feat: 沙箱添加探针; 部署前检测数量上限

apiserver/paasng/conf.yaml.tpl

@@ -796,6 +796,26 @@ BK_AUDIT_ENDPOINT = ""
 # SERVICES_PLUGINS: {}
 
 
+## ---------------------------------------- 沙箱相关配置 ----------------------------------------
+
+## dev sandbox 中 devserver 的监听地址
+#DEV_SANDBOX_DEVSERVER_PORT: 8000
+## 沙箱镜像
+#DEV_SANDBOX_IMAGE: ''
+## 沙箱工作目录
+#DEV_SANDBOX_WORKSPACE: '/cnb/devsandbox/src'
+## 启动沙箱的数量上限,管理员通过集群的剩余资源计算得出
+#DEV_SANDBOX_COUNT_LIMIT: 5
+## 沙箱跨域访问源地址
+#DEV_SANDBOX_CORS_ALLOW_ORIGINS: ''
+
+## dev sandbox 中 code-editor 的监听地址
+#CODE_EDITOR_PORT: 8080
+## code-editor 的镜像
+#CODE_EDITOR_IMAGE: codercom/code-server:4.9.0
+## code-editor 的项目启动目录
+#CODE_EDITOR_START_DIR: '/home/coder/project'
+
 ## ---------------------------------------- 资源限制配置 ----------------------------------------
 
 ## Web 模块默认副本数量，默认值：{'stag': 1, 'prod': 2}

apiserver/paasng/paas_wl/bk_app/dev_sandbox/kres_slzs/code_editor.py

@@ -61,6 +61,11 @@ def _construct_pod_spec(self, obj: "CodeEditor") -> Dict:
             "env": [{"name": str(key), "value": str(value)} for key, value in obj.runtime.envs.items()],
             "imagePullPolicy": obj.runtime.image_pull_policy,
             "ports": [{"containerPort": port_pair.target_port} for port_pair in CODE_SVC_PORT_PAIRS],
+            "readinessProbe": {
+                "httpGet": {"port": settings.CODE_EDITOR_PORT, "path": "/healthz"},
+                # 主要为了解决服务就绪，ingress 未就绪的问题
+                "successThreshold": 3,
+            },
         }
 
         if obj.resources:

apiserver/paasng/paas_wl/bk_app/dev_sandbox/kres_slzs/sandbox.py

@@ -61,6 +61,11 @@ def _construct_pod_spec(self, obj: "DevSandbox") -> Dict:
             "env": [{"name": str(key), "value": str(value)} for key, value in obj.runtime.envs.items()],
             "imagePullPolicy": obj.runtime.image_pull_policy,
             "ports": [{"containerPort": port_pair.target_port} for port_pair in DEV_SANDBOX_SVC_PORT_PAIRS],
+            "readinessProbe": {
+                "httpGet": {"port": settings.DEV_SANDBOX_DEVSERVER_PORT, "path": "/healthz"},
+                # 主要为了解决服务就绪，ingress 未就绪的问题
+                "successThreshold": 3,
+            },
         }
 
         if obj.resources:

apiserver/paasng/paasng/accessories/dev_sandbox/config_var.py

@@ -50,6 +50,10 @@ def generate_envs(app: Application, module: Module) -> Dict[str, str]:
         envs["REQUIRED_BUILDPACKS"] = _buildpacks_as_build_env(buildpacks)
 
     envs.update(_get_devserver_env())
+
+    # Inject cors config
+    envs.update({"CORS_ALLOW_ORIGINS": settings.DEV_SANDBOX_CORS_ALLOW_ORIGINS})
+
     return envs
 
 

apiserver/paasng/paasng/accessories/dev_sandbox/management/commands/recycle_dev_sandbox.py

@@ -53,6 +53,6 @@ def handle(self, all, *args, **options):
                 dev_sandbox_code=dev_sandbox.code,
                 owner=dev_sandbox.owner,
             )
-            if all or dev_sandbox.is_expired():
+            if all or dev_sandbox.should_recycle():
                 controller.delete()
                 dev_sandbox.delete()

apiserver/paasng/paasng/accessories/dev_sandbox/management/commands/renew_dev_sandbox_expired_at.py

@@ -47,7 +47,7 @@ def handle(self, *args, **options):
             url = detail.urls.code_editor_health_url
             # 沙箱相关域名无法确定协议，因此全部遍历 http 和 https
             if check_alive(f"http://{url}") or check_alive(f"https://{url}"):
-                dev_sandbox.renew_expire_at()
+                dev_sandbox.renew_expired_at()
 
 
 # 通过 code_editor_health_url 检查沙箱是否存活

apiserver/paasng/paasng/accessories/dev_sandbox/models.py

@@ -50,7 +50,7 @@ class DevSandbox(OwnerTimestampedModel):
 
     def renew_expired_at(self):
         self.expired_at = timezone.now() + timezone.timedelta(hours=2)
-        self.save(update_fields=["expire_at"])
+        self.save(update_fields=["expired_at"])
 
     def should_recycle(self) -> bool:
         """检查是否应该被回收"""

apiserver/paasng/paasng/accessories/dev_sandbox/serializers.py

@@ -28,10 +28,19 @@
 class DevSandboxDetailSLZ(serializers.Serializer):
     """Serializer for dev sandbox detail"""
 
