Update custom resource doc, and make it available in OpenApi spec (#94)
* Add openapi gen flags * Get code to compile with new OpenApi field names Signed-off-by: Tom George <tg82490@gmail.com> * Complete the doc & fix optional management * Rename the CRD to the initial name. * Correctly update the CRD file * remove unused and error-prone CRD file * Update OLM packages with new OpenApi defs Signed-off-by: David Festal <dfestal@redhat.com>pull/93/head^2
Tom George
David Festal
parent
202b3e25b2
commit
431809f950
|
|
@ -20,6 +20,457 @@ spec:
|
|||
plural: checlusters
|
||||
singular: checluster
|
||||
scope: Namespaced
|
||||
version: v1
|
||||
subresources:
|
||||
status: {}
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
auth:
|
||||
description: Configuration settings related to the Authentication used
|
||||
by the Che installation.
|
||||
properties:
|
||||
externalIdentityProvider:
|
||||
description: 'Instructs the operator on whether or not to deploy
|
||||
a dedicated Identity Provider (Keycloak or RH SSO instance). By
|
||||
default a dedicated Identity Provider server is deployed as part
|
||||
of the Che installation. But if `externalIdentityProvider` is
|
||||
`true`, then no dedicated identity provider will be deployed by
|
||||
the operator and you might need to provide details about the external
|
||||
identity provider you want to use. See also all the other fields
|
||||
starting with: `identityProvider`.'
|
||||
type: boolean
|
||||
identityProviderAdminUserName:
|
||||
description: Overrides the name of the Identity Provider admin user.
|
||||
Defaults to `admin`.
|
||||
type: string
|
||||
identityProviderClientId:
|
||||
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
|
||||
that should be used for Che. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to the value
|
||||
of the `flavour` field suffixed with `-public`.
|
||||
type: string
|
||||
identityProviderImage:
|
||||
description: Overrides the container image used in the Identity
|
||||
Provider (Keycloak / RH SSO) deployment. This includes the image
|
||||
tag. Omit it or leave it empty to use the defaut container image
|
||||
provided by the operator.
|
||||
type: string
|
||||
identityProviderImagePullPolicy:
|
||||
description: Overrides the image pull policy used in the Identity
|
||||
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
|
||||
for `nightly` or `latest` images, and `IfNotPresent` in other
|
||||
cases.
|
||||
type: string
|
||||
identityProviderPassword:
|
||||
description: Overrides the password of Keycloak admin user. This
|
||||
is useful to override it ONLY if you use an external Identity
|
||||
Provider (see the `externalIdentityProvider` field). If omitted
|
||||
or left blank, it will be set to an auto-generated password.
|
||||
type: string
|
||||
identityProviderPostgresPassword:
|
||||
description: Password for The Identity Provider (Keycloak / RH SSO)
|
||||
to connect to the database. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to an auto-generated
|
||||
password.
|
||||
type: string
|
||||
identityProviderRealm:
|
||||
description: Name of a Identity provider (Keycloak / RH SSO) realm
|
||||
that should be used for Che. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to the value
|
||||
of the `flavour` field.
|
||||
type: string
|
||||
identityProviderURL:
|
||||
description: Public URL of the Identity Provider server (Keycloak
|
||||
/ RH SSO server). You should set it ONLY if you use an external
|
||||
Identity Provider (see the `externalIdentityProvider` field).
|
||||
By default this will be automatically calculated and set by the
|
||||
operator.
|
||||
type: string
|
||||
oAuthClientName:
|
||||
description: Name of the OpenShift `OAuthClient` resource used to
|
||||
setup identity federation on the OpenShift side. Auto-generated
|
||||
if left blank. See also the `OpenShiftoAuth` field.
|
||||
type: string
|
||||
oAuthSecret:
|
||||
description: Name of the secret set in the OpenShift `OAuthClient`
|
||||
resource used to setup identity federation on the OpenShift side.
|
||||
Auto-generated if left blank. See also the `OAuthClientName` field.
|
||||
type: string
|
||||
openShiftoAuth:
|
||||
description: 'Enables the integration of the identity provider (Keycloak
|
||||
/ RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
|
||||
This will allow users to directly login with their Openshift user
|
||||
throug the Openshift login, and have their workspaces created
|
||||
under personnal OpenShift namespaces. WARNING: the `kuebadmin`
|
||||
user is NOT supported, and logging through it will NOT allow accessing
|
||||
the Che Dashboard.'
|
||||
type: boolean
|
||||
updateAdminPassword:
|
||||
description: Forces the default `admin` Che user to update password
|
||||
on first login. Defaults to `false`.
|
||||
type: boolean
|
||||
type: object
|
||||
database:
|
||||
description: Configuration settings related to the database used by
|
||||
the Che installation.
|
||||
properties:
|
||||
chePostgresDb:
|
||||
description: Postgres database name that the Che server uses to
|
||||
connect to the DB. Defaults to `dbche`.
|
||||
type: string
|
||||
chePostgresHostName:
|
||||
description: Postgres Database hostname that the Che server uses
|
||||
to connect to. Defaults to postgres. This value should be overridden
|
||||
ONLY when using an external database (see field `externalDb`).
|
||||
In the default case it will be automatically set by the operator.
|
||||
type: string
|
||||
chePostgresPassword:
|
||||
description: Postgres password that the Che server should use to
|
||||
connect to the DB. If omitted or left blank, it will be set to
|
||||
an auto-generated value.
|
||||
type: string
|
||||
chePostgresPort:
|
||||
description: Postgres Database port that the Che server uses to
|
||||
connect to. Defaults to 5432. This value should be overridden
|
||||
ONLY when using an external database (see field `externalDb`).
|
||||
In the default case it will be automatically set by the operator.
|
||||
type: string
|
||||
chePostgresUser:
|
||||
description: Postgres user that the Che server should use to connect
|
||||
to the DB. Defaults to `pgche`.
|
||||
type: string
|
||||
externalDb:
|
||||
description: 'Instructs the operator on whether or not to deploy
|
||||
a dedicated database. By default a dedicated Postgres database
|
||||
is deployed as part of the Che installation. But if `externalDb`
|
||||
is `true`, then no dedicated database will be deployed by the
|
||||
operator and you might need to provide connection details to the
|
||||
external DB you want to use. See also all the fields starting
|
||||
with: `chePostgres`.'
|
||||
type: boolean
|
||||
postgresImage:
|
||||
description: Overrides the container image used in the Postgres
|
||||
database deployment. This includes the image tag. Omit it or leave
|
||||
it empty to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
postgresImagePullPolicy:
|
||||
description: Overrides the image pull policy used in the Postgres
|
||||
database deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
type: object
|
||||
k8s:
|
||||
description: Configuration settings specific to Che installations made
|
||||
on upstream Kubernetes.
