-
Notifications
You must be signed in to change notification settings - Fork 88
/
org_v1_che_crd.yaml
1152 lines (1151 loc) · 66.7 KB
/
org_v1_che_crd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
labels:
app.kubernetes.io/instance: che
app.kubernetes.io/managed-by: olm
app.kubernetes.io/name: che
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: The `CheCluster` custom resource allows defining and managing
a Che server installation
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on
these settings, the Operator automatically creates and maintains
several ConfigMaps that will contain the appropriate environment variables
the various components of the Che installation. These generated ConfigMaps
must NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication
used by the Che installation.
properties:
debug:
description: Debug internal identity provider.
type: boolean
externalIdentityProvider:
description: 'Instructs the Operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance).
Instructs the Operator on whether to deploy a dedicated Identity
Provider (Keycloak or RH-SSO instance). By default, a dedicated
Identity Provider server is deployed as part of the Che installation.
When `externalIdentityProvider` is `true`, no dedicated identity
provider will be deployed by the Operator and you will need
to provide details about the external identity provider you
are about to use. See also all the other fields starting with:
`identityProvider`.'
type: boolean
gatewayAuthenticationSidecarImage:
description: Gateway sidecar responsible for authentication
when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy]
or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy].
type: string
gatewayAuthorizationSidecarImage:
description: Gateway sidecar responsible for authorization when
NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy]
or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy]
type: string
gatewayHeaderRewriteSidecarImage:
description: Deprecated. The value of this flag is ignored.
Sidecar functionality is now implemented in Traefik plugin.
type: string
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider administrator
user. Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider, Keycloak or RH-SSO,
`client-id` that is used for Che. Override this when an external
Identity Provider is in use. See the `externalIdentityProvider`
field. When omitted or left blank, it is set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderContainerResources:
description: Identity provider container custom settings.
properties:
limits:
description: Limits describes the maximum amount of compute
resources allowed.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024)
type: string
type: object
request:
description: Requests describes the minimum amount of compute
resources required.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024)
type: string
type: object
type: object
identityProviderImage:
description: Overrides the container image used in the Identity
Provider, Keycloak or RH-SSO, deployment. This includes the
image tag. Omit it or leave it empty to use the default container
image provided by the Operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider, Keycloak or RH-SSO, deployment. Default value is
`Always` for `nightly`, `next` or `latest` images, and `IfNotPresent`
in other cases.
type: string
identityProviderIngress:
description: Ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
identityProviderPassword:
description: Overrides the password of Keycloak administrator
user. Override this when an external Identity Provider is
in use. See the `externalIdentityProvider` field. When omitted
or left blank, it is set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for a Identity Provider, Keycloak or RH-SSO,
to connect to the database. Override this when an external
Identity Provider is in use. See the `externalIdentityProvider`
field. When omitted or left blank, it is set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for the Identity
Provider, Keycloak or RH-SSO, to connect to the database.
When the secret is defined, the `identityProviderPostgresPassword`
is ignored. When the value is omitted or left blank, the one
of following scenarios applies: 1. `identityProviderPostgresPassword`
is defined, then it will be used to connect to the database.
2. `identityProviderPostgresPassword` is not defined, then
a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderRealm:
description: Name of a Identity provider, Keycloak or RH-SSO,
realm that is used for Che. Override this when an external
Identity Provider is in use. See the `externalIdentityProvider`
field. When omitted or left blank, it is set to the value
of the `flavour` field.
type: string
identityProviderRoute:
description: Route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
identityProviderSecret:
description: 'The secret that contains `user` and `password`
for Identity Provider. When the secret is defined, the `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. When the value
is omitted or left blank, the one of following scenarios applies:
1. `identityProviderAdminUserName` and `identityProviderPassword`
are defined, then they will be used. 2. `identityProviderAdminUserName`
or `identityProviderPassword` are not defined, then a new
secret with the name `che-identity-secret` will be created
with default value `admin` for `user` and with an auto-generated
value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH-SSO server). Set this ONLY when a use of an external
Identity Provider is needed. See the `externalIdentityProvider`
field. By default, this will be automatically calculated and
set by the Operator.
type: string
initialOpenShiftOAuthUser:
description: For operating with the OpenShift OAuth authentication,
create a new user account since the kubeadmin can not be used.
