constants

package
v0.31.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 7, 2024 License: Apache-2.0 Imports: 1 Imported by: 3

Documentation

Overview

Package constants defines constant values used throughout the DevWorkspace Operator

Index

Constants

View Source
const (
	// DevWorkspaceStorageTypeAttribute defines the strategy used for provisioning storage for the workspace.
	// If empty, the common PVC strategy is used.
	// Supported options:
	// - "common":        Create one PVC per namespace, and store data for all workspaces in that namespace in that PVC
	// - "async" :        Create one PVC per namespace, and create a remote server that syncs data from workspaces to the PVC.
	//                    All volumeMounts used for devworkspaces are emptyDir
	// - "per-workspace": Create one PVC per workspace, delete that PVC when the workspace is deleted.
	// - "ephemeral":     Use emptyDir volumes for all volumes in the DevWorkspace. All data is lost when the workspace is
	//                    stopped.
	DevWorkspaceStorageTypeAttribute = "controller.devfile.io/storage-type"

	// ExternalDevWorkspaceConfiguration is an attribute that allows for specifying an (optional) external DevWorkspaceOperatorConfig
	// which will merged with the internal/global DevWorkspaceOperatorConfig. The DevWorkspaceOperatorConfig resulting from the merge will be used for the workspace.
	// The fields which are set in the external DevWorkspaceOperatorConfig will overwrite those existing in the
	// internal/global DevWorkspaceOperatorConfig during the merge.
	// The structure of the attribute value should contain two strings: name and namespace.
	// 'name' specifies the metadata.name of the external operator configuration.
	// 'namespace' specifies the metadata.namespace of the external operator configuration                                                                           .
	// For example:
	//
	//   attributes:
	//     controller.devfile.io/devworkspace-config:
	//         name: external-dwoc-name
	//         namespace: some-namespace
	ExternalDevWorkspaceConfiguration = "controller.devfile.io/devworkspace-config"

	// RuntimeClassNameAttribute is an attribute added to a DevWorkspace to specify a runtimeClassName for container
	// components in the DevWorkspace (pod.spec.runtimeClassName). If empty, no runtimeClassName is added.
	RuntimeClassNameAttribute = "controller.devfile.io/runtime-class"

	// WorkspaceEnvAttribute is an attribute that specifies a set of environment variables provided by a component
	// that should be added to all workspace containers. The structure of the attribute value should be a list of
	// Devfile 2.0 EnvVar, e.g.
	//
	//   attributes:
	//     workspaceEnv:
	//       - name: ENV_1
	//         value: VAL_1
	//       - name: ENV_2
	//         value: VAL_2
	WorkspaceEnvAttribute = "workspaceEnv"

	// WorkspaceSCCAttribute defines additional SCCs that should be added to the DevWorkspace. The user adding
	// this attribute to a workspace must have the RBAC permissions to "use" the SCC with the given name. For example,
	// to add the 'anyuid' SCC to the workspace Pod, the DevWorkspace should contain
	//
	//     spec:
	//       template:
	//         attributes:
	//           controller.devfile.io/scc: "anyuid"
	//
	// Creating a workspace with this attribute, or updating an existing workspace to include this attribute will fail
	// if the user making the request does not have the "use" permission for the "anyuid" SCC.
	// Only supported on OpenShift.
	WorkspaceSCCAttribute = "controller.devfile.io/scc"

	// ProjectCloneAttribute configures how the DevWorkspace will treat project cloning. By default, an init container
	// will be added to the workspace deployment to clone projects to the workspace before it starts. This attribute
	// must be applied to top-level attributes field in the DevWorkspace.
	// Supported options:
	// - "disable" - Disable automatic project cloning. No init container will be added to the workspace and projects
	//               will not be cloned into the workspace on start.
	ProjectCloneAttribute = "controller.devfile.io/project-clone"

	// PluginSourceAttribute is an attribute added to components, commands, and projects in a flattened
	// DevWorkspace representation to signify where the respective component came from (i.e. which plugin
	// or parent imported it)
	PluginSourceAttribute = "controller.devfile.io/imported-by"

