seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: helmcharts to deploy Eclipse Che (#1184) 

* feat: helmcharts to deploy Eclipse Che

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
pull/1201/head
Anatolii Bazko 2021-11-26 09:09:17 +02:00 committed by GitHub
parent 161bfd84cc
commit 20ffca19ab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
23 changed files with 2745 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.github/bin/check-resources.sh vendored
View File

@ -16,6 +16,7 @@
# - next olm bundle
# - Dockerfile & operator.yaml
# - DW resources
# - Helm charts
set -e
@ -136,6 +137,19 @@ checkRoles() {
fi
}
checkHelmCharts() {
changedFiles=(
$(git diff --name-only)
)
if [[ " ${changedFiles[*]} " =~ helmcharts ]]; then
echo "[ERROR] Helm Charts are not up to date"
echo "[ERROR] Run 'make update-resources -s' to update them."
exit 1
else
echo "[INFO] Helm Charts are up to date."
fi
}
installOperatorSDK
pushd "${ROOT_PROJECT_DIR}" || true
@ -146,6 +160,7 @@ checkRoles
checkNextOlmBundle
checkDockerfile
checkOperatorYaml
checkHelmCharts
popd || true

30
Makefile
View File

@ -779,7 +779,7 @@ get-next-version-increment:
echo "$${incrementPart}"
update-resources: SHELL := /bin/bash
update-resources: check-requirements update-resource-images update-roles
update-resources: check-requirements update-resource-images update-roles update-helmcharts
for platform in 'openshift' 'kubernetes'
do
for channel in 'next-all-namespaces' 'next'
@ -792,6 +792,34 @@ update-resources: check-requirements update-resource-images update-roles
done
done
update-helmcharts: add-license-download check-requirements update-resource-images update-roles
HELMCHARTS_TEMPLATES="helmcharts/templates"
HELMCHARTS_CRDS="helmcharts/crds"
cp config/manager/manager.yaml $${HELMCHARTS_TEMPLATES}
cp config/rbac/cluster_role.yaml $${HELMCHARTS_TEMPLATES}
cp config/rbac/cluster_rolebinding.yaml $${HELMCHARTS_TEMPLATES}
cp config/rbac/service_account.yaml $${HELMCHARTS_TEMPLATES}
cp config/rbac/role.yaml $${HELMCHARTS_TEMPLATES}
cp config/rbac/role_binding.yaml $${HELMCHARTS_TEMPLATES}
cp config/samples/org.eclipse.che_v1_checluster.yaml $${HELMCHARTS_TEMPLATES}
cp config/crd/bases/org_v1_che_crd.yaml $${HELMCHARTS_CRDS}
cp config/crd/bases/org.eclipse.che_chebackupserverconfigurations_crd.yaml $${HELMCHARTS_CRDS}
cp config/crd/bases/org.eclipse.che_checlusterbackups_crd.yaml $${HELMCHARTS_CRDS}
cp config/crd/bases/org.eclipse.che_checlusterrestores_crd.yaml $${HELMCHARTS_CRDS}
## Set references to values
yq -riY ".spec.k8s.ingressDomain |= \"{{ .Values.k8s.ingressDomain }}\"" $${HELMCHARTS_TEMPLATES}/org.eclipse.che_v1_checluster.yaml
yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/manager.yaml
yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/service_account.yaml
yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/role.yaml
yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/role_binding.yaml
yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/org.eclipse.che_v1_checluster.yaml
yq -riY '.subjects[0].namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/cluster_rolebinding.yaml
$(MAKE) add-license $$(find ./helmcharts -name "*.yaml")
check-requirements:
. olm/check-yq.sh

4
bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
View File

@ -126,7 +126,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-openshift.v7.40.0-377.next-all-namespaces
name: eclipse-che-preview-openshift.v7.40.0-378.next-all-namespaces
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -1439,4 +1439,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.40.0-377.next-all-namespaces
version: 7.40.0-378.next-all-namespaces

