Documentation ¶
Overview ¶
Package constants defines constant values used throughout the DevWorkspace Operator
Index ¶
Constants ¶
View Source
const ( // DevWorkspaceStorageTypeAttribute defines the strategy used for provisioning storage for the workspace. // If empty, the common PVC strategy is used. // Supported options: // - "common": Create one PVC per namespace, and store data for all workspaces in that namespace in that PVC // - "async" : Create one PVC per namespace, and create a remote server that syncs data from workspaces to the PVC. // All volumeMounts used for devworkspaces are emptyDir // - "per-workspace": Create one PVC per workspace, delete that PVC when the workspace is deleted. // - "ephemeral": Use emptyDir volumes for all volumes in the DevWorkspace. All data is lost when the workspace is // stopped. DevWorkspaceStorageTypeAttribute = "controller.devfile.io/storage-type" // ExternalDevWorkspaceConfiguration is an attribute that allows for specifying an (optional) external DevWorkspaceOperatorConfig // which will merged with the internal/global DevWorkspaceOperatorConfig. The DevWorkspaceOperatorConfig resulting from the merge will be used for the workspace. // The fields which are set in the external DevWorkspaceOperatorConfig will overwrite those existing in the // internal/global DevWorkspaceOperatorConfig during the merge. // The structure of the attribute value should contain two strings: name and namespace. // 'name' specifies the metadata.name of the external operator configuration. // 'namespace' specifies the metadata.namespace of the external operator configuration . // For example: // // attributes: // controller.devfile.io/devworkspace-config: // name: external-dwoc-name // namespace: some-namespace ExternalDevWorkspaceConfiguration = "controller.devfile.io/devworkspace-config" // RuntimeClassNameAttribute is an attribute added to a DevWorkspace to specify a runtimeClassName for container // components in the DevWorkspace (pod.spec.runtimeClassName). If empty, no runtimeClassName is added. RuntimeClassNameAttribute = "controller.devfile.io/runtime-class" // WorkspaceEnvAttribute is an attribute that specifies a set of environment variables provided by a component // that should be added to all workspace containers. The structure of the attribute value should be a list of // Devfile 2.0 EnvVar, e.g. // // attributes: // workspaceEnv: // - name: ENV_1 // value: VAL_1 // - name: ENV_2 // value: VAL_2 WorkspaceEnvAttribute = "workspaceEnv" // WorkspaceSCCAttribute defines additional SCCs that should be added to the DevWorkspace. The user adding // this attribute to a workspace must have the RBAC permissions to "use" the SCC with the given name. For example, // to add the 'anyuid' SCC to the workspace Pod, the DevWorkspace should contain // // spec: // template: // attributes: // controller.devfile.io/scc: "anyuid" // // Creating a workspace with this attribute, or updating an existing workspace to include this attribute will fail // if the user making the request does not have the "use" permission for the "anyuid" SCC. // Only supported on OpenShift. WorkspaceSCCAttribute = "controller.devfile.io/scc" // ProjectCloneAttribute configures how the DevWorkspace will treat project cloning. By default, an init container // will be added to the workspace deployment to clone projects to the workspace before it starts. This attribute // must be applied to top-level attributes field in the DevWorkspace. // Supported options: // - "disable" - Disable automatic project cloning. No init container will be added to the workspace and projects // will not be cloned into the workspace on start. ProjectCloneAttribute = "controller.devfile.io/project-clone" // PluginSourceAttribute is an attribute added to components, commands, and projects in a flattened // DevWorkspace representation to signify where the respective component came from (i.e. which plugin // or parent imported it) PluginSourceAttribute = "controller.devfile.io/imported-by" // EndpointURLAttribute is an attribute added to endpoints to denote the endpoint on the cluster that // was created to route to this endpoint EndpointURLAttribute = "controller.devfile.io/endpoint-url" // ContainerContributionAttribute defines a container component as a container contribution that should be merged // into an existing container in the devfile if possible. If no suitable container exists, this component // is treated as a regular container component ContainerContributionAttribute = "controller.devfile.io/container-contribution" // MergeContributionAttribute defines a container component as a target for merging a container contribution. If // present