Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 6 additions & 26 deletions crates/openshell-driver-kubernetes/src/driver.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1298,17 +1298,6 @@ fn sandbox_to_k8s_spec(
) -> serde_json::Value {
let mut root = serde_json::Map::new();

// Determine early whether the user provided custom volumeClaimTemplates.
// When they haven't, we inject a default workspace VCT and corresponding
// init container + volume mount so sandbox data persists. We need this
// flag before building the podTemplate because the workspace persistence
// transforms are applied inside sandbox_template_to_k8s.
let user_has_vct = spec
.and_then(|s| s.template.as_ref())
.and_then(|t| platform_config_struct(t, "volume_claim_templates"))
.is_some();
let inject_workspace = !user_has_vct;

if let Some(spec) = spec {
let pod_env = spec_pod_env(Some(spec));
if let Some(template) = spec.template.as_ref() {
Expand All @@ -1318,7 +1307,7 @@ fn sandbox_to_k8s_spec(
template,
driver_gpu_requirements(spec.resource_requirements.as_ref()),
&pod_env,
inject_workspace,
true,
params,
),
);
Expand All @@ -1328,22 +1317,13 @@ fn sandbox_to_k8s_spec(
serde_json::json!(template.agent_socket_path),
);
}
if let Some(volume_templates) =
platform_config_struct(template, "volume_claim_templates")
{
root.insert("volumeClaimTemplates".to_string(), volume_templates);
}
}
}

// Inject the default workspace volumeClaimTemplate when the user didn't
// provide their own.
if inject_workspace {
root.insert(
"volumeClaimTemplates".to_string(),
default_workspace_volume_claim_templates(params.workspace_default_storage_size),
);
}
root.insert(
"volumeClaimTemplates".to_string(),
default_workspace_volume_claim_templates(params.workspace_default_storage_size),
);

// podTemplate is required by the Kubernetes CRD - ensure it's always present
if !root.contains_key("podTemplate") {
Expand All @@ -1354,7 +1334,7 @@ fn sandbox_to_k8s_spec(
&SandboxTemplate::default(),
driver_gpu_requirements(spec.and_then(|s| s.resource_requirements.as_ref())),
&pod_env,
inject_workspace,
true,
params,
),
);
Expand Down
14 changes: 2 additions & 12 deletions crates/openshell-server/src/compute/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1666,8 +1666,8 @@ fn extract_typed_resources(
}

/// Build the opaque `platform_config` Struct from platform-specific public
/// template fields (`runtime_class_name`, annotations, `volume_claim_templates`)
/// plus any resource fields beyond CPU/memory.
/// template fields (`runtime_class_name`, annotations) plus any resource fields
/// beyond CPU/memory.
fn build_platform_config(template: &SandboxTemplate) -> Option<prost_types::Struct> {
use prost_types::{Struct, Value, value::Kind};

Expand Down Expand Up @@ -1705,16 +1705,6 @@ fn build_platform_config(template: &SandboxTemplate) -> Option<prost_types::Stru
);
}

// Pass through the raw volume_claim_templates Struct as a nested value.
if let Some(ref vct) = template.volume_claim_templates {
fields.insert(
"volume_claim_templates".to_string(),
Value {
kind: Some(Kind::StructValue(vct.clone())),
},
);
}

// Invert: the public API uses `user_namespaces: true` (positive sense)
// while the K8s driver expects `host_users: false` (K8s convention).
// The driver inverts this back via `!host_users` to resolve the final
Expand Down
8 changes: 0 additions & 8 deletions crates/openshell-server/src/grpc/validation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -206,14 +206,6 @@ fn validate_sandbox_template(tmpl: &SandboxTemplate) -> Result<(), Status> {
)));
}
}
if let Some(ref s) = tmpl.volume_claim_templates {
let size = s.encoded_len();
if size > MAX_TEMPLATE_STRUCT_SIZE {
return Err(Status::invalid_argument(format!(
"template.volume_claim_templates serialized size exceeds maximum ({size} > {MAX_TEMPLATE_STRUCT_SIZE})"
)));
}
}
if let Some(ref s) = tmpl.driver_config {
let size = s.encoded_len();
if size > MAX_TEMPLATE_STRUCT_SIZE {
Expand Down
4 changes: 2 additions & 2 deletions proto/openshell.proto
Original file line number Diff line number Diff line change
Expand Up @@ -362,8 +362,8 @@ message SandboxTemplate {
map<string, string> environment = 6;
// Platform-specific compute resource requirements and limits.
google.protobuf.Struct resources = 7;
// Optional platform-specific volume claim templates.
google.protobuf.Struct volume_claim_templates = 9;
reserved 9;
reserved "volume_claim_templates";
// Enable Kubernetes user namespace isolation (hostUsers: false).
// When true, container UID 0 maps to a non-root host UID and capabilities
// become namespaced. Requires Kubernetes 1.33+ with user namespace support
Expand Down
Loading