|
||||
properties:
|
||||
ingressClass:
|
||||
description: 'Ingress class that will define the which controler
|
||||
will manage ingresses. Defaults to `nginx`. NB: This drives the
|
||||
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
|
||||
type: string
|
||||
ingressDomain:
|
||||
description: 'Global ingress domain for a K8S cluster. This MUST
|
||||
be explicitly specified: there are no defaults.'
|
||||
type: string
|
||||
ingressStrategy:
|
||||
description: Strategy for ingress creation. This can be `multi-host`
|
||||
(host is explicitly provided in ingress), `single-host` (host
|
||||
is provided, path-based rules) and `default-host.*`(no host is
|
||||
provided, path-based rules). Defaults to `"multi-host`
|
||||
type: string
|
||||
securityContextFsGroup:
|
||||
description: FSGroup the Che pod and Workspace pods containers should
|
||||
run in. Defaults to `1724`.
|
||||
type: string
|
||||
securityContextRunAsUser:
|
||||
description: ID of the user the Che pod and Workspace pods containers
|
||||
should run as. Default to `1724`.
|
||||
type: string
|
||||
tlsSecretName:
|
||||
description: Name of a secret that will be used to setup ingress
|
||||
TLS termination if TLS is enabled. See also the `tlsSupport` field.
|
||||
type: string
|
||||
type: object
|
||||
server:
|
||||
description: General configuration settings related to the Che server
|
||||
and the plugin and devfile registries
|
||||
properties:
|
||||
airGapContainerRegistryHostname:
|
||||
description: Optional hostname (or url) to an alternate container
|
||||
registry to pull images from. This value overrides the container
|
||||
registry hostname defined in all the default container images
|
||||
involved in a Che deployment. This is particularly useful to install
|
||||
Che in an air-gapped environment.
|
||||
type: string
|
||||
airGapContainerRegistryOrganization:
|
||||
description: Optional repository name of an alternate container
|
||||
registry to pull images from. This value overrides the container
|
||||
registry organization defined in all the default container images
|
||||
involved in a Che deployment. This is particularly useful to install
|
||||
Che in an air-gapped environment.
|
||||
type: string
|
||||
cheDebug:
|
||||
description: Enables the debug mode for Che server. Defaults to
|
||||
`false`.
|
||||
type: string
|
||||
cheFlavor:
|
||||
description: Flavor of the installation. This is either `che` for
|
||||
upstream Che installations, or `codeready` for CodeReady Workspaces
|
||||
installation. In most cases the default value should not be overriden.
|
||||
type: string
|
||||
cheHost:
|
||||
description: Public hostname of the installed Che server. This will
|
||||
be automatically set by the operator. In most cases the default
|
||||
value set by the operator should not be overriden.
|
||||
type: string
|
||||
cheImage:
|
||||
description: Overrides the container image used in Che deployment.
|
||||
This does NOT include the container image tag. Omit it or leave
|
||||
it empty to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
cheImagePullPolicy:
|
||||
description: Overrides the image pull policy used in Che deployment.
|
||||
Default value is `Always` for `nightly` or `latest` images, and
|
||||
`IfNotPresent` in other cases.
|
||||
type: string
|
||||
cheImageTag:
|
||||
description: Overrides the tag of the container image used in Che
|
||||
deployment. Omit it or leave it empty to use the defaut image
|
||||
tag provided by the operator.
|
||||
type: string
|
||||
cheLogLevel:
|
||||
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
|
||||
to `INFO`.'
|
||||
type: string
|
||||
cheWorkspaceClusterRole:
|
||||
description: Custom cluster role bound to the user for the Che workspaces.
|
||||
The default roles are used if this is omitted or left blank.
|
||||
type: string
|
||||
customCheProperties:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Map of additional environment variables that will be
|
||||
applied in the generated `che` config map to be used by the Che
|
||||
server, in addition to the values already generated from other
|
||||
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
|
||||
contains a property that would be normally generated in `che`
|
||||
config map from other CR fields, then the value defined in the
|
||||
`customCheProperties` will be used instead.
|
||||
type: object
|
||||
devfileRegistryImage:
|
||||
description: Overrides the container image used in the Devfile registry
|
||||
deployment. This includes the image tag. Omit it or leave it empty
|
||||
to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
devfileRegistryMemoryLimit:
|
||||
description: Overrides the memory limit used in the Devfile registry
|
||||
deployment. Defaults to 256Mi.
|
||||
type: string
|
||||
devfileRegistryMemoryRequest:
|
||||
description: Overrides the memory request used in the Devfile registry
|
||||
deployment. Defaults to 16Mi.
|
||||
type: string
|
||||
devfileRegistryPullPolicy:
|
||||
description: Overrides the image pull policy used in the Devfile
|
||||
registry deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
devfileRegistryUrl:
|
||||
description: Public URL of the Devfile registry, that serves sample,
|
||||
ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
devfile registry (see the `externalDevfileRegistry` field). By
|
||||
default this will be automatically calculated by the operator.
|
||||
type: string
|
||||
externalDevfileRegistry:
|
||||
description: Instructs the operator on whether or not to deploy
|
||||
a dedicated Devfile registry server. By default a dedicated devfile
|
||||
registry server is started. But if `externalDevfileRegistry` is
|
||||
`true`, then no such dedicated server will be started by the operator
|
||||
and you will have to manually set the `devfileRegistryUrl` field
|
||||
type: boolean
|
||||
externalPluginRegistry:
|
||||
description: Instructs the operator on whether or not to deploy
|
||||
a dedicated Plugin registry server. By default a dedicated plugin
|
||||
registry server is started. But if `externalPluginRegistry` is
|
||||
`true`, then no such dedicated server will be started by the operator
|
||||
and you will have to manually set the `pluginRegistryUrl` field.
|
||||
type: boolean
|
||||
nonProxyHosts:
|
||||
description: List of hosts that should not use the configured proxy.
|
||||
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
|
||||
Only use when configuring a proxy is required (see also the `proxyURL`
|
||||
field).
|
||||
type: string
|
||||
pluginRegistryImage:
|
||||
description: Overrides the container image used in the Plugin registry
|
||||
deployment. This includes the image tag. Omit it or leave it empty
|
||||
to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
pluginRegistryMemoryLimit:
|
||||
description: Overrides the memory limit used in the Plugin registry
|
||||
deployment. Defaults to 256Mi.
|
||||
type: string
|
||||
pluginRegistryMemoryRequest:
|
||||
description: Overrides the memory request used in the Plugin registry
|
||||
deployment. Defaults to 16Mi.
|
||||
type: string
|
||||
pluginRegistryPullPolicy:
|
||||
description: Overrides the image pull policy used in the Plugin
|
||||
registry deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
pluginRegistryUrl:
|
||||
description: Public URL of the Plugin registry, that serves sample
|
||||
ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
devfile registry (see the `externalPluginRegistry` field). By
|
||||
default this will be automatically calculated by the operator.
|
||||
type: string
|
||||
proxyPassword:
|
||||
description: Password of the proxy server Only use when proxy configuration
|
||||
is required (see also the `proxyUser` field).
|
||||
type: string
|
||||
proxyPort:
|
||||
description: Port of the proxy server. Only use when configuring
|
||||
a proxy is required (see also the `proxyURL` field).
|
||||
type: string
|
||||
proxyURL:
|
||||
description: URL (protocol+hostname) of the proxy server. This drives
|
||||
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
|
||||
variables in the Che server and workspaces containers. Only use
|
||||
when configuring a proxy is required.
|
||||
type: string
|
||||
proxyUser:
|
||||
description: User name of the proxy server. Only use when configuring
|
||||
a proxy is required (see also the `proxyURL` field).
|
||||
type: string
|
||||
selfSignedCert:
|
||||
description: Enables the support of OpenShift clusters whose router
|
||||
uses self-signed certificates. When enabled, the operator retrieves
|
||||
the default self-signed certificate of OpenShift routes and adds
|
||||
it to the Java trust store of the Che server. This is usually
|
||||
required when activating the `tlsSupport` field on demo OpenShift
|
||||
clusters that have not been setup with a valid certificate for
|
||||
the routes. This is disabled by default.
|
||||
type: boolean
|
||||
serverMemoryLimit:
|
||||
description: Overrides the memory limit used in the Che server deployment.
|
||||
Defaults to 1Gi.
|
||||
type: string
|
||||
serverMemoryRequest:
|
||||
description: Overrides the memory request used in the Che server
|
||||
deployment. Defaults to 512Mi.
|
||||
type: string
|
||||
tlsSupport:
|
||||
description: 'Instructs the operator to deploy Che in TLS mode,
|
||||
ie with TLS routes or ingresses. This is disabled by default.
|
||||
WARNING: Enabling TLS might require enabling the `selfSignedCert`
|
||||
field also in some cases.'
|
||||
type: boolean
|
||||
type: object
|
||||
storage:
|
||||
description: Configuration settings related to the persistent storage
|
||||
used by the Che installation.
|
||||
properties:
|
||||
postgresPVCStorageClassName:
|
||||
description: Storage class for the Persistent Volume Claim dedicated
|
||||
to the Postgres database. If omitted or left blank, default storage
|
||||
class is used.
|
||||
type: string
|
||||
preCreateSubPaths:
|
||||
description: Instructs the Che server to launch a special pod to
|
||||
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
|
||||
however it might need to enable it according to the configuration
|
||||
of your K8S cluster.
|
||||
type: boolean
|
||||
pvcClaimSize:
|
||||
description: Size of the persistent volume claim for workspaces.
|
||||
Defaults to `1Gi`
|
||||
type: string
|
||||
pvcJobsImage:
|
||||
description: Overrides the container image used to create sub-paths
|
||||
in the Persistent Volumes. This includes the image tag. Omit it
|
||||
or leave it empty to use the defaut container image provided by
|
||||
the operator. See also the `preCreateSubPaths` field.
|
||||
type: string
|
||||
pvcStrategy:
|
||||
description: Persistent volume claim strategy for the Che server.
|
||||
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
|
||||
(one PVC per workspace for all declared volumes) and `unique`
|
||||
(one PVC per declared volume). Defaults to `common`.
|
||||
type: string
|
||||
workspacePVCStorageClassName:
|
||||
description: Storage class for the Persistent Volume Claims dedicated
|
||||
to the Che workspaces. If omitted or left blank, default storage
|
||||
class is used.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
properties:
|
||||
cheClusterRunning:
|
||||
description: Status of a Che installation. Can be `Available`, `Unavailable`,
|
||||
or `Available, Rolling Update in Progress`
|
||||
type: string
|
||||
cheURL:
|
||||
description: Public URL to the Che server
|
||||
type: string
|
||||
cheVersion:
|
||||
description: Current installed Che version
|
||||
type: string
|
||||
dbProvisioned:
|
||||
description: Indicates if or not a Postgres instance has been correctly
|
||||
provisioned
|
||||
type: boolean
|
||||
devfileRegistryURL:
|
||||
description: Public URL to the Devfile registry
|
||||
type: string
|
||||
helpLink:
|
||||
description: A URL that can point to some URL where to find help related
|
||||
to the current Operator status.
|
||||
type: string
|
||||
keycloakProvisioned:
|
||||
description: Indicates whether an Identity Provider instance (Keycloak
|
||||
/ RH SSO) has been provisioned with realm, client and user
|
||||
type: boolean
|
||||
keycloakURL:
|
||||
description: Public URL to the Identity Provider server (Keycloak /
|
||||
RH SSO).
|
||||
type: string
|
||||
message:
|
||||
description: A human readable message indicating details about why the
|
||||
pod is in this condition.
|
||||
type: string
|
||||
openShiftoAuthProvisioned:
|
||||
description: Indicates whether an Identity Provider instance (Keycloak
|
||||
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
|
||||
type: boolean
|
||||
pluginRegistryURL:
|
||||
description: Public URL to the Plugin registry
|
||||
type: string
|
||||
reason:
|
||||
description: A brief CamelCase message indicating details about why
|
||||
the pod is in this state.
|
||||
type: string
|
||||
type: object
|
||||
version: v1
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
|
|
|
|||
|
|
@ -41,7 +41,6 @@ func main() {
|
|||
}
|
||||
logrus.Info("CRD successfully added to schema")
|
||||
|
||||
|
||||
logrus.Infof("Creating a new namespace: %s", namespace)
|
||||
ns := newNamespace()
|
||||
if err := createNamespace(ns); err != nil {
|
||||
|
|
@ -96,7 +95,6 @@ func main() {
|
|||
logrus.Info("Installation succeeded")
|
||||
}
|
||||
|
||||
|
||||
// reconfigure CR to enable TLS support
|
||||
logrus.Info("Patching CR with TLS enabled. This should cause a new Che deployment")
|
||||
patchPath := "/spec/server/tlsSupport"
|
||||
|
|
@ -158,7 +156,7 @@ func main() {
|
|||
if err != nil {
|
||||
logrus.Fatalf("Failed to get CR: %s", err)
|
||||
}
|
||||
oAuthClientName := cr.Spec.Auth.OauthClientName
|
||||
oAuthClientName := cr.Spec.Auth.OAuthClientName
|
||||
_, err = getOauthClient(oAuthClientName)
|
||||
if err != nil {
|
||||
logrus.Fatalf("oAuthclient %s not found", oAuthClientName)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,476 @@
|
|||
#
|
||||
# Copyright (c) 2012-2019 Red Hat, Inc.
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
# Contributors:
|
||||
# Red Hat, Inc. - initial API and implementation
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: checlusters.org.eclipse.che
|
||||
spec:
|
||||
group: org.eclipse.che
|
||||
names:
|
||||
kind: CheCluster
|
||||
listKind: CheClusterList
|
||||
plural: checlusters
|
||||
singular: checluster
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
auth:
|
||||
description: Configuration settings related to the Authentication used
|
||||
by the Che installation.
|
||||
properties:
|
||||
externalIdentityProvider:
|
||||
description: 'Instructs the operator on whether or not to deploy
|
||||
a dedicated Identity Provider (Keycloak or RH SSO instance). By
|
||||
default a dedicated Identity Provider server is deployed as part
|
||||
of the Che installation. But if `externalIdentityProvider` is
|
||||
`true`, then no dedicated identity provider will be deployed by
|
||||
the operator and you might need to provide details about the external
|
||||
identity provider you want to use. See also all the other fields
|
||||
starting with: `identityProvider`.'
|
||||
type: boolean
|
||||
identityProviderAdminUserName:
|
||||
description: Overrides the name of the Identity Provider admin user.
|
||||
Defaults to `admin`.
|
||||
type: string
|
||||
identityProviderClientId:
|
||||
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
|
||||
that should be used for Che. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to the value
|
||||
of the `flavour` field suffixed with `-public`.
|
||||
type: string
|
||||
identityProviderImage:
|
||||
description: Overrides the container image used in the Identity
|
||||
Provider (Keycloak / RH SSO) deployment. This includes the image
|
||||
tag. Omit it or leave it empty to use the defaut container image
|
||||
provided by the operator.
|
||||
type: string
|
||||
identityProviderImagePullPolicy:
|
||||
description: Overrides the image pull policy used in the Identity
|
||||
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
|
||||
for `nightly` or `latest` images, and `IfNotPresent` in other
|
||||
cases.
|
||||
type: string
|
||||
identityProviderPassword:
|
||||
description: Overrides the password of Keycloak admin user. This
|
||||
is useful to override it ONLY if you use an external Identity
|
||||
Provider (see the `externalIdentityProvider` field). If omitted
|
||||
or left blank, it will be set to an auto-generated password.
|
||||
type: string
|
||||
identityProviderPostgresPassword:
|
||||
description: Password for The Identity Provider (Keycloak / RH SSO)
|
||||
to connect to the database. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to an auto-generated
|
||||
password.
|
||||
type: string
|
||||
identityProviderRealm:
|
||||
description: Name of a Identity provider (Keycloak / RH SSO) realm
|
||||
that should be used for Che. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to the value
|
||||
of the `flavour` field.
|
||||
type: string
|
||||
identityProviderURL:
|
||||
description: Public URL of the Identity Provider server (Keycloak
|
||||
/ RH SSO server). You should set it ONLY if you use an external
|
||||
Identity Provider (see the `externalIdentityProvider` field).
|
||||
By default this will be automatically calculated and set by the
|
||||
operator.
|
||||
type: string
|
||||
oAuthClientName:
|
||||
description: Name of the OpenShift `OAuthClient` resource used to
|
||||
setup identity federation on the OpenShift side. Auto-generated
|
||||
if left blank. See also the `OpenShiftoAuth` field.
|
||||
type: string
|
||||
oAuthSecret:
|
||||
description: Name of the secret set in the OpenShift `OAuthClient`
|
||||
resource used to setup identity federation on the OpenShift side.
|
||||
Auto-generated if left blank. See also the `OAuthClientName` field.
|
||||
type: string
|
||||
openShiftoAuth:
|
||||
description: 'Enables the integration of the identity provider (Keycloak
|
||||
/ RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
|
||||
This will allow users to directly login with their Openshift user
|
||||
throug the Openshift login, and have their workspaces created
|
||||
under personnal OpenShift namespaces. WARNING: the `kuebadmin`
|
||||
user is NOT supported, and logging through it will NOT allow accessing
|
||||
the Che Dashboard.'
|
||||
type: boolean
|
||||
updateAdminPassword:
|
||||
description: Forces the default `admin` Che user to update password
|
||||
on first login. Defaults to `false`.
|
||||
type: boolean
|
||||
type: object
|
||||
database:
|
||||
description: Configuration settings related to the database used by
|
||||
the Che installation.
|
||||
properties:
|
||||
chePostgresDb:
|
||||
description: Postgres database name that the Che server uses to
|
||||
connect to the DB. Defaults to `dbche`.
|
||||
type: string
|
||||
chePostgresHostName:
|
||||
description: Postgres Database hostname that the Che server uses
|
||||
to connect to. Defaults to postgres. This value should be overridden
|
||||
ONLY when using an external database (see field `externalDb`).
|
||||
In the default case it will be automatically set by the operator.
|
||||
type: string
|
||||
chePostgresPassword:
|
||||
description: Postgres password that the Che server should use to
|
||||
connect to the DB. If omitted or left blank, it will be set to
|
||||
an auto-generated value.
|
||||
type: string
|
||||
chePostgresPort:
|
||||
description: Postgres Database port that the Che server uses to
|
||||
connect to. Defaults to 5432. This value should be overridden
|
||||
ONLY when using an external database (see field `externalDb`).
|
||||
In the default case it will be automatically set by the operator.
|
||||
type: string
|
||||
chePostgresUser:
|
||||
description: Postgres user that the Che server should use to connect
|
||||
to the DB. Defaults to `pgche`.
|
||||
type: string
|
||||
externalDb:
|
||||
description: 'Instructs the operator on whether or not to deploy
|
||||
a dedicated database. By default a dedicated Postgres database
|
||||
is deployed as part of the Che installation. But if `externalDb`
|
||||
is `true`, then no dedicated database will be deployed by the
|
||||
operator and you might need to provide connection details to the
|
||||
external DB you want to use. See also all the fields starting
|
||||
with: `chePostgres`.'
|
||||
type: boolean
|
||||
postgresImage:
|
||||
description: Overrides the container image used in the Postgres
|
||||
database deployment. This includes the image tag. Omit it or leave
|
||||
it empty to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
postgresImagePullPolicy:
|
||||
description: Overrides the image pull policy used in the Postgres
|
||||
database deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
type: object
|
||||
k8s:
|
||||
description: Configuration settings specific to Che installations made
|
||||
on upstream Kubernetes.
|
||||
properties:
|
||||
ingressClass:
|
||||
description: 'Ingress class that will define the which controler
|
||||
will manage ingresses. Defaults to `nginx`. NB: This drives the
|
||||
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
|
||||
type: string
|
||||
ingressDomain:
|
||||
description: 'Global ingress domain for a K8S cluster. This MUST
|
||||
be explicitly specified: there are no defaults.'