	// EndpointURLAttribute is an attribute added to endpoints to denote the endpoint on the cluster that
	// was created to route to this endpoint
	EndpointURLAttribute = "controller.devfile.io/endpoint-url"

	// ContainerContributionAttribute defines a container component as a container contribution that should be merged
	// into an existing container in the devfile if possible. If no suitable container exists, this component
	// is treated as a regular container component
	ContainerContributionAttribute = "controller.devfile.io/container-contribution"

	// MergeContributionAttribute defines a container component as a target for merging a container contribution. If
	// present on a container component, any container contributions will be merged into that container. If multiple
	// container components have the merge-contribution attribute, the first one will be used and all others ignored.
	MergeContributionAttribute = "controller.devfile.io/merge-contribution"

	// MergedContributionsAttribute is applied as an attribute onto a component to list the components from the unflattened
	// DevWorkspace that have been merged into the current component. The contributions are listed in a comma-separated list.
	MergedContributionsAttribute = "controller.devfile.io/merged-contributions"

	// PodOverridesAttribute is an attribute applied to a container component or in global attributes to specify overrides
	// for the pod spec used in the main workspace deployment. The format of the field is the same as the Kubernetes
	// PodSpec API. Overrides are applied over the default pod template spec used via strategic merge patch.
	//
	// If this attribute is used multiple times, all overrides are applied in the order they are defined in the DevWorkspace,
	// with later values overriding previous ones. Overrides defined in the top-level attributes field are applied last and
	// override any overrides from container components.
	//
	// Example:
	//   kind: DevWorkspace
	//   apiVersion: workspace.devfile.io/v1alpha2
	//   spec:
	//     template:
	//       attributes:
	//         pod-overrides:
	//           metadata:
	//             annotations:
	//               io.openshift.userns: "true"
	//               io.kubernetes.cri-o.userns-mode: "auto:size=65536;map-to-root=true"  # <-- user namespace
	//               openshift.io/scc: container-build
	//           spec:
	//             runtimeClassName: kata
	//             schedulerName: stork
	PodOverridesAttribute = "pod-overrides"

	// ContainerOverridesAttribute is an attribute applied to a container component to specify arbitrary fields in that
	// container. This attribute should only be used to set fields that are not configurable in the container component
	// itself. Any values specified in the overrides attribute overwrite fields on the container.
	//
	// Example:
	//   components:
	//     - name: go
	//       attributes:
	//         container-overrides: {"resources":{"limits":{"nvidia.com/gpu": "1"}}}
	//       container:
	//         image: ...
	ContainerOverridesAttribute = "container-overrides"

	// StarterProjectAttribute is an attribute applied to the top-level attributes in a DevWorkspace to specify which
	// starterProject in the workspace should be cloned.
	StarterProjectAttribute = "controller.devfile.io/use-starter-project"

	// BootstrapDevWorkspaceAttribute is an attribute applied to the top-level attributes in a DevWorkspace to configure
	// the project-clone container to "bootstrap" the DevWorkspace from a devfile.yaml or .devfile.yaml file at the root
	// of a cloned project. If the bootstrap process is successful, project-clone will automatically remove this attribute
	// from the DevWorkspace
	BootstrapDevWorkspaceAttribute = "controller.devfile.io/bootstrap-devworkspace"
)

Constants that are used in attributes on DevWorkspace elements (components, endpoints, etc.)

