Plugin flattening

[amisevsk]

(Don't worry about line count, 1100 lines are from test cases and 400 are from new devworkspace samples)

What does this PR do?

Readds support for Plugins in DevWorkspaces by implementing basic plugin resolution and merging.

Commits:

• Add a basic implementation of plugins based on k8s NamespacedName references, as described in the devfile API spec.
• Use this new implementation to resolve plugins in the main reconcile loop (could potentially be moved to a subresource in the future)
• Some minor fixups to the reconcile loop (since we now have to be careful to not update the workspace accidentally)
• Add samples to support new functionality (samples/plugins contains plugin definitions; samples/with-k8s-ref contains devworkspaces that reference these plugins)
• Add support for plugin overriding (components and commands)
• Add checking for plugin import cycles (plugin a -> plugin b -> plugin a) to avoid killing the controller due to stack overflows
• Add really basic support for plugin and editor compatibility. We add labels to plugins when we create them and check those labels to report when a devworkspace uses incompatible plugins and editors
• Add test cases for the library functions (97% coverage)

In a couple of cases, I had to work around devfile/api issues: devfile/api#296 and devfile/api#295; these are referenced in the code with TODOs.

Hopefully commit messages are clear enough to explain the purpose of each change.

What issues does this PR fix or reference?

#249; also a followup to #237 and issue #185

Is it tested? How?

This PR adds a makefile rule install_plugin_templates, which deploys new DevWorkspaceTemplates to the devworkspace-plugins namespace (namespace is hardcoded so we can easily refer to them). After this is done, DevWorkspaces can be deployed with plugins included from the samples/with-k8s-ref/ directory.

TODO:

• Reimplement defaulting for the web-terminal container component
• Re-enable default Web Terminal DW in e2e tests.
• Merge Implement support for Volume components #237 and rebase this PR

[openshift-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[sleshchenko]

Amazing work. Seems you did it faster than I need to review )
left some minor comments and will continue to review

[sleshchenko]

Seems to work as expected.

We need to agree on the plan regards devfile's plugin registry, if we are going to support them or not (ones we're able to reference with ID, as we used to do).
if no - there is no a reason to keep it in the model.
Actually URI could work with the registry as well, it's just a question if we need some defaulting for the registry or not.

[amisevsk]

We need to agree on the plan regards devfile's plugin registry, if we are going to support them or not (ones we're able to reference with ID, as we used to do).

I agree -- my current understanding is that ID would be used in reference to a devfile/registry which is a devfile/api-side spec. I think it's easy enough to support that we shouldn't worry about getting rid of it, especially for backwards compatibility purposes (WTO uses plugin IDs)

@sleshchenko WDYT about:

• ID specified without plugin.registryURL: check "internal" registry (allows us to still support WTO use case)
• ID specified with plugin.registryURL: check registry at registryURL and assume it follows devfile/registry spec

[amisevsk]

I re-squashed and PR #237 and rebased onto it, which broke any commit refs, sorry for any confusion.

[amisevsk]

#237 is merged and this PR has been rebased onto the new master branch.

[sleshchenko]

I'm OK with it as temporary solution until Theia did not provide DWT for its plugins. But generally I'm not sure we should have a dedicated namespace for devworkspace-plugins, and to avoid security issues we should disable cross-namespace DTW usage at this point.

[amisevsk]

Yeah, this is a development feature, since we need something to replace plugin registry until something else is implemented. this rule deploys sample plugins that are compatible with devfile samples.

[amisevsk]

As for cross-namespace dwt use, I'm not sure I see the security risk necessarily. We end up running into an issue of cleanup if we're spreading dwts across the cluster, for statically created resources as we currently use.

[sleshchenko]

Approving it, since I'm OK with the proposed devworkspace startup flow.
Did not re-review or retest, but everything was fine I tried it.

The TODOs are listed in #249 as separate items and for me it's OK to handle them in further PRs.

[openshift-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: amisevsk, sleshchenko

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [amisevsk,sleshchenko]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[amisevsk]

/test v5-devworkspaces-operator-e2e

[amisevsk]

Reminding myself of why those TODOs are there (a couple of weeks later :)) -- I think it makes sense to do that as a separate PR. This PR implements "plugins via kubernetes reference" but WTO depends on "plugins via plugin ID". I don't expect it to be too complicated but it's probably cleaner than adding to this already-large PR.

I'll retest everything on minikube and crc and merge once all tests are passing.

[amisevsk]

Tested current changes:

Platform	Workspace	Works?	Notes
Kubernetes	with-k8s-ref/web-terminal-dev.yaml	Starts, no UI	Expected since on k8s web terminal is not supported
	with-k8s-ref/theia-next.yaml	Works	Note this works with Theia importing its own plugins (e.g. vsx-installer)
	with-k8s-ref/theia-nodejs.yaml	Works
OpenShift	with-k8s-ref/web-terminal-custom-tooling.yaml	Starts, unable to start web terminal due to error: Error Loading OpenShift command line terminal: Could not retrieve $KUBECONFIG (see below)	Note: the custom tooling variant is required since we don't have defaulting for the dev container
	with-k8s-ref/theia-next.yaml	Works
	with-k8s-ref/theia-nodejs.yaml	Works, sort of	Using tasks fails with Error launching task 'download-dependencies': Request runTask failed with message: Failed to execute Che command: self signed certificate in certificate chain

The default use case for web terminal on OpenShift fails because the web-terminal plugin tries to read $KUBECONFIG from the first container in the pod. This functionality depends on the tooling container being first in the list, and fails for the current PR as web-terminal ends up being the first container due to the way merging works in devfile/api. I'm not blocking merge of this PR as-is because this failure mode should be handled in web-terminal, IMO. I've created #258 to track this

[amisevsk]

Merging PR as-is to unblock other work -- it seems fairly stable with known issues.