Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ingress/Route per plugin endpoint #15432

Conversation

metlos
Copy link
Contributor

@metlos metlos commented Dec 9, 2019

What does this PR do?

Changes the way we create ingresses/routes, so that there is 1:1 mapping between an ingress/route and a plugin endpoint.

More than anything else, this enables 1 service to be reached from multiple URLs which hopefully helps enabling webview.

What issues does this PR fix or reference?

#15410 #15283

Additional Notes

This PR is a draft, because we've not gone through the design phase with this and I've not added any tests and most possibly broke others. Comments both on the possible better approach to this as well as the code itself are more than welcome.

…te per public

endpoint instead of merging the endpoints by port and only creating
ingresses/routes per exposed port.

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Dec 9, 2019

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@che-bot che-bot added kind/task Internal things, technical debt, and to-do tasks to be performed. status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. labels Dec 9, 2019
@metlos metlos added kind/enhancement A feature request - must adhere to the feature request template. team/platform labels Dec 9, 2019
@che-bot
Copy link
Contributor

che-bot commented Dec 9, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

…erver

be exposed on a unique location, separate from the other endpoints
sharing the same port.

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot

This comment has been minimized.

…e-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Dec 18, 2019

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

@che-bot
Copy link
Contributor

che-bot commented Dec 18, 2019

E2E tests of Eclipse Che Multiuser on OCP has been successful:

…e-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@metlos
Copy link
Contributor Author

metlos commented Dec 20, 2019

This PR adds a new attribute called unique on the plugin endpoints. Endpoints with this attribute set to true will always be exposed separately, even if they share the port with some other endpoints.

Example configuration:

apiVersion: v2
publisher: eclipse
name: che-theia
version: next
type: Che Editor
displayName: theia-ide
title: Eclipse Theia development version.
description: Eclipse Theia, get the latest release each day.
icon: https://raw.githubusercontent.com/theia-ide/theia/master/logo/theia-logo-no-text-black.svg?sanitize=true
category: Editor
repository: https://github.com/eclipse/che-theia
firstPublicationDate: "2019-03-07"
spec:
  endpoints:
   -  name: "theia"
      public: true
      targetPort: 3100
      attributes:
        protocol: http
        type: ide
        secure: true
        cookiesAuthEnabled: true
        discoverable: false
        unique: true
...

In the current state, there seems to be some problem with single-host server strategy and this implementation - at least the welcome plugin is not able to correctly show the welcome page, but that hints possibly at some larger problem. The multi-host mode doesn't exhibit that problem though.

@metlos
Copy link
Contributor Author

metlos commented Dec 20, 2019

Note that I've uploaded a new image that contains the code from this PR on top the master in revision 4744a70: quay.io/lkrejci/che-server:7.7.0-issue-15283

@azatsarynnyy
Copy link
Member

Hi @metlos,
thanks for the Che Server image. I tested it with Che Theia applying the patch eclipse-che/che-theia#591.
It works as expected. Webviews are accessible through the separate endpoint eclipse-che/che-plugin-registry#335.

Are you planning to merge this PR in master soon?

@AndrienkoAleksandr
Copy link
Contributor

Hello, @metlos I a bit tested your pr, and found that it works only if the server attribute type is the same for server endpoints. Is it expected behavior? For me it looks badly, because actually we are using type attribute to find server from among others... @azatsarynnyy Do you agree?

…e-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@metlos
Copy link
Contributor Author

metlos commented Jan 6, 2020

it works only if the server attribute type is the same for server endpoints.

Could you please provide some sample plugin and a description of what does not work?

@azatsarynnyy
Copy link
Member

@AndrienkoAleksandr I've used this meta.yaml for testing.
There're two endpoints (theia and webviews) with the same targetPort but different type.
I've got different links for such endpoints. So, everything works as expected for me.
Maybe your case is a bit different @AndrienkoAleksandr

@metlos
Copy link
Contributor Author

metlos commented Jan 10, 2020

So given @azatsarynnyy 's comment, I think this PR is feature complete.

I am locally making some small refactorings to improve the code structure, so once that's done, I think we're ready to review and test this to get it merged.

So the outstanding tasks are the following:

  1. Finish the refactoring
  2. In the PR review, please focus on handling of the PreviewUrl command provisioning - the changes there are a little bit "speculative" and I would like to hear the opinions on whether it actually makes sense
  3. Test this PR under all deployment scenarios, namely:
    • Single-user, single-host,
    • Multi-user, single-host,
    • Single-user, multi-host,
    • Multi-user, multi-host,,

While webviews are meant to only work with TLS, I think che server still needs to work in non-tls deployments because users might not be using Che Theia as their editor.

…e-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
…e-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@metlos metlos marked this pull request as ready for review January 17, 2020 11:40
@metlos metlos requested a review from amisevsk as a code owner January 17, 2020 11:40
@che-bot
Copy link
Contributor

che-bot commented Jan 21, 2020

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)


try {
ServicePort exposedServicePort =
proxyProvisioner.expose(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need a dedicated port for each exposableServerSet here?
It's kind of surprise me that here we are in a loop of onEachExposableServerSet invoke exposer.expose that will do iterate on onEachExposableServerSet more more time https://github.com/eclipse/che/blob/d46eb20398472a8e2a751002b1ae0ac85b5f56ef/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/external/ExternalServerExposer.java#L97
Did I miss something, if not - can we avoid it?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a dedicated port, because a server set needs to be exposed uniquely. So we need a unique route so that the user "sees" it as unique, but we also need a unique jwt service (and therefore a port), so that the backing service sees it as a request coming from a unique domain.

Good catch of calling onEachExposableServerSet twice unnecessarily. Because of the changes to correctly handle the preview URL, the exposeAsSingle method is now public on the server exposer as well, so we can use that instead in the jwt server exposer.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but we also need a unique jwt service (and therefore a port), so that the backing service sees it as a request coming from a unique domain.

Sorry, but I did not get it. Why backing service cares about domain requests come? Could you elaborate more?
In my understanding purpose why we introduce unique servers: for browser not to send all shared cookies...
And I don't understand how using one JwtProxy can break it...

@skabashnyuk
Copy link
Contributor

@metlos can you please provide some updates to https://github.com/eclipse/che-plugin-registry#plugin-meta-yaml-structure documentation explaining the usage of unique attribute.

@AndrienkoAleksandr
Copy link
Contributor

@metlos can you please provide some updates to https://github.com/eclipse/che-plugin-registry#plugin-meta-yaml-structure documentation explaining the usage of unique attribute.

It will be good to have this information also in the che-doc https://github.com/eclipse/che-docs/blob/master/src/main/pages/che-7/end-user-guide/ref_che-theia-plug-in-metadata.adoc
But up to you.

exposure.

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Jan 22, 2020

E2E tests of Eclipse Che Multiuser on OCP has failed:

@che-bot
Copy link
Contributor

che-bot commented Jan 22, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

…3-multiple-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
Copy link
Member

@sleshchenko sleshchenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suppose code can be a bit simplified by moving onExposableSet on KubernetesServerExposer level but it requires some work and I'm not sure it will work in all corner cases. It needs to try to understand it better.

So, the current state is good enough to proceed with it 👍

location.

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Jan 24, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@che-bot
Copy link
Contributor

che-bot commented Jan 24, 2020

E2E tests of Eclipse Che Multiuser on OCP has failed:

Copy link
Member

@sleshchenko sleshchenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now code is even simpler 🎉

@metlos
Copy link
Contributor Author

metlos commented Jan 27, 2020

ci-test

@metlos
Copy link
Contributor Author

metlos commented Jan 27, 2020

crw-ci-test

@che-bot
Copy link
Contributor

che-bot commented Jan 27, 2020

E2E tests of Eclipse Che Multiuser on OCP has failed:

@metlos
Copy link
Contributor Author

metlos commented Jan 27, 2020

ci-test

@metlos
Copy link
Contributor Author

metlos commented Jan 27, 2020

crw-ci-test

@che-bot
Copy link
Contributor

che-bot commented Jan 27, 2020

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@che-bot
Copy link
Contributor

che-bot commented Jan 27, 2020

E2E tests of Eclipse Che Multiuser on OCP has failed:

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
…e-plugin-endpoints-on-the-same-port

Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Jan 27, 2020

✅ E2E Happy path tests succeed 🎉

See Details

Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1)

@che-bot
Copy link
Contributor

che-bot commented Jan 27, 2020

E2E tests of Eclipse Che Multiuser on OCP has been successful:

@metlos metlos merged commit d1c45ef into eclipse-che:master Jan 27, 2020
@che-bot che-bot added this to the 7.8.0 milestone Jan 27, 2020
@che-bot che-bot removed the status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. label Jan 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement A feature request - must adhere to the feature request template. kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants