robolaunch · tunahanertekin · Mar 7, 2024 · Mar 5, 2024 · Mar 5, 2024 · Mar 5, 2024
diff --git a/PROJECT b/PROJECT
@@ -182,4 +182,17 @@ resources:
     defaulting: true
     validation: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: roboscale.io
+  group: robot
+  kind: CodeEditor
+  path: github.com/robolaunch/robot-operator/pkg/api/roboscale.io/v1alpha2
+  version: v1alpha2
+  webhooks:
+    defaulting: true
+    validation: true
+    webhookVersion: v1
 version: "3"
diff --git a/config/crd/bases/robot.roboscale.io_codeeditors.yaml b/config/crd/bases/robot.roboscale.io_codeeditors.yaml
diff --git a/config/crd/bases/robot.roboscale.io_ros2workloads.yaml b/config/crd/bases/robot.roboscale.io_ros2workloads.yaml
@@ -2622,7 +2622,7 @@ spec:
                       - created
                       type: object
                     status:
-                      description: Status of the ROS2Bridge instance.
+                      description: Status of the StatefulSet.
                       properties:
                         availableReplicas:
                           description: Total number of available pods (ready for at

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -20,6 +20,7 @@ resources:
 - bases/robot.roboscale.io_notebooks.yaml
 - bases/robot.roboscale.io_ros2workloads.yaml
 - bases/robot.roboscale.io_ros2bridges.yaml
+- bases/robot.roboscale.io_codeeditors.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
@@ -41,6 +42,7 @@ patchesStrategicMerge:
 #- patches/webhook_in_notebooks.yaml
 #- patches/webhook_in_ros2workloads.yaml
 #- patches/webhook_in_ros2bridges.yaml
+#- patches/webhook_in_codeeditors.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
@@ -61,6 +63,7 @@ patchesStrategicMerge:
 #- patches/cainjection_in_notebooks.yaml
 #- patches/cainjection_in_ros2workloads.yaml
 #- patches/cainjection_in_ros2bridges.yaml
+#- patches/cainjection_in_codeeditors.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # the following config is for teaching kustomize how to do kustomization for CRDs.

diff --git a/config/crd/patches/cainjection_in_codeeditors.yaml b/config/crd/patches/cainjection_in_codeeditors.yaml
@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: codeeditors.robot.roboscale.io
diff --git a/config/crd/patches/webhook_in_codeeditors.yaml b/config/crd/patches/webhook_in_codeeditors.yaml
@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: codeeditors.robot.roboscale.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          namespace: system
+          name: webhook-service
+          path: /convert
+      conversionReviewVersions:
+      - v1
diff --git a/config/rbac/codeeditor_editor_role.yaml b/config/rbac/codeeditor_editor_role.yaml
@@ -0,0 +1,31 @@
+# permissions for end users to edit codeeditors.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: codeeditor-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: robot-operator
+    app.kubernetes.io/part-of: robot-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: codeeditor-editor-role
+rules:
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors/status
+  verbs:
+  - get
diff --git a/config/rbac/codeeditor_viewer_role.yaml b/config/rbac/codeeditor_viewer_role.yaml
@@ -0,0 +1,27 @@
+# permissions for end users to view codeeditors.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: codeeditor-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: robot-operator
+    app.kubernetes.io/part-of: robot-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: codeeditor-viewer-role
+rules:
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors/status
+  verbs:
+  - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -5,6 +5,18 @@ metadata:
   creationTimestamp: null
   name: manager-role
 rules:
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - apps
   resources:
@@ -187,6 +199,32 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - robot.roboscale.io
+  resources:
+  - codeeditors/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - robot.roboscale.io
   resources:

diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
@@ -225,6 +225,26 @@ webhooks:
     resources:
     - ros2bridges
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-robot-roboscale-io-v1alpha2-codeeditor
+  failurePolicy: Fail
+  name: mcodeeditor.kb.io
+  rules:
+  - apiGroups:
+    - robot.roboscale.io
+    apiVersions:
+    - v1alpha2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - codeeditors
+  sideEffects: None
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
@@ -452,3 +472,23 @@ webhooks:
     resources:
     - ros2bridges
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-robot-roboscale-io-v1alpha2-codeeditor
+  failurePolicy: Fail
+  name: vcodeeditor.kb.io
+  rules:
+  - apiGroups:
+    - robot.roboscale.io
+    apiVersions:
+    - v1alpha2
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - codeeditors
+  sideEffects: None
diff --git a/internal/configure/v1alpha2/linux_user.go b/internal/configure/v1alpha2/linux_user.go
@@ -0,0 +1,20 @@
+package configure
+
+import (
+	corev1 "k8s.io/api/core/v1"
+)
+
+func (cfg *PodSpecConfigInjector) InjectLinuxUserAndGroup(podSpec *corev1.PodSpec) {
+
+	var user int64 = 1000
+	var group int64 = 3000
+
+	for key, cont := range podSpec.Containers {
+		cont.SecurityContext = &corev1.SecurityContext{
+			RunAsUser:  &user,
+			RunAsGroup: &group,
+			Privileged: cont.SecurityContext.Privileged,
+		}
+		podSpec.Containers[key] = cont
+	}
+}
diff --git a/internal/configure/v1alpha2/runtime_class.go b/internal/configure/v1alpha2/runtime_class.go
@@ -3,12 +3,12 @@ package configure
 import (
 	"github.com/robolaunch/robot-operator/internal/label"
 	"github.com/robolaunch/robot-operator/internal/node"
-	"github.com/robolaunch/robot-operator/pkg/api/roboscale.io/v1alpha2"
 	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
-func (cfg *PodSpecConfigInjector) InjectRuntimeClass(podSpec *corev1.PodSpec, ros2Workload v1alpha2.ROS2Workload, currentNode corev1.Node) {
-	if label.GetInstanceType(&ros2Workload) == label.InstanceTypeCloudInstance && node.IsK3s(currentNode) {
+func (cfg *PodSpecConfigInjector) InjectRuntimeClass(podSpec *corev1.PodSpec, obj metav1.Object, currentNode corev1.Node) {
+	if label.GetInstanceType(obj) == label.InstanceTypeCloudInstance && node.IsK3s(currentNode) {
 		nvidiaRuntimeClass := "nvidia"
 		podSpec.RuntimeClassName = &nvidiaRuntimeClass
 	}

diff --git a/internal/configure/v1alpha2/volume.go b/internal/configure/v1alpha2/volume.go
@@ -5,12 +5,16 @@ import (
 	corev1 "k8s.io/api/core/v1"
 )
 
-func (cfg *PodSpecConfigInjector) InjectVolumeConfiguration(podSpec *corev1.PodSpec, ros2Workload robotv1alpha2.ROS2Workload) {
-	cfg.injectOwnedPVCVolumes(podSpec, ros2Workload)
+func (cfg *PodSpecConfigInjector) InjectVolumeConfiguration(podSpec *corev1.PodSpec, pvcStatuses []robotv1alpha2.OwnedPVCStatus) {
+	cfg.injectOwnedPVCVolumes(podSpec, pvcStatuses)
 }
 
-func (cfg *PodSpecConfigInjector) injectOwnedPVCVolumes(podSpec *corev1.PodSpec, ros2Workload robotv1alpha2.ROS2Workload) {
-	for _, pvcStatus := range ros2Workload.Status.PVCStatuses {
+func (cfg *PodSpecConfigInjector) InjectExternalVolumeConfiguration(podSpec *corev1.PodSpec, evStatuses []robotv1alpha2.ExternalVolumeStatus) {
+	cfg.injectExternalPVCVolumes(podSpec, evStatuses)
+}
+
+func (cfg *PodSpecConfigInjector) injectOwnedPVCVolumes(podSpec *corev1.PodSpec, pvcStatuses []robotv1alpha2.OwnedPVCStatus) {
+	for _, pvcStatus := range pvcStatuses {
 		podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{
 			Name: pvcStatus.Resource.Reference.Name,
 			VolumeSource: corev1.VolumeSource{
@@ -21,3 +25,16 @@ func (cfg *PodSpecConfigInjector) injectOwnedPVCVolumes(podSpec *corev1.PodSpec,
 		})
 	}
 }
+
+func (cfg *PodSpecConfigInjector) injectExternalPVCVolumes(podSpec *corev1.PodSpec, evStatuses []robotv1alpha2.ExternalVolumeStatus) {
+	for _, evStatus := range evStatuses {
+		podSpec.Volumes = append(podSpec.Volumes, corev1.Volume{
+			Name: evStatus.Name,
+			VolumeSource: corev1.VolumeSource{
+				PersistentVolumeClaim: &corev1.PersistentVolumeClaimVolumeSource{
+					ClaimName: evStatus.Name,
+				},
+			},
+		})
+	}
+}