View Source
const (
	DefaultProjectsSourcesRoot = "/projects"

	HomeUserDirectory = "/home/user/"

	HomeVolumeName = "persistent-home"

	HomeInitComponentName = "init-persistent-home"

	HomeInitEventId = "init-persistent-home"

	SshAgentStartEventId = "init-ssh-agent-command"

	ServiceAccount = "devworkspace"

	PVCStorageSize = "10Gi"

	// DevWorkspaceIDLoggerKey is the key used to log workspace ID in the reconcile
	DevWorkspaceIDLoggerKey = "devworkspace_id"

	// ControllerServiceAccountNameEnvVar stores the name of the serviceaccount used in the controller.
	ControllerServiceAccountNameEnvVar = "CONTROLLER_SERVICE_ACCOUNT_NAME"

	// PVCCleanupPodMemoryLimit is the memory limit used for PVC clean up pods
	PVCCleanupPodMemoryLimit = "100Mi"

	// PVCCleanupPodMemoryRequest is the memory request used for PVC clean up pods
	PVCCleanupPodMemoryRequest = "32Mi"

	// PVCCleanupPodCPULimit is the cpu limit used for PVC clean up pods
	PVCCleanupPodCPULimit = "50m"

	// PVCCleanupPodCPURequest is the cpu request used for PVC clean up pods
	PVCCleanupPodCPURequest = "5m"

	// CommonStorageClassType defines the 'common' storage policy, which is an alias of the 'per-user' storage policy, and operates in the same fashion as the 'per-user' storage policy.
	// The 'common' storage policy exists only for legacy compatibility.
	CommonStorageClassType = "common"
	// PerUserStorageClassType defines the 'per-user' storage policy -- one PVC is provisioned per namespace and all devworkspace storage
	// is mounted in it on subpaths according to devworkspace ID.
	PerUserStorageClassType = "per-user"
	// AsyncStorageClassType defines the 'asynchronous' storage policy. An rsync sidecar is added to devworkspaces that uses SSH to connect
	// to a storage deployment that mounts a common PVC for the namespace.
	AsyncStorageClassType = "async"
	// EphemeralStorageClassType defines the 'ephemeral' storage policy: all volumes are allocated as emptyDir volumes and
	// so do not require cleanup. When a DevWorkspace is stopped, all local changes are lost.
	EphemeralStorageClassType = "ephemeral"
	// PerWorkspaceStorageClassType defines the 'per-workspace' storage policy: a PVC is provisioned for each workspace within the namespace.
	// All of the workspace's storage (volume mounts) are mounted on subpaths within the workspace's PVC.
	PerWorkspaceStorageClassType = "per-workspace"

	// CheCommonPVCName is the name of the common PVC equivalent used by Che. If present in the namespace, this PVC is mounted instead
	// of the default PVC when the 'common' or 'async' storage classes are used.
	CheCommonPVCName = "claim-che-workspace"

	// ProjectCloneDisable specifies that project cloning should be disabled.
	ProjectCloneDisable = "disable"
)

Internal constants

View Source
const (
	// DevWorkspaceNamespace contains env var name which value is the current namespace where DevWorkspace CR
	// and related objects live
	DevWorkspaceNamespace = "DEVWORKSPACE_NAMESPACE"

	// DevWorkspaceId contains env var name which which value is the .status.devworkspaceId of the related
	// DevWorkspace CR. It can be used to list related objects with WorkspaceIDLabel selector
	DevWorkspaceId = "DEVWORKSPACE_ID"

	// DevWorkspaceName contains env var name which value is name of the related DevWorkspace CR.
	// It can be used to list related objects with WorkspaceNameLabel selector
	DevWorkspaceName = "DEVWORKSPACE_NAME"

	// DevWorkspaceCreator contains env var name which value is the uid of the identity who created the related devworkspace
	DevWorkspaceCreator = "DEVWORKSPACE_CREATOR"

	// DevWorkspaceIdleTimeout contains env var name which value is the suggested idle timeout
	DevWorkspaceIdleTimeout = "DEVWORKSPACE_IDLE_TIMEOUT"

	// DevWorkspaceComponentName contains env var name which indicates from which devfile container component
	// the container is created from. Note the flattened devfile is used to evaluate it.
	DevWorkspaceComponentName = "DEVWORKSPACE_COMPONENT_NAME"
	DISPLAY                   = "DISPLAY"
	SSHAskPass                = "SSH_ASKPASS"
)
View Source
const (
	// StorageCleanupFinalizer is used to block DevWorkspace deletion when it is necessary
	// to clean up persistent storage used for the workspace.
	StorageCleanupFinalizer = "storage.controller.devfile.io"
	// ServiceAccountCleanupFinalizer is used to block DevWorkspace deletion when it is
	// necessary to clean up additional non-workspace roles added to the workspace
	// serviceaccount
	//
	// Deprecated: Will not be added to new workspaces but needs to be tracked for
	// removal to ensure workspaces that used it previously will be cleaned up.
	ServiceAccountCleanupFinalizer = "serviceaccount.controller.devfile.io"
	// RBACCleanupFinalizer is used to block DevWorkspace deletion in order to ensure
	// the workspace role and rolebinding are cleaned up correctly. Since each workspace
	// serviceaccount is added to the workspace rolebinding, it is necessary to remove it
	// when a workspace is deleted
	RBACCleanupFinalizer = "rbac.controller.devfile.io"
)
View Source
const (
	// DevWorkspaceIDLabel is the label key to store workspace identifier
	DevWorkspaceIDLabel = "controller.devfile.io/devworkspace_id"

	// DevWorkspacePVCTypeLabel is the label key to identify PVCs used by DevWorkspaces and indicate their storage strategy.
	DevWorkspacePVCTypeLabel = "controller.devfile.io/devworkspace_pvc_type"

	// WorkspaceIdOverrideAnnotation is an annotation that can be applied to DevWorkspaces
	// to override the default DevWorkspace ID assigned by the Operator. Is only respected
	// when a DevWorkspace is created. Once a DevWorkspace has an ID set, it cannot be changed.
	WorkspaceIdOverrideAnnotation = "controller.devfile.io/devworkspace_id_override"

	// DevWorkspaceCreatorLabel is the label key for storing the UID of the user who created the workspace
	DevWorkspaceCreatorLabel = "controller.devfile.io/creator"

	// DevWorkspaceNameLabel is the label key to store workspace name
	DevWorkspaceNameLabel = "controller.devfile.io/devworkspace_name"

	// DevWorkspaceWatchConfigMapLabel marks a configmap so that it is watched by the controller. This label is required on all
	// configmaps that should be seen by the controller
	DevWorkspaceWatchConfigMapLabel = "controller.devfile.io/watch-configmap"

	// DevWorkspaceWatchSecretLabel marks a secret so that it is watched by the controller. This label is required on all
	// secrets that should be seen by the controller
	DevWorkspaceWatchSecretLabel = "controller.devfile.io/watch-secret"

	// DevWorkspaceMountLabel is the label key to store if a configmap, secret, or PVC should be mounted to the devworkspace
	DevWorkspaceMountLabel = "controller.devfile.io/mount-to-devworkspace"

	// DevWorkspaceMountPathAnnotation is the annotation key to store the mount path for the secret or configmap.
	// If no mount path is provided, configmaps will be mounted at /etc/config/<configmap-name>, secrets will
	// be mounted at /etc/secret/<secret-name>, and persistent volume claims will be mounted to /tmp/<claim-name>
	DevWorkspaceMountPathAnnotation = "controller.devfile.io/mount-path"

	// DevWorkspaceMountAsAnnotation is the annotation key to configure the way how configmaps or secrets should be mounted.
	// Supported options:
	// - "env" - mount as environment variables
	// - "file" - mount as files within the mount path
	// - "subpath" - mount keys as subpath volume mounts within the mount path
	// When a configmap or secret is mounted via "file", the keys within the configmap/secret are mounted as files
	// within a directory, erasing all contents of the directory. Mounting via "subpath" leaves existing files in the
	// mount directory changed, but prevents on-cluster changes to the configmap/secret propagating to the container
	// until it is restarted.
	// If mountAs is not provided, the default behaviour will be to mount as a file.
	DevWorkspaceMountAsAnnotation = "controller.devfile.io/mount-as"

	// DevWorkspaceMountAccessModeAnnotation is an annotation key used to configure the access mode for configmaps and
	// secrets mounted using the 'controller.devfile.io/mount-to-devworkspace' annotation. The access mode annotation
	// can either be specified as a decimal (e.g. '416') or as an octal by prefixing the number with zero (e.g. '0640')
	DevWorkspaceMountAccessModeAnnotation = "controller.devfile.io/mount-access-mode"

	// DevWorkspaceGitCredentialLabel is the label key to specify if the secret is a git credential. All secrets who
	// specify this label in a namespace will consolidate into one secret before mounting into a devworkspace.
	// Only secret data with the credentials key will be used and credentials must be the base64 encoded version
	//	of https://{USERNAME}:{PERSONAL_ACCESS_TOKEN}@{GIT_WEBSITE}
	// E.g. echo -n "https://{USERNAME}:{PERSONAL_ACCESS_TOKEN}@{GIT_WEBSITE}" | base64
	// see https://git-scm.com/docs/git-credential-store#_storage_format for more details
	DevWorkspaceGitCredentialLabel = "controller.devfile.io/git-credential"

	// DevWorkspaceGitTLSLabel is the label key to specify if the configmap is credentials for accessing a git server.
	// Configmap must contain the following data:
	// certificate: the certificate used to access the git server in Base64 ASCII
	// You can also optionally define the git host.
	// host: the url of the git server
	// If the git host is not defined then the certificate will be used for all http repositories.
	DevWorkspaceGitTLSLabel = "controller.devfile.io/git-tls-credential"

	// GitCredentialsConfigMapName is the name used for the configmap that stores the Git configuration for workspaces
	// in a given namespace. It is used when e.g. adding Git credentials via secret
	GitCredentialsConfigMapName = "devworkspace-gitconfig"

	// SSHSecretName is the name used for the secret that stores the SSH key data for workspaces in a given namespace.
	// TODO: This is a workaround for https://github.com/devfile/devworkspace-operator/issues/1340.
	// We do not enforce the SSH secret to have this name, but it is used by the Che Dashboard and this allows us
	// to detect if the user has provided an SSH key with a passhprase.
	SSHSecretName = "git-ssh-key"

	// SSHSecretPassphraseKey is the key used to retrieve the optional passphrase stored inside the SSH secret.
	SSHSecretPassphraseKey = "passphrase"

	SshAskPassConfigMapName = "devworkspace-ssh-askpass"

	// GitCredentialsMergedSecretName is the name for the merged Git credentials secret that is mounted to workspaces
	// when Git credentials are defined. This secret combines the values of any secrets labelled
	// "controller.devfile.io/git-credential"
	GitCredentialsMergedSecretName = "devworkspace-merged-git-credentials"

	// DevWorkspaceMountAsEnv is the annotation value for DevWorkspaceMountAsAnnotation to mount the resource as environment variables
	// via envFrom
	DevWorkspaceMountAsEnv = "env"
	// DevWorkspaceMountAsFile is the annotation value for DevWorkspaceMountAsAnnotation to mount the resource as files
	DevWorkspaceMountAsFile = "file"
	// DevWorkspaceMountAsSubpath is the annotation value for DevWorkspaceMountAsAnnotation to mount the resource as files using subpath
	// mounts
	DevWorkspaceMountAsSubpath = "subpath"

	// DevWorkspaceMountReadyOnlyAnnotation is an annotation to configure whether a mounted volume is as read-write or
	// as read-only. If "true", the volume is mounted as read-only. PersistentVolumeClaims are by default mounted
	// read-write. Automounted configmaps and secrets are always mounted read-only and this annotation is ignored.
	DevWorkspaceMountReadyOnlyAnnotation = "controller.devfile.io/read-only"

	// DevWorkspaceRestrictedAccessAnnotation marks the intention that devworkspace access is restricted to only the creator; setting this
	// annotation will cause devworkspace start to fail if webhooks are disabled.
	// Operator also propagates it to the devworkspace-related objects to perform authorization.
	DevWorkspaceRestrictedAccessAnnotation = "controller.devfile.io/restricted-access"