|
||||
type: string
|
||||
ingressStrategy:
|
||||
description: Strategy for ingress creation. This can be `multi-host`
|
||||
(host is explicitly provided in ingress), `single-host` (host
|
||||
is provided, path-based rules) and `default-host.*`(no host is
|
||||
provided, path-based rules). Defaults to `"multi-host`
|
||||
type: string
|
||||
securityContextFsGroup:
|
||||
description: FSGroup the Che pod and Workspace pods containers should
|
||||
run in. Defaults to `1724`.
|
||||
type: string
|
||||
securityContextRunAsUser:
|
||||
description: ID of the user the Che pod and Workspace pods containers
|
||||
should run as. Default to `1724`.
|
||||
type: string
|
||||
tlsSecretName:
|
||||
description: Name of a secret that will be used to setup ingress
|
||||
TLS termination if TLS is enabled. See also the `tlsSupport` field.
|
||||
type: string
|
||||
type: object
|
||||
server:
|
||||
description: General configuration settings related to the Che server
|
||||
and the plugin and devfile registries
|
||||
properties:
|
||||
airGapContainerRegistryHostname:
|
||||
description: Optional hostname (or url) to an alternate container
|
||||
registry to pull images from. This value overrides the container
|
||||
registry hostname defined in all the default container images
|
||||
involved in a Che deployment. This is particularly useful to install
|
||||
Che in an air-gapped environment.
|
||||
type: string
|
||||
airGapContainerRegistryOrganization:
|
||||
description: Optional repository name of an alternate container
|
||||
registry to pull images from. This value overrides the container
|
||||
registry organization defined in all the default container images
|
||||
involved in a Che deployment. This is particularly useful to install
|
||||
Che in an air-gapped environment.
|
||||
type: string
|
||||
cheDebug:
|
||||
description: Enables the debug mode for Che server. Defaults to
|
||||
`false`.
|
||||
type: string
|
||||
cheFlavor:
|
||||
description: Flavor of the installation. This is either `che` for
|
||||
upstream Che installations, or `codeready` for CodeReady Workspaces
|
||||
installation. In most cases the default value should not be overriden.
|
||||
type: string
|
||||
cheHost:
|
||||
description: Public hostname of the installed Che server. This will
|
||||
be automatically set by the operator. In most cases the default
|
||||
value set by the operator should not be overriden.
|
||||
type: string
|
||||
cheImage:
|
||||
description: Overrides the container image used in Che deployment.
|
||||
This does NOT include the container image tag. Omit it or leave
|
||||
it empty to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
cheImagePullPolicy:
|
||||
description: Overrides the image pull policy used in Che deployment.
|
||||
Default value is `Always` for `nightly` or `latest` images, and
|
||||
`IfNotPresent` in other cases.
|
||||
type: string
|
||||
cheImageTag:
|
||||
description: Overrides the tag of the container image used in Che
|
||||
deployment. Omit it or leave it empty to use the defaut image
|
||||
tag provided by the operator.
|
||||
type: string
|
||||
cheLogLevel:
|
||||
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
|
||||
to `INFO`.'
|
||||
type: string
|
||||
cheWorkspaceClusterRole:
|
||||
description: Custom cluster role bound to the user for the Che workspaces.
|
||||
The default roles are used if this is omitted or left blank.
|
||||
type: string
|
||||
customCheProperties:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Map of additional environment variables that will be
|
||||
applied in the generated `che` config map to be used by the Che
|
||||
server, in addition to the values already generated from other
|
||||
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
|
||||
contains a property that would be normally generated in `che`
|
||||
config map from other CR fields, then the value defined in the
|
||||
`customCheProperties` will be used instead.
|
||||
type: object
|
||||
devfileRegistryImage:
|
||||
description: Overrides the container image used in the Devfile registry
|
||||
deployment. This includes the image tag. Omit it or leave it empty
|
||||
to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
devfileRegistryMemoryLimit:
|
||||
description: Overrides the memory limit used in the Devfile registry
|
||||
deployment. Defaults to 256Mi.
|
||||
type: string
|
||||
devfileRegistryMemoryRequest:
|
||||
description: Overrides the memory request used in the Devfile registry
|
||||
deployment. Defaults to 16Mi.
|
||||
type: string
|
||||
devfileRegistryPullPolicy:
|
||||
description: Overrides the image pull policy used in the Devfile
|
||||
registry deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
devfileRegistryUrl:
|
||||
description: Public URL of the Devfile registry, that serves sample,
|
||||
ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
devfile registry (see the `externalDevfileRegistry` field). By
|
||||
default this will be automatically calculated by the operator.
|
||||
type: string
|
||||
externalDevfileRegistry:
|
||||
description: Instructs the operator on whether or not to deploy
|
||||
a dedicated Devfile registry server. By default a dedicated devfile
|
||||
registry server is started. But if `externalDevfileRegistry` is
|
||||
`true`, then no such dedicated server will be started by the operator
|
||||
and you will have to manually set the `devfileRegistryUrl` field
|
||||
type: boolean
|
||||
externalPluginRegistry:
|
||||
description: Instructs the operator on whether or not to deploy
|
||||
a dedicated Plugin registry server. By default a dedicated plugin
|
||||
registry server is started. But if `externalPluginRegistry` is
|
||||
`true`, then no such dedicated server will be started by the operator
|
||||
and you will have to manually set the `pluginRegistryUrl` field.
|
||||
type: boolean
|
||||
nonProxyHosts:
|
||||
description: List of hosts that should not use the configured proxy.
|
||||
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
|
||||
Only use when configuring a proxy is required (see also the `proxyURL`
|
||||
field).
|
||||
type: string
|
||||
pluginRegistryImage:
|
||||
description: Overrides the container image used in the Plugin registry
|
||||
deployment. This includes the image tag. Omit it or leave it empty
|
||||
to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
pluginRegistryMemoryLimit:
|
||||
description: Overrides the memory limit used in the Plugin registry
|
||||
deployment. Defaults to 256Mi.
|
||||
type: string
|
||||
pluginRegistryMemoryRequest:
|
||||
description: Overrides the memory request used in the Plugin registry
|
||||
deployment. Defaults to 16Mi.
|
||||
type: string
|
||||
pluginRegistryPullPolicy:
|
||||
description: Overrides the image pull policy used in the Plugin
|
||||
registry deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
pluginRegistryUrl:
|
||||
description: Public URL of the Plugin registry, that serves sample
|
||||
ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
devfile registry (see the `externalPluginRegistry` field). By
|
||||
default this will be automatically calculated by the operator.
|
||||
type: string
|
||||
proxyPassword:
|
||||
description: Password of the proxy server Only use when proxy configuration
|
||||
is required (see also the `proxyUser` field).