4
bundle/next/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml
View File

@ -133,7 +133,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-kubernetes.v7.40.0-377.next
name: eclipse-che-preview-kubernetes.v7.40.0-378.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -1406,4 +1406,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.40.0-377.next
version: 7.40.0-378.next

4
bundle/next/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
View File

@ -126,7 +126,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-openshift.v7.40.0-377.next
name: eclipse-che-preview-openshift.v7.40.0-378.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -1439,4 +1439,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.40.0-377.next
version: 7.40.0-378.next

1
bundle/tech-preview-stable-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterrestores_crd.yaml
View File

@ -3,7 +3,6 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: checlusterrestores.org.eclipse.che
spec:
group: org.eclipse.che

2
config/manager/manager.yaml
View File

@ -14,7 +14,7 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: che-operator
namespace: system
namespace: eclipse-che
labels:
app: che-operator
app.kubernetes.io/name: che

2
config/rbac/cluster_rolebinding.yaml
View File

@ -22,7 +22,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: che-operator
# namespace: eclipse-che
namespace: eclipse-che
roleRef:
kind: ClusterRole
name: che-operator

1
config/rbac/role.yaml
View File

@ -13,7 +13,6 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che

16
helmcharts/Chart.yaml Normal file
View File

@ -0,0 +1,16 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: v1
description: A Helm chart for deploying Eclipse Che on a Kubernetes
name: che
version: 1.0.0

29
helmcharts/README.md Normal file
View File

@ -0,0 +1,29 @@
# Eclipse Che Helm Charts
- [Charts](#charts)
- [Prerequisites](#prerequisites)
- [Installation](#installation)
## Charts
Helm charts to deploy [Eclipse Che](https://www.eclipse.org/che/)
### Prerequisites
* Minimal Kubernetes version is 1.19
* Minimal Helm version is 3.2.2
### Installation
Create a Namespace and install the Helm Charts for Eclipse Che Operator.
```
NAMESPACE=eclipse-che
DOMAIN=<KUBERNETES_CLUSTER_DOMAIN>
kubectl create namespace $NAMESPACE
# Install charts
helm install che --set k8s.ingressDomain=$DOMAIN --namespace $NAMESPACE .
```

162
helmcharts/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml Normal file
View File

@ -0,0 +1,162 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: chebackupserverconfigurations.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheBackupServerConfiguration
listKind: CheBackupServerConfigurationList
plural: chebackupserverconfigurations
singular: chebackupserverconfiguration
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: The `CheBackupServerConfiguration` custom resource allows defining
and managing Eclipse Che Backup Server Configurations
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CheBackupServerConfigurationSpec defines the desired state
of CheBackupServerConfiguration Only one type of backup server is
allowed to be configured per CR.
properties:
awss3:
description: Amazon S3 or compatible alternatives.
properties:
awsAccessKeySecretRef:
description: Reference to secret that contains awsAccessKeyId
and awsSecretAccessKey keys.
type: string
hostname:
description: Server hostname, defaults to 's3.amazonaws.com'.
Might be customized in case of alternative server.
type: string
port:
description: Backup server port. Usually default value is used.
Might be customized in case of alternative server.
type: integer
protocol:
description: Protocol to use when connection to the server.
Might be customized in case of alternative server.
type: string
repositoryPasswordSecretRef:
description: Holds reference to a secret with restic repository
password under 'repo-password' field to encrypt / decrypt
its content.
type: string
repositoryPath:
description: Bucket name and repository, e.g. bucket/repo
type: string
required:
- awsAccessKeySecretRef
- repositoryPasswordSecretRef
- repositoryPath
type: object
rest:
description: Rest backup server configuration.
properties:
credentialsSecretRef:
description: Secret that contains username and password fields
to login into restic server. Note, each repository is encrypted
with own password. See ResticRepoPasswordSecretRef field.
type: string
hostname:
description: Backup server host
type: string
port:
description: Backup server port
type: integer
protocol:
description: Protocol to use when connection to the server Defaults
to https.
type: string
repositoryPasswordSecretRef:
description: Holds reference to a secret with restic repository
password under 'repo-password' field to encrypt / decrypt
its content.
type: string
repositoryPath:
description: Restic repository path
type: string
required:
- hostname
- repositoryPasswordSecretRef
type: object
sftp:
description: Sftp backup server configuration.
properties:
hostname:
description: Backup server host
type: string
port:
description: Backup server port
type: integer
repositoryPasswordSecretRef:
description: Holds reference to a secret with restic repository
password under 'repo-password' field to encrypt / decrypt
its content.
type: string
repositoryPath:
description: Restic repository path, relative or absolute, e.g.
/srv/repo
type: string
sshKeySecretRef:
description: Private ssh key under 'ssh-privatekey' field for
passwordless login
type: string
username:
description: User login on the remote server
type: string
required:
- hostname
- repositoryPasswordSecretRef
- repositoryPath
- sshKeySecretRef
- username
type: object
type: object
status:
description: CheBackupServerConfigurationStatus defines the observed
state of CheBackupServerConfiguration
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

