CHE-15493: <username>-che as default namespace

README.md

@@ -154,10 +154,35 @@ spec:
       CHE_MULTIUSER: "false"
 ```
 
-```
+```bash
 $ chectl server:update -n <ECLIPSE-CHE-NAMESPACE> --che-operator-cr-patch-yaml <PATH_TO_CR_PATCH_YAML>
 ```
 
+### Workspace namespace strategy
+
+Workspace namespace strategy defines default namespace in which user's workspaces are created.
+It's possible to use <username>, <userid> and <workspaceid> placeholders (e.g.: che-workspace-<username>).
+In that case, new namespace will be created for each user (or workspace).
+For OpenShift infrastructure this property used to specify Project (instead of namespace conception).
+
+To set up namespace workspace strategy use command line:
+
+```bash
+$ kubectl patch checluster/eclipse-che -n <ECLIPSE-CHE-NAMESPACE> --type=merge -p '{"spec":{"server": {"customCheProperties": {"CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT": "che-workspace-<username>"}}}}'
+```
+
+or create `cr-patch.yaml` and use it with chectl:
+
+```yaml
+spec:
+  server:
+    customCheProperties:
+      CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT: "che-workspace-<username>"
+```
+
+```bash
+$ chectl server:update -n <ECLIPSE-CHE-NAMESPACE> --che-operator-cr-patch-yaml <PATH_TO_CR_PATCH_YAML>
+
 ### OpenShift OAuth
 
 OpenShift clusters include a built-in OAuth server. Che operator supports this authentication method. It's enabled by default.
@@ -176,7 +201,7 @@ spec:
     openShiftoAuth: false
 ```
 
-```
+```bash
 $ chectl server:update -n <ECLIPSE-CHE-NAMESPACE> --che-operator-cr-patch-yaml <PATH_TO_CR_PATCH_YAML>
 ```
 
@@ -196,7 +221,7 @@ spec:
     tlsSupport: false
 ```
 
-```
+```bash
 $ chectl server:update -n <ECLIPSE-CHE-NAMESPACE> --che-operator-cr-patch-yaml <PATH_TO_CR_PATCH_YAML>
 ```
 
@@ -292,6 +317,7 @@ Run the VSCode task: `Format che-operator code` or use the terminal:
 ```bash
 $ go fmt ./...
 ```
+> Notice: if you don't have redhat subscription, use public image registry.access.redhat.com/devtools/go-toolset-rhel7:latest
 
 ### Update golang dependencies
 

cmd/manager/main.go

@@ -15,10 +15,12 @@ import (
 	"context"
 	"flag"
 	"fmt"
+
 	"os"
 	"runtime"
 
 	image_puller_api "github.com/che-incubator/kubernetes-image-puller-operator/pkg/apis"
+	"github.com/eclipse/che-operator/cmd/manager/signal"
 	"github.com/eclipse/che-operator/pkg/util"
 	operatorsv1 "github.com/operator-framework/api/pkg/operators/v1"
 	operatorsv1alpha1 "github.com/operator-framework/api/pkg/operators/v1alpha1"
@@ -37,7 +39,6 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client/config"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
-	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
 )
 
 var (
@@ -170,7 +171,9 @@ func main() {
 	logrus.Info("Starting the Cmd")
 
 	// Start the Cmd
-	if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
+	period := signal.GetTerminationGracePeriodSeconds(mgr.GetAPIReader(), namespace)
+	logrus.Info("Create manager")
+	if err := mgr.Start(signal.SetupSignalHandler(period)); err != nil {
 		logrus.Error(err, "Manager exited non-zero")
 		os.Exit(1)
 	}

cmd/manager/signal/signal_handler.go

@@ -0,0 +1,94 @@
+//
+// Copyright (c) 2012-2020 Red Hat, Inc.
+// This program and the accompanying materials are made
+// available under the terms of the Eclipse Public License 2.0
+// which is available at https://www.eclipse.org/legal/epl-2.0/
+//
+// SPDX-License-Identifier: EPL-2.0
+//
+// Contributors:
+//   Red Hat, Inc. - initial API and implementation
+//
+
+package signal
+
+import (
+	"context"
+	"os"
+	"os/signal"
+	"syscall"
+	"time"
+
+	"github.com/sirupsen/logrus"
+	appsv1 "k8s.io/api/apps/v1"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+// SetupSignalHandler set up custom signal handler for main process.
+func SetupSignalHandler(terminationPeriod int64) (stopCh <-chan struct{}) {
+	logrus.Info("Set up process signal handler")
+	var shutdownSignals = []os.Signal{os.Interrupt, syscall.SIGTERM, syscall.SIGINT}
+
+	stop := make(chan struct{})
+	c := make(chan os.Signal, 1)
+	signal.Notify(c, shutdownSignals...)
+	go func() {
+		sig := <-c
+		printSignal(sig)
+
+		// We need provide more time for Che controller go routing to complete finalizers logic.
+		// Otherwise resource won't be clean up gracefully
+		// and Che custom resource will stay with non empty "finalizers" field.
+		time.Sleep(time.Duration(terminationPeriod) * time.Second)
+		logrus.Info("Stop and exit operator.")
+		// Stop Che controller
+		close(stop)
+		// Exit from main process directly.
+		os.Exit(1)
+	}()
+
+	return stop
+}
+
+func printSignal(signal os.Signal) {
+	switch signal {
+	case syscall.SIGHUP:
+		logrus.Info("Signal SIGHUP")
+
+	case syscall.SIGINT:
+		logrus.Println("Signal SIGINT (ctrl+c)")
+
+	case syscall.SIGTERM:
+		logrus.Println("Signal SIGTERM stop")
+
+	case syscall.SIGQUIT:
+		logrus.Println("Signal SIGQUIT (top and core dump)")
+
+	default:
+		logrus.Println("Unknown signal")
+	}
+}
+
+func GetTerminationGracePeriodSeconds(k8sClient client.Reader, namespace string) int64 {
+	cheFlavor := os.Getenv("CHE_FLAVOR")
+	if cheFlavor == "" {
+		cheFlavor = "che"
+	}
+	defaultTerminationGracePeriodSeconds := int64(20)
+
+	deployment := &appsv1.Deployment{}
+	namespacedName := types.NamespacedName{Namespace: namespace, Name: cheFlavor + "-operator"}
+	if err := k8sClient.Get(context.TODO(), namespacedName, deployment); err != nil {
+		logrus.Warnf("Unable to find '%s' deployment in namespace '%s', err: %s", cheFlavor+"-operator", namespace, err.Error())
+	} else {
+		terminationPeriod := deployment.Spec.Template.Spec.TerminationGracePeriodSeconds
+		if terminationPeriod != nil {
+			logrus.Infof("Use 'terminationGracePeriodSeconds' %d sec. from operator deployment.", *terminationPeriod)
+			return *terminationPeriod
+		}
+	}
+
+	logrus.Infof("Use default 'terminationGracePeriodSeconds' %d sec.", defaultTerminationGracePeriodSeconds)
+	return defaultTerminationGracePeriodSeconds
+}

deploy/cluster_role.yaml

@@ -65,3 +65,186 @@ rules:
       - create
       - watch
       - update
+      - get
+      - delete
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - clusterroles
+    verbs:
+      - list
+      - create
+      - watch
+      - update
+      - get
+      - delete
+  - apiGroups:
+      - authorization.openshift.io
+    resources:
+      - roles
+    verbs:
+      - get
+      - create
+      - delete
+  - apiGroups:
+      - authorization.openshift.io
+    resources:
+      - rolebindings
+    verbs:
+      - get
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - roles
+    verbs:
+      - get
+      - create
+      - delete
+  - apiGroups:
+      - rbac.authorization.k8s.io
+    resources:
+      - rolebindings
+    verbs:
+      - get
+      - create
+      - update
+      - delete
+  - apiGroups:
+      - org.eclipse.che
+    resources:
+      - checlusters
+      - checlusters/finalizers
+    verbs:
+      - '*'
+  - apiGroups:
+      - project.openshift.io
+    resources:
+      - projectrequests
+    verbs:
+      - create
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+      - create
+      - update
+  - apiGroups:
+      - project.openshift.io
+    resources:
+      - projects
+    verbs:
+      - get
+  - apiGroups:
+      - ''
+    resources:
+      - serviceaccounts
+    verbs:
+      - get
+      - create
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - pods/exec
+    verbs:
+      - create
+  - apiGroups:
+      - apps
+    resources:
+      - secrets
+    verbs:
+      - list
+  - apiGroups:
+      - ''
+    resources:
+      - secrets
+    verbs:
+      - list
+      - create
+      - delete
+  - apiGroups:
+      - ''
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - create
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ''
+    resources:
+      - pods
+    verbs:
+      - get
+      - list
+      - create
+      - watch
+      - delete
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    verbs:
+      - get
+      - list
+      - create
+      - patch
+      - watch
+      - delete
+  - apiGroups:
+      - ''
+    resources:
+      - services
+    verbs:
+      - list
+      - create
+      - delete
+  - apiGroups:
+      - ''
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - create
+      - delete
+      - list
+  - apiGroups:
+      - route.openshift.io
+    resources:
+      - routes
+    verbs:
+      - list
+      - create
+      - delete
+  - apiGroups:
+      - ''
+    resources:
+      - events
+    verbs:
+      - watch
+  - apiGroups:
+      - apps
+    resources:
+      - replicasets
+    verbs:
+      - list
+      - get
+      - patch
+      - delete
+  - apiGroups:
+      - extensions
+    resources:
+      - ingresses
+    verbs:
+      - list
+      - create
+      - watch
+      - get
+      - delete

deploy/crds/org_v1_che_cr.yaml

@@ -59,7 +59,7 @@ spec:
     # sets mem limit for server deployment. Defaults to 1Gi
     serverMemoryLimit: ''
     # sets default namespace where new workspaces will be created
-    workspaceNamespaceDefault: ''
+    workspaceNamespaceDefault: "<username>-che"
     # defines if user is able to specify namespace different from the default
     allowUserDefinedWorkspaceNamespaces: false
     # Sets the server and workspaces exposure type. Possible values are "multi-host", "single-host", "default-host".

deploy/namespaces_cluster_role.yaml

@@ -23,4 +23,6 @@ rules:
       - namespaces
     verbs:
       - update
+      - list
+      - create
       - get