|
||||
type: string
|
||||
proxyPort:
|
||||
description: Port of the proxy server. Only use when configuring
|
||||
a proxy is required (see also the `proxyURL` field).
|
||||
type: string
|
||||
proxyURL:
|
||||
description: URL (protocol+hostname) of the proxy server. This drives
|
||||
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
|
||||
variables in the Che server and workspaces containers. Only use
|
||||
when configuring a proxy is required.
|
||||
type: string
|
||||
proxyUser:
|
||||
description: User name of the proxy server. Only use when configuring
|
||||
a proxy is required (see also the `proxyURL` field).
|
||||
type: string
|
||||
selfSignedCert:
|
||||
description: Enables the support of OpenShift clusters whose router
|
||||
uses self-signed certificates. When enabled, the operator retrieves
|
||||
the default self-signed certificate of OpenShift routes and adds
|
||||
it to the Java trust store of the Che server. This is usually
|
||||
required when activating the `tlsSupport` field on demo OpenShift
|
||||
clusters that have not been setup with a valid certificate for
|
||||
the routes. This is disabled by default.
|
||||
type: boolean
|
||||
serverMemoryLimit:
|
||||
description: Overrides the memory limit used in the Che server deployment.
|
||||
Defaults to 1Gi.
|
||||
type: string
|
||||
serverMemoryRequest:
|
||||
description: Overrides the memory request used in the Che server
|
||||
deployment. Defaults to 512Mi.
|
||||
type: string
|
||||
tlsSupport:
|
||||
description: 'Instructs the operator to deploy Che in TLS mode,
|
||||
ie with TLS routes or ingresses. This is disabled by default.
|
||||
WARNING: Enabling TLS might require enabling the `selfSignedCert`
|
||||
field also in some cases.'
|
||||
type: boolean
|
||||
type: object
|
||||
storage:
|
||||
description: Configuration settings related to the persistent storage
|
||||
used by the Che installation.
|
||||
properties:
|
||||
postgresPVCStorageClassName:
|
||||
description: Storage class for the Persistent Volume Claim dedicated
|
||||
to the Postgres database. If omitted or left blank, default storage
|
||||
class is used.
|
||||
type: string
|
||||
preCreateSubPaths:
|
||||
description: Instructs the Che server to launch a special pod to
|
||||
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
|
||||
however it might need to enable it according to the configuration
|
||||
of your K8S cluster.
|
||||
type: boolean
|
||||
pvcClaimSize:
|
||||
description: Size of the persistent volume claim for workspaces.
|
||||
Defaults to `1Gi`
|
||||
type: string
|
||||
pvcJobsImage:
|
||||
description: Overrides the container image used to create sub-paths
|
||||
in the Persistent Volumes. This includes the image tag. Omit it
|
||||
or leave it empty to use the defaut container image provided by
|
||||
the operator. See also the `preCreateSubPaths` field.
|
||||
type: string
|
||||
pvcStrategy:
|
||||
description: Persistent volume claim strategy for the Che server.
|
||||
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
|
||||
(one PVC per workspace for all declared volumes) and `unique`
|
||||
(one PVC per declared volume). Defaults to `common`.
|
||||
type: string
|
||||
workspacePVCStorageClassName:
|
||||
description: Storage class for the Persistent Volume Claims dedicated
|
||||
to the Che workspaces. If omitted or left blank, default storage
|
||||
class is used.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
properties:
|
||||
cheClusterRunning:
|
||||
description: Status of a Che installation. Can be `Available`, `Unavailable`,
|
||||
or `Available, Rolling Update in Progress`
|
||||
type: string
|
||||
cheURL:
|
||||
description: Public URL to the Che server
|
||||
type: string
|
||||
cheVersion:
|
||||
description: Current installed Che version
|
||||
type: string
|
||||
dbProvisioned:
|
||||
description: Indicates if or not a Postgres instance has been correctly
|
||||
provisioned
|
||||
type: boolean
|
||||
devfileRegistryURL:
|
||||
description: Public URL to the Devfile registry
|
||||
type: string
|
||||
helpLink:
|
||||
description: A URL that can point to some URL where to find help related
|
||||
to the current Operator status.
|
||||
type: string
|
||||
keycloakProvisioned:
|
||||
description: Indicates whether an Identity Provider instance (Keycloak
|
||||
/ RH SSO) has been provisioned with realm, client and user
|
||||
type: boolean
|
||||
keycloakURL:
|
||||
description: Public URL to the Identity Provider server (Keycloak /
|
||||
RH SSO).
|
||||
type: string
|
||||
message:
|
||||
description: A human readable message indicating details about why the
|
||||
pod is in this condition.
|
||||
type: string
|
||||
openShiftoAuthProvisioned:
|
||||
description: Indicates whether an Identity Provider instance (Keycloak
|
||||
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
|
||||
type: boolean
|
||||
pluginRegistryURL:
|
||||
description: Public URL to the Plugin registry
|
||||
type: string
|
||||
reason:
|
||||
description: A brief CamelCase message indicating details about why
|
||||
the pod is in this state.
|
||||
type: string
|
||||
type: object
|
||||
version: v1
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
|
|
@ -0,0 +1,475 @@
|
|||
--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1567522875/eclipse-che-preview-kubernetes.crd.yaml 2019-09-17 16:37:37.000000000 +0200
|
||||
+++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml 2019-10-14 12:37:21.000000000 +0200
|
||||
@@ -1,3 +1,13 @@
|
||||
+#
|
||||
+# Copyright (c) 2012-2019 Red Hat, Inc.
|
||||
+# This program and the accompanying materials are made
|
||||
+# available under the terms of the Eclipse Public License 2.0
|
||||
+# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
+#
|
||||
+# SPDX-License-Identifier: EPL-2.0
|
||||
+#
|
||||
+# Contributors:
|
||||
+# Red Hat, Inc. - initial API and implementation
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
@@ -10,6 +20,457 @@
|
||||
plural: checlusters
|
||||
singular: checluster
|
||||
scope: Namespaced
|
||||
- version: v1
|
||||
subresources:
|
||||
status: {}
|
||||
+ validation:
|
||||
+ openAPIV3Schema:
|
||||
+ properties:
|
||||
+ apiVersion:
|
||||
+ description: 'APIVersion defines the versioned schema of this representation
|
||||
+ of an object. Servers should convert recognized schemas to the latest
|
||||
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
||||
+ type: string
|
||||
+ kind:
|
||||
+ description: 'Kind is a string value representing the REST resource this
|
||||
+ object represents. Servers may infer this from the endpoint the client
|
||||
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
||||
+ type: string
|
||||
+ metadata:
|
||||
+ type: object
|
||||
+ spec:
|
||||
+ properties:
|
||||
+ auth:
|
||||
+ description: Configuration settings related to the Authentication used
|
||||
+ by the Che installation.
|
||||
+ properties:
|
||||
+ externalIdentityProvider:
|
||||
+ description: 'Instructs the operator on whether or not to deploy
|
||||
+ a dedicated Identity Provider (Keycloak or RH SSO instance). By
|
||||
+ default a dedicated Identity Provider server is deployed as part
|
||||
+ of the Che installation. But if `externalIdentityProvider` is
|
||||
+ `true`, then no dedicated identity provider will be deployed by
|
||||
+ the operator and you might need to provide details about the external
|
||||
+ identity provider you want to use. See also all the other fields
|
||||
+ starting with: `identityProvider`.'
|
||||
+ type: boolean
|
||||
+ identityProviderAdminUserName:
|
||||
+ description: Overrides the name of the Identity Provider admin user.
|
||||
+ Defaults to `admin`.
|
||||
+ type: string
|
||||
+ identityProviderClientId:
|
||||
+ description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
|
||||
+ that should be used for Che. This is useful to override it ONLY
|
||||
+ if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
+ field). If omitted or left blank, it will be set to the value
|
||||
+ of the `flavour` field suffixed with `-public`.
|
||||
+ type: string
|
||||
+ identityProviderImage:
|
||||
+ description: Overrides the container image used in the Identity
|
||||
+ Provider (Keycloak / RH SSO) deployment. This includes the image
|
||||
+ tag. Omit it or leave it empty to use the defaut container image
|
||||
+ provided by the operator.
|
||||
+ type: string
|
||||
+ identityProviderImagePullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Identity
|
||||
+ Provider (Keycloak / RH SSO) deployment. Default value is `Always`
|
||||
+ for `nightly` or `latest` images, and `IfNotPresent` in other
|
||||
+ cases.
|
||||
+ type: string
|
||||
+ identityProviderPassword:
|
||||
+ description: Overrides the password of Keycloak admin user. This
|
||||
+ is useful to override it ONLY if you use an external Identity
|
||||
+ Provider (see the `externalIdentityProvider` field). If omitted
|
||||
+ or left blank, it will be set to an auto-generated password.
|
||||
+ type: string
|
||||
+ identityProviderPostgresPassword:
|
||||
+ description: Password for The Identity Provider (Keycloak / RH SSO)
|
||||
+ to connect to the database. This is useful to override it ONLY
|
||||
+ if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
+ field). If omitted or left blank, it will be set to an auto-generated
|
||||
+ password.
|
||||
+ type: string
|
||||
+ identityProviderRealm:
|
||||
+ description: Name of a Identity provider (Keycloak / RH SSO) realm
|
||||
+ that should be used for Che. This is useful to override it ONLY
|
||||
+ if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
+ field). If omitted or left blank, it will be set to the value
|
||||
+ of the `flavour` field.
|
||||
+ type: string
|
||||
+ identityProviderURL:
|
||||
+ description: Public URL of the Identity Provider server (Keycloak
|
||||
+ / RH SSO server). You should set it ONLY if you use an external
|
||||
+ Identity Provider (see the `externalIdentityProvider` field).
|
||||
+ By default this will be automatically calculated and set by the
|
||||
+ operator.
|
||||
+ type: string
|
||||
+ oAuthClientName:
|
||||
+ description: Name of the OpenShift `OAuthClient` resource used to
|
||||
+ setup identity federation on the OpenShift side. Auto-generated
|
||||
+ if left blank. See also the `OpenShiftoAuth` field.
|
||||
+ type: string
|
||||
+ oAuthSecret:
|
||||
+ description: Name of the secret set in the OpenShift `OAuthClient`
|
||||
+ resource used to setup identity federation on the OpenShift side.
|
||||
+ Auto-generated if left blank. See also the `OAuthClientName` field.
|
||||
+ type: string
|
||||
+ openShiftoAuth:
|
||||
+ description: 'Enables the integration of the identity provider (Keycloak
|
||||
+ / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
|
||||
+ This will allow users to directly login with their Openshift user
|
||||
+ throug the Openshift login, and have their workspaces created
|
||||
+ under personnal OpenShift namespaces. WARNING: the `kuebadmin`
|
||||
+ user is NOT supported, and logging through it will NOT allow accessing
|
||||
+ the Che Dashboard.'
|
||||
+ type: boolean
|
||||
+ updateAdminPassword:
|
||||
+ description: Forces the default `admin` Che user to update password
|
||||
+ on first login. Defaults to `false`.
|
||||
+ type: boolean
|
||||
+ type: object
|
||||
+ database:
|
||||
+ description: Configuration settings related to the database used by
|
||||
+ the Che installation.
|
||||
+ properties:
|
||||
+ chePostgresDb:
|
||||
+ description: Postgres database name that the Che server uses to
|
||||
+ connect to the DB. Defaults to `dbche`.
|
||||
+ type: string
|
||||
+ chePostgresHostName:
|
||||
+ description: Postgres Database hostname that the Che server uses
|
||||
+ to connect to. Defaults to postgres. This value should be overridden
|
||||
+ ONLY when using an external database (see field `externalDb`).
|
||||
+ In the default case it will be automatically set by the operator.
|
||||
+ type: string
|
||||
+ chePostgresPassword:
|
||||
+ description: Postgres password that the Che server should use to
|
||||
+ connect to the DB. If omitted or left blank, it will be set to
|
||||
+ an auto-generated value.
|
||||
+ type: string
|
||||
+ chePostgresPort:
|
||||
+ description: Postgres Database port that the Che server uses to
|
||||
+ connect to. Defaults to 5432. This value should be overridden
|
||||
+ ONLY when using an external database (see field `externalDb`).
|
||||
+ In the default case it will be automatically set by the operator.
|
||||
+ type: string
|
||||
+ chePostgresUser:
|
||||
+ description: Postgres user that the Che server should use to connect
|
||||
+ to the DB. Defaults to `pgche`.
|
||||
+ type: string
|
||||
+ externalDb:
|
||||
+ description: 'Instructs the operator on whether or not to deploy
|
||||
+ a dedicated database. By default a dedicated Postgres database
|
||||
+ is deployed as part of the Che installation. But if `externalDb`
|
||||
+ is `true`, then no dedicated database will be deployed by the
|
||||
+ operator and you might need to provide connection details to the
|
||||
+ external DB you want to use. See also all the fields starting
|
||||
+ with: `chePostgres`.'
|
||||
+ type: boolean
|
||||
+ postgresImage:
|
||||
+ description: Overrides the container image used in the Postgres
|
||||
+ database deployment. This includes the image tag. Omit it or leave
|
||||
+ it empty to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ postgresImagePullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Postgres
|
||||
+ database deployment. Default value is `Always` for `nightly` or
|
||||
+ `latest` images, and `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ k8s:
|
||||
+ description: Configuration settings specific to Che installations made
|
||||
+ on upstream Kubernetes.
