Ensure plugin broker works with ephemeral workspaces #11786
Conversation
amisevsk
added
kind/enhancement
|
I have a couple of question with respect to the init container approach:
|
|
@l0rd I think ephemeral workspaces will make distinct pods a difficult issue -- an emptyDir volume can only be attached to one pod. It might be complicated but with some architecture work it might be possible.
As it stands, the diagram above shows what a Che 7 workspace looks like in terms of volumes. From this diagram, to make sure access to projects is shared, theia-ide, che-dev, and any plugins (e.g. che-hello) that needs access to /projects would need to be in the same pod. Further, for the broker to work, it needs to be an init container on the theia pod, so the only plugin that could be separated out into its own pod is the che-machine-exec container. On the plugin broker side, however, since we only need to touch the plugins volume, the broker container needs only to run as a init container on the theia (or editor) container. If e.g. One thing Alex and I talked about briefly is potentially figuring out requirements for multiple brokers (e.g. a theia plugin-only broker would not need an initial run, and could run exclusively as an init container. We didn't really go far down this route though. |
|
@amisevsk FYI we were also considering an ability to create plugins not only for editors but for other items, such as plugins (yeah, plugins of plugins). For example JDT.LS can have its own plugins. But we haven't finished discussions regarding that. |
There was a problem hiding this comment.
Overall looks good. Would be cool to have unit tests, though.
I was thinking about the overall design and maybe we could have a code that would add broker as regular or init container depending on something. In this case, depending on the ephemeral property.
Or later, depending on some config of a broker we would add. With such an approach the code might seem cleaner. But not sure whether we need to do this in this particular PR.
| @@ -108,6 +110,9 @@ public void provision(KubernetesEnvironment k8sEnv, RuntimeIdentity identity) | |||
| k8sEnv.getPersistentVolumeClaims().put(pvcName, pvc); | |||
| for (Pod pod : k8sEnv.getPods().values()) { | |||
| PodSpec podSpec = pod.getSpec(); | |||
| List<Container> containers = new ArrayList<>(); | |||
There was a problem hiding this comment.
Good catch -- thank you. I meant to loop over this list.
| @@ -61,11 +63,21 @@ public boolean isEphemeral(Workspace workspace) { | |||
| * of the PVC strategy, workspace volumes would be created as `emptyDir`. When a workspace Pod | |||
| * is removed for any reason, the data in the `emptyDir` volume is deleted forever | |||
| */ | |||
| public boolean isEphemeral(Map<String, String> workspaceAttributes) { | |||
| public static boolean isEphemeral(Map<String, String> workspaceAttributes) { | |||
There was a problem hiding this comment.
Would be better to move these static methods to a static utility class
|
@l0rd after discussing the brokering process with Angel and Serhii I'm thinking that we can do improvements described below to tackle your points. |
|
@garagatyi @amisevsk @skabashnyuk I will try to provide a better description of the requirements. And I think we should have a call today or tomorrow to discuss it. |
|
I've addressed the review comments and added tests. I also had to rebase the PR to fix a merge conflict. |
|
ci-test |
|
Results of automated E2E tests of Eclipse Che Multiuser on OCP: |
|
@eclipse/eclipse-che-qa Please, take a look at the report |
|
Selenium tests execution on Eclipse Che Multiuser on OCP (https://ci.codenvycorp.com/job/che-pullrequests-test-ocp/1139/) doesn't show any regression against this Pull Request. |
Changes necessary to ensure that plugin broker can work with ephemeral workspaces, which, since they use emptyDir volumes, cannot share storage between pods (as in the separate pod that runs plugin broker). This is done by adding the plugin broker as an init container on ephemeral workspaces. Details: - Change EphemeralWorkspaceAdapter to make check methods static, add method to "make" a workspace ephemeral (to ensure how we check for ephemeral workspaces is done in one place) - Make PVC strategies include init containers in assigning volumes, to ensure broker's volumes are correctly set when running as an init container - Add KubernetesBrokerInitContainerApplier, which modifies the workspace env to include the broker as an init container. Signed-off-by: Angel Misevski <amisevsk@redhat.com>
- Add tests for SideCarToolingProvisioner, KubernetesBrokerInitContainerApplier, and EphemeralWorkspaceAdapter - Refactor static methods in EphemeralWorkspaceAdapter to their own utility class - Minor bugfixes Signed-off-by: Angel Misevski <amisevsk@redhat.com>
|
Fixed codacy's complaining and rebased onto current master. @garagatyi @ibuziuk @sleshchenko I'd like to merge tomorrow unless there's something else that needs to be improved. |
There was a problem hiding this comment.
LGTM
The only one bad side of current implementation - all plugin brokers are run twice and as result Plugins Binaries are downloaded twice as well, but I'm OK to merge it since I can't propose an alternative implementation with current Che 7 Model
Please take a look my minor comments
.../che/workspace/infrastructure/kubernetes/wsplugins/KubernetesBrokerInitContainerApplier.java
Outdated
Show resolved
Hide resolved
.../che/workspace/infrastructure/kubernetes/wsplugins/KubernetesBrokerInitContainerApplier.java
Outdated
Show resolved
Hide resolved
.../che/workspace/infrastructure/kubernetes/wsplugins/KubernetesBrokerInitContainerApplier.java
Outdated
Show resolved
Hide resolved
Signed-off-by: Angel Misevski <amisevsk@redhat.com>
|
@sleshchenko Thanks for your review. I agree that running plugin broker twice is not ideal, but also don't know if it will be possible to avoid (at least, for the plugins that require e.g. services on the workspace Pod. One way the init container may be more convenient is for plugins (e.g. theia) that don't require modifying the OpenShift object, where the init container could be sufficient. |
benoitf
removed
the
status/code-review
What does this PR do?
Changes necessary to make plugin broker work correctly when a workspace is marked as ephemeral. This is done by making the broker run as an init container on ephemeral workspaces, so that any volume-related actions are reflected in the workspace's emptyDir volumes.
Detailed changes:
EphemeralWorkspaceAdapter: 1. Make ephemeral workspace check methods static to allow them to be used elsewhere, and 2. add method to "make" a workspace ephemeral, so that all attribute management happens in one place.EphemeralWorkspaceAdapterthis is necessary, as otherwise the/pluginsdirectory cannot be mounted. I've also included this change for the common and unique strategies, although it doesn't do anything at the moment (since no init containers are added in the non-ephemeral case).What issues does this PR fix or reference?
#11554
Release Notes
Allow Che 7 workspaces to run as ephermal (emptyDir) containers on Kubernetes/OpenShift.