-
Notifications
You must be signed in to change notification settings - Fork 164
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: configuring a user namespace (#2674)
* feat: configuring a user namespace Signed-off-by: Anatolii Bazko <abazko@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com> * Update modules/administration-guide/pages/configuring-a-user-namespace.adoc * Improvements Signed-off-by: Anatolii Bazko <abazko@redhat.com> * fixups Signed-off-by: Anatolii Bazko <abazko@redhat.com> * fixups Signed-off-by: Anatolii Bazko <abazko@redhat.com> --------- Signed-off-by: Anatolii Bazko <abazko@redhat.com> Co-authored-by: Jana Vrbkova <jvrbkova@redhat.com>
- Loading branch information
1 parent
de00aae
commit fbfd367
Showing
2 changed files
with
183 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
182 changes: 182 additions & 0 deletions
182
modules/administration-guide/pages/configuring-a-user-namespace.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,182 @@ | ||
| :_content-type: PROCEDURE | ||
| :description: Configuring a user namespace | ||
| :keywords: administration guide, configuring, user, namespace | ||
| :navtitle: Configuring a user namespace | ||
| :page-aliases: | ||
|
|
||
| [id="configuring-a-user-namespace"] | ||
| = Configuring a user namespace | ||
|
|
||
| This procedure walks you through the process of using {prod-short} | ||
| to replicate `ConfigMaps`, `Secrets` and `PersistentVolumeClaim` from `{prod-namespace}` namespace to numerous | ||
| user-specific namespaces. The {prod-short} automates the synchronization of important configuration | ||
| data such as passwords, SSH keys, and certificates to user namespaces. | ||
|
|
||
| If you make changes to a {kubernetes} resource in an {prod-namespace} namespace, | ||
| {prod-short} will immediately replicate the changes across all users namespaces. | ||
| In reverse, if a {kubernetes} resource is modified in a user namespace, | ||
| {prod-short} will immediately revert the changes. | ||
|
|
||
| .Procedure | ||
|
|
||
| . Create the `ConfigMap` below to replicate it to every user namespace. | ||
| To enhance the configurability, you can customize the `ConfigMap` by adding additional labels and annotations. | ||
| See the link:https://github.com/devfile/devworkspace-operator/blob/main/docs/additional-configuration.adoc#automatically-mounting-volumes-configmaps-and-secrets[Automatically mounting volumes, configmaps, and secrets] | ||
| for other possible labels and annotations. | ||
| + | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| kind: ConfigMap | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: user-configmap | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| data: | ||
| ... | ||
| ---- | ||
| + | ||
| .Mounting a `settings.xml` file to a user workspace: | ||
| ==== | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| kind: ConfigMap | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: user-settings-xml | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| annotations: | ||
| controller.devfile.io/mount-as: subpath | ||
| controller.devfile.io/mount-path: /home/user/.m2 | ||
| data: | ||
| settings.xml: | | ||
| <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> | ||
| <localRepository>/home/user/.m2/repository</localRepository> | ||
| <interactiveMode>true</interactiveMode> | ||
| <offline>false</offline> | ||
| </settings> | ||
| ---- | ||
| ==== | ||
|
|
||
| . Create the `Secret` below to replicate it to every user namespace. | ||
| To enhance the configurability, you can customize the `Secret` by adding additional labels and annotations. | ||
| See the link:https://github.com/devfile/devworkspace-operator/blob/main/docs/additional-configuration.adoc#automatically-mounting-volumes-configmaps-and-secrets[Automatically mounting volumes, configmaps, and secrets] | ||
| for other possible labels and annotations. | ||
| + | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| kind: Secret | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: user-secret | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| data: | ||
| ... | ||
| ---- | ||
| + | ||
| .Mounting certificates to a user workspace: | ||
| ==== | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| kind: Secret | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: user-certificates | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| annotations: | ||
| controller.devfile.io/mount-as: subpath | ||
| controller.devfile.io/mount-path: /etc/pki/ca-trust/source/anchors | ||
| stringData: | ||
| trusted-certificates.crt: | | ||
| ... | ||
| ---- | ||
| NOTE: Run `update-ca-trust` command on workspace startup to import certificates. | ||
| It can be achieved manually or by adding this command to a `postStart` event in a devfile. | ||
| See the link:https://devfile.io/docs/2.2.2/adding-event-bindings#post-start-object[Adding event bindings in a devfile]. | ||
| ==== | ||
| + | ||
| .Mounting environment variables to a user workspace: | ||
| ==== | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| kind: Secret | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: user-env | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| annotations: | ||
| controller.devfile.io/mount-as: env | ||
| stringData: | ||
| ENV_VAR_1: value_1 | ||
| ENV_VAR_2: value_2 | ||
| ---- | ||
| ==== | ||
|
|
||
| . Create the `PersistentVolumeClaim` below to replicate it to every user namespace. | ||
| + | ||
| To enhance the configurability, you can customize the `PersistentVolumeClaim` by adding additional labels and annotations. | ||
| See the link:https://github.com/devfile/devworkspace-operator/blob/main/docs/additional-configuration.adoc#automatically-mounting-volumes-configmaps-and-secrets[Automatically mounting volumes, configmaps, and secrets] | ||
| for other possible labels and annotations. | ||
| + | ||
| To modify the 'PersistentVolumeClaim', delete it and create a new one in {prod-namespace} namespace. | ||
| + | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| apiVersion: v1 | ||
| kind: PersistentVolumeClaim | ||
| metadata: | ||
| name: user-pvc | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| spec: | ||
| ... | ||
| ---- | ||
| + | ||
| .Mounting a `PersistentVolumeClaim` to a user workspace: | ||
| ==== | ||
| [source,yaml,subs="+attributes,+quotes"] | ||
| ---- | ||
| apiVersion: v1 | ||
| kind: PersistentVolumeClaim | ||
| metadata: | ||
| name: user-pvc | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| app.kubernetes.io/component: workspaces-config | ||
| controller.devfile.io/mount-to-devworkspace: 'true' | ||
| annotations: | ||
| controller.devfile.io/mount-path: /home/user/data | ||
| controller.devfile.io/read-only: 'true' | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 5Gi | ||
| volumeMode: Filesystem | ||
| ---- | ||
| ==== | ||
|
|
||
| .Additional resources | ||
| * xref:end-user-guide:mounting-configmaps.adoc[] | ||
| * xref:end-user-guide:mounting-secrets.adoc[] | ||
| * xref:end-user-guide:requesting-persistent-storage-for-workspaces.adoc[] | ||
| * link:https://github.com/devfile/devworkspace-operator/blob/main/docs/additional-configuration.adoc#automatically-mounting-volumes-configmaps-and-secrets[Automatically mounting volumes, configmaps, and secrets] | ||
|
|