Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not cache the service account token in the devWorkspace client #1283

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Do not cache the service account token in the devWorkspace client #1283

wants to merge 2 commits into from

Conversation

vinokurig
Copy link
Contributor

@vinokurig vinokurig commented Dec 25, 2024
edited
Loading

What does this PR do?

Remove the DevWorkspaceSingletonClient implementation as it caches the service account token. Use the DevWorkspaceClient with service account token fetch instead.

Screenshot/screencast of this PR

What issues does this PR fix or reference?

fixes eclipse-che/che#23230

Is it tested? How?

  1. Start Che with the pull request dashboard image: quay.io/eclipse/che-dashboard:pr-1283
  2. Decrease the kubernetes service account token lifetime:
  • Scale down the eclipse-che operator deployment to 0 pods.
  • Scale down the che-dashboard deployment to 0 pods.
  • Add volume:
    - name: kube-api-access-q2nzw
      projected:
        sources:
          - serviceAccountToken:
              expirationSeconds: 600
              path: token
          - configMap:
              name: kube-root-ca.crt
              items:
                - key: ca.crt
                  path: ca.crt
          - downwardAPI:
              items:
                - path: namespace
                  fieldRef:
                    apiVersion: v1
                    fieldPath: metadata.namespace
          - configMap:
              name: openshift-service-ca.crt
              items:
                - key: service-ca.crt
                  path: service-ca.crt
        defaultMode: 420

to the che-dashboard deployment yaml.

  • Scale up the che-dashboard deployment to 1 pod.
  1. Wait 10 minutes for the service account token is refreshed.
  2. Start a workspace.

See: the workspace starts, at least the Checking for the limit of running workspaces step passes. The workspace may not start as the che-operator is turned off. If turn on the operator, the token lifetime will be restored to one year.

Release Notes

Docs PR

@che-bot
Copy link
Contributor

che-bot commented Dec 25, 2024

Click here to review and test in web IDE: Contribute

@vinokurig vinokurig force-pushed the che-23230 branch 2 times, most recently from 357ca00 to 87ffc3b Compare December 25, 2024 15:03
@github-actions GitHub Actions
Copy link

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1283

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1283", name: che-dashboard}]}}]"

1 similar comment
@github-actions GitHub Actions
Copy link

Docker image build succeeded: quay.io/eclipse/che-dashboard:pr-1283

kubectl patch command 
kubectl patch -n eclipse-che "checluster/eclipse-che" --type=json -p="[{"op": "replace", "path": "/spec/components/dashboard/deployment", "value": {containers: [{image: "quay.io/eclipse/che-dashboard:pr-1283", name: che-dashboard}]}}]"

@codecov Codecov
Copy link

codecov bot commented Dec 25, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.70%. Comparing base (70b6ddd) to head (fe0b6ac).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1283      +/-   ##
==========================================
- Coverage   91.85%   91.70%   -0.15%     
==========================================
  Files         499      498       -1     
  Lines       45654    45590      -64     
  Branches     3191     3176      -15     
==========================================
- Hits        41937    41810     -127     
- Misses       3683     3749      +66     
+ Partials       34       31       -3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

olexii4
olexii4 approved these changes Dec 25, 2024
View reviewed changes
Copy link
Contributor

@olexii4 olexii4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci openshift-ci bot added the lgtm label Dec 25, 2024
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Dec 25, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: olexii4, vinokurig

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olexii4 olexii4 olexii4 approved these changes

@akurinnoy akurinnoy Awaiting requested review from akurinnoy akurinnoy is a code owner

@ibuziuk ibuziuk Awaiting requested review from ibuziuk ibuziuk is a code owner

Assignees

@olexii4 olexii4

Labels
lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

kubernetes 1.30.5 support
3 participants
@vinokurig @che-bot @olexii4