fix: disable keycloak on test3 for benchmark runs

.github/workflows/deploy-pr.yml

@@ -45,6 +45,11 @@ on:
         description: 'Preview OCI tag from theia-cloud-helm to use (for example pr-123)'
         required: false
         default: ''
+      clean_install:
+        description: 'Clean Install: If true, perform namespace-scoped cleanup before install (delete sessions/workspaces, appdefinitions, deployments, daemonsets, statefulsets, PVCs).'
+        required: false
+        default: false
+        type: boolean
 
 jobs:
   # Job 1: Deploy to Test1 environment
@@ -62,6 +67,7 @@ jobs:
       ide_images_tag: ${{ inputs.ide_images_tag }}
       execution_mode: ${{ inputs.execution_mode || 'self-hosted-buildkit' }}
       helm_chart_tag: ${{ inputs.helm_chart_tag || '' }}
+      clean_install: ${{ github.event_name == 'workflow_dispatch' && (inputs.clean_install || false) }}
       deploy_shared_gateway: false
       shared_gateway_values_file: deployments/shared-gateway/values.yaml
       shared_gateway_namespace: gateway-system
@@ -82,6 +88,7 @@ jobs:
       ide_images_tag: ${{ inputs.ide_images_tag }}
       execution_mode: ${{ inputs.execution_mode || 'self-hosted-buildkit' }}
       helm_chart_tag: ${{ inputs.helm_chart_tag || '' }}
+      clean_install: ${{ github.event_name == 'workflow_dispatch' && (inputs.clean_install || false) }}
       deploy_shared_gateway: false
       shared_gateway_values_file: deployments/shared-gateway/values.yaml
       shared_gateway_namespace: gateway-system
@@ -102,6 +109,7 @@ jobs:
       ide_images_tag: ${{ inputs.ide_images_tag }}
       execution_mode: ${{ inputs.execution_mode || 'self-hosted-buildkit' }}
       helm_chart_tag: ${{ inputs.helm_chart_tag || '' }}
+      clean_install: ${{ github.event_name == 'workflow_dispatch' && (inputs.clean_install || false) }}
       deploy_shared_gateway: false
       shared_gateway_values_file: deployments/shared-gateway/values.yaml
       shared_gateway_namespace: gateway-system

.github/workflows/deploy-theia.yml

@@ -85,6 +85,11 @@ on:
         required: false
         type: string
         default: "self-hosted-buildkit"
+      clean_install:
+        description: "If true, perform namespace-scoped cleanup before Helm install"
+        required: false
+        type: boolean
+        default: false
 
 jobs:
   helm-install:
@@ -250,6 +255,7 @@ jobs:
         env:
           KUBECONFIG: ${{ github.workspace }}/kubeconfig
         run: |
+          set -euo pipefail
 
           # Install cluster-wide monitoring (PodMonitors + Grafana Dashboards)
           # This is installed once per cluster, not per environment
@@ -276,6 +282,39 @@ jobs:
             --set wildcardTLSSecret.certificate="$(cat shared-gateway-wildcard.crt)" \
             --set wildcardTLSSecret.key="$(cat shared-gateway-wildcard.key)"
 
+      - name: Clean install - namespace-scoped resource purge
+        if: inputs.clean_install && github.event_name == 'workflow_dispatch'
+        env:
+          KUBECONFIG: ${{ github.workspace }}/kubeconfig
+        run: |
+          set -euo pipefail
+
+          NAMESPACE="${{ vars.NAMESPACE }}"
+
+          # Delete active session resources first if these CRDs exist
+          RESOURCE_LIST="$(kubectl api-resources --namespaced=true -o name)"
+          while IFS= read -r resource; do
+            if echo "$resource" | grep -Eq '^sessions(\.|$)|^session(\.|$)|^workspaces(\.|$)|^workspace(\.|$)'; then
+              kubectl delete "$resource" --all -n "$NAMESPACE" --ignore-not-found=true || true
+            fi
+          done <<< "$RESOURCE_LIST"
+
+          # Delete AppDefinitions for a full clean slate
+          kubectl delete appdefinitions --all -n "$NAMESPACE" --ignore-not-found=true
+
+          # Delete namespace workloads
+          kubectl delete deployments --all -n "$NAMESPACE" --ignore-not-found=true
+          kubectl delete daemonsets --all -n "$NAMESPACE" --ignore-not-found=true
+          kubectl delete statefulsets --all -n "$NAMESPACE" --ignore-not-found=true
+
+          # Wait until workload pods terminate (best effort)
+          kubectl wait --for=delete pod --all -n "$NAMESPACE" --timeout=120s || true
+
+          # Delete PVCs associated with this namespace
+          kubectl delete pvc --all -n "$NAMESPACE" --ignore-not-found=true
+
+          echo "Clean install purge complete. Proceeding to Helm install."
+
       # Step 6: Install the main Theia Cloud application with environment-specific configuration
       # This includes the operator, service, certificates, and app definitions
       - name: Install Theia Cloud in namespace ${{ vars.NAMESPACE }}

deployments/test3.theia-test.artemis.cit.tum.de/values.yaml

@@ -43,37 +43,32 @@ theia-cloud:
       interval: 3
 
   operator:
-    image: ghcr.io/eduide/eduide-cloud/operator:pr-70
-    #eagerStart: false
+    image: ghcr.io/eduide/eduide-cloud/operator:pr-101
+    eagerStart: false
     replicas: 1
     sessionsPerUser: 10
     # Test3 runs on the parma cluster where Longhorn is the default storage backend.
-    storageClassName: longhorn
+    storageClassName: csi-rbd-sc
     resources:
       requests:
         ephemeral-storage: "128Mi"
       limits:
         ephemeral-storage: "256Mi"
 