If the value is true, then a new OpenShift OAuth user will
be created for the HTPasswd identity provider. If the value
is false and the user has already been created, then it will
be removed. If value is an empty, then do nothing. The user's
credentials are stored in the `openshift-oauth-user-credentials`
secret in 'openshift-config' namespace by Operator. Note that
this solution is Openshift 4 platform-specific.
type: boolean
nativeUserMode:
description: Enables native user mode. Currently works only
on OpenShift and DevWorkspace engine. Native User mode uses
OpenShift OAuth directly as identity provider, without Keycloak.
type: boolean
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used
to setup identity federation on the OpenShift side. Auto-generated
when left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift
side. Auto-generated when left blank. See also the `OAuthClientName`
field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider
(Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift
by default. This will allow users to directly login with their
OpenShift user through the OpenShift login, and have their
workspaces created under personal OpenShift namespaces. WARNING:
the `kubeadmin` user is NOT supported, and logging through
it will NOT allow accessing the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used
by the Che installation.
properties:
chePostgresContainerResources:
description: PostgreSQL container custom settings
properties:
limits:
description: Limits describes the maximum amount of compute
resources allowed.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024)
type: string
type: object
request:
description: Requests describes the minimum amount of compute
resources required.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024)
type: string
type: object
type: object
chePostgresDb:
description: PostgreSQL database name that the Che server uses
to connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: PostgreSQL Database host name that the Che server
uses to connect to. Defaults is `postgres`. Override this
value ONLY when using an external database. See field `externalDb`.
In the default case it will be automatically set by the Operator.
type: string
chePostgresPassword:
description: PostgreSQL password that the Che server uses to
connect to the DB. When omitted or left blank, it will be
set to an automatically generated value.
type: string
chePostgresPort:
description: PostgreSQL Database port that the Che server uses
to connect to. Defaults to 5432. Override this value ONLY
when using an external database. See field `externalDb`. In
the default case it will be automatically set by the Operator.
type: string
chePostgresSecret:
description: 'The secret that contains PostgreSQL`user` and
`password` that the Che server uses to connect to the DB.
When the secret is defined, the `chePostgresUser` and `chePostgresPassword`
are ignored. When the value is omitted or left blank, the
one of following scenarios applies: 1. `chePostgresUser` and
`chePostgresPassword` are defined, then they will be used
to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword`
are not defined, then a new secret with the name `che-postgres-secret`
will be created with default value of `pgche` for `user` and
with an auto-generated value for `password`. The secret must
have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the Operator on whether to deploy a
dedicated database. By default, a dedicated PostgreSQL database
is deployed as part of the Che installation. When `externalDb`
is `true`, no dedicated database will be deployed by the Operator
and you will need to provide connection details to the external
DB you are about to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the PostgreSQL
database deployment. This includes the image tag. Omit it
or leave it empty to use the default container image provided
by the Operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the PostgreSQL
database deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
postgresVersion:
description: 'Indicates a PostgreSQL version image to use. Allowed
values are: `9.6` and `13.3`. Migrate your PostgreSQL database
to switch from one version to another.'
type: string
pvcClaimSize:
description: Size of the persistent volume claim for database.
Defaults to `1Gi`. To update pvc storageclass that provisions
it must support resize when Eclipse Che has been already deployed.
type: string
type: object
devWorkspace:
description: DevWorkspace operator configuration
properties:
controllerImage:
description: Overrides the container image used in the DevWorkspace
controller deployment. This includes the image tag. Omit it
or leave it empty to use the default container image provided
by the Operator.
type: string
enable:
description: Deploys the DevWorkspace Operator in the cluster.
Does nothing when a matching version of the Operator is already
installed. Fails when a non-matching version of the Operator
is already installed.
type: boolean
required:
- enable
type: object
imagePuller:
description: Kubernetes Image Puller configuration
properties:
enable:
description: Install and configure the Community Supported Kubernetes
Image Puller Operator. When set to `true` and no spec is provided,
it will create a default KubernetesImagePuller object to be
managed by the Operator. When set to `false`, the KubernetesImagePuller
object will be deleted, and the Operator will be uninstalled,
regardless of whether a spec is provided. If the `spec.images`
field is empty, a set of recommended workspace-related images
will be automatically detected and pre-pulled after installation.
Note that while this Operator and its behavior is community-supported,
its payload may be commercially-supported for pulling commercially-supported
images.
type: boolean
spec:
description: A KubernetesImagePullerSpec to configure the image
puller in the CheCluster
properties:
affinity:
type: string
cachingCPULimit:
type: string
cachingCPURequest:
type: string
cachingIntervalHours:
type: string
cachingMemoryLimit:
type: string
cachingMemoryRequest:
type: string
configMapName:
type: string
daemonsetName:
type: string
deploymentName:
type: string
imagePullSecrets:
type: string
imagePullerImage:
type: string
images:
type: string
nodeSelector:
type: string
type: object
required:
- enable
type: object
k8s:
description: Configuration settings specific to Che installations
made on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controller
will manage ingresses. Defaults to `nginx`. NB: This drives
the `kubernetes.io/ingress.class` annotation on Che-related
ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a Kubernetes cluster.