-    url = serializers.CharField(help_text="dev sandbox 服务地址")
+    app_url = serializers.SerializerMethodField(help_text="dev sandbox saas 应用服务地址")
+    devserver_url = serializers.SerializerMethodField(help_text="dev sandbox devserver 服务地址")
     token = serializers.CharField(help_text="访问 dev sandbox 中 devserver 服务的 token")
     status = serializers.ChoiceField(choices=HealthPhase.get_django_choices(), help_text="dev sandbox 的运行状态")
 
+    def get_app_url(self, obj):
+        # 拼接 app_url
+        return f"{obj['url']}/app/"
+
+    def get_devserver_url(self, obj):
+        # 拼接 devserver_url
+        return f"{obj['url']}/devserver/"
+
 
 class CreateDevSandboxWithCodeEditorSLZ(serializers.Serializer):
     """Serializer for create dev sandbox"""
@@ -84,7 +93,7 @@ class Meta:
         fields = [
             "id",
             "status",
-            "expire_at",
+            "expired_at",
             "version_info_dict",
             "created",
             "updated",

apiserver/paasng/paasng/accessories/dev_sandbox/urls.py

@@ -28,6 +28,10 @@
         make_app_pattern(r"/user/dev_sandbox_with_code_editor/$", include_envs=False),
         DevSandboxWithCodeEditorViewSet.as_view({"post": "deploy", "delete": "delete", "get": "get_detail"}),
     ),
+    re_path(
+        r"api/bkapps/applications/(?P<code>[^/]+)/user/dev_sandbox_with_code_editors/pre_deploy_check/$",
+        DevSandboxWithCodeEditorViewSet.as_view({"get": "pre_deploy_check"}),
+    ),
     re_path(
         r"api/bkapps/applications/(?P<code>[^/]+)/user/dev_sandbox_with_code_editors/lists/$",
         DevSandboxWithCodeEditorViewSet.as_view({"get": "list_app_dev_sandbox"}),

apiserver/paasng/paasng/accessories/dev_sandbox/views.py

@@ -19,6 +19,7 @@
 from typing import Dict
 
 from bkpaas_auth.models import User
+from django.conf import settings
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import status
 from rest_framework.permissions import IsAuthenticated
@@ -98,6 +99,9 @@ class DevSandboxWithCodeEditorViewSet(GenericViewSet, ApplicationCodeInPathMixin
     @swagger_auto_schema(request_body=CreateDevSandboxWithCodeEditorSLZ, responses={"201": "没有返回数据"})
     def deploy(self, request, code, module_name):
         """部署开发沙箱"""
+        if DevSandbox.objects.count() >= settings.DEV_SANDBOX_COUNT_LIMIT:
+            raise error_codes.DEV_SANDBOX_COUNT_OVER_LIMIT
+
         app = self.get_application()
         module = self.get_module_via_path()
 
@@ -126,7 +130,7 @@ def deploy(self, request, code, module_name):
             code=dev_sandbox_code,
         )
         # 更新过期时间
-        dev_sandbox.renew_expire_at()
+        dev_sandbox.renew_expired_at()
 
         # 生成代码编辑器密码
         password = generate_password()
@@ -167,6 +171,7 @@ def deploy(self, request, code, module_name):
             dev_sandbox.delete()
             raise error_codes.DEV_SANDBOX_ALREADY_EXISTS
         except Exception:
+            controller.delete()
             dev_sandbox.delete()
             raise
 
@@ -247,6 +252,15 @@ def list_app_dev_sandbox(self, request, code):
 
         return Response(data=DevSandboxSLZ(dev_sandboxes, many=True).data)
 
+    @swagger_auto_schema(tags=["开发沙箱"])
+    def pre_deploy_check(self, request, code):
+        """部署前确认是否可以部署"""
+        # 判断开发沙箱数量是否超过限制
+        if DevSandbox.objects.count() >= settings.DEV_SANDBOX_COUNT_LIMIT:
+            return Response(data={"result": False})
+
+        return Response(data={"result": True})
+
     @staticmethod
     def _get_version_info(user: User, module: Module, params: Dict) -> VersionInfo:
         """Get VersionInfo from user inputted params"""

apiserver/paasng/paasng/settings/workloads.py

@@ -85,21 +85,33 @@
 # 默认容器内监听地址
 CONTAINER_PORT = settings.get("CONTAINER_PORT", 5000)
 
+# 服务相关插件配置
+SERVICES_PLUGINS = settings.get("SERVICES_PLUGINS", default={})
+
+
+# ---------------
+# 沙箱相关配置
+# ---------------
+
 # dev sandbox 中 devserver 的监听地址
 DEV_SANDBOX_DEVSERVER_PORT = settings.get("DEV_SANDBOX_DEVSERVER_PORT", 8000)
+# 沙箱镜像
 DEV_SANDBOX_IMAGE = settings.get("DEV_SANDBOX_IMAGE", "bkpaas/dev-heroku-bionic:latest")
+# 沙箱工作目录
 DEV_SANDBOX_WORKSPACE = settings.get("DEV_SANDBOX_WORKSPACE", "/cnb/devsandbox/src")
+# 启动沙箱的数量上限,管理员通过集群的剩余资源计算得出
+DEV_SANDBOX_COUNT_LIMIT = settings.get("DEV_SANDBOX_COUNT_LIMIT", 5)
+# 沙箱跨域访问源地址
+DEV_SANDBOX_CORS_ALLOW_ORIGINS = settings.get("DEV_SANDBOX_CORS_ALLOW_ORIGINS", "")
 
 # dev sandbox 中 code-editor 的监听地址
 CODE_EDITOR_PORT = settings.get("CODE_EDITOR_PORT", 8080)
+# code-editor 的镜像
 CODE_EDITOR_IMAGE = settings.get("CODE_EDITOR_IMAGE", "codercom/code-server:4.9.0")
 # code-editor 的项目启动目录
 CODE_EDITOR_START_DIR = settings.get("CODE_EDITOR_START_DIR", "/home/coder/project")
 
 
-# 服务相关插件配置
-SERVICES_PLUGINS = settings.get("SERVICES_PLUGINS", default={})
-
 # ---------------
 # 资源命名配置
 # ---------------

apiserver/paasng/paasng/utils/error_codes.py

@@ -184,6 +184,7 @@ class ErrorCodes:
     # dev sandbox
     DEV_SANDBOX_ALREADY_EXISTS = ErrorCode("dev sandbox already exists", status_code=409)
     DEV_SANDBOX_NOT_FOUND = ErrorCode("dev sandbox not found")
+    DEV_SANDBOX_COUNT_OVER_LIMIT = ErrorCode("dev sandbox count over limit")
 
     def dump(self, fh=None):
         """A function to dump ErrorCodes as markdown table."""

apiserver/paasng/tests/api/test_dev_sandbox.py

@@ -56,4 +56,9 @@ def test_get_container_detail(self, api_client, bk_app, bk_module):
             )
             response = api_client.get(f"/api/bkapps/applications/{bk_app.code}/modules/{bk_module.name}/dev_sandbox/")
             assert response.status_code == 200
-            assert response.data == {"url": "http://bkpaas.devcontainer.com", "token": token, "status": "Healthy"}
+            assert response.data == {
+                "devserver_url": "http://bkpaas.devcontainer.com/devserver/",
+                "app_url": "http://bkpaas.devcontainer.com/app/",
+                "token": token,
+                "status": "Healthy",
+            }

apiserver/paasng/tests/paas_wl/bk_app/dev_sandbox/test_kres_slzs.py

@@ -80,6 +80,10 @@ def test_serialize(self, gvk_config, dev_sandbox_entity):
                                     {"containerPort": settings.DEV_SANDBOX_DEVSERVER_PORT},
                                     {"containerPort": settings.CONTAINER_PORT},
                                 ],
+                                "readinessProbe": {
+                                    "successThreshold": 3,
+                                    "httpGet": {"port": settings.DEV_SANDBOX_DEVSERVER_PORT, "path": "/healthz"},
+                                },
                                 "resources": {
                                     "requests": {"cpu": "200m", "memory": "512Mi"},
                                     "limits": {"cpu": "4", "memory": "2Gi"},
@@ -125,6 +129,10 @@ def test_serialize_with_source_code_config(self, gvk_config, source_configured_d
                                     {"containerPort": settings.DEV_SANDBOX_DEVSERVER_PORT},
                                     {"containerPort": settings.CONTAINER_PORT},
                                 ],
+                                "readinessProbe": {
+                                    "successThreshold": 3,
+                                    "httpGet": {"port": settings.DEV_SANDBOX_DEVSERVER_PORT, "path": "/healthz"},
+                                },
                                 "resources": {
                                     "requests": {"cpu": "200m", "memory": "512Mi"},
                                     "limits": {"cpu": "4", "memory": "2Gi"},
@@ -347,6 +355,10 @@ def test_serialize(self, gvk_config, code_editor_entity):
                                 "ports": [
                                     {"containerPort": settings.CODE_EDITOR_PORT},
                                 ],
+                                "readinessProbe": {
+                                    "successThreshold": 3,
+                                    "httpGet": {"port": settings.CODE_EDITOR_PORT, "path": "/healthz"},
+                                },
                                 "resources": {
                                     "requests": {"cpu": "200m", "memory": "512Mi"},
                                     "limits": {"cpu": "4", "memory": "2Gi"},