listenPort, "http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(), excludes, cookiesAuthEnabled == null ? false : cookiesAuthEnabled, actualCookiePathStrategy.get(serviceName, exposedPort), actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
    k8sEnv.getConfigMaps().get(getConfigMapName()).getData().put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build());
    return exposedPort;
}
Also used : ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig) ServicePort(io.fabric8.kubernetes.api.model.ServicePort) ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder) ExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) HashSet(java.util.HashSet)

Example 4 with ExternalServiceExposureStrategy

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project devspaces-images by redhat-developer.

the class KubernetesInfraModule method configure.

@Override
protected void configure() {
    Multibinder<WorkspaceAttributeValidator> workspaceAttributeValidators = Multibinder.newSetBinder(binder(), WorkspaceAttributeValidator.class);
    workspaceAttributeValidators.addBinding().to(K8sInfraNamespaceWsAttributeValidator.class);
    workspaceAttributeValidators.addBinding().to(AsyncStorageModeValidator.class);
    // order matters here!
    // We first need to grant permissions to user, only then we can run other configurators with
    // user's client.
    Multibinder<NamespaceConfigurator> namespaceConfigurators = Multibinder.newSetBinder(binder(), NamespaceConfigurator.class);
    namespaceConfigurators.addBinding().to(UserPermissionConfigurator.class);
    namespaceConfigurators.addBinding().to(CredentialsSecretConfigurator.class);
    namespaceConfigurators.addBinding().to(PreferencesConfigMapConfigurator.class);
    namespaceConfigurators.addBinding().to(WorkspaceServiceAccountConfigurator.class);
    namespaceConfigurators.addBinding().to(UserProfileConfigurator.class);
    namespaceConfigurators.addBinding().to(UserPreferencesConfigurator.class);
    namespaceConfigurators.addBinding().to(SshKeysConfigurator.class);
    bind(KubernetesNamespaceService.class);
    MapBinder<String, InternalEnvironmentFactory> factories = MapBinder.newMapBinder(binder(), String.class, InternalEnvironmentFactory.class);
    factories.addBinding(KubernetesEnvironment.TYPE).to(KubernetesEnvironmentFactory.class);
    factories.addBinding(Constants.NO_ENVIRONMENT_RECIPE_TYPE).to(NoEnvironmentFactory.class);
    bind(RuntimeInfrastructure.class).to(KubernetesInfrastructure.class);
    bind(InconsistentRuntimesDetector.class).asEagerSingleton();
    bind(TrustedCAProvisioner.class).to(KubernetesTrustedCAProvisioner.class);
    MapBinder<WorkspaceExposureType, TlsProvisioner<KubernetesEnvironment>> tlsProvisioners = MapBinder.newMapBinder(binder(), new TypeLiteral<WorkspaceExposureType>() {
    }, new TypeLiteral<TlsProvisioner<KubernetesEnvironment>>() {
    });
    tlsProvisioners.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayTlsProvisioner<KubernetesEnvironment>>() {
    });
    tlsProvisioners.addBinding(WorkspaceExposureType.NATIVE).to(IngressTlsProvisioner.class);
    bind(new TypeLiteral<KubernetesEnvironmentProvisioner<KubernetesEnvironment>>() {
    }).to(KubernetesEnvironmentProvisioner.KubernetesEnvironmentProvisionerImpl.class);
    install(new FactoryModuleBuilder().build(KubernetesRuntimeContextFactory.class));
    install(new FactoryModuleBuilder().build(new TypeLiteral<KubernetesRuntimeFactory<KubernetesEnvironment>>() {
    }));
    install(new FactoryModuleBuilder().build(StartSynchronizerFactory.class));
    bind(WorkspacePVCCleaner.class).asEagerSingleton();
    bind(RemoveNamespaceOnWorkspaceRemove.class).asEagerSingleton();
    bind(CheApiInternalEnvVarProvider.class).to(KubernetesCheApiInternalEnvVarProvider.class);
    bind(CheApiExternalEnvVarProvider.class).to(KubernetesCheApiExternalEnvVarProvider.class);
    MapBinder<String, WorkspaceVolumesStrategy> volumesStrategies = MapBinder.newMapBinder(binder(), String.class, WorkspaceVolumesStrategy.class);
    volumesStrategies.addBinding(COMMON_STRATEGY).to(CommonPVCStrategy.class);
    volumesStrategies.addBinding(PER_WORKSPACE_STRATEGY).to(PerWorkspacePVCStrategy.class);
    volumesStrategies.addBinding(UNIQUE_STRATEGY).to(UniqueWorkspacePVCStrategy.class);
    bind(WorkspaceVolumesStrategy.class).toProvider(WorkspaceVolumeStrategyProvider.class);
    Multibinder.newSetBinder(binder(), ServiceTermination.class).addBinding().to(KubernetesClientTermination.class);
    MapBinder<String, ExternalServiceExposureStrategy> ingressStrategies = MapBinder.newMapBinder(binder(), String.class, ExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(MULTI_HOST_STRATEGY).to(MultiHostExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(SINGLE_HOST_STRATEGY).to(SingleHostExternalServiceExposureStrategy.class);
    ingressStrategies.addBinding(DEFAULT_HOST_STRATEGY).to(DefaultHostExternalServiceExposureStrategy.class);
    bind(ExternalServiceExposureStrategy.class).toProvider(ServiceExposureStrategyProvider.class);
    MapBinder<WorkspaceExposureType, ExternalServerExposer<KubernetesEnvironment>> exposureStrategies = MapBinder.newMapBinder(binder(), new TypeLiteral<>() {
    }, new TypeLiteral<>() {
    });
    exposureStrategies.addBinding(WorkspaceExposureType.NATIVE).to(new TypeLiteral<IngressServerExposer<KubernetesEnvironment>>() {
    });
    exposureStrategies.addBinding(WorkspaceExposureType.GATEWAY).to(new TypeLiteral<GatewayServerExposer<KubernetesEnvironment>>() {
    });
    bind(new TypeLiteral<ExternalServerExposer<KubernetesEnvironment>>() {
    }).annotatedWith(com.google.inject.name.Names.named("multihost-exposer")).to(new TypeLiteral<MultihostIngressServerExposer<KubernetesEnvironment>>() {
    });
    bind(new TypeLiteral<ExternalServerExposerProvider<KubernetesEnvironment>>() {
    }).to(new TypeLiteral<KubernetesExternalServerExposerProvider<KubernetesEnvironment>>() {
    });
    bind(ServersConverter.class).to(new TypeLiteral<ServersConverter<KubernetesEnvironment>>() {
    });
    bind(PreviewUrlExposer.class).to(new TypeLiteral<PreviewUrlExposer<KubernetesEnvironment>>() {
    });
    bind(PreviewUrlCommandProvisioner.class).to(new TypeLiteral<KubernetesPreviewUrlCommandProvisioner>() {
    });
    Multibinder<EnvVarProvider> envVarProviders = Multibinder.newSetBinder(binder(), EnvVarProvider.class);
    envVarProviders.addBinding().to(LogsRootEnvVariableProvider.class);
    bind(new TypeLiteral<Map<String, String>>() {
    }).annotatedWith(named("infra.kubernetes.ingress.annotations")).toProvider(IngressAnnotationsProvider.class);
    install(new JpaKubernetesRuntimeCacheModule());
    bind(SecureServerExposerFactoryProvider.class).to(new TypeLiteral<SecureServerExposerFactoryProvider<KubernetesEnvironment>>() {
    });
    MapBinder<String, ChePluginsApplier> chePluginsAppliers = MapBinder.newMapBinder(binder(), String.class, ChePluginsApplier.class);
    chePluginsAppliers.addBinding(KubernetesEnvironment.TYPE).to(KubernetesPluginsToolingApplier.class);
    bind(BrokerService.class);
    bind(new TypeLiteral<BrokerEnvironmentFactory<KubernetesEnvironment>>() {
    }).to(KubernetesBrokerEnvironmentFactory.class);
    bind(PluginBrokerManager.class).to(new TypeLiteral<PluginBrokerManager<KubernetesEnvironment>>() {
    });
    bind(SidecarToolingProvisioner.class).to(new TypeLiteral<SidecarToolingProvisioner<KubernetesEnvironment>>() {
    });
    DevfileBindings.onComponentIntegrityValidatorBinder(binder(), binder -> {
        binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentValidator.class);
        binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(NoopComponentIntegrityValidator.class);
    });
    DevfileBindings.onWorkspaceApplierBinder(binder(), binder -> {
        binder.addBinding(KUBERNETES_COMPONENT_TYPE).to(KubernetesComponentToWorkspaceApplier.class);
        binder.addBinding(DOCKERIMAGE_COMPONENT_TYPE).to(DockerimageComponentToWorkspaceApplier.class);
    });
    KubernetesDevfileBindings.addKubernetesBasedEnvironmentTypeBindings(binder(), KubernetesEnvironment.TYPE);
    KubernetesDevfileBindings.addKubernetesBasedComponentTypeBindings(binder(), KUBERNETES_COMPONENT_TYPE);
    // We need to initialize the bindings somehow. Because no other environment type is upgradable
    // to kubernetes, we just call this in a way that initializes the binding with an empty map.
    KubernetesDevfileBindings.addAllowedEnvironmentTypeUpgradeBindings(binder(), KubernetesEnvironment.TYPE);
    bind(NonTlsDistributedClusterModeNotifier.class);
    bind(AsyncStorageProvisioner.class);
}
Also used : PreviewUrlExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.PreviewUrlExposer) CheApiExternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider) KubernetesCheApiExternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider) KubernetesPreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesPreviewUrlCommandProvisioner) KubernetesPreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesPreviewUrlCommandProvisioner) PreviewUrlCommandProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.PreviewUrlCommandProvisioner) SingleHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.SingleHostExternalServiceExposureStrategy) MultiHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultiHostExternalServiceExposureStrategy) DefaultHostExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.DefaultHostExternalServiceExposureStrategy) ExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy) ServersConverter(org.eclipse.che.workspace.infrastructure.kubernetes.provision.server.ServersConverter) GatewayTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner) MultihostIngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultihostIngressServerExposer) WorkspacePVCCleaner(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspacePVCCleaner) CheApiInternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider) KubernetesCheApiInternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider) GatewayServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.GatewayServerExposer) CheApiExternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider) EnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.EnvVarProvider) CheApiInternalEnvVarProvider(org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider) KubernetesCheApiExternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider) KubernetesCheApiInternalEnvVarProvider(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider) Map(java.util.Map) RuntimeInfrastructure(org.eclipse.che.api.workspace.server.spi.RuntimeInfrastructure) NamespaceConfigurator(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator) TlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.TlsProvisioner) IngressTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.IngressTlsProvisioner) GatewayTlsProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner) FactoryModuleBuilder(com.google.inject.assistedinject.FactoryModuleBuilder) WorkspaceExposureType(org.eclipse.che.workspace.infrastructure.kubernetes.server.WorkspaceExposureType) SidecarToolingProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.wsplugins.SidecarToolingProvisioner) SecureServerExposerFactoryProvider(org.eclipse.che.workspace.infrastructure.kubernetes.server.secure.SecureServerExposerFactoryProvider) TypeLiteral(com.google.inject.TypeLiteral) JpaKubernetesRuntimeCacheModule(org.eclipse.che.workspace.infrastructure.kubernetes.cache.jpa.JpaKubernetesRuntimeCacheModule) ExternalServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServerExposer) ChePluginsApplier(org.eclipse.che.api.workspace.server.wsplugins.ChePluginsApplier) RemoveNamespaceOnWorkspaceRemove(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.RemoveNamespaceOnWorkspaceRemove) WorkspaceVolumesStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspaceVolumesStrategy) WorkspaceAttributeValidator(org.eclipse.che.api.workspace.server.WorkspaceAttributeValidator) InternalEnvironmentFactory(org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironmentFactory) PluginBrokerManager(org.eclipse.che.workspace.infrastructure.kubernetes.wsplugins.PluginBrokerManager) KubernetesEnvironment(org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment) KubernetesExternalServerExposerProvider(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.KubernetesExternalServerExposerProvider) IngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.IngressServerExposer) MultihostIngressServerExposer(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.MultihostIngressServerExposer) KubernetesTrustedCAProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesTrustedCAProvisioner) TrustedCAProvisioner(org.eclipse.che.workspace.infrastructure.kubernetes.provision.TrustedCAProvisioner)

Example 5 with ExternalServiceExposureStrategy

use of org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy in project che-server by eclipse-che.

the class AbstractJwtProxyProvisioner method expose.

/**
 * Modifies Kubernetes environment to expose the specified service port via JWTProxy.
 *
 * @param k8sEnv Kubernetes environment to modify
 * @param pod the pod that runs the server being exposed
 * @param backendServiceName service name that will be exposed
 * @param backendServicePort service port that will be exposed
 * @param protocol protocol that will be used for exposed port
 * @param secureServers secure servers to expose
 * @return JWTProxy service port that expose the specified one
 * @throws InfrastructureException if any exception occurs during port exposing
 */
@Override
public ServicePort expose(KubernetesEnvironment k8sEnv, PodData pod, String machineName, String backendServiceName, ServicePort backendServicePort, String protocol, boolean requireSubdomain, Map<String, ServerConfig> secureServers) throws InfrastructureException {
    Preconditions.checkArgument(secureServers != null && !secureServers.isEmpty(), "Secure servers are missing");
    ensureJwtProxyInjected(k8sEnv, machineName, pod);
    Set<String> excludes = new HashSet<>();
    Boolean cookiesAuthEnabled = null;
    for (ServerConfig serverConfig : secureServers.values()) {
        ExposureConfiguration config = getExposureConfiguration(serverConfig);
        // accumulate unsecured paths
        if (config.excludedPaths != null) {
            excludes.addAll(config.excludedPaths);
        }
        // calculate `cookiesAuthEnabled` attributes
        if (detectCookieAuth) {
            if (cookiesAuthEnabled == null) {
                cookiesAuthEnabled = config.cookiesAuthEnabled;
            } else {
                if (!cookiesAuthEnabled.equals(config.cookiesAuthEnabled)) {
                    throw new InfrastructureException("Secure servers which expose the same port should have the same `cookiesAuthEnabled` value.");
                }
            }
        }
    }
    int listenPort = availablePort++;
    ServicePort exposedPort = new ServicePortBuilder().withName("server-" + listenPort).withPort(listenPort).withProtocol(protocol).withNewTargetPort(listenPort).build();
    k8sEnv.getServices().get(serviceName).getSpec().getPorts().add(exposedPort);
    CookiePathStrategy actualCookiePathStrategy = requireSubdomain ? multihostCookiePathStrategy : cookiePathStrategy;
    ExternalServiceExposureStrategy actualExposureStrategy = requireSubdomain ? multiHostExternalServiceExposureStrategy : externalServiceExposureStrategy;
    // JwtProxySecureServerExposer creates no service for the exposed secure servers and
    // assumes everything will be proxied from localhost, because JWT proxy is collocated
    // with the workspace pod (because it is added to the environment as an injectable pod).
    // This method historically supported proxying secure servers exposed through a service
    // (which is not secure in absence of a appropriate network policy). The support for
    // accessing the backend server through a service was kept here because it doesn't add
    // any additional complexity to this method and keeps the door open for the
    // JwtProxySecureServerExposer to be enhanced in the future with support for service-handled
    // secure servers.
    backendServiceName = backendServiceName == null ? "127.0.0.1" : backendServiceName;
    proxyConfigBuilder.addVerifierProxy(listenPort, "http://" + backendServiceName + ":" + backendServicePort.getTargetPort().getIntVal(), excludes, cookiesAuthEnabled == null ? false : cookiesAuthEnabled, actualCookiePathStrategy.get(serviceName, exposedPort), actualExposureStrategy.getExternalPath(serviceName, exposedPort.getName()));
    k8sEnv.getConfigMaps().get(getConfigMapName()).getData().put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build());
    return exposedPort;
}
Also used : ServerConfig(org.eclipse.che.api.core.model.workspace.config.ServerConfig) ServicePort(io.fabric8.kubernetes.api.model.ServicePort) ServicePortBuilder(io.fabric8.kubernetes.api.model.ServicePortBuilder) ExternalServiceExposureStrategy(org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy) InfrastructureException(org.eclipse.che.api.workspace.server.spi.InfrastructureException) HashSet(java.util.HashSet)

Aggregations

ExternalServiceExposureStrategy (org.eclipse.che.workspace.infrastructure.kubernetes.server.external.ExternalServiceExposureStrategy)6 TypeLiteral (com.google.inject.TypeLiteral)4 FactoryModuleBuilder (com.google.inject.assistedinject.FactoryModuleBuilder)4 WorkspaceAttributeValidator (org.eclipse.che.api.workspace.server.WorkspaceAttributeValidator)4 RuntimeInfrastructure (org.eclipse.che.api.workspace.server.spi.RuntimeInfrastructure)4 InternalEnvironmentFactory (org.eclipse.che.api.workspace.server.spi.environment.InternalEnvironmentFactory)4 CheApiExternalEnvVarProvider (org.eclipse.che.api.workspace.server.spi.provision.env.CheApiExternalEnvVarProvider)4 CheApiInternalEnvVarProvider (org.eclipse.che.api.workspace.server.spi.provision.env.CheApiInternalEnvVarProvider)4 EnvVarProvider (org.eclipse.che.api.workspace.server.spi.provision.env.EnvVarProvider)4 ChePluginsApplier (org.eclipse.che.api.workspace.server.wsplugins.ChePluginsApplier)4 JpaKubernetesRuntimeCacheModule (org.eclipse.che.workspace.infrastructure.kubernetes.cache.jpa.JpaKubernetesRuntimeCacheModule)4 NamespaceConfigurator (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.configurator.NamespaceConfigurator)4 WorkspacePVCCleaner (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspacePVCCleaner)4 WorkspaceVolumesStrategy (org.eclipse.che.workspace.infrastructure.kubernetes.namespace.pvc.WorkspaceVolumesStrategy)4 GatewayTlsProvisioner (org.eclipse.che.workspace.infrastructure.kubernetes.provision.GatewayTlsProvisioner)4 KubernetesCheApiExternalEnvVarProvider (org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiExternalEnvVarProvider)4 KubernetesCheApiInternalEnvVarProvider (org.eclipse.che.workspace.infrastructure.kubernetes.provision.KubernetesCheApiInternalEnvVarProvider)4 PreviewUrlCommandProvisioner (org.eclipse.che.workspace.infrastructure.kubernetes.provision.PreviewUrlCommandProvisioner)4 TlsProvisioner (org.eclipse.che.workspace.infrastructure.kubernetes.provision.TlsProvisioner)4 TrustedCAProvisioner (org.eclipse.che.workspace.infrastructure.kubernetes.provision.TrustedCAProvisioner)4