Add tenant personal workspace auto-closure after a defined number of seconds

[rs59]

Description

"Project 1": Improving resources and namespaces management in CrownLabs

"For isolation purposes, CrownLabs creates a new Kubernetes namespace for each tenant (e.g., student). However, due to the high number of users, this operation may become problematic, also considering that namespaces are active in CrownLabs even if the user is not logged-in. This project aims at improving how namespaces and resources are handled in CrownLabs, possibly creating dynamically the namespace only when the user is actively using the system." https://cloud.frisso.net/projects

This pull request modifies operators/api/v1alpha2/tenant_types.go and operators/deploy/crds/crownlabs.polito.it_tenants.yaml, adding a LastLogin field to the tenant Spec, implementing in operators/pkg/tenant-controller/tenant_controller.go an auto-deletion of the tenant personal namespace based on the number of seconds elapsed since the tenant has last logged in. If there are Instance resources in the Tenant namespace, the Tenant namespace will not be deleted.

Relevant startup variables in operators/cmd/tenant-operator/main.go include requeueTimeMaximum or nc-tenant-operator-rq-time-max (Maximum nanoseconds before requeue of controller), requeueTimeMinimum or nc-tenant-operator-rq-time-min (Minimum nanoseconds before requeue of controller), and tenantWorkspaceKeepAlive or nc-tenant-operator-wspc-keep-alive (Nanoseconds after last login of tenant during which the tenant workspace should be kept alive: after this period, the controller will attempt to delete the tenant personal workspace).

How Has This Been Tested?

A new sample tenant configuration, operators/samples/tenantRS.yml, was created and applied to the kubernetes cluster (using kubectl apply -f tenantRS.yml) with tenant_controller.go settings nc-tenant-operator-rq-time-max=35000000000, nc-tenant-operator-rq-time-min=30000000000, and nc-tenant-operator-wspc-keep-alive=80000000000.

• It is assumed that creating an instance in a tenant workspace must either be preceded by a tenant login and/or the (re)creation of the tenant workspace.

• [x] Test A: It was verified using the logs and kubectl get ns that, upon creation of the tenant, the tenant namespace tenant-sam-h was in fact not in existence.

• [x] Test B: It was verified that simulating a tenant login at 10s after the tenant creation, using date_to_write=$(date +"%Y-%m-%dT%H:%M:%S%z"); date_to_write=$(sed 's/.\{2\}$/:&/' <<< "$date_to_write"); kubectl get tenant sam.h -o json | jq ".spec.lastLogin = \"${date_to_write}\" | del(.creationTimestamp) | del(.resourceVersion) | del(.selfLink) | del(.uid)" | kubectl replace -f - caused the tenant namespace to be running continuously until 80 seconds elapsed. The two runs of the reconciler between 30 and 35 seconds and between 60 and 70 seconds did not delete the tenant namespace.

• [x] Test C: It was verified using the logs and kubectl get ns that the tenant namespace tenant-sam-h was in fact deleted when the reconciler ran after 80 seconds elapsed (between 90 and 105 seconds).

• [x] Test D: It was verified that simulating a tenant login using date_to_write=$(date +"%Y-%m-%dT%H:%M:%S%z"); date_to_write=$(sed 's/.\{2\}$/:&/' <<< "$date_to_write"); kubectl get tenant sam.h -o json | jq ".spec.lastLogin = \"${date_to_write}\" | del(.creationTimestamp) | del(.resourceVersion) | del(.selfLink) | del(.uid)" | kubectl replace -f - caused the tenant namespace tenant-sam-h to be recreated continuously for 80 seconds after the execution of the command.

• [x] Test E: It was verified that creating a sample instance in the tenant workspace using kubectl apply -f instanceRS.yml prevented deletion of the tenant workspace after 80 seconds.

• [x] Test F: After removal of the sample instance, using kubectl delete -f instanceRS.yml, the reconciler execution caused the tenant namespace tenant-sam-h to be deleted due to a login more than 80 seconds ago and a lack of any instances in the tenant workspace.

• [x] A test has been added to sandbox_test.go confirming that LastLogin is created with a value of 0

Known issues/bugs

• On some platforms, it seems that lines 143-149 (finalizer addition) of tenant_controller.go need to be commented out in order to allow tenant_controller.go to modify the tenant spec value of LastLogin.
• Additionally, lines 104-111 (finalizer addition) and 134-147 (keycloak status subscriptions) of workspace_controller.go needed to be commented out to prevent errors.
• Further, lines 105, 108, 111, and 114 of workspace_controller_test.go need to be commented out, as well as lines 278-280 of tenant_controller_test.go
• Deleting a tenant and then recreating a tenant immediately afterwards (i.e. kubectl apply -f tenantRS.yml then kubectl delete -f tenantRS.yml) seems to cause some issues with the personal namespace reconciliation, but this doesn't seem to be due to this pull request
• Currently the code to cause LastLogin to be updated on tenant login to the GUI has not been implemented in the user-facing frontend. So if this code were implemented directly, tenants would not be able to recreate their namespaces once deleted.

[kingmakerbot]

Hi @rs59. Thanks for your PR.

I am @kingmakerbot. You can interact with me issuing a slash command in the first line of a comment. Currently, I understand the following commands:

• /rebase: Rebase this PR onto the master branch
• /merge: Merge this PR into the master branch
• /hold: Adds hold label to prevent merging with /merge
• /unhold: Removes the hold label to allow merging with /merge
• /deploy-staging: Deploy a staging environment to test this PR (the build-all flag enables user environments building)
• /undeploy-staging: Manually undeploy the staging environment

Make sure this PR appears in the CrownLabs changelog, adding one of the following labels:

• kind/breaking: :boom: Breaking Change
• kind/feature: :rocket: New Feature
• kind/bug: :bug: Bug Fix
• kind/cleanup: :broom: Code Refactoring
• kind/docs: :memo: Documentation

[rs59]

@giorio94 Ready to move forward with the next steps!

[rs59]

Squash all commits @rs59

[rs59]

@giorio94 Tests have been edited to run and a new test was created for LastLogin. Except for merging all of the commits into one commit, are there any other outstanding issues?