Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Web Terminal Tooling depends on injecting kubeconfig into the first available container #258

Closed
amisevsk opened this issue Feb 3, 2021 · 2 comments · Fixed by eclipse-che/che-machine-exec#129
Closed

Web Terminal Tooling depends on injecting kubeconfig into the first available container #258

amisevsk opened this issue Feb 3, 2021 · 2 comments · Fixed by eclipse-che/che-machine-exec#129
Assignees
@amisevsk

Comments

@amisevsk
Copy link
Collaborator

amisevsk commented Feb 3, 2021

Description

The Web Terminal Tooling plugin handles /exec/init calls by attempting to inject kubeconfig into the first container in the pod. If this fails, the whole call fails, so the plugin only works when the tooling container is first in the list.

However, the devfile/api functions for merging plugin components into a devworkspace merge components in the order 1. Parent, 2. Plugins, 3. Main content, resulting in the tooling container being last in the list. This causes web terminal to fail with changes from #240

Short-term solution

The web terminal should resolve the first compatible container (i.e. if it can't resolve an exec in the first container, it should try the second, etc.)

Long-term solution

We need a way of specifying where web terminal should inject kubeconfig.
@amisevsk amisevsk mentioned this issue Feb 3, 2021
Merged
3 tasks
@amisevsk
Copy link
Collaborator Author

amisevsk commented Feb 4, 2021

A more isolated test: using the current master branch and the flattened_web-terminal.yaml sample, switching the order of components causes web terminal to fail on crc:

Works:

kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
metadata:
  name: web-terminal
  annotations:
    controller.devfile.io/restricted-access: "true"
  labels:
    # it's a label OpenShift console uses a flag to mark terminal's workspaces
    console.openshift.io/terminal: "true"
spec:
  started: true
  routingClass: 'web-terminal'
  template:
    components:
      # TODO: Remove once defaulting for web terminal is implemented.
      - name: dev
        container:
          image: quay.io/wto/web-terminal-tooling:latest
          mountSources: false
          memoryLimit: 256Mi
          args: ["tail", "-f", "/dev/null"]
          env:
            - value: '\[\e[34m\]>\[\e[m\]\[\e[33m\]>\[\e[m\]'
              name: PS1
      - name: web-terminal
        container:
          image: quay.io/eclipse/che-machine-exec:nightly
          mountSources: false
          command: ["/go/bin/che-machine-exec",
                    "--authenticated-user-id", "$(DEVWORKSPACE_CREATOR)",
                    "--idle-timeout", "$(DEVWORKSPACE_IDLE_TIMEOUT)",
                    "--pod-selector", "controller.devfile.io/workspace_id=$(CHE_WORKSPACE_ID)",
                    "--use-bearer-token",
                    "--use-tls"]
          endpoints:
            - name: web-terminal
              targetPort: 4444
              attributes:
                protocol: http
                type: ide
                discoverable: "false"
                secure: "true"
                cookiesAuthEnabled: "true"
          env:
            - name: USE_BEARER_TOKEN
              value: "true"

Does not work:

kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
metadata:
  name: web-terminal
  annotations:
    controller.devfile.io/restricted-access: "true"
  labels:
    # it's a label OpenShift console uses a flag to mark terminal's workspaces
    console.openshift.io/terminal: "true"
spec:
  started: true
  routingClass: 'web-terminal'
  template:
    components:
      - name: web-terminal
        container:
          image: quay.io/eclipse/che-machine-exec:nightly
          mountSources: false
          command: ["/go/bin/che-machine-exec",
                    "--authenticated-user-id", "$(DEVWORKSPACE_CREATOR)",
                    "--idle-timeout", "$(DEVWORKSPACE_IDLE_TIMEOUT)",
                    "--pod-selector", "controller.devfile.io/workspace_id=$(CHE_WORKSPACE_ID)",
                    "--use-bearer-token",
                    "--use-tls"]
          endpoints:
            - name: web-terminal
              targetPort: 4444
              attributes:
                protocol: http
                type: ide
                discoverable: "false"
                secure: "true"
                cookiesAuthEnabled: "true"
          env:
            - name: USE_BEARER_TOKEN
              value: "true"
      # TODO: Remove once defaulting for web terminal is implemented.
      - name: dev
        container:
          image: quay.io/wto/web-terminal-tooling:latest
          mountSources: false
          memoryLimit: 256Mi
          args: ["tail", "-f", "/dev/null"]
          env:
            - value: '\[\e[34m\]>\[\e[m\]\[\e[33m\]>\[\e[m\]'
              name: PS1

@amisevsk
Copy link
Collaborator Author

amisevsk commented Feb 4, 2021

Error message:
Screenshot from 2021-02-04 12-25-30

@amisevsk amisevsk mentioned this issue Feb 4, 2021
Merged
@sleshchenko sleshchenko mentioned this issue Feb 5, 2021
Closed
23 tasks
@amisevsk amisevsk mentioned this issue Feb 9, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amisevsk amisevsk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix issue where /exec/init calls put kubeconfig in first container amisevsk/che-machine-exec
1 participant
@amisevsk