This MUST be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: 'Strategy for ingress creation. Options are: `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host` (no host
is provided, path-based rules). Defaults to `multi-host` Deprecated
in favor of `serverExposureStrategy` in the `server` section,
which defines this regardless of the cluster type. When both
are defined, the `serverExposureStrategy` option takes precedence.'
type: string
securityContextFsGroup:
description: The FSGroup in which the Che Pod and workspace
Pods containers runs in. Default value is `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che Pod and workspace Pods containers
run as. Default value is `1724`.
type: string
singleHostExposureType:
description: When the serverExposureStrategy is set to `single-host`,
the way the server, registries and workspaces are exposed
is further configured by this property. The possible values
are `native`, which means that the server and workspaces are
exposed using ingresses on K8s or `gateway` where the server
and workspaces are exposed using a custom gateway based on
link:https://doc.traefik.io/traefik/[Traefik]. All the endpoints
whether backed by the ingress or gateway `route` always point
to the subpaths on the same domain. Defaults to `native`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination when TLS is enabled. When the field is empty
string, the default cluster certificate will be used. See
also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` the Che server endpoint. Default
to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server,
the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional host name, or URL, to an alternate container
registry to pull images from. This value overrides the container
registry host name defined in all the default container images
involved in a Che deployment. This is particularly useful
to install Che in a restricted environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container
images involved in a Che deployment. This is particularly
useful to install Eclipse Che in a restricted environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Deprecated. The value of this flag is ignored.
Defines that a user is allowed to specify a Kubernetes namespace,
or an OpenShift project, which differs from the default. It's
NOT RECOMMENDED to set to `true` without OpenShift OAuth configured.
The OpenShift infrastructure also uses this property.
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will
be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. Be aware that the Che Operator has to already have
all permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults
to `false`.
type: string
cheFlavor:
description: Specifies a variation of the installation. The
options are `che` for upstream Che installations, or `codeready`
for link:https://developers.redhat.com/products/codeready-workspaces/overview[CodeReady
Workspaces] installation. Override the default value only
on necessary occasions.
type: string
cheHost:
description: Public host name of the installed Che server. When
value is omitted, the value it will be automatically set by
the Operator. See the `cheHostTLSSecret` field.
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress or route for the custom host name of the installed
Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or
leave it empty to use the default container image provided
by the Operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly`, `next` or `latest`
images, and `IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in
Che deployment. Omit it or leave it empty to use the default
image tag provided by the Operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`.
Defaults to `INFO`.'
type: string
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che
workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will
be applied in the generated `che` ConfigMap to be used by
the Che server, in addition to the values already generated
from other fields of the `CheCluster` custom resource (CR).
When `customCheProperties` contains a property that would
be normally generated in `che` ConfigMap from other CR fields,
the value defined in the `customCheProperties` is used instead.
type: object
dashboardCpuLimit:
description: Overrides the CPU limit used in the dashboard deployment.
In cores. (500m = .5 cores). Default to 500m.
type: string
dashboardCpuRequest:
description: Overrides the CPU request used in the dashboard
deployment. In cores. (500m = .5 cores). Default to 100m.
type: string
dashboardImage:
description: Overrides the container image used in the dashboard
deployment. This includes the image tag. Omit it or leave
it empty to use the default container image provided by the
Operator.
type: string
dashboardImagePullPolicy:
description: Overrides the image pull policy used in the dashboard
deployment. Default value is `Always` for `nightly`, `next`
or `latest` images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: Dashboard ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard
deployment. Defaults to 256Mi.
type: string
dashboardMemoryRequest:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: Dashboard route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: Overrides the CPU limit used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 500m.
type: string
devfileRegistryCpuRequest:
description: Overrides the CPU request used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 100m.
type: string
devfileRegistryImage:
description: Overrides the container image used in the devfile
registry deployment. This includes the image tag. Omit it
or leave it empty to use the default container image provided
by the Operator.
type: string
devfileRegistryIngress:
description: The devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the devfile
registry deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the devfile
registry deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the devfile
registry deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryRoute:
description: The devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
devfileRegistryUrl:
description: Deprecated in favor of `externalDevfileRegistries`
fields.
type: string
disableInternalClusterSVCNames:
description: Disable internal cluster SVC names usage to communicate
between components to speed up the traffic and avoid proxy
issues.
type: boolean
externalDevfileRegistries:
description: External devfile registries, that serves sample,
ready-to-use devfiles. Configure this in addition to a dedicated
devfile registry (when `externalDevfileRegistry` is `false`)
or instead of it (when `externalDevfileRegistry` is `true`)
items:
description: Settings for a configuration of the external
devfile registries.
properties:
url:
description: Public URL of the devfile registry.
type: string
type: object
type: array
externalDevfileRegistry:
description: Instructs the Operator on whether to deploy a dedicated
devfile registry server. By default, a dedicated devfile registry
server is started. When `externalDevfileRegistry` is `true`,
no such dedicated server will be started by the Operator and
configure at least one devfile registry with `externalDevfileRegistries`
field.
type: boolean
externalPluginRegistry:
description: Instructs the Operator on whether to deploy a dedicated
plugin registry server. By default, a dedicated plugin registry
server is started. When `externalPluginRegistry` is `true`,
no such dedicated server will be started by the Operator and
you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert`
ConfigMap will be propagated to the Che components and provide
particular configuration for Git. Note, the `che-git-self-signed-cert`
ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing
the proxy. Specify wild card domain use the following form
`.<DOMAIN>` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional
configuration is required, but defining `nonProxyHosts` in
a custom resource leads to merging non proxy hosts lists from
the cluster proxy configuration and ones defined in the custom
resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.