on a container component, any container contributions will be merged into that container. If multiple // container components have the merge-contribution attribute, the first one will be used and all others ignored. MergeContributionAttribute = "controller.devfile.io/merge-contribution" // MergedContributionsAttribute is applied as an attribute onto a component to list the components from the unflattened // DevWorkspace that have been merged into the current component. The contributions are listed in a comma-separated list. MergedContributionsAttribute = "controller.devfile.io/merged-contributions" // PodOverridesAttribute is an attribute applied to a container component or in global attributes to specify overrides // for the pod spec used in the main workspace deployment. The format of the field is the same as the Kubernetes // PodSpec API. Overrides are applied over the default pod template spec used via strategic merge patch. // // If this attribute is used multiple times, all overrides are applied in the order they are defined in the DevWorkspace, // with later values overriding previous ones. Overrides defined in the top-level attributes field are applied last and // override any overrides from container components. // // Example: // kind: DevWorkspace // apiVersion: workspace.devfile.io/v1alpha2 // spec: // template: // attributes: // pod-overrides: // metadata: // annotations: // io.openshift.userns: "true" // io.kubernetes.cri-o.userns-mode: "auto:size=65536;map-to-root=true" # <-- user namespace // openshift.io/scc: container-build // spec: // runtimeClassName: kata // schedulerName: stork PodOverridesAttribute = "pod-overrides" // ContainerOverridesAttribute is an attribute applied to a container component to specify arbitrary fields in that // container. This attribute should only be used to set fields that are not configurable in the container component // itself. Any values specified in the overrides attribute overwrite fields on the container. // // Example: // components: // - name: go // attributes: // container-overrides: {"resources":{"limits":{"nvidia.com/gpu": "1"}}} // container: // image: ... ContainerOverridesAttribute = "container-overrides" // StarterProjectAttribute is an attribute applied to the top-level attributes in a DevWorkspace to specify which // starterProject in the workspace should be cloned. StarterProjectAttribute = "controller.devfile.io/use-starter-project" // BootstrapDevWorkspaceAttribute is an attribute applied to the top-level attributes in a DevWorkspace to configure // the project-clone container to "bootstrap" the DevWorkspace from a devfile.yaml or .devfile.yaml file at the root // of a cloned project. If the bootstrap process is successful, project-clone will automatically remove this attribute // from the DevWorkspace BootstrapDevWorkspaceAttribute = "controller.devfile.io/bootstrap-devworkspace" )
Constants that are used in attributes on DevWorkspace elements (components, endpoints, etc.)
View Source
const ( DefaultProjectsSourcesRoot = "/projects" HomeUserDirectory = "/home/user/" HomeVolumeName = "persistent-home" HomeInitComponentName = "init-persistent-home" HomeInitEventId = "init-persistent-home" SshAgentStartEventId = "init-ssh-agent-command" ServiceAccount = "devworkspace" PVCStorageSize = "10Gi" // DevWorkspaceIDLoggerKey is the key used to log workspace ID in the reconcile DevWorkspaceIDLoggerKey = "devworkspace_id" // ControllerServiceAccountNameEnvVar stores the name of the serviceaccount used in the controller. ControllerServiceAccountNameEnvVar = "CONTROLLER_SERVICE_ACCOUNT_NAME" // PVCCleanupPodMemoryLimit is the memory limit used for PVC clean up pods PVCCleanupPodMemoryLimit = "100Mi" // PVCCleanupPodMemoryRequest is the memory request used for PVC clean up pods PVCCleanupPodMemoryRequest = "32Mi" // PVCCleanupPodCPULimit is the cpu limit used for PVC clean up pods PVCCleanupPodCPULimit = "50m" // PVCCleanupPodCPURequest is the cpu request used for PVC clean up pods PVCCleanupPodCPURequest = "5m" // CommonStorageClassType defines the 'common' storage policy, which is an alias of the 'per-user' storage policy, and operates in the same fashion as the 'per-user' storage policy. // The 'common' storage policy exists only for legacy compatibility. CommonStorageClassType = "common" // PerUserStorageClassType defines the 'per-user' storage policy -- one PVC is provisioned per namespace and all devworkspace storage // is mounted in it on subpaths according to devworkspace ID. PerUserStorageClassType = "per-user" // AsyncStorageClassType defines the 'asynchronous' storage policy. An rsync sidecar is added to devworkspaces that uses SSH to