   service:
-    image: ghcr.io/eduide/eduide-cloud/service:pr-70
+    image: ghcr.io/eduide/eduide-cloud/service:pr-101
     adminApiTokenSecret:
       name: service-admin-api-token
       key: ADMIN_API_TOKEN
 
   preloading:
     images:
-      - ghcr.io/eduide/eduide-cloud/landing-page:pr-70
-      - ghcr.io/eduide/eduide/java-17:latest
-      - ghcr.io/eduide/eduide/c:latest
-      - ghcr.io/eduide/eduide/javascript:latest
-      - ghcr.io/eduide/eduide/ocaml:latest
-      - ghcr.io/eduide/eduide/rust:latest
-      - ghcr.io/eduide/eduide/python:latest
-      - ghcr.io/eduide/eduide/java-17-no-ls:pr-70
-      - ghcr.io/eduide/eduide/rust-no-ls:pr-70
-      - ghcr.io/eduide/eduide/langserver-java:pr-70
-      - ghcr.io/eduide/eduide/langserver-rust:pr-70
+      - ghcr.io/eduide/eduide/java-17:pr-131
+      - ghcr.io/eduide/eduide/rust:pr-131
+      - ghcr.io/eduide/eduide/java-17-no-ls:pr-131
+      - ghcr.io/eduide/eduide/rust-no-ls:pr-131
+      - ghcr.io/eduide/eduide/langserver-java:pr-131
+      - ghcr.io/eduide/eduide/langserver-rust:pr-131
 
   imagePullPolicy: Always
 
@@ -83,7 +78,7 @@ theia-cloud:
 
   landingPage:
     # We use the try now page as landing page since the default does not support mutliple apps -> https://github.com/eclipsesource/theia-cloud/discussions/301
-    image: ghcr.io/eduide/eduide-cloud/landing-page:pr-70
+    image: ghcr.io/eduide/eduidec-landing-page:latest
     # We can define a default blueprint
 
     # 1. The actual image data (Must be a Base64 encoded string)
@@ -94,12 +89,12 @@ theia-cloud:
     # you might need this. If you used my simplified template, this is ignored.
     logoFileExtension: "png"
     appDefinition: "java-17-no-ls"
-    ephemeralStorage: true
+    ephemeralStorage: false
     additionalApps:
       java-17-no-ls:
-        label: Java 17 No-LS (Sidecar)
+        label: Java 17 No-LS
       rust-no-ls:
-        label: Rust No-LS (Sidecar)
+        label: Rust No-LS
     infoTitle: "🚀 Welcome to Test3 IDE Environment"
     infoText: "Test environment for Theia with external language server architecture (PR #70). The IDE runs separately from the language server for improved performance and modularity."
     loadingText: "⚡ Setting up your development workspace..."
@@ -119,7 +114,7 @@ theia-cloud:
         url: "https://aet.cit.tum.de/"
 
   keycloak:
-    enable: true
+    enable: false
 
     # -- Key cloak auth URL. Only has to be specified when enable: true
     authUrl: "https://keycloak.ase.in.tum.de/"
@@ -131,20 +126,26 @@ theia-cloud:
     clientId: "theia-test"
 
 theia-appdefinitions:
-  defaultImageTag: pr-70
+  defaultImageTag: pr-131
   apps:
     - name: java-17-no-ls
       image: ghcr.io/eduide/eduide/java-17-no-ls
-      minInstances: 1
+      minInstances: 3
+      maxInstances: 20
       sidecars:
         - name: langserver
           image: ghcr.io/eduide/eduide/langserver-java
           port: 5000
           languages: [java]
           mountWorkspace: true
+    - name: java-17-latest
+      image: ghcr.io/eduide/eduide/java-17
+      minInstances: 3
+      maxInstances: 20
     - name: rust-no-ls
       image: ghcr.io/eduide/eduide/rust-no-ls
-      minInstances: 1
+      minInstances: 3
+      maxInstances: 20
       sidecars:
         - name: langserver
           image: ghcr.io/eduide/eduide/langserver-rust

deployments/theia.artemis.cit.tum.de/values.yaml

@@ -42,17 +42,20 @@ theia-cloud:
       interval: 3
 
   operator:
-    #image: ghcr.io/eduide/eduide-cloud/operator:latest
-    #eagerStart: false
+    image: ghcr.io/eduide/eduide-cloud/operator:latest-ba732d8
+    # Production keeps Ceph RBD and does not configure sidecars.
+    # Disable eager-start so the operator stays on the workspace-backed RWO path
+    # instead of creating prewarmed RWX PVCs that do not fit csi-rbd-sc.
+    eagerStart: false
     replicas: 3
     sessionsPerUser: 10
     storageClassName: csi-rbd-sc
 
-  # service:
-  #   image: ghcr.io/eduide/eduide-cloud/service:latest
-  #   adminApiTokenSecret:
-  #     name: service-admin-api-token
-  #     key: ADMIN_API_TOKEN
+  service:
+    image: ghcr.io/eduide/eduide-cloud/service:latest-ba732d8
+    adminApiTokenSecret:
+      name: service-admin-api-token
+      key: ADMIN_API_TOKEN
 
   preloading:
     images: