From 48a71996da0ff779b9c3b2c5d1d45a5d8410eb31 Mon Sep 17 00:00:00 2001 From: Graham Dumpleton Date: Wed, 15 Feb 2023 11:45:53 +1100 Subject: [PATCH] Allow runtime class for workshop containers to be set globally. --- .../training-platform/bundle/config/00-schema.yaml | 12 ++++++++++++ session-manager/handlers/operator_config.py | 2 ++ session-manager/handlers/workshopsession.py | 4 ++++ 3 files changed, 18 insertions(+) diff --git a/carvel-packages/training-platform/bundle/config/00-schema.yaml b/carvel-packages/training-platform/bundle/config/00-schema.yaml index b5f5b7f8..5d5cc2d9 100644 --- a/carvel-packages/training-platform/bundle/config/00-schema.yaml +++ b/carvel-packages/training-platform/bundle/config/00-schema.yaml @@ -41,6 +41,18 @@ imageVersions: - name: "" image: "" +#! Settings for customizing container runtime used for Educates deployments. + +clusterRuntime: + + #! Runtime class applied to deployments. Can be set where pods should be run + #! using a container runtime other than the default. For example one could + #! select Kata containers as runtime so workshop containers are isolated in an + #! additional lightweight VM. Only workshop containers currently have this + #! runtime class applied. + + class: "" + #! Settings for customizing ingress details by which Educates will be accessed. clusterIngress: diff --git a/session-manager/handlers/operator_config.py b/session-manager/handlers/operator_config.py index 088ac085..9a9957ef 100644 --- a/session-manager/handlers/operator_config.py +++ b/session-manager/handlers/operator_config.py @@ -36,6 +36,8 @@ else: IMAGE_REPOSITORY = "registry.default.svc.cluster.local:5001" +RUNTIME_CLASS = xget(config_values, "clusterRuntime.class", "") + INGRESS_DOMAIN = xget(config_values, "clusterIngress.domain", "educates-local-dev.xyz") INGRESS_CLASS = xget(config_values, "clusterIngress.class", "") diff --git a/session-manager/handlers/workshopsession.py b/session-manager/handlers/workshopsession.py index 471648f9..83528b73 100644 --- a/session-manager/handlers/workshopsession.py +++ b/session-manager/handlers/workshopsession.py @@ -26,6 +26,7 @@ OPERATOR_STATUS_KEY, OPERATOR_NAME_PREFIX, IMAGE_REPOSITORY, + RUNTIME_CLASS, INGRESS_DOMAIN, INGRESS_PROTOCOL, INGRESS_SECRET, @@ -1393,6 +1394,9 @@ def resolve_security_policy(name): deployment_pod_template_spec = deployment_body["spec"]["template"]["spec"] + if RUNTIME_CLASS: + deployment_pod_template_spec["runtimeClassName"] = RUNTIME_CLASS + token_enabled = ( workshop_spec["session"] .get("namespaces", {})