in ee/spec/support/shared_contexts/remote_development/remote_development_shared_contexts.rb [587:939]
def workspace_deployment(
workspace_name:,
workspace_namespace:,
allow_privilege_escalation: false,
annotations: {},
default_resources_per_workspace_container: {},
default_runtime_class: "",
include_scripts_resources: true,
legacy_scripts_in_container_command: false,
labels: {},
spec_replicas: 1,
use_kubernetes_user_namespaces: false
)
container_security_context = {
'allowPrivilegeEscalation' => allow_privilege_escalation,
'privileged' => false,
'runAsNonRoot' => true,
'runAsUser' => reconcile_constants_module::RUN_AS_USER
}
project_cloner_script_content = files_module::PROJECTS_CLONER_COMPONENT_INSERTER_CONTAINER_ARGS.dup
format_project_cloner_script!(project_cloner_script_content)
deployment = {
apiVersion: "apps/v1",
kind: "Deployment",
metadata: {
annotations: annotations,
creationTimestamp: nil,
labels: labels,
name: workspace_name,
namespace: workspace_namespace
},
spec: {
replicas: spec_replicas,
selector: {
matchLabels: labels
},
strategy: {
type: "Recreate"
},
template: {
metadata: {
annotations: annotations,
creationTimestamp: nil,
labels: labels,
name: workspace_name,
namespace: workspace_namespace
},
spec: {
hostUsers: use_kubernetes_user_namespaces,
runtimeClassName: default_runtime_class,
containers: [
{
args: [files_module::MAIN_COMPONENT_UPDATER_CONTAINER_ARGS],
command: %w[/bin/sh -c],
env: [
{
name: create_constants_module::TOOLS_DIR_ENV_VAR,
value: "#{workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH}/" \
"#{create_constants_module::TOOLS_DIR_NAME}"
},
{
name: "GL_EDITOR_LOG_LEVEL",
value: "info"
},
{
name: "GL_EDITOR_PORT",
value: create_constants_module::WORKSPACE_EDITOR_PORT.to_s
},
{
name: "GL_SSH_PORT",
value: create_constants_module::WORKSPACE_SSH_PORT.to_s
},
{
name: "GL_EDITOR_ENABLE_MARKETPLACE",
value: "false"
},
{
name: "PROJECTS_ROOT",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
},
{
name: "PROJECT_SOURCE",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
}
],
image: "quay.io/mloriedo/universal-developer-image:ubi8-dw-demo",
imagePullPolicy: "Always",
name: "tooling-container",
ports: [
{
containerPort: create_constants_module::WORKSPACE_EDITOR_PORT,
name: "editor-server",
protocol: "TCP"
},
{
containerPort: create_constants_module::WORKSPACE_SSH_PORT,
name: "ssh-server",
protocol: "TCP"
}
],
resources: default_resources_per_workspace_container,
volumeMounts: [
{
mountPath: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH,
name: create_constants_module::WORKSPACE_DATA_VOLUME_NAME
},
{
mountPath: workspace_operations_constants_module::VARIABLES_VOLUME_PATH,
name: workspace_operations_constants_module::VARIABLES_VOLUME_NAME
},
{
mountPath: reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_PATH,
name: reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_NAME
}
],
securityContext: container_security_context,
envFrom: [
{
secretRef: {
name: "#{workspace_name}-env-var"
}
}
],
lifecycle: {
postStart: {
exec: {
command: [
"/bin/sh",
"-c",
format(
files_module::KUBERNETES_POSTSTART_HOOK_COMMAND,
run_poststart_commands_script_file_path:
"#{reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_PATH}/" \
"#{reconcile_constants_module::RUN_POSTSTART_COMMANDS_SCRIPT_NAME}"
)
]
}
}
}
},
{
env: [
{
name: "MYSQL_ROOT_PASSWORD",
value: "my-secret-pw"
},
{
name: "PROJECTS_ROOT",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
},
{
name: "PROJECT_SOURCE",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
}
],
image: "mysql",
imagePullPolicy: "Always",
name: "database-container",
resources: default_resources_per_workspace_container,
volumeMounts: [
{
mountPath: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH,
name: create_constants_module::WORKSPACE_DATA_VOLUME_NAME
},
{
mountPath: workspace_operations_constants_module::VARIABLES_VOLUME_PATH,
name: workspace_operations_constants_module::VARIABLES_VOLUME_NAME
},
{
mountPath: reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_PATH,
name: reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_NAME
}
],
securityContext: container_security_context,
envFrom: [
{
secretRef: {
name: "#{workspace_name}-env-var"
}
}
]
}
],
initContainers: [
{
args: [project_cloner_script_content],
command: %w[/bin/sh -c],
env: [
{
name: "PROJECTS_ROOT",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
},
{
name: "PROJECT_SOURCE",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
}
],
image: "alpine/git:2.45.2",
imagePullPolicy: "Always",
name: "gl-project-cloner-gl-project-cloner-command-1",
resources: {
limits: {
cpu: "500m",
memory: "1000Mi"
},
requests: {
cpu: "100m",
memory: "500Mi"
}
},
volumeMounts: [
{
mountPath: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH,
name: create_constants_module::WORKSPACE_DATA_VOLUME_NAME
},
{
mountPath: workspace_operations_constants_module::VARIABLES_VOLUME_PATH,
name: workspace_operations_constants_module::VARIABLES_VOLUME_NAME
}
],
securityContext: container_security_context,
envFrom: [
{
secretRef: {
name: "#{workspace_name}-env-var"
}
}
]
},
{
env: [
{
name: create_constants_module::TOOLS_DIR_ENV_VAR,
value: "#{workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH}/" \
"#{create_constants_module::TOOLS_DIR_NAME}"
},
{
name: "PROJECTS_ROOT",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
},
{
name: "PROJECT_SOURCE",
value: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH
}
],
image: workspace_operations_constants_module::WORKSPACE_TOOLS_IMAGE,
imagePullPolicy: "Always",
name: "gl-tools-injector-gl-tools-injector-command-2",
resources: {
limits: {
cpu: "500m",
memory: "512Mi"
},
requests: {
cpu: "100m",
memory: "256Mi"
}
},
volumeMounts: [
{
mountPath: workspace_operations_constants_module::WORKSPACE_DATA_VOLUME_PATH,
name: create_constants_module::WORKSPACE_DATA_VOLUME_NAME
},
{
mountPath: workspace_operations_constants_module::VARIABLES_VOLUME_PATH,
name: workspace_operations_constants_module::VARIABLES_VOLUME_NAME
}
],
securityContext: container_security_context,
envFrom: [
{
secretRef: {
name: "#{workspace_name}-env-var"
}
}
]
}
],
serviceAccountName: workspace_name,
volumes: [
{
name: create_constants_module::WORKSPACE_DATA_VOLUME_NAME,
persistentVolumeClaim: {
claimName: "#{workspace_name}-#{create_constants_module::WORKSPACE_DATA_VOLUME_NAME}"
}
},
{
name: workspace_operations_constants_module::VARIABLES_VOLUME_NAME,
projected: {
defaultMode: workspace_operations_constants_module::VARIABLES_VOLUME_DEFAULT_MODE,
sources: [
{
secret: {
name: "#{workspace_name}-file"
}
}
]
}
},
{
name: reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_NAME,
projected: {
defaultMode: reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_DEFAULT_MODE,
sources: [
{
configMap: {
name: "#{workspace_name}-scripts-configmap"
}
}
]
}
}
],
securityContext: {
runAsNonRoot: true,
runAsUser: reconcile_constants_module::RUN_AS_USER,
fsGroup: 0,
fsGroupChangePolicy: "OnRootMismatch"
}
}
}
},
status: {}
}
unless include_scripts_resources
deployment[:spec][:template][:spec][:containers].each do |container|
container[:volumeMounts].delete_if do |volume_mount|
volume_mount[:name] == reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_NAME
end
end
deployment[:spec][:template][:spec][:volumes].delete_if do |volume|
volume[:name] == reconcile_constants_module::WORKSPACE_SCRIPTS_VOLUME_NAME
end
deployment[:spec][:template][:spec][:containers][0].delete(:lifecycle)
end
if legacy_scripts_in_container_command
deployment[:spec][:template][:spec][:containers][0][:args][0] =
<<~YAML.chomp
YAML
end
deployment[:spec][:template][:spec].delete(:runtimeClassName) if default_runtime_class.empty?
deployment[:spec][:template][:spec].delete(:hostUsers) unless use_kubernetes_user_namespaces
deployment
end