-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make workspace routes more user-friendly #1672
Conversation
Skipping CI for Draft Pull Request. |
Codecov Report
@@ Coverage Diff @@
## main #1672 +/- ##
==========================================
+ Coverage 59.93% 60.18% +0.25%
==========================================
Files 70 71 +1
Lines 8332 8430 +98
==========================================
+ Hits 4994 5074 +80
- Misses 2992 3008 +16
- Partials 346 348 +2
|
return normalize(routing.ObjectMeta.OwnerReferences[0].Name), nil | ||
} | ||
|
||
func normalize(username string) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return "", err | ||
} | ||
username := string(secret.Data["name"]) | ||
return normalize(username), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The username is being read from the user-profile
secret created by che-server, which is why this PR depends on eclipse-che/che-server#508
Another way to read the username could be to read the che.eclipse.org/username
annotation from the user namespace
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW, che.eclipse.org/username
annotation might not exist
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have a backup plan instead of throwing an error if Secret doesn't exist ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm afraid there is no backup plan right now if that secret does not exist, are there other ways to detect the username?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about using the legacy route name if username is unknown?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
whereas a backup plan could be nice to have, using user-profile
section should be robust in general e.g. if it is deleted from the namespace it would be re-created next time user access the dashboard
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After more investigation, I think the minikube tests are failing because the user-profile
secret is not created when the user namespace and workspace is created by applying templates (ie, without using the dashboard)
As a result, workspaces cannot start
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dkwon17 thanks for the investigation, so in this case the flow when devworkspace is created using oc apply
command is going to also fail if there is no user-profile secret in the namespace, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ibuziuk yes, that's right
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am currently working on the legacy routes in this case, as suggested by @tolusha
/retest |
1 similar comment
/retest |
Without the che-server side PR, the user's username would not be found and workspaces would not start. I've also added a new commit to deal with providing the Che-operator ClusterRole permissions to update ingresses, which is needed for this PR for allowing starting older workspaces to start minikube. This is needed because, this PR will update older workspaces' ingresses to have an updated The ClusterRole update likely fixes eclipse-che/che#22166, although I haven't confirmed that |
/retest |
@dkwon17 important note, that we should cherry-pick the PR to 7.67.x for 3.7 once merged |
efd218b
to
00b627d
Compare
I've updated the PR to use legacy routing if the username and devworkspace name cannot be detected To test the legacy routing:
|
configs = append(configs, *workspaceConfig) | ||
} | ||
} | ||
|
||
return configs, nil | ||
} | ||
|
||
func (c *CheRoutingSolver) getInfraSpecificExposer(cheCluster *chev2.CheCluster, routing *dwo.DevWorkspaceRouting, objs *solvers.RoutingObjects) (func(info *EndpointInfo), error) { | ||
func getNormalizedUsername(c client.Client, namespace string) (string, error) { | ||
username, err := getUsernameFromNamespace(c, namespace) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The username is also being read from the namespace as well, in the case that the admin has pre-provisioned the namespaces following the doc, since in this case, the user-profile
secret would not be created
Hi @dmytro-ndp for your comment #1672 (comment), I noticed that the devfile registry pod scheduling happens when the I wonder if replacing the che-operator pod with the custom container image affects the scheduling for the devfile registry pod, potentially causing the devfile registry pod scheduling to take longer Hi @tolusha , could this be the reason for the |
@dmytro-ndp I cannot reproduce the issue with clusterbot, but by any chance, do you know if the same error will happen if you use a different che-operator image, like |
No, that can't be a reason. I can't reproduce the issue either. |
We are ok to merge as long as all checks passed. |
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: David Kwon <dakwon@redhat.com>
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Conflicts resolved. |
Please use this one quay.io/abazko/operator:friendlyroute |
Build 3.8 :: operator-bundle_3.x/1437: Console, Changes, Git Data |
"chectl server:deploy" command had failed when deploy to test OCP cluster with even though there was
At the same time Eclipse Che has deployed successful after doesn't matter chectl command had failed. I have also checked new endpoint URL additionally, using "spring-petclinic" sample > "devfile: run-with-mysql" task - it worked as expected:
I have also checked the case when there are several workspaces using the same endpoint.
Conclusion: PR looked good to merge. |
Build 3.8 :: operator-bundle_3.x/1438: Console, Changes, Git Data |
Build 3.8 :: operator-bundle_3.x/1439: Console, Changes, Git Data |
Build 3.8 :: operator-bundle_3.x/1440: Console, Changes, Git Data |
Build 3.8 :: operator-bundle_3.x/1441: Console, Changes, Git Data |
@dkwon17 my understanding is that for the editor endpoint we use |
@l0rd I didn't have a technical reason, I used |
@dkwon17 is there a strong reason you decided that external ingress host names should have a period in them causing them to be treated as subdomains? I'm struggling with this choice to make it work properly with real SSL certificates. Please see the eclipse/che issue I tagged this on above and if you have any thoughts on workarounds I'd appreciate it. |
Fixes eclipse-che/che#20598
Depends on eclipse-che/che-server#508
What does this PR do?
Workspace URL
Before this PR, the workspace url would be something like:
After this PR, the workspace URL becomes:
Public endpoints defined in devfile
For public endpoints defined in the devfile (example)
Before this PR:
After this PR:
Screenshot/screencast of this PR
Workspace URL:
Route
spec.host
:What issues does this PR fix or reference?
eclipse-che/che#20598
How to test this PR?
1. After deploying Che, update the(CheCluster patch not needed anymore)che-server
image:{CHE-HOST}/{USERNAME}/{DW-NAME}/3100/
{DW-ID}-tools-8080-list-all-food
, where thespec.host
is{USERNAME}.{DW-NAME}.list-all-food.{INGRESS-DOMAIN}
PR Checklist
As the author of this Pull Request I made sure that:
What issues does this PR fix or reference
andHow to test this PR
completedReviewers
Reviewers, please comment how you tested the PR when approving it.