Agent: Update workspace creation and termination logic

MR: Shared namespace support (gitlab-org/cluster-integration/gitlab-agent!2351 - merged)

Description

Currently, when we want to create a new workspace, the agent creates a new namespace of each workspace. To support scenarios where workspaces can be created in a single shared namespace, we need to modify the creation logic in the agent to not create new namespaces if the agent is running in a single shared namespace mode.

Currently, when we want to terminate a workspace, we send the following information from Rails to Agent among other things - desired_state and the config_to_apply. The agent check if the desired_state is Terminated and if yes, it deletes the namespace of the workspace. This leads to a cascading delete of all the resources in the namespace. The agent completely ignores the config_to_apply value when the desired_state of the workspace is Terminated. Currently, we send the entire information about the workspace in config_to_apply - Inventory config map, Deployment, Service, etc.

To support scenarios where workspaces can be created in a single shared namespace, we need to modify the termination logic in the agent to not delete the namespace entirely(as there would only be a single namespace to create the workspace and the agent will not have permissions to do create/update/delete namespaces).

Acceptance criteria

  • When the agent is running in single shared namespace mode, a new workspace creates all the resources in the specified shared namespace and no new namespace is created.
  • When the agent is running in single shared namespace mode, termination of a workspace deletes all the workspaces resources in the specified shared namespace and no namespace is deleted.
  • When the agent is running in unique namespace mode(existing behaviour), a new workspace creates all the resources in the unique namespace and a new namespace is created.
  • When the agent is running in unique namespace mode(existing behaviour), termination of a workspace deletes all the workspaces resources in the uniques namespace and the namespace is deleted.

Implementation plan

## Implementation plan

Update internal/module/remote_development/agent/reconciler.go to

  • Update applyWorkspaceChanges function to create a new namespace if the agent is running a unique namespace mode.
  • Deleted the code in enrichRailsPayloadWithWorkspaceTerminationProgress to not update the terminationTracker while trying to gather data for the terminated workspaces to send to Rails.
  • Update handleDesiredStateIsTerminated function to follow the below logic for termination of workspace
    • The return type will be <-chan *ErrorDetails instead of error
    • If actual state of the workspace is Terminated, remove the workspace from state tracker and termination tracker and return
    • Read the workspaceRailsInfo.ConfigToApply field to extract the names of the inventory config maps received from Rails.
    • Loop over each of the names and try to get the config map from Kubernetes.
    • Update the terminationTracker to set the progress to Terminated and return if the following conditions are met
      • If the agent is running in shared namespace mode and no inventory config maps were found in Kubernetes.
      • If the agent is running in unique namespaces mode and no namespace was found in Kubernetes.
    • Loop over all the found config maps and check if those inventory config maps in Kubernetes are tracking any objects by reading the 'data' key. If the 'data' key is found, and it is not empty, it means the objects are still present in the cluster. Trigger the deletion of the tracked resources by applying the workspaceRailsInfo.ConfigToApply field. Once the loop is completed, update the terminationTracker to set the progress to Terminating and return if all the tracked objects in all the inventory config maps are deleted.
    • Loop over all the inventory config maps and delete them if the agent is running in a shared namespace mode. Else, if the agent is running in unique namespace mode, delete the namespace(which will cascade delete the remaining resources - image pull secrets, inventory config maps, etc.).
    • Update the termination tracker to set the progress to Terminating and return.

Update internal/module/remote_development/agent/termination_tracker.go to

  • Delete the set function
  • Add a new function updateOrSet(name string, namespace string, progress TerminationProgress)
    • By default isReconciled = false.
    • Check if the record is present in the tracker.
    • If yes and if the incoming progress is equal to the existing progress value in the tracker, then set isReconciled = true.
    • Update the tracker with these details.
  • The end result of this is that we do no unnecessarily send information about the termination progress of the workspace unless there is a change in the termination progress.

Here is a reference spike implementation - Draft: Spike: Workspaces in a single namespace (gitlab-org/cluster-integration/gitlab-agent!2239 - closed)

Edited by Vishal Tak