Configuring a user namespace
This procedure walks you through the process of using Che
to replicate ConfigMaps
, Secrets
and PersistentVolumeClaim
from eclipse-che
namespace to numerous
user-specific namespaces. The Che automates the synchronization of important configuration
data such as shared credentials, configuration files, and certificates to user namespaces.
If you make changes to a Kubernetes resource in an eclipse-che namespace, Che will immediately replicate the changes across all users namespaces. In reverse, if a Kubernetes resource is modified in a user namespace, Che will immediately revert the changes.
-
Create the
ConfigMap
below to replicate it to every user namespace. To enhance the configurability, you can customize theConfigMap
by adding additional labels and annotations. See the Automatically mounting volumes, configmaps, and secrets for other possible labels and annotations.kind: ConfigMap apiVersion: v1 metadata: name: user-configmap namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config data: ...
Example 1. Mounting asettings.xml
file to a user workspace:kind: ConfigMap apiVersion: v1 metadata: name: user-settings-xml namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config annotations: controller.devfile.io/mount-as: subpath controller.devfile.io/mount-path: /home/user/.m2 data: settings.xml: | <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd"> <localRepository>/home/user/.m2/repository</localRepository> <interactiveMode>true</interactiveMode> <offline>false</offline> </settings>
-
Create the
Secret
below to replicate it to every user namespace. To enhance the configurability, you can customize theSecret
by adding additional labels and annotations. See the Automatically mounting volumes, configmaps, and secrets for other possible labels and annotations.kind: Secret apiVersion: v1 metadata: name: user-secret namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config data: ...
Example 2. Mounting certificates to a user workspace:kind: Secret apiVersion: v1 metadata: name: user-certificates namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config annotations: controller.devfile.io/mount-as: subpath controller.devfile.io/mount-path: /etc/pki/ca-trust/source/anchors stringData: trusted-certificates.crt: | ...
Run update-ca-trust
command on workspace startup to import certificates. It can be achieved manually or by adding this command to apostStart
event in a devfile. See the Adding event bindings in a devfile.Example 3. Mounting environment variables to a user workspace:kind: Secret apiVersion: v1 metadata: name: user-env namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config annotations: controller.devfile.io/mount-as: env stringData: ENV_VAR_1: value_1 ENV_VAR_2: value_2
-
Create the
PersistentVolumeClaim
below to replicate it to every user namespace.To enhance the configurability, you can customize the
PersistentVolumeClaim
by adding additional labels and annotations. See the Automatically mounting volumes, configmaps, and secrets for other possible labels and annotations.To modify the 'PersistentVolumeClaim', delete it and create a new one in eclipse-che namespace.
apiVersion: v1 kind: PersistentVolumeClaim metadata: name: user-pvc namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config spec: ...
Example 4. Mounting aPersistentVolumeClaim
to a user workspace:apiVersion: v1 kind: PersistentVolumeClaim metadata: name: user-pvc namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: workspaces-config controller.devfile.io/mount-to-devworkspace: 'true' annotations: controller.devfile.io/mount-path: /home/user/data controller.devfile.io/read-only: 'true' spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi volumeMode: Filesystem