|
||||
+ properties:
|
||||
+ ingressClass:
|
||||
+ description: 'Ingress class that will define the which controler
|
||||
+ will manage ingresses. Defaults to `nginx`. NB: This drives the
|
||||
+ `is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
|
||||
+ type: string
|
||||
+ ingressDomain:
|
||||
+ description: 'Global ingress domain for a K8S cluster. This MUST
|
||||
+ be explicitly specified: there are no defaults.'
|
||||
+ type: string
|
||||
+ ingressStrategy:
|
||||
+ description: Strategy for ingress creation. This can be `multi-host`
|
||||
+ (host is explicitly provided in ingress), `single-host` (host
|
||||
+ is provided, path-based rules) and `default-host.*`(no host is
|
||||
+ provided, path-based rules). Defaults to `"multi-host`
|
||||
+ type: string
|
||||
+ securityContextFsGroup:
|
||||
+ description: FSGroup the Che pod and Workspace pods containers should
|
||||
+ run in. Defaults to `1724`.
|
||||
+ type: string
|
||||
+ securityContextRunAsUser:
|
||||
+ description: ID of the user the Che pod and Workspace pods containers
|
||||
+ should run as. Default to `1724`.
|
||||
+ type: string
|
||||
+ tlsSecretName:
|
||||
+ description: Name of a secret that will be used to setup ingress
|
||||
+ TLS termination if TLS is enabled. See also the `tlsSupport` field.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ server:
|
||||
+ description: General configuration settings related to the Che server
|
||||
+ and the plugin and devfile registries
|
||||
+ properties:
|
||||
+ airGapContainerRegistryHostname:
|
||||
+ description: Optional hostname (or url) to an alternate container
|
||||
+ registry to pull images from. This value overrides the container
|
||||
+ registry hostname defined in all the default container images
|
||||
+ involved in a Che deployment. This is particularly useful to install
|
||||
+ Che in an air-gapped environment.
|
||||
+ type: string
|
||||
+ airGapContainerRegistryOrganization:
|
||||
+ description: Optional repository name of an alternate container
|
||||
+ registry to pull images from. This value overrides the container
|
||||
+ registry organization defined in all the default container images
|
||||
+ involved in a Che deployment. This is particularly useful to install
|
||||
+ Che in an air-gapped environment.
|
||||
+ type: string
|
||||
+ cheDebug:
|
||||
+ description: Enables the debug mode for Che server. Defaults to
|
||||
+ `false`.
|
||||
+ type: string
|
||||
+ cheFlavor:
|
||||
+ description: Flavor of the installation. This is either `che` for
|
||||
+ upstream Che installations, or `codeready` for CodeReady Workspaces
|
||||
+ installation. In most cases the default value should not be overriden.
|
||||
+ type: string
|
||||
+ cheHost:
|
||||
+ description: Public hostname of the installed Che server. This will
|
||||
+ be automatically set by the operator. In most cases the default
|
||||
+ value set by the operator should not be overriden.
|
||||
+ type: string
|
||||
+ cheImage:
|
||||
+ description: Overrides the container image used in Che deployment.
|
||||
+ This does NOT include the container image tag. Omit it or leave
|
||||
+ it empty to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ cheImagePullPolicy:
|
||||
+ description: Overrides the image pull policy used in Che deployment.
|
||||
+ Default value is `Always` for `nightly` or `latest` images, and
|
||||
+ `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ cheImageTag:
|
||||
+ description: Overrides the tag of the container image used in Che
|
||||
+ deployment. Omit it or leave it empty to use the defaut image
|
||||
+ tag provided by the operator.
|
||||
+ type: string
|
||||
+ cheLogLevel:
|
||||
+ description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
|
||||
+ to `INFO`.'
|
||||
+ type: string
|
||||
+ cheWorkspaceClusterRole:
|
||||
+ description: Custom cluster role bound to the user for the Che workspaces.
|
||||
+ The default roles are used if this is omitted or left blank.
|
||||
+ type: string
|
||||
+ customCheProperties:
|
||||
+ additionalProperties:
|
||||
+ type: string
|
||||
+ description: Map of additional environment variables that will be
|
||||
+ applied in the generated `che` config map to be used by the Che
|
||||
+ server, in addition to the values already generated from other
|
||||
+ fields of the `CheCluster` custom resource (CR). If `customCheProperties`
|
||||
+ contains a property that would be normally generated in `che`
|
||||
+ config map from other CR fields, then the value defined in the
|
||||
+ `customCheProperties` will be used instead.
|
||||
+ type: object
|
||||
+ devfileRegistryImage:
|
||||
+ description: Overrides the container image used in the Devfile registry
|
||||
+ deployment. This includes the image tag. Omit it or leave it empty
|
||||
+ to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ devfileRegistryMemoryLimit:
|
||||
+ description: Overrides the memory limit used in the Devfile registry
|
||||
+ deployment. Defaults to 256Mi.
|
||||
+ type: string
|
||||
+ devfileRegistryMemoryRequest:
|
||||
+ description: Overrides the memory request used in the Devfile registry
|
||||
+ deployment. Defaults to 16Mi.
|
||||
+ type: string
|
||||
+ devfileRegistryPullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Devfile
|
||||
+ registry deployment. Default value is `Always` for `nightly` or
|
||||
+ `latest` images, and `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ devfileRegistryUrl:
|
||||
+ description: Public URL of the Devfile registry, that serves sample,
|
||||
+ ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
+ devfile registry (see the `externalDevfileRegistry` field). By
|
||||
+ default this will be automatically calculated by the operator.
|
||||
+ type: string
|
||||
+ externalDevfileRegistry:
|
||||
+ description: Instructs the operator on whether or not to deploy
|
||||
+ a dedicated Devfile registry server. By default a dedicated devfile
|
||||
+ registry server is started. But if `externalDevfileRegistry` is
|
||||
+ `true`, then no such dedicated server will be started by the operator
|
||||
+ and you will have to manually set the `devfileRegistryUrl` field
|
||||
+ type: boolean
|
||||
+ externalPluginRegistry:
|
||||
+ description: Instructs the operator on whether or not to deploy
|
||||
+ a dedicated Plugin registry server. By default a dedicated plugin
|
||||
+ registry server is started. But if `externalPluginRegistry` is
|
||||
+ `true`, then no such dedicated server will be started by the operator
|
||||
+ and you will have to manually set the `pluginRegistryUrl` field.
|
||||
+ type: boolean
|
||||
+ nonProxyHosts:
|
||||
+ description: List of hosts that should not use the configