Move project cloning to post start event
MR: Move workspace project cloning to post start (!192345 - merged)
Description
When you create a workspace, the project is cloned as part of an init container. This creates the following problems -
- Using
alpine/gitcontainer image from DockerHub is a supply chain security issue. - Using
alpine/gitcontainer image from DockerHub can result in rate limiting. - Customers with GitLab on a private domain cannot configure the init container to inject custom TLS certificates for successful project cloning.
- If the project is medium-to-large, the project cloning might fail if there is not enough memory/cpu. One can never predict a one-size-fits-all for this case. Hence, it is not feasible to constantly keep on increasing these resources.
This issue proposes that we move the project cloning from the init container to a post start command in the container of the workspace where the IDE is injected.
This will also solve other tangential issues because we are completely removing the init container cloning the project
- Workspace doesn't start when using a GitLab cer... (#507855 - closed) - Because all the container images in the devfile are configurable by the user and they can configure the CA certificates in that container image.
- Allow project cloner image to trust custom CA cert (#429494 - closed) - Because all the container images in the devfile are configurable by the user and they can configure the CA certificates in that container image.
- DockerHub rate limiting impacts Workspaces crea... (#534646 - closed) - Because we will no longer rely on DockerHub
- Use docker-image published by Gitlab in the pro... (#408448 - closed) - Because there is no longer a need for the init container image
- Abstract project cloner configuration as a conf... (#409586 - closed) - Because there is no longer a need for the init container image
- Use distroless images where possible for compon... (#425533 - closed) (partly) - Because there is no longer a need for the init container image
Acceptance criteria
-
Project cloning is moved to post start event in the main container of the workspace. -
Successful cloning of project on workspace startup -
Project should not be cloned again if it was successfully cloned and then the workspace was restarted.
Implementation plan
N.A.
Edited by Vishal Tak