Skip to content

Commit

Permalink
Make all configmaps unique in same namespace (#18620)
Browse files Browse the repository at this point in the history
* Make all configmaps unique in the same namespace 

Signed-off-by: Sergii Kabashniuk <skabashniuk@redhat.com>
  • Loading branch information
skabashnyuk authored Dec 21, 2020
1 parent 44add76 commit 5656fea
Show file tree
Hide file tree
Showing 14 changed files with 50 additions and 75 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,9 @@ che.infra.kubernetes.trusted_ca.src_configmap=NULL
# Holds the copy of che.infra.kubernetes.trusted_ca.src_configmap but in a workspace namespace.
# Content of this config map is mounted into all workspace containers including plugin brokers.
# Do not change the config map name unless it conflicts with the already existing config map.
# Note that the resulting config map name can be adjusted eventually to make it unique in k8s namespace.
# The original name would be stored in `che.original_name` label.

che.infra.kubernetes.trusted_ca.dest_configmap=ca-certs

# Configures path on workspace containers where the CA bundle should be mount.
Expand Down
5 changes: 0 additions & 5 deletions infrastructures/kubernetes/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -255,11 +255,6 @@
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-testng</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,6 @@ public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity)
// 3 stage - add Kubernetes env items
LOG.debug("Provisioning environment items for workspace '{}'", workspaceId);
restartPolicyRewriter.provision(k8sEnv, identity);
uniqueNamesProvisioner.provision(k8sEnv, identity);
resourceLimitRequestProvisioner.provision(k8sEnv, identity);
nodeSelectorProvisioner.provision(k8sEnv, identity);
externalServerTlsProvisioner.provision(k8sEnv, identity);
Expand All @@ -183,6 +182,7 @@ public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity)
gitConfigProvisioner.provision(k8sEnv, identity);
gatewayRouterProvisioner.provision(k8sEnv, identity);
trustedCAProvisioner.provision(k8sEnv, identity);
uniqueNamesProvisioner.provision(k8sEnv, identity);
LOG.debug("Provisioning Kubernetes environment done for workspace '{}'", workspaceId);
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@
@Singleton
public class GitConfigProvisioner implements ConfigurationProvisioner<KubernetesEnvironment> {

public static final String GIT_CONFIG_MAP_NAME_SUFFIX = "-gitconfig";
public static final String GIT_CONFIG_MAP_NAME = "gitconfig";

private static final String GIT_BASE_CONFIG_PATH = "/etc/";
public static final String GIT_CONFIG = "gitconfig";
Expand Down Expand Up @@ -132,12 +132,7 @@ private Pair<String, String> getUserFromUserManager() throws NotFoundException,
private void prepareAndProvisionGitConfiguration(
String name, String email, KubernetesEnvironment k8sEnv, RuntimeIdentity identity) {
prepareGitConfigurationContent(name, email)
.ifPresent(
content -> {
String configMapName = identity.getWorkspaceId() + GIT_CONFIG_MAP_NAME_SUFFIX;

doProvisionGitConfiguration(configMapName, content, k8sEnv);
});
.ifPresent(content -> doProvisionGitConfiguration(GIT_CONFIG_MAP_NAME, content, k8sEnv));
}

private String getStringValueOrNull(Map<String, Object> map, String key) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@
import io.fabric8.kubernetes.api.model.VolumeMountBuilder;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
Expand All @@ -35,7 +34,6 @@
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData;
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodRole;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespace;
import org.eclipse.che.workspace.infrastructure.kubernetes.namespace.KubernetesNamespaceFactory;

/**
Expand Down Expand Up @@ -112,27 +110,20 @@ public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity runtimeID)
return;
}

KubernetesNamespace namespace = namespaceFactory.getOrCreate(runtimeID);
Optional<ConfigMap> existing = namespace.configMaps().get(configMapName);
if (existing.isEmpty()
|| !(existing.get().getData() == allCaCertsConfigMap.getData()
|| existing.get().getData().equals(allCaCertsConfigMap.getData()))) {
// create or renew map
k8sEnv
.getConfigMaps()
.put(
configMapName,
new ConfigMapBuilder()
.withMetadata(
new ObjectMetaBuilder()
.withName(configMapName)
.withAnnotations(allCaCertsConfigMap.getMetadata().getAnnotations())
.withLabels(configMapLabelKeyValue)
.build())
.withApiVersion(allCaCertsConfigMap.getApiVersion())
.withData(allCaCertsConfigMap.getData())
.build());
}
k8sEnv
.getConfigMaps()
.put(
configMapName,
new ConfigMapBuilder()
.withMetadata(
new ObjectMetaBuilder()
.withName(configMapName)
.withAnnotations(allCaCertsConfigMap.getMetadata().getAnnotations())
.withLabels(configMapLabelKeyValue)
.build())
.withApiVersion(allCaCertsConfigMap.getApiVersion())
.withData(allCaCertsConfigMap.getData())
.build());

for (PodData pod : k8sEnv.getPodsData().values()) {
if (pod.getRole() == PodRole.DEPLOYMENT) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ public class SshKeysProvisioner implements ConfigurationProvisioner<KubernetesEn
private static final String SSH_CONFIG = "ssh_config";
private static final String SSH_CONFIG_PATH = SSH_BASE_CONFIG_PATH + SSH_CONFIG;

private static final String SSH_CONFIG_MAP_NAME_SUFFIX = "-sshconfigmap";
private static final String SSH_CONFIG_MAP_NAME = "sshconfigmap";
private static final String SSH_SECRET_NAME_SUFFIX = "-sshprivatekeys";

private static final String SSH_SECRET_TYPE = "opaque";
Expand Down Expand Up @@ -250,14 +250,12 @@ private void doProvisionVcsSshConfig(
sshConfigData.append(buildConfig(sshPair.getName()));
}

String sshConfigMapName = wsId + SSH_CONFIG_MAP_NAME_SUFFIX;

Map<String, String> sshConfig = new HashMap<>();
sshConfig.put(SSH_CONFIG, sshConfigData.toString());
ConfigMap configMap =
new ConfigMapBuilder()
.withNewMetadata()
.withName(sshConfigMapName)
.withName(SSH_CONFIG_MAP_NAME)
.endMetadata()
.withData(sshConfig)
.build();
Expand All @@ -267,7 +265,9 @@ private void doProvisionVcsSshConfig(
.getPodsData()
.values()
.forEach(
p -> mountConfigFile(p.getSpec(), sshConfigMapName, p.getRole() != PodRole.INJECTABLE));
p ->
mountConfigFile(
p.getSpec(), SSH_CONFIG_MAP_NAME, p.getRole() != PodRole.INJECTABLE));
}

private void mountConfigFile(PodSpec podSpec, String sshConfigMapName, boolean addVolume) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,8 @@
import org.eclipse.che.workspace.infrastructure.kubernetes.environment.KubernetesEnvironment.PodData;

/**
* Makes names of Kubernetes pods and ingresses unique whole namespace by {@link Names}.
* Makes names of Kubernetes pods, ingresses and config maps unique whole namespace by {@link
* Names}.
*
* <p>Original names will be stored in {@link Constants#CHE_ORIGINAL_NAME_LABEL} label of renamed
* object.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -64,10 +64,7 @@ public void applySecret(KubernetesEnvironment env, RuntimeIdentity runtimeIdenti
keys.size()));
}
Path gitSecretFilePath = Paths.get(secretMountPath, keys.iterator().next());
ConfigMap gitConfigMap =
env.getConfigMaps()
.get(
runtimeIdentity.getWorkspaceId() + GitConfigProvisioner.GIT_CONFIG_MAP_NAME_SUFFIX);
ConfigMap gitConfigMap = env.getConfigMaps().get(GitConfigProvisioner.GIT_CONFIG_MAP_NAME);
if (gitConfigMap != null) {
Map<String, String> gitConfigMapData = gitConfigMap.getData();
String gitConfig = gitConfigMapData.get(GitConfigProvisioner.GIT_CONFIG);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ public void performsOrderedProvisioning() throws Exception {
provisionOrder.verify(envVarsProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(volumesStrategy).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(restartPolicyRewriter).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(uniqueNamesProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));

provisionOrder.verify(ramLimitProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(nodeSelectorProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder
Expand All @@ -170,6 +170,7 @@ public void performsOrderedProvisioning() throws Exception {
provisionOrder.verify(gitConfigProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(gatewayRouterProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(trustedCAProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verify(uniqueNamesProvisioner).provision(eq(k8sEnv), eq(runtimeIdentity));
provisionOrder.verifyNoMoreInteractions();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -205,9 +205,9 @@ public void testShouldCheckIfPodHasMountAndK8HasConfigMapForGitConfig() throws E
assertEquals(mount.getSubPath(), "gitconfig");

assertEquals(k8sEnv.getConfigMaps().size(), 1);
assertTrue(k8sEnv.getConfigMaps().containsKey("wksp-gitconfig"));
assertTrue(k8sEnv.getConfigMaps().containsKey("gitconfig"));

ConfigMap configMap = k8sEnv.getConfigMaps().get("wksp-gitconfig");
ConfigMap configMap = k8sEnv.getConfigMaps().get("gitconfig");

assertEquals(configMap.getData().size(), 1);
assertTrue(configMap.getData().containsKey("gitconfig"));
Expand Down Expand Up @@ -257,9 +257,9 @@ public void testShouldParseOnlyNameWhenEmailIsNotAString(String json) throws Exc
assertEquals(mount.getSubPath(), "gitconfig");

assertEquals(k8sEnv.getConfigMaps().size(), 1);
assertTrue(k8sEnv.getConfigMaps().containsKey("wksp-gitconfig"));
assertTrue(k8sEnv.getConfigMaps().containsKey("gitconfig"));

