Configuring a user namespace

This procedure walks you through the process of using Che to replicate ConfigMaps, Secrets and PersistentVolumeClaim from eclipse-che namespace to numerous user-specific namespaces. The Che automates the synchronization of important configuration data such as shared credentials, configuration files, and certificates to user namespaces.

If you make changes to a Kubernetes resource in an eclipse-che namespace, Che will immediately replicate the changes across all users namespaces. In reverse, if a Kubernetes resource is modified in a user namespace, Che will immediately revert the changes.

Procedure
  1. Create the ConfigMap below to replicate it to every user namespace. To enhance the configurability, you can customize the ConfigMap by adding additional labels and annotations. See the Automatically mounting volumes, configmaps, and secrets for other possible labels and annotations.

    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: user-configmap
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
    data:
      ...
    Example 1. Mounting a settings.xml file to a user workspace:
    kind: ConfigMap
    apiVersion: v1
    metadata:
      name: user-settings-xml
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
      annotations:
        controller.devfile.io/mount-as: subpath
        controller.devfile.io/mount-path: /home/user/.m2
    data:
      settings.xml: |
        <settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
          <localRepository>/home/user/.m2/repository</localRepository>
          <interactiveMode>true</interactiveMode>
          <offline>false</offline>
        </settings>
  2. Create the Secret below to replicate it to every user namespace. To enhance the configurability, you can customize the Secret by adding additional labels and annotations. See the Automatically mounting volumes, configmaps, and secrets for other possible labels and annotations.

    kind: Secret
    apiVersion: v1
    metadata:
      name: user-secret
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
    data:
      ...
    Example 2. Mounting certificates to a user workspace:
    kind: Secret
    apiVersion: v1
    metadata:
      name: user-certificates
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
      annotations:
        controller.devfile.io/mount-as: subpath
        controller.devfile.io/mount-path: /etc/pki/ca-trust/source/anchors
    stringData:
      trusted-certificates.crt: |
        ...
    Run update-ca-trust command on workspace startup to import certificates. It can be achieved manually or by adding this command to a postStart event in a devfile. See the Adding event bindings in a devfile.
    Example 3. Mounting environment variables to a user workspace:
    kind: Secret
    apiVersion: v1
    metadata:
      name: user-env
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
      annotations:
        controller.devfile.io/mount-as: env
    stringData:
      ENV_VAR_1: value_1
      ENV_VAR_2: value_2
  3. Create the PersistentVolumeClaim below to replicate it to every user namespace.

    To enhance the configurability, you can customize the PersistentVolumeClaim by adding additional labels and annotations. See the Automatically mounting volumes, configmaps, and secrets for other possible labels and annotations.

    To modify the 'PersistentVolumeClaim', delete it and create a new one in eclipse-che namespace.

    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: user-pvc
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
    spec:
      ...
    Example 4. Mounting a PersistentVolumeClaim to a user workspace:
    apiVersion: v1
    kind: PersistentVolumeClaim
    metadata:
      name: user-pvc
      namespace: eclipse-che
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: workspaces-config
        controller.devfile.io/mount-to-devworkspace: 'true'
      annotations:
        controller.devfile.io/mount-path: /home/user/data
        controller.devfile.io/read-only: 'true'
    spec:
      accessModes:
        - ReadWriteOnce
      resources:
        requests:
          storage: 5Gi
      volumeMode: Filesystem