Dev Workspace operator repository that contains the controller for the DevWorkspace Custom Resource. The Kubernetes API of the DevWorkspace is defined in the https://github.com/devfile/api repository.
You can add these Kubernetes annotations to specific DevWorkspace CR to customize their behavior.
Name | Value |
---|---|
controller.devfile.io/restricted-access | true or false |
Using restricted-access
is possible to define that DevWorkspace needs additional(to RBAC) authorization that guarantee that the only DevWorkspace CR creators has access to the containers terminals and secure server.
May be needed when personal information(like access tokens, ssh keys) is stored in the containers.
Since it's powered by webhooks, DevWorkspaces with such annotations will fails to start when webhooks are disabled on Operator level.
Example:
metadata:
annotations:
controller.devfile.io/restricted-access: true
When deployed to Kubernetes, the controller requires cert-manager running in the cluster.
You can install it using make install_cert_manager
if you don't run it already.
The minimum version of cert-manager is v1.0.4
.
The controller can be deployed to a cluster provided you are logged in with cluster-admin credentials:
export IMG=quay.io/devfile/devworkspace-controller:next
make install
By default, controller will expose workspace servers without any authentication; this is not advisable for public clusters, as any user could access the created workspace via URL.
In case of OpenShift, you're able to configure DevWorkspace CR to secure your servers with the following piece of configuration:
spec:
routingClass: openshift-oauth
See below for all environment variables used in the makefile.
Note: The operator requires internet access from containers to work. By default,
crc setup
may not provision this, so it's necessary to configure DNS for Docker:# /etc/docker/daemon.json { "dns": ["192.168.0.1"] }
The repository contains a Makefile; building and deploying can be configured via the environment variables
variable | purpose | default value |
---|---|---|
IMG |
Image used for controller | quay.io/devfile/devworkspace-controller:next |
NAMESPACE |
Namespace to use for deploying controller | devworkspace-controller |
ROUTING_SUFFIX |
Cluster routing suffix (e.g. $(minikube ip).nip.io , apps-crc.testing ). Required for Kubernetes |
192.168.99.100.nip.io |
PULL_POLICY |
Image pull policy for controller | Always |
DEVWORKSPACE_API_VERSION |
Branch or tag of the github.com/devfile/api to depend on | v1alpha1 |
Some of the rules supported by the makefile:
rule | purpose |
---|---|
docker | build and push docker image |
install | install controller to cluster |
restart | restart cluster controller deployment |
install_crds | update CRDs on cluster |
install_cert_manager | installs the cert-manager to the cluster (only required for Kubernetes) |
uninstall | delete controller namespace devworkspace-controller and remove CRDs from cluster |
help | print all rules and variables |
To see all rules supported by the makefile, run make help
- Take a look samples workspace configuration in
./samples
folder. - Apply any of them by executing
kubectl apply -f ./samples/workspace_java_mysql.yaml -n <namespace>
- As soon as workspace is started you're able to get IDE url by executing
kubectl get devworkspace -n <namespace>
It's possible to run an instance of the controller locally while communicating with a cluster. However, this requires webhooks to be disabled, as the webhooks need to be able to access the service created by an in-cluster deployment
make install
oc patch deployment/devworkspace-controller-manager --patch "{\"spec\":{\"replicas\":0}}"
make debug
When running locally, only a single namespace is watched; as a result, all workspaces have to be deployed to ${NAMESPACE}
Debugging the controller depends on delve
being installed (go get -u github.com/go-delve/delve/cmd/dlv
). Note that at the time of writing, executing go get
in this repo's directory will update go.mod; these changes should be dropped before committing.
make install
oc patch deployment/devworkspace-controller-manager --patch "{\"spec\":{\"replicas\":0}}"
make debug
Controller behavior can be configured with data from the devworkspace-controller
config map in the same namespace where controller lives.
For all available configuration properties and their default values, see pkg/config
To uninstall the controller and associated CRDs, use the Makefile uninstall rule:
make uninstall
This will delete all custom resource definitions created for the controller, as well as the devworkspace-controller
namespace.
- Next Dockerimage action builds main branch and pushes it to quay.io/devfile/devworkspace-controller:next