92
helmcharts/crds/org.eclipse.che_checlusterbackups_crd.yaml Normal file
View File

@ -0,0 +1,92 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: checlusterbackups.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheClusterBackup
listKind: CheClusterBackupList
plural: checlusterbackups
singular: checlusterbackup
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: The `CheClusterBackup` custom resource allows defining and
managing Eclipse Che backup
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CheClusterBackupSpec defines the desired state of CheClusterBackup
properties:
backupServerConfigRef:
description: Name of custom resource with a backup server configuration
to use for this backup. Note, UseInternalBackupServer field can
configure internal backup server automatically.
type: string
useInternalBackupServer:
description: Automatically setup pod with REST backup server and
use the server in this configuration. Note, this flag takes precedence
and will overwrite existing backup server configuration.
type: boolean
type: object
status:
description: CheClusterBackupStatus defines the observed state of CheClusterBackup
properties:
cheVersion:
description: Version that was backed up
type: string
message:
description: Message explaining the state of the backup or an error
message
type: string
snapshotId:
description: Last backup snapshot ID
type: string
stage:
description: Describes backup progress
type: string
state:
description: 'Backup progress state: InProgress, Failed, Succeeded'
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

83
helmcharts/crds/org.eclipse.che_checlusterrestores_crd.yaml Normal file
View File

@ -0,0 +1,83 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
creationTimestamp: null
name: checlusterrestores.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheClusterRestore
listKind: CheClusterRestoreList
plural: checlusterrestores
singular: checlusterrestore
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: The `CheClusterRestore` custom resource allows defining and
managing Eclipse Che restore
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource
this object represents. Servers may infer this from the endpoint the
client submits requests to. Cannot be updated. In CamelCase. More
info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: CheClusterRestoreSpec defines the desired state of CheClusterRestore
properties:
backupServerConfigRef:
description: Name of custom resource with a backup server configuration
to use for this restore. Can be omitted if only one server configuration
object exists within the namespace.
type: string
snapshotId:
description: If omitted, latest snapshot will be used.
type: string
type: object
status:
description: CheClusterRestoreStatus defines the observed state of CheClusterRestore
properties:
message:
description: Restore result or error message
type: string
stage:
description: Describes phase of restore progress
type: string
state:
description: 'Restore progress state: InProgress, Failed, Succeeded'
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

1126
helmcharts/crds/org_v1_che_crd.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

668
helmcharts/templates/cluster_role.yaml Normal file
View File

@ -0,0 +1,668 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: che-operator
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
rules:
### CHE-OPERATOR ROLES ONLY: BEGIN
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- update
- patch
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
- checlusterbackups
- checlusterbackups/status
- checlusterbackups/finalizers
- checlusterrestores
- checlusterrestores/status
- backupserverconfigurations
- backupserverconfigurations/status
- chebackupserverconfigurations
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
- projectrequests
verbs:
- create
- update
- apiGroups:
- project.openshift.io
resources:
- projects
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- create
- update
- watch
- apiGroups:
- ''
resources:
- pods/exec
verbs:
- create
- apiGroups:
- apps
resources:
- secrets
verbs:
- list
- apiGroups:
- ''
resources:
- secrets
verbs:
- list
- get
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiGroups:
- ''
resources:
- events
verbs:
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- create
- watch
- get
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ''
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
- get
- apiGroups:
- che.eclipse.org
resources:
- kubernetesimagepullers
verbs:
- '*'
- apiGroups:
- config.openshift.io
resources:
- consoles
resourceNames:
- cluster
verbs:
- get
### CHE-OPERATOR ROLES ONLY: END
# devworkspace-controller-view-workspaces.ClusterRole.yaml
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch
# devworkspace-controller-edit-workspaces.ClusterRole.yaml
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- create
- delete
- deletecollection
- patch
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- create
- delete
- deletecollection
- patch
- update
# devworkspace-controller-leader-election-role.Role.yaml
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
# devworkspace-controller-proxy-role.ClusterRole.yaml
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
# devworkspace-controller-role.ClusterRole.yaml
- apiGroups:
- ""
resourceNames:
- workspace-preferences-configmap
resources:
- configmaps
verbs:
- create
- delete
- get
- patch
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- ""
resourceNames:
- workspace-credentials-secret
resources:
- secrets
verbs:
- create
- delete
- get
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resourceNames:
- devworkspace-controller
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- apps
- extensions
resources:
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- apps
- extensions
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- controller.devfile.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- update
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- get
- list
- update
- watch
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiGroups:
- workspace.devfile.io
resources:
- '*'
verbs:
- '*'
# devworkspace-controller-view-workspaces.ClusterRole.yaml
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- components
verbs:
- get
- list
- watch

29
helmcharts/templates/cluster_rolebinding.yaml Normal file
View File

@ -0,0 +1,29 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: che-operator
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
subjects:
- kind: ServiceAccount
name: che-operator
namespace: '{{ .Release.Namespace }}'
roleRef:
kind: ClusterRole
name: che-operator
apiGroup: rbac.authorization.k8s.io

162
helmcharts/templates/manager.yaml Normal file
View File

@ -0,0 +1,162 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: che-operator
namespace: '{{ .Release.Namespace }}'
labels:
app: che-operator
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
spec:
replicas: 1
selector:
matchLabels:
app: che-operator
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: che-operator
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
spec:
containers:
- name: che-operator
image: quay.io/eclipse/che-operator:next
command:
- /manager
args:
- --leader-elect
imagePullPolicy: Always
ports:
- containerPort: 60000
name: metrics
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: che-operator
- name: CHE_VERSION
value: next
- name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:next
- name: RELATED_IMAGE_dashboard
value: quay.io/eclipse/che-dashboard:next
- name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:next
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:next
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.5-204
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_postgres_13_3
value: quay.io/eclipse/che--centos--postgresql-13-centos7:1-71b24684d64da46f960682cc4216222a7e4ed8b1a31dd5a865b3e71afdea20d2
- name: RELATED_IMAGE_keycloak
value: quay.io/eclipse/che-keycloak:next
- name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
value: quay.io/eclipse/che-plugin-metadata-broker:v3.4.0
- name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
value: quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0
- name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
value: quay.io/eclipse/che-jwtproxy:0.10.0
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v2.5.0-eb30f9f09a65cee1fab5ef9c64cb4ec91b800dc3fdd738d62a9d4334f0114683
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:0.1.4
- name: RELATED_IMAGE_devworkspace_controller
value: quay.io/devfile/devworkspace-controller:v0.9.0
- name: RELATED_IMAGE_internal_rest_backup_server
value: quay.io/eclipse/che-backup-server-rest:b6cc165
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.7
- name: RELATED_IMAGE_gateway_authorization_sidecar
value: quay.io/openshift/origin-kube-rbac-proxy:4.7
- name: RELATED_IMAGE_gateway_header_sidecar
value: quay.io/che-incubator/header-rewrite-proxy:latest
- name: CHE_FLAVOR
value: che
- name: CONSOLE_LINK_NAME
value: che
- name: CONSOLE_LINK_DISPLAY_NAME
value: Eclipse Che
- name: CONSOLE_LINK_SECTION
value: Red Hat Applications
- name: CONSOLE_LINK_IMAGE
value: /dashboard/assets/branding/loader.svg
- name: CHE_IDENTITY_SECRET
value: che-identity-secret
- name: CHE_IDENTITY_POSTGRES_SECRET
value: che-identity-postgres-secret
- name: CHE_POSTGRES_SECRET
value: che-postgres-secret
- name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME
value: ca-certs
- name: MAX_CONCURRENT_RECONCILES
value: "1"
- name: ALLOW_DEVWORKSPACE_ENGINE
value: "true"
- name: ADD_COMPONENT_READINESS_INIT_CONTAINERS
value: "false"
livenessProbe:
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 10
failureThreshold: 10
successThreshold: 1
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 10
successThreshold: 1
timeoutSeconds: 5
securityContext:
privileged: false
readOnlyRootFilesystem: false
capabilities:
drop:
- ALL
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
hostIPC: false
hostNetwork: false
hostPID: false
restartPolicy: Always
serviceAccountName: che-operator
terminationGracePeriodSeconds: 20

68
helmcharts/templates/org.eclipse.che_v1_checluster.yaml Normal file
View File

@ -0,0 +1,68 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
name: eclipse-che
namespace: '{{ .Release.Namespace }}'
spec:
server:
cheFlavor: ''
cheClusterRoles: ''
cheWorkspaceClusterRole: ''
serverTrustStoreConfigMapName: ''
gitSelfSignedCert: false
tlsSupport: true
proxyURL: ''
proxyPort: ''
proxyUser: ''
proxyPassword: ''
nonProxyHosts: ''
workspaceNamespaceDefault: "<username>-che"
allowUserDefinedWorkspaceNamespaces: false
serverExposureStrategy: ''
database:
externalDb: false
chePostgresHostName: ''
chePostgresPort: ''
chePostgresUser: ''
chePostgresPassword: ''
chePostgresDb: ''
storage:
pvcStrategy: 'common'
pvcClaimSize: '10Gi'
preCreateSubPaths: true
postgresPVCStorageClassName: ''
workspacePVCStorageClassName: ''
auth:
initialOpenShiftOAuthUser: true
externalIdentityProvider: false
identityProviderURL: ''
identityProviderAdminUserName: ''
identityProviderPassword: ''
identityProviderRealm: ''
identityProviderClientId: ''
oAuthClientName: ''
oAuthSecret: ''
k8s:
ingressDomain: '{{ .Values.k8s.ingressDomain }}'
ingressClass: ''
ingressStrategy: ''
tlsSecretName: 'che-tls'
securityContextFsGroup: ''
securityContextRunAsUser: ''
singleHostExposureType: ''
metrics:
enable: true
devWorkspace:
enable: false

193
helmcharts/templates/role.yaml Normal file
View File

@ -0,0 +1,193 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/name: che
name: che-operator
namespace: '{{ .Release.Namespace }}'
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- '*'
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusterbackups
- checlusterbackups/status
- checlusterbackups/finalizers
- checlusterrestores
- checlusterrestores/status
- backupserverconfigurations
- backupserverconfigurations/status
- chebackupserverconfigurations
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

29
helmcharts/templates/role_binding.yaml Normal file
View File

@ -0,0 +1,29 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: che-operator
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
namespace: '{{ .Release.Namespace }}'
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator
subjects:
- kind: ServiceAccount
name: che-operator

22
helmcharts/templates/service_account.yaml Normal file
View File

@ -0,0 +1,22 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: v1
kind: ServiceAccount
metadata:
name: che-operator
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
namespace: '{{ .Release.Namespace }}'

14
helmcharts/values.yaml Normal file
View File

@ -0,0 +1,14 @@
#
# Copyright (c) 2019-2021 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
k8s:
ingressDomain: "192.168.99.101.nip.io"