diff --git a/deploy/openshift/ocp.sh b/deploy/openshift/ocp.sh index fa338bcaa55d..58908877d9db 100755 --- a/deploy/openshift/ocp.sh +++ b/deploy/openshift/ocp.sh @@ -91,26 +91,28 @@ test_dns_provider() { } get_tools() { - TOOLS_DIR="/tmp" - OC_BINARY="$TOOLS_DIR/oc" - JQ_BINARY="$TOOLS_DIR/jq" - OC_VERSION=$(echo $DEFAULT_OC_BINARY_DOWNLOAD_URL | cut -d '/' -f 8) + DEFAULT_OCP_TOOLS_DIR="/tmp" + export OCP_TOOLS_DIR=${OCP_TOOLS_DIR:-${DEFAULT_OCP_TOOLS_DIR}} + + OC_BINARY="$OCP_TOOLS_DIR/oc" + JQ_BINARY="$OCP_TOOLS_DIR/jq" + OC_VERSION=$(echo $OC_BINARY_DOWNLOAD_URL | cut -d '/' -f 8) #OS specific extract archives if [[ "$OSTYPE" == "darwin"* ]]; then OC_PACKAGE="openshift-origin-client-tools.zip" - ARCH="unzip -d $TOOLS_DIR" + ARCH="unzip -d $OCP_TOOLS_DIR" EXTRA_ARGS="" else OC_PACKAGE="openshift-origin-client-tools.tar.gz" ARCH="tar --strip 1 -xzf" - EXTRA_ARGS="-C $TOOLS_DIR" + EXTRA_ARGS="-C $OCP_TOOLS_DIR" fi download_oc() { echo "download oc client $OC_VERSION" - wget -q -O $TOOLS_DIR/$OC_PACKAGE $OC_BINARY_DOWNLOAD_URL - eval "$ARCH" "$TOOLS_DIR"/"$OC_PACKAGE" "$EXTRA_ARGS" &>/dev/null - rm -f "$TOOLS_DIR"/README.md "$TOOLS_DIR"/LICENSE "${TOOLS_DIR:-/tmp}"/"$OC_PACKAGE" + wget -O $OCP_TOOLS_DIR/$OC_PACKAGE $OC_BINARY_DOWNLOAD_URL + eval "$ARCH" "$OCP_TOOLS_DIR"/"$OC_PACKAGE" "$EXTRA_ARGS" &>/dev/null + rm -f "$OCP_TOOLS_DIR"/README.md "$OCP_TOOLS_DIR"/LICENSE "${OCP_TOOLS_DIR:-/tmp}"/"$OC_PACKAGE" } if [[ ! -f $OC_BINARY ]]; then @@ -118,17 +120,17 @@ get_tools() { else # here we check is installed version is same version defined in script, if not we update version to one that defined in script. if [[ $($OC_BINARY version 2> /dev/null | grep "oc v" | cut -d " " -f2 | cut -d '+' -f1 || true) != *"$OC_VERSION"* ]]; then - rm -f "$OC_BINARY" "$TOOLS_DIR"/README.md "$TOOLS_DIR"/LICENSE + rm -f "$OC_BINARY" "$OCP_TOOLS_DIR"/README.md "$OCP_TOOLS_DIR"/LICENSE download_oc fi fi if [ ! -f $JQ_BINARY ]; then echo "download jq..." - wget -q -O $JQ_BINARY $JQ_BINARY_DOWNLOAD_URL + wget -O $JQ_BINARY $JQ_BINARY_DOWNLOAD_URL chmod +x $JQ_BINARY fi - export PATH=${PATH}:${TOOLS_DIR} + export PATH=${PATH}:${OCP_TOOLS_DIR} } ocp_is_booted() { diff --git a/deploy/openshift/templates/multi/keycloak-template.yaml b/deploy/openshift/templates/multi/keycloak-template.yaml index b0fd6e89efdd..909055d64549 100644 --- a/deploy/openshift/templates/multi/keycloak-template.yaml +++ b/deploy/openshift/templates/multi/keycloak-template.yaml @@ -61,7 +61,7 @@ objects: optional: true image: '${IMAGE_KEYCLOAK}:${CHE_VERSION}' command: ["/scripts/kc_realm_user.sh"] - imagePullPolicy: Always + imagePullPolicy: IfNotPresent name: keycloak livenessProbe: failureThreshold: 11 diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesInternalRuntime.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesInternalRuntime.java index 9756eac4c32d..3e9d337ba184 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesInternalRuntime.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/KubernetesInternalRuntime.java @@ -17,6 +17,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.inject.assistedinject.Assisted; +import io.fabric8.kubernetes.api.model.ConfigMap; import io.fabric8.kubernetes.api.model.Container; import io.fabric8.kubernetes.api.model.ObjectMeta; import io.fabric8.kubernetes.api.model.Pod; @@ -470,6 +471,10 @@ protected void startMachines() throws InfrastructureException { namespace.secrets().create(secret); } + for (ConfigMap configMap : k8sEnv.getConfigMaps().values()) { + namespace.configMaps().create(configMap); + } + List createdServices = new ArrayList<>(); for (Service service : k8sEnv.getServices().values()) { createdServices.add(namespace.services().create(service)); diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesDeployments.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesDeployments.java index a194bba617c5..6f69b1f38911 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesDeployments.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesDeployments.java @@ -124,6 +124,8 @@ public Pod deploy(Pod pod) throws InfrastructureException { putLabel(pod, CHE_WORKSPACE_ID_LABEL, workspaceId); ObjectMeta metadata = pod.getMetadata(); PodSpec podSpec = pod.getSpec(); + //TODO Remove + podSpec.getContainers().stream().forEach(c -> c.setImagePullPolicy("IfNotPresent")); podSpec.setRestartPolicy("Always"); // Only allowable value try { Deployment deployment = diff --git a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java index 42fb263f21b9..fafefdd2e31c 100644 --- a/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java +++ b/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/secure/jwtproxy/JwtProxyProvisioner.java @@ -18,11 +18,11 @@ import static org.eclipse.che.workspace.infrastructure.kubernetes.server.KubernetesServerExposer.SERVER_UNIQUE_PART_SIZE; import com.google.common.collect.ImmutableMap; +import io.fabric8.kubernetes.api.model.ConfigMap; +import io.fabric8.kubernetes.api.model.ConfigMapBuilder; import io.fabric8.kubernetes.api.model.ContainerBuilder; import io.fabric8.kubernetes.api.model.Pod; import io.fabric8.kubernetes.api.model.PodBuilder; -import io.fabric8.kubernetes.api.model.Secret; -import io.fabric8.kubernetes.api.model.SecretBuilder; import io.fabric8.kubernetes.api.model.Service; import io.fabric8.kubernetes.api.model.ServicePort; import io.fabric8.kubernetes.api.model.ServicePortBuilder; @@ -100,9 +100,9 @@ public ServicePort expose( proxyConfigBuilder.addVerifierProxy( listenPort, "http://" + backendServiceName + ":" + backendServicePort); k8sEnv - .getSecrets() - .get(getSecretName()) - .getStringData() + .getConfigMaps() + .get(getConfigMapName()) + .getData() .put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build()); ServicePort exposedPort = @@ -123,8 +123,8 @@ public String getServiceName() { return serviceName; } - /** Returns secret name that will be mounted into JWTProxy Pod. */ - public String getSecretName() { + /** Returns config map name that will be mounted into JWTProxy Pod. */ + private String getConfigMapName() { return "jwtproxy-config-" + identity.getWorkspaceId(); } @@ -138,23 +138,23 @@ private void ensureJwtProxyInjected(KubernetesEnvironment k8sEnv) throws Infrast throw new InternalInfrastructureException( "Key pair for machine authentication does not exist"); } - Map initSecretData = new HashMap<>(); - initSecretData.put( + Map initConfigMapData = new HashMap<>(); + initConfigMapData.put( JWT_PROXY_PUBLIC_KEY_FILE, PUBLIC_KEY_HEADER + java.util.Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()) + PUBLIC_KEY_FOOTER); - initSecretData.put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build()); + initConfigMapData.put(JWT_PROXY_CONFIG_FILE, proxyConfigBuilder.build()); - Secret jwtProxySecret = - new SecretBuilder() + ConfigMap jwtProxyConfigMap = + new ConfigMapBuilder() .withNewMetadata() - .withName(getSecretName()) + .withName(getConfigMapName()) .endMetadata() - .withStringData(initSecretData) + .withData(initConfigMapData) .build(); - k8sEnv.getSecrets().put(jwtProxySecret.getMetadata().getName(), jwtProxySecret); + k8sEnv.getConfigMaps().put(jwtProxyConfigMap.getMetadata().getName(), jwtProxyConfigMap); Service jwtProxyService = new ServerServiceBuilder() @@ -198,9 +198,9 @@ private Pod createJwtProxyPod(RuntimeIdentity identity) { .withVolumes( new VolumeBuilder() .withName("jwtproxy-config-volume") - .withNewSecret() - .withSecretName("jwtproxy-config-" + identity.getWorkspaceId()) - .endSecret() + .withNewConfigMap() + .withName("jwtproxy-config-" + identity.getWorkspaceId()) + .endConfigMap() .build()) .endSpec() .build(); diff --git a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInternalRuntime.java b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInternalRuntime.java index bec9c6390f34..42036b5a3005 100644 --- a/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInternalRuntime.java +++ b/infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/OpenShiftInternalRuntime.java @@ -12,6 +12,7 @@ import com.google.common.collect.ImmutableSet; import com.google.inject.assistedinject.Assisted; +import io.fabric8.kubernetes.api.model.ConfigMap; import io.fabric8.kubernetes.api.model.Pod; import io.fabric8.kubernetes.api.model.Secret; import io.fabric8.kubernetes.api.model.Service; @@ -98,6 +99,10 @@ protected void startMachines() throws InfrastructureException { project.secrets().create(secret); } +// for (ConfigMap configMap : osEnv.getConfigMaps().values()) { +// project.configMaps().create(configMap); +// } + List createdServices = new ArrayList<>(); for (Service service : osEnv.getServices().values()) { createdServices.add(project.services().create(service));