Che workspace operator repository that contains K8s API for Che workspace and controller for them.
The controller can be deployed to a cluster provided you are logged in with cluster-admin credentials:
export IMG=quay.io/che-incubator/che-workspace-controller:nightly
export TOOL=oc # Use 'export TOOL=kubectl' for kubernetes
make deployBy default, controller will expose workspace servers without any authentication; this is not advisable for public clusters, as any user could access the created workspace via URL.
In case of OpenShift, you're able to configure controller to secure your workspaces server deploy with the following options:
export WEBHOOK_ENABLED=true
export DEFAULT_ROUTING=openshift-oauth
make deploySee below for all environment variables used in the makefile.
Note: The operator requires internet access from containers to work. By default,
crc setupmay not provision this, so it's necessary to configure DNS for Docker:# /etc/docker/daemon.json { "dns": ["192.168.0.1"] }
The repository contains a Makefile; building and deploying can be configured via the environment variables
| variable | purpose | default value |
|---|---|---|
IMG |
Image used for controller | quay.io/che-incubator/che-workspace-controller:nightly |
TOOL |
CLI tool for interfacing with the cluster: kubectl or oc; if oc is used, deployment is tailored to OpenShift, otherwise Kubernetes |
oc |
ROUTING_SUFFIX |
Cluster routing suffix (e.g. $(minikube ip).nip.io, apps-crc.testing). Required for Kubernetes |
192.168.99.100.nip.io |
PULL_POLICY |
Image pull policy for controller | Always |
WEBHOOK_ENABLED |
Whether webhooks should be enabled in the deployment | false |
DEFAULT_ROUTING |
Default routingClass to apply to workspaces that don't specify one | basic |
ADMIN_CTX |
Kubectx entry that should be used during work with cluster. The current will be used if omitted | - |
REGISTRY_ENABLED |
Whether the plugin registry should be deployed | true |
Some of the rules supported by the makefile:
| rule | purpose |
|---|---|
| docker | build and push docker image |
| webhook | generate certificates for webhooks and deploy to cluster; no-op if webhooks are disabled or running on OpenShift |
| deploy | deploy controller to cluster |
| restart | restart cluster controller deployment |
| rollout | rebuild and push docker image and restart cluster deployment |
| update_cfg | configures already deployed controller according to set env variables |
| update_crds | update custom resource definitions on cluster |
| uninstall | delete controller namespace che-workspace-controller and remove custom resource definitions from cluster |
| help | print all rules and variables |
To see all rules supported by the makefile, run make help
- Take a look samples workspace configuration in
./samplesfolder. - Apply any of them by executing
kubectl apply -f ./samples/workspace_java_mysql.yaml -n <namespace> - As soon as workspace is started you're able to get IDE url by executing
kubectl get workspace -n <namespace>
It's possible to run an instance of the controller locally while communicating with a cluster. However, this requires webhooks to be disabled, as the webhooks need to be able to access the service created by an in-cluster deployment
export NAMESPACE=che-workspace-controller
export TOOL=oc # Use 'export TOOL=kubectl' for kubernetes
export WEBHOOK_ENABLED=false
make local
operator-sdk up local --namespace ${NAMESPACE}When running locally, only a single namespace is watched; as a result, all workspaces have to be deployed to ${NAMESPACE}
Debugging the controller depends on delve being installed (go get -u github.com/go-delve/delve/cmd/dlv). Note that at the time of writing, executing go get in this repo's directory will update go.mod; these changes should be dropped before committing.
export NAMESPACE=che-workspace-controller
export TOOL=oc # Use 'export TOOL=kubectl' for kubernetes
export WEBHOOK_ENABLED=false
make local
operator-sdk up local --namespace ${NAMESPACE} --enable-delveTo uninstall the controller and associated CRDs, use the Makefile uninstall rule:
make uninstallThis will delete all custom resource definitions created for the controller, as well as the che-workspace-controller namespace.
The following CentOS CI jobs are associated with the repository:
master- builds CentOS images on each commit to themasterbranch and pushes them to quay.io/che-incubator/che-workspace-controller.nightly- builds CentOS images and pushes them to quay.io/che-incubator/che-workspace-controller on a daily basis from themasterbranch.