connect // to a storage deployment that mounts a common PVC for the namespace. AsyncStorageClassType = "async" // EphemeralStorageClassType defines the 'ephemeral' storage policy: all volumes are allocated as emptyDir volumes and // so do not require cleanup. When a DevWorkspace is stopped, all local changes are lost. EphemeralStorageClassType = "ephemeral" // PerWorkspaceStorageClassType defines the 'per-workspace' storage policy: a PVC is provisioned for each workspace within the namespace. // All of the workspace's storage (volume mounts) are mounted on subpaths within the workspace's PVC. PerWorkspaceStorageClassType = "per-workspace" // CheCommonPVCName is the name of the common PVC equivalent used by Che. If present in the namespace, this PVC is mounted instead // of the default PVC when the 'common' or 'async' storage classes are used. CheCommonPVCName = "claim-che-workspace" // ProjectCloneDisable specifies that project cloning should be disabled. ProjectCloneDisable = "disable" )
Internal constants
View Source
const ( // DevWorkspaceNamespace contains env var name which value is the current namespace where DevWorkspace CR // and related objects live DevWorkspaceNamespace = "DEVWORKSPACE_NAMESPACE" // DevWorkspaceId contains env var name which which value is the .status.devworkspaceId of the related // DevWorkspace CR. It can be used to list related objects with WorkspaceIDLabel selector DevWorkspaceId = "DEVWORKSPACE_ID" // DevWorkspaceName contains env var name which value is name of the related DevWorkspace CR. // It can be used to list related objects with WorkspaceNameLabel selector DevWorkspaceName = "DEVWORKSPACE_NAME" // DevWorkspaceCreator contains env var name which value is the uid of the identity who created the related devworkspace DevWorkspaceCreator = "DEVWORKSPACE_CREATOR" // DevWorkspaceIdleTimeout contains env var name which value is the suggested idle timeout DevWorkspaceIdleTimeout = "DEVWORKSPACE_IDLE_TIMEOUT" // DevWorkspaceComponentName contains env var name which indicates from which devfile container component // the container is created from. Note the flattened devfile is used to evaluate it. DevWorkspaceComponentName = "DEVWORKSPACE_COMPONENT_NAME" DISPLAY = "DISPLAY" SSHAskPass = "SSH_ASKPASS" )
View Source
const ( // StorageCleanupFinalizer is used to block DevWorkspace deletion when it is necessary // to clean up persistent storage used for the workspace. StorageCleanupFinalizer = "storage.controller.devfile.io" // ServiceAccountCleanupFinalizer is used to block DevWorkspace deletion when it is // necessary to clean up additional non-workspace roles added to the workspace // serviceaccount // // Deprecated: Will not be added to new workspaces but needs to be tracked for // removal to ensure workspaces that used it previously will be cleaned up. ServiceAccountCleanupFinalizer = "serviceaccount.controller.devfile.io" // RBACCleanupFinalizer is used to block DevWorkspace deletion in order to ensure // the workspace role and rolebinding are cleaned up correctly. Since each workspace // serviceaccount is added to the workspace rolebinding, it is necessary to remove it // when a workspace is deleted RBACCleanupFinalizer = "rbac.controller.devfile.io" )
View Source
const ( // DevWorkspaceIDLabel is the label key to store workspace identifier DevWorkspaceIDLabel = "controller.devfile.io/devworkspace_id" // DevWorkspacePVCTypeLabel is the label key to identify PVCs used by DevWorkspaces and indicate their storage strategy. DevWorkspacePVCTypeLabel = "controller.devfile.io/devworkspace_pvc_type" // WorkspaceIdOverrideAnnotation is an annotation that can be applied to DevWorkspaces // to override the default DevWorkspace ID assigned by the Operator. Is only respected // when a DevWorkspace is created. Once a DevWorkspace has an ID set, it cannot be changed. WorkspaceIdOverrideAnnotation = "controller.devfile.io/devworkspace_id_override" // DevWorkspaceCreatorLabel is the label key for storing the UID of the user who created the workspace DevWorkspaceCreatorLabel = "controller.devfile.io/creator" // DevWorkspaceNameLabel is the label key to store workspace name DevWorkspaceNameLabel = "controller.devfile.io/devworkspace_name" // DevWorkspaceWatchConfigMapLabel marks a configmap so that it is watched by the controller. This label is required on all // configmaps that should be seen by the controller DevWorkspaceWatchConfigMapLabel = "controller.devfile.io/watch-configmap" // DevWorkspaceWatchSecretLabel marks a secret so that it is watched by the controller. This label is required on all // secrets that should be seen by the controller DevWorkspaceWatchSecretLabel = "controller.devfile.io/watch-secret" // DevWorkspaceMountLabel is the label key to store if a configmap, secret, or PVC should be mounted to the devworkspace DevWorkspaceMountLabel = "controller.devfile.io/mount-to-devworkspace" // DevWorkspaceMountPathAnnotation is the annotation key to store the mount path for the secret or configmap. // If no mount path is provided, configmaps will be mounted at /etc/config/<configmap-name>, secrets will // be mounted at /etc/secret/<secret-name>, and persistent volume claims will be mounted to /tmp/<claim-name> DevWorkspaceMountPathAnnotation = "controller.devfile.io/mount-path" // DevWorkspaceMountAsAnnotation is the annotation key to configure the way how configmaps or secrets should be mounted. // Supported options: // - "env" - mount as environment variables // - "file" - mount as files within the mount path // - "subpath" - mount keys as subpath volume mounts within the mount path // When a configmap or secret is mounted via "file", the keys within the configmap/secret are mounted as files // within a directory, erasing all contents of the directory. Mounting via "subpath" leaves existing files in the // mount directory changed, but prevents on-cluster changes to the configmap/secret propagating to the container // until it is restarted. // If mountAs is not provided, the default behaviour will be to mount as a file. DevWorkspaceMountAsAnnotation = "controller.devfile.io/mount-as" // DevWorkspaceMountAccessModeAnnotation is an annotation key used to configure the access mode for configmaps and // secrets mounted using the 'controller.devfile.io/mount-to-devworkspace' annotation. The access mode annotation // can either be specified as a decimal (e.g. '416') or as an octal by prefixing the number with zero (e.g. '0640') DevWorkspaceMountAccessModeAnnotation = "controller.devfile.io/mount-access-mode" // DevWorkspaceGitCredentialLabel is the label key to specify if the secret is a git credential. All secrets who // specify this label in a namespace will consolidate into one secret before mounting into a devworkspace. // Only secret data with the credentials key will be used and credentials must be the base64 encoded version // of https://{USERNAME}:{PERSONAL_ACCESS_TOKEN}@{GIT_WEBSITE} // E.g. echo -n "https://{USERNAME}:{PERSONAL_ACCESS_TOKEN}@{GIT_WEBSITE}" | base64 // see https://git-scm.com/docs/git-credential-store#_storage_format for more details DevWorkspaceGitCredentialLabel = "controller.devfile.io/git-credential" // DevWorkspaceGitTLSLabel is the label key to specify if the configmap is credentials for accessing a git server. // Configmap must contain the following data: // certificate: the certificate used to access the git server in Base64 ASCII // You can also optionally define the git host. // host: the url of the git server // If the git host is not defined then the certificate will be used for all http repositories. DevWorkspaceGitTLSLabel = "controller.devfile.io/git-tls-credential" // GitCredentialsConfigMapName is the name used for the configmap that stores the Git configuration for workspaces // in a given namespace. It is used when e.g. adding Git credentials via secret GitCredentialsConfigMapName = "devworkspace-gitconfig" // SSHSecretName is the name used for the secret that stores the SSH key data for workspaces in a given namespace. // TODO: This is a workaround for https://github.com/devfile/devworkspace-operator/issues/1340. // We do not enforce the SSH secret to have this name, but it is used by the Che Dashboard and this allows us // to detect if the user has provided an SSH key with a passhprase. SSHSecretName = "git-ssh-key" // SSHSecretPassphraseKey is the key used to retrieve the optional passphrase stored inside the SSH secret. SSHSecretPassphraseKey = "passphrase" SshAskPassConfigMapName = "devworkspace-ssh-askpass" // GitCredentialsMergedSecretName is the name for the merged Git credentials secret that is mounted to workspaces // when Git credentials are defined. This secret combines the values of any secrets labelled // "controller.devfile.io/git-credential" GitCredentialsMergedSecretName = "devworkspace-merged-git-credentials" // DevWorkspaceMountAsEnv is the annotation value for DevWorkspaceMountAsAnnotation to mount the resource as environment variables // via envFrom DevWorkspaceMountAsEnv = "env" // DevWorkspaceMountAsFile is the annotation value for DevWorkspaceMountAsAnnotation to mount the resource as files DevWorkspaceMountAsFile = "file" // DevWorkspaceMountAsSubpath is the annotation value for DevWorkspaceMountAsAnnotation to mount the resource as files using subpath // mounts DevWorkspaceMountAsSubpath = "subpath" // DevWorkspaceMountReadyOnlyAnnotation is an annotation to configure whether a mounted volume is as read-write or // as read-only. If "true", the volume is mounted as read-only. PersistentVolumeClaims are by default mounted // read-write. Automounted configmaps and secrets are always mounted read-only and this annotation is ignored. DevWorkspaceMountReadyOnlyAnnotation = "controller.devfile.io/read-only" // DevWorkspaceRestrictedAccessAnnotation marks the intention that devworkspace access is restricted to only the creator; setting this // annotation will cause devworkspace start to fail if webhooks are disabled. // Operator also propagates it to the devworkspace-related objects to perform authorization. DevWorkspaceRestrictedAccessAnnotation = "controller.devfile.io/restricted-access" // DevWorkspaceStartedStatusAnnotation is applied to subresources of DevWorkspaces to indicate the owning object's // .spec.started value. This annotation is applied to DevWorkspaceRoutings to trigger reconciles when a DevWorkspace // is started or stopped. DevWorkspaceStartedStatusAnnotation = "controller.devfile.io/devworkspace-started" // DevWorkspaceStopReasonAnnotation marks the reason why the devworkspace was stopped; when a devworkspace is restarted // this annotation will be cleared DevWorkspaceStopReasonAnnotation = "controller.devfile.io/stopped-by" // DevWorkspaceDebugStartAnnotation enables debugging workspace startup if set to "true". If a workspace with this annotation // fails to start (i.e. enters the "Failed" phase), its deployment will not be scaled down in order to allow viewing logs, etc. DevWorkspaceDebugStartAnnotation = "controller.devfile.io/debug-start" // WebhookRestartedAtAnnotation holds the the time (unixnano) of when the webhook server was forced to restart by controller WebhookRestartedAtAnnotation = "controller.devfile.io/restarted-at" // DevWorkspaceStartedAtAnnotation holds the the time (unixnano) of when the devworkspace was started DevWorkspaceStartedAtAnnotation = "controller.devfile.io/started-at" // RoutingAnnotationInfix is the infix of the annotations of DevWorkspace that are passed down as annotation to the DevWorkspaceRouting objects. // The full annotation name is supposed to be "<routingClass>.routing.controller.devfile.io/<anything>" RoutingAnnotationInfix = ".routing.controller.devfile.io/" // DevWorkspaceEndpointNameAnnotation is the annotation key for storing an endpoint's name from the devfile representation DevWorkspaceEndpointNameAnnotation = "controller.devfile.io/endpoint_name" // DevWorkspaceDiscoverableServiceAnnotation marks a service in a devworkspace as created for a discoverable endpoint, // as opposed to a service created to support the devworkspace itself. DevWorkspaceDiscoverableServiceAnnotation = "controller.devfile.io/discoverable-service" // DevWorkspacePullSecretLabel marks the intention that this secret should be used as a pull secret for devworkspaces within namespace // Only secrets with 'true' value will be mount as pull secret // Should be assigned to secrets with type docker config types (kubernetes.io/dockercfg and kubernetes.io/dockerconfigjson) DevWorkspacePullSecretLabel = "controller.devfile.io/devworkspace_pullsecret" // NamespacedConfigLabelKey is a label applied to configmaps to mark them as a configuration for all DevWorkspaces in // the current namespace. NamespacedConfigLabelKey = "controller.devfile.io/namespaced-config" // NamespacePodTolerationsAnnotation is an annotation applied to a namespace to configure pod tolerations for all workspaces // in that namespace. Value should be json-encoded []corev1.Toleration struct. NamespacePodTolerationsAnnotation = "controller.devfile.io/pod-tolerations" // NamespaceNodeSelectorAnnotation is an annotation applied to a namespace to configure the node selector for all workspaces // in that namespace. Value should be json-encoded map[string]string NamespaceNodeSelectorAnnotation = "controller.devfile.io/node-selector" )
Constants that are used in labels and annotations on DevWorkspace-related resources.
Variables ¶
View Source
var ( intstr.FromInt(0) // Maximum number of excesss workspace pods when using the RollingUpdate deployment strategy RollingUpdateMaximumSurge = intstr.FromInt(1) )RollingUpdateMaxUnavailable =
View Source
var ControllerAppLabels = func() map[string]string { return map[string]string{ "app.kubernetes.io/name": "devworkspace-controller", "app.kubernetes.io/part-of": "devworkspace-operator", } }
Labels which should be used for controller related objects
Functions ¶
This section is empty.
Types ¶
This section is empty.
Click to show internal directories.
Click to hide internal directories.