ConfigMap configMap = k8sEnv.getConfigMaps().get("wksp-gitconfig");
ConfigMap configMap = k8sEnv.getConfigMaps().get("gitconfig");

assertEquals(configMap.getData().size(), 1);
assertTrue(configMap.getData().containsKey("gitconfig"));
Expand Down Expand Up @@ -309,9 +309,9 @@ public void testShouldParseOnlyEmailWhenNameIsNotAString(String json) throws Exc
assertEquals(mount.getSubPath(), "gitconfig");

assertEquals(k8sEnv.getConfigMaps().size(), 1);
assertTrue(k8sEnv.getConfigMaps().containsKey("wksp-gitconfig"));
assertTrue(k8sEnv.getConfigMaps().containsKey("gitconfig"));

ConfigMap configMap = k8sEnv.getConfigMaps().get("wksp-gitconfig");
ConfigMap configMap = k8sEnv.getConfigMaps().get("gitconfig");

assertEquals(configMap.getData().size(), 1);
assertTrue(configMap.getData().containsKey("gitconfig"));
Expand Down Expand Up @@ -354,9 +354,9 @@ public void testShouldParseOnlyEmailWhenNameIsNotAString(String json) throws Exc
assertEquals(mount.getSubPath(), "gitconfig");

assertEquals(k8sEnv.getConfigMaps().size(), 1);
assertTrue(k8sEnv.getConfigMaps().containsKey("wksp-gitconfig"));
assertTrue(k8sEnv.getConfigMaps().containsKey("gitconfig"));

ConfigMap configMap = k8sEnv.getConfigMaps().get("wksp-gitconfig");
ConfigMap configMap = k8sEnv.getConfigMaps().get("gitconfig");

assertEquals(configMap.getData().size(), 1);
assertTrue(configMap.getData().containsKey("gitconfig"));
Expand Down Expand Up @@ -402,9 +402,9 @@ public void testShouldProvisionNameAndEmailFromUserManagerWhenUserPreferencesEmp
assertEquals(mount.getSubPath(), "gitconfig");

assertEquals(k8sEnv.getConfigMaps().size(), 1);
assertTrue(k8sEnv.getConfigMaps().containsKey("wksp-gitconfig"));
assertTrue(k8sEnv.getConfigMaps().containsKey("gitconfig"));

ConfigMap configMap = k8sEnv.getConfigMaps().get("wksp-gitconfig");
ConfigMap configMap = k8sEnv.getConfigMaps().get("gitconfig");

assertEquals(configMap.getData().size(), 1);
assertTrue(configMap.getData().containsKey("gitconfig"));
Expand All @@ -421,8 +421,6 @@ public void testShouldProvisionConfigForHttpsServer() throws Exception {
when(vcsSslCertificateProvisioner.getGitServerHost()).thenReturn("https://localhost");
when(vcsSslCertificateProvisioner.getCertPath()).thenReturn("/some/path");

when(runtimeIdentity.getWorkspaceId()).thenReturn("wksp");

ObjectMeta podMeta = new ObjectMetaBuilder().withName("wksp").build();
when(pod.getMetadata()).thenReturn(podMeta);
when(pod.getSpec()).thenReturn(podSpec);
Expand Down Expand Up @@ -450,9 +448,9 @@ public void testShouldProvisionConfigForHttpsServer() throws Exception {
assertEquals(mount.getSubPath(), "gitconfig");

assertEquals(k8sEnv.getConfigMaps().size(), 1);
assertTrue(k8sEnv.getConfigMaps().containsKey("wksp-gitconfig"));
assertTrue(k8sEnv.getConfigMaps().containsKey("gitconfig"));

ConfigMap configMap = k8sEnv.getConfigMaps().get("wksp-gitconfig");
ConfigMap configMap = k8sEnv.getConfigMaps().get("gitconfig");

assertEquals(configMap.getData().size(), 1);
assertTrue(configMap.getData().containsKey("gitconfig"));
Expand All @@ -471,7 +469,6 @@ public void shouldNotProvisionVolumeButShouldMountInInjectablePods() throws Exce
singletonMap(
"theia-user-preferences", "{\"git.user.name\":\"user\",\"git.user.email\":\"email\"}");
when(preferenceManager.find(eq("id"), eq("theia-user-preferences"))).thenReturn(preferences);
when(runtimeIdentity.getWorkspaceId()).thenReturn("wksp");

Pod pod =
new PodBuilder()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -144,9 +144,9 @@ public void addSshKeysConfigInPod() throws Exception {

Map<String, ConfigMap> configMaps = k8sEnv.getConfigMaps();
assertNotNull(configMaps);
assertTrue(configMaps.containsKey("wksp-sshconfigmap"));
assertTrue(configMaps.containsKey("sshconfigmap"));

ConfigMap sshConfigMap = configMaps.get("wksp-sshconfigmap");
ConfigMap sshConfigMap = configMaps.get("sshconfigmap");
assertNotNull(sshConfigMap);

Map<String, String> mapData = sshConfigMap.getData();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@

import static java.util.Collections.emptyMap;
import static java.util.Collections.singletonMap;
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.GitConfigProvisioner.GIT_CONFIG_MAP_NAME;
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.FileSecretApplier.ANNOTATION_MOUNT_PATH;
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.KubernetesSecretApplier.ANNOTATION_AUTOMOUNT;
import static org.eclipse.che.workspace.infrastructure.kubernetes.provision.secret.SecretAsContainerResourceProvisioner.ANNOTATION_MOUNT_AS;
Expand Down Expand Up @@ -64,7 +65,7 @@ public void setUp() throws Exception {
when(environment.getPodsData()).thenReturn(singletonMap("pod1", podData));
when(podData.getRole()).thenReturn(KubernetesEnvironment.PodRole.DEPLOYMENT);
when(podData.getSpec()).thenReturn(podSpec);
when(runtimeIdentity.getWorkspaceId()).thenReturn("ws-1234598");
lenient().when(runtimeIdentity.getWorkspaceId()).thenReturn("ws-1234598");
}

@Test(
Expand Down Expand Up @@ -124,10 +125,7 @@ public void shouldBeAbleToAdjustGiConfigConfigMap() throws InfrastructureExcepti
new ConfigMapBuilder()
.withData(ImmutableMap.of(GitConfigProvisioner.GIT_CONFIG, GIT_CONFIG_CONTENT))
.build();
when(environment.getConfigMaps())
.thenReturn(
ImmutableMap.of(
"ws-1234598" + GitConfigProvisioner.GIT_CONFIG_MAP_NAME_SUFFIX, configMap));
when(environment.getConfigMaps()).thenReturn(ImmutableMap.of(GIT_CONFIG_MAP_NAME, configMap));
// when
secretApplier.applySecret(environment, runtimeIdentity, secret);
// then
Expand Down Expand Up @@ -172,10 +170,7 @@ public void shouldThrowInfrastructureExceptionIfGitConfigAlreadyContainsSecretCo
GIT_CONFIG_CONTENT
+ "[credential]\n\thelper = store --file /home/user/.git/credentials\n"))
.build();
when(environment.getConfigMaps())
.thenReturn(
ImmutableMap.of(
"ws-1234598" + GitConfigProvisioner.GIT_CONFIG_MAP_NAME_SUFFIX, configMap));
when(environment.getConfigMaps()).thenReturn(ImmutableMap.of(GIT_CONFIG_MAP_NAME, configMap));
// when
secretApplier.applySecret(environment, runtimeIdentity, secret);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,6 @@ public void provision(OpenShiftEnvironment osEnv, RuntimeIdentity identity)

// 3 stage - add OpenShift env items
restartPolicyRewriter.provision(osEnv, identity);
uniqueNamesProvisioner.provision(osEnv, identity);
routeTlsProvisioner.provision(osEnv, identity);
resourceLimitRequestProvisioner.provision(osEnv, identity);
nodeSelectorProvisioner.provision(osEnv, identity);
Expand All @@ -179,6 +178,7 @@ public void provision(OpenShiftEnvironment osEnv, RuntimeIdentity identity)
gatewayRouterProvisioner.provision(osEnv, identity);
deploymentMetadataProvisioner.provision(osEnv, identity);
trustedCAProvisioner.provision(osEnv, identity);
uniqueNamesProvisioner.provision(osEnv, identity);
LOG.debug(
"Provisioning OpenShift environment done for workspace '{}'", identity.getWorkspaceId());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,6 @@ public void performsOrderedProvisioning() throws Exception {
provisionOrder.verify(envVarsProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(volumesStrategy).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(restartPolicyRewriter).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(uniqueNamesProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(tlsRouteProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(ramLimitProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(nodeSelectorProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
Expand All @@ -167,6 +166,7 @@ public void performsOrderedProvisioning() throws Exception {
provisionOrder.verify(gatewayRouterProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(deploymentMetadataProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(trustedCAProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verify(uniqueNamesProvisioner).provision(eq(osEnv), eq(runtimeIdentity));
provisionOrder.verifyNoMoreInteractions();
}
}

0 comments on commit 5656fea

Please sign in to comment.