in ee/spec/support/shared_contexts/remote_development/remote_development_shared_contexts.rb [360:546]
def create_config_to_apply_v3(
workspace:,
started: true,
desired_state_is_terminated: false,
workspace_variables_environment: nil,
workspace_variables_file: nil,
workspace_variables_additional_data: nil,
include_inventory: true,
include_network_policy: true,
include_all_resources: false,
dns_zone: 'workspaces.localdev.me',
egress_ip_rules: [{
allow: "0.0.0.0/0",
except: %w[10.0.0.0/8 172.16.0.0/12 192.168.0.0/16]
}],
max_resources_per_workspace: {},
default_resources_per_workspace_container: {},
allow_privilege_escalation: false,
use_kubernetes_user_namespaces: false,
default_runtime_class: "",
agent_labels: {},
agent_annotations: {},
project_name: "test-project",
namespace_path: "test-group",
image_pull_secrets: [],
include_scripts_resources: true,
legacy_scripts_in_container_command: false,
shared_namespace: "",
core_resources_only: false
)
spec_replicas = started ? 1 : 0
host_template_annotation = get_workspace_host_template_annotation(workspace.name, dns_zone)
max_resources_per_workspace_with_legacy_sorting = max_resources_per_workspace.deep_symbolize_keys.sort.to_h.to_s
common_annotations =
Gitlab::Utils.deep_sort_hashes(
agent_annotations.merge({
"workspaces.gitlab.com/host-template": host_template_annotation,
"workspaces.gitlab.com/id": workspace.id.to_s,
"workspaces.gitlab.com/max-resources-per-workspace-sha256":
Digest::SHA256.hexdigest(max_resources_per_workspace_with_legacy_sorting)
})
).to_h
workspace_inventory_annotations =
Gitlab::Utils.deep_sort_hashes(
common_annotations.merge({ "config.k8s.io/owning-inventory": "#{workspace.name}-workspace-inventory" })
).to_h
labels = agent_labels.merge({ "agent.gitlab.com/id": workspace.agent.id.to_s })
labels["workspaces.gitlab.com/id"] = workspace.id.to_s if shared_namespace.present?
labels = Gitlab::Utils.deep_sort_hashes(labels).to_h
secrets_inventory_annotations =
Gitlab::Utils.deep_sort_hashes(
common_annotations.merge({ "config.k8s.io/owning-inventory": "#{workspace.name}-secrets-inventory" })
).to_h
workspace_inventory_config_map = workspace_inventory_config_map(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: common_annotations
)
workspace_deployment = workspace_deployment(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: workspace_inventory_annotations,
spec_replicas: spec_replicas,
default_resources_per_workspace_container: default_resources_per_workspace_container,
allow_privilege_escalation: allow_privilege_escalation,
use_kubernetes_user_namespaces: use_kubernetes_user_namespaces,
default_runtime_class: default_runtime_class,
include_scripts_resources: include_scripts_resources,
legacy_scripts_in_container_command: legacy_scripts_in_container_command
)
workspace_service = workspace_service(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: workspace_inventory_annotations
)
workspace_data_pvc = pvc(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: workspace_inventory_annotations
)
workspace_service_account = workspace_service_account(
name: workspace.name,
namespace: workspace.namespace,
image_pull_secrets: image_pull_secrets,
labels: labels,
annotations: workspace_inventory_annotations
)
workspace_network_policy = workspace_network_policy(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: workspace_inventory_annotations,
egress_ip_rules: egress_ip_rules
)
scripts_configmap = scripts_configmap(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: workspace_inventory_annotations
)
secrets_inventory_config_map = secrets_inventory_config_map(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: common_annotations
)
secret_environment = secret_environment(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: secrets_inventory_annotations,
workspace_variables_environment: workspace_variables_environment || get_workspace_variables_environment(
workspace_variables: workspace.workspace_variables
)
)
secret_file = secret_file(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: secrets_inventory_annotations,
workspace_variables_file: workspace_variables_file ||
get_workspace_variables_file(workspace_variables: workspace.workspace_variables),
additional_data: workspace_variables_additional_data ||
{
"#{workspace_operations_constants_module::WORKSPACE_RECONCILED_ACTUAL_STATE_FILE_NAME}":
workspace.actual_state
}
)
if max_resources_per_workspace.present? && shared_namespace.empty?
workspace_resource_quota = workspace_resource_quota(
workspace_name: workspace.name,
workspace_namespace: workspace.namespace,
labels: labels,
annotations: workspace_inventory_annotations,
max_resources_per_workspace: max_resources_per_workspace
)
end
resources = []
resources << workspace_inventory_config_map if include_inventory
if desired_state_is_terminated
resources << secrets_inventory_config_map if include_inventory
return resources
end
resources << workspace_deployment
resources << workspace_service
resources << workspace_data_pvc
unless core_resources_only
resources << workspace_service_account
resources << workspace_network_policy if include_network_policy
resources << scripts_configmap if include_scripts_resources
if include_all_resources
resources << secrets_inventory_config_map if include_inventory
resources << workspace_resource_quota unless max_resources_per_workspace.blank? && shared_namespace.empty?
resources << secret_environment
resources << secret_file
end
end
normalize_resources(namespace_path, project_name, resources)
end