	// DevWorkspaceStartedStatusAnnotation is applied to subresources of DevWorkspaces to indicate the owning object's
	// .spec.started value. This annotation is applied to DevWorkspaceRoutings to trigger reconciles when a DevWorkspace
	// is started or stopped.
	DevWorkspaceStartedStatusAnnotation = "controller.devfile.io/devworkspace-started"

	// DevWorkspaceStopReasonAnnotation marks the reason why the devworkspace was stopped; when a devworkspace is restarted
	// this annotation will be cleared
	DevWorkspaceStopReasonAnnotation = "controller.devfile.io/stopped-by"

	// DevWorkspaceDebugStartAnnotation enables debugging workspace startup if set to "true". If a workspace with this annotation
	// fails to start (i.e. enters the "Failed" phase), its deployment will not be scaled down in order to allow viewing logs, etc.
	DevWorkspaceDebugStartAnnotation = "controller.devfile.io/debug-start"

	// WebhookRestartedAtAnnotation holds the the time (unixnano) of when the webhook server was forced to restart by controller
	WebhookRestartedAtAnnotation = "controller.devfile.io/restarted-at"

	// DevWorkspaceStartedAtAnnotation holds the the time (unixnano) of when the devworkspace was started
	DevWorkspaceStartedAtAnnotation = "controller.devfile.io/started-at"

	// RoutingAnnotationInfix is the infix of the annotations of DevWorkspace that are passed down as annotation to the DevWorkspaceRouting objects.
	// The full annotation name is supposed to be "<routingClass>.routing.controller.devfile.io/<anything>"
	RoutingAnnotationInfix = ".routing.controller.devfile.io/"

	// DevWorkspaceEndpointNameAnnotation is the annotation key for storing an endpoint's name from the devfile representation
	DevWorkspaceEndpointNameAnnotation = "controller.devfile.io/endpoint_name"

	// DevWorkspaceDiscoverableServiceAnnotation marks a service in a devworkspace as created for a discoverable endpoint,
	// as opposed to a service created to support the devworkspace itself.
	DevWorkspaceDiscoverableServiceAnnotation = "controller.devfile.io/discoverable-service"

	// DevWorkspacePullSecretLabel marks the intention that this secret should be used as a pull secret for devworkspaces within namespace
	// Only secrets with 'true' value will be mount as pull secret
	// Should be assigned to secrets with type docker config types (kubernetes.io/dockercfg and kubernetes.io/dockerconfigjson)
	DevWorkspacePullSecretLabel = "controller.devfile.io/devworkspace_pullsecret"

	// NamespacedConfigLabelKey is a label applied to configmaps to mark them as a configuration for all DevWorkspaces in
	// the current namespace.
	NamespacedConfigLabelKey = "controller.devfile.io/namespaced-config"

	// NamespacePodTolerationsAnnotation is an annotation applied to a namespace to configure pod tolerations for all workspaces
	// in that namespace. Value should be json-encoded []corev1.Toleration struct.
	NamespacePodTolerationsAnnotation = "controller.devfile.io/pod-tolerations"

	// NamespaceNodeSelectorAnnotation is an annotation applied to a namespace to configure the node selector for all workspaces
	// in that namespace. Value should be json-encoded map[string]string
	NamespaceNodeSelectorAnnotation = "controller.devfile.io/node-selector"
)

Constants that are used in labels and annotations on DevWorkspace-related resources.

Variables

View Source
var (
	// Maximum number of unavailable workspace pods when using the RollingUpdate deployment strategy
	RollingUpdateMaxUnavailable = intstr.FromInt(0)
	// Maximum number of excesss workspace pods when using the RollingUpdate deployment strategy
	RollingUpdateMaximumSurge = intstr.FromInt(1)
)
View Source
var ControllerAppLabels = func() map[string]string {
	return map[string]string{
		"app.kubernetes.io/name":    "devworkspace-controller",
		"app.kubernetes.io/part-of": "devworkspace-operator",
	}
}

Labels which should be used for controller related objects

Functions

This section is empty.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL