Don't fail workspaces that use Kubernetes/OpenShift components with URIs

[amisevsk]

What does this PR do?

Update how Kubernetes/OpenShift components with URIs are handled:

• If a component has deployByDefault: false, it is ignored and workspace starts normally (the component is expected to be applied later, e.g. via an apply command
• If a component has deployByDefault: true, it is not applied to the cluster if it uses a URI, and instead the workspace gets a warning condition. This effectively downgrades the webhook rejection to a warning condition

What issues does this PR fix or reference?

Closes #1103

Is it tested? How?

Apply the DevWorkspace

apiVersion: workspace.devfile.io/v1alpha2
kind: DevWorkspace
metadata:
  name: plain
spec:
  routingClass: basic
  started: true
  template:
    attributes:
      controller.devfile.io/storage-type: ephemeral
    components:
    - name: web-terminal
      container:
        command: ["tail", "-f", "/dev/null"]
        image: quay.io/amisevsk/web-terminal-tooling:dev
        memoryLimit: 512Mi
        mountSources: true
    - name: test-k8s
      kubernetes: 
        deployByDefault: false
        uri: https://raw.githubusercontent.com/devfile/devworkspace-operator/main/deploy/deployment/kubernetes/objects/devworkspace-controller-metrics.Service.yaml

Update the workspace to set deployByDefault:

• If false, workspace should start normally, without any issues or warnings
• If true, the workspace should still start, but have a warning condition:

  Ignored components that use unsupported features: component test-k8s
  defines a Kubernetes/OpenShift component via URI

PR Checklist

• E2E tests pass (when PR is ready, comment /test v8-devworkspace-operator-e2e, v8-che-happy-path to trigger)
  • v8-devworkspace-operator-e2e: DevWorkspace e2e test
  • v8-che-happy-path: Happy path for verification integration with Che

[AObuchow]

Code looks good to me and works as expected on OpenShift 4.12.
Minor comment regarding documentation, but LGTM

[AObuchow]

Documentation should be changed to ...a URI will cause a WarningError to be returned

[AObuchow]

A future improvement could be to return a webhook warning (so that the dashboard could display it) but for now, I don't think this is necessary.

[codecov]

Codecov Report

Patch coverage: 62.50% and project coverage change: -0.02 ⚠️

Comparison is base (89370ce) 51.64% compared to head (0319e70) 51.62%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1104      +/-   ##
==========================================
- Coverage   51.64%   51.62%   -0.02%     
==========================================
  Files          79       79              
  Lines        7285     7299      +14     
==========================================
+ Hits         3762     3768       +6     
- Misses       3237     3243       +6     
- Partials      286      288       +2     

Impacted Files	Coverage Δ
webhook/workspace/handler/kubernetes.go	0.00% <0.00%> (ø)
pkg/library/kubernetes/provision.go	72.50% <54.54%> (-7.79%)	⬇️
pkg/library/kubernetes/util.go	95.55% <100.00%> (+0.55%)	⬆️

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[amisevsk]

/retest

[l0rd]

@amisevsk do you have an already built image to test this PR?

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amisevsk, AObuchow, ibuziuk

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [amisevsk]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[l0rd]

I have tested with https://github.com/devfile-samples/devfile-sample-go-basic.git and I was able to start the workspace successfully.

The weird thing is that my workspace pod has 3 containers (but it may be related to a dashboard issue that ignores the parent and adds a default component):

NOTE: I have tested using Dev Spaces 3.6

[amisevsk]

do you have an already built image to test this PR?

I didn't build a specific image for this PR, so it was only pushed to quay.io/amisevsk/devworkspace-controller:dev (which is the image I use for whatever I'm working on).

The weird thing is that my workspace pod has 3 containers (but it may be related to a dashboard issue that ignores the parent and adds a default component):

This should be reported as an issue on the Eclipse Che side -- it looks like something is going wrong with merging components. The runtime component is coming from the parent, but since #993 the che-code-runtime-description component should have been merged into it automatically (i.e. even without the explicit merge-components attribute). I tried briefly to reproduce the issue but would need to roll changes from this PR out to test properly.

[l0rd]

I opened the parent issue a few weeks ago and it has been fixed Che-side but not back ported to 3.6. So yes, probably related to that.