See also the `proxyURL` fields.'
type: string
pluginRegistryCpuLimit:
description: Overrides the CPU limit used in the plugin registry
deployment. In cores. (500m = .5 cores). Default to 500m.
type: string
pluginRegistryCpuRequest:
description: Overrides the CPU request used in the plugin registry
deployment. In cores. (500m = .5 cores). Default to 100m.
type: string
pluginRegistryImage:
description: Overrides the container image used in the plugin
registry deployment. This includes the image tag. Omit it
or leave it empty to use the default container image provided
by the Operator.
type: string
pluginRegistryIngress:
description: Plugin registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the plugin
registry deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the plugin
registry deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryRoute:
description: Plugin registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
pluginRegistryUrl:
description: Public URL of the plugin registry that serves sample
ready-to-use devfiles. Set this ONLY when a use of an external
devfile registry is needed. See the `externalPluginRegistry`
field. By default, this will be automatically calculated by
the Operator.
type: string
proxyPassword:
description: Password of the proxy server. Only use when proxy
configuration is required. See the `proxyURL`, `proxyUser`
and `proxySecret` fields.
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. See also the `proxyURL` and `nonProxyHosts`
fields.
type: string
proxySecret:
description: The secret that contains `user` and `password`
for a proxy server. When the secret is defined, the `proxyUser`
and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This
drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only
use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional
configuration is required, but defining `proxyUrl` in a custom
resource leads to overrides the cluster proxy configuration
with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword`
from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.
See also the `proxyPort` and `nonProxyHosts` fields.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required. See also the `proxyURL`, `proxyPassword`
and `proxySecret` fields.
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored.
The Che Operator will automatically detect whether the router
certificate is self-signed and propagate it to other components,
such as the Che server.
type: boolean
serverCpuLimit:
description: Overrides the CPU limit used in the Che server
deployment In cores. (500m = .5 cores). Default to 1.
type: string
serverCpuRequest:
description: Overrides the CPU request used in the Che server
deployment In cores. (500m = .5 cores). Default to 100m.
type: string
serverExposureStrategy:
description: Sets the server and workspaces exposure type. Possible
values are `multi-host`, `single-host`, `default-host`. Defaults
to `multi-host`, which creates a separate ingress, or OpenShift
routes, for every required endpoint. `single-host` makes Che
exposed on a single host name with workspaces exposed on subpaths.
Read the docs to learn about the limitations of this approach.
Also consult the `singleHostExposureType` property to further
configure how the Operator and the Che server make that happen
on Kubernetes. `default-host` exposes the Che server on the
host of the cluster. Read the docs to learn about the limitations
of this approach.
type: string
serverMemoryLimit:
description: Overrides the memory limit used in the Che server
deployment. Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the ConfigMap with public certificates
to add to Java trust store of the Che server. This is often
required when adding the OpenShift OAuth provider, which has
HTTPS endpoint signed with self-signed cert. The Che server
must be aware of its CA cert to be able to request it. This
is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:
type: string
description: The labels that need to be present in the ConfigMaps
representing the gateway configuration.
type: object
singleHostGatewayConfigSidecarImage:
description: The image used for the gateway sidecar that provides
configuration to the gateway. Omit it or leave it empty to
use the default container image provided by the Operator.
type: string
singleHostGatewayImage:
description: The image used for the gateway in the single host
mode. Omit it or leave it empty to use the default container
image provided by the Operator.
type: string
tlsSupport:
description: Deprecated. Instructs the Operator to deploy Che
in TLS mode. This is enabled by default. Disabling TLS sometimes
cause malfunction of some Che components.
type: boolean
useInternalClusterSVCNames:
description: Deprecated in favor of `disableInternalClusterSVCNames`.
type: boolean
workspaceNamespaceDefault:
description: Defines Kubernetes default namespace in which user's
workspaces are created for a case when a user does not override
it. It's possible to use `<username>`, `<userid>` and `<workspaceid>`
placeholders, such as che-workspace-<username>. In that case,
a new namespace will be created for each user or workspace.
type: string
workspacesDefaultPlugins:
description: Default plug-ins applied to Devworkspaces.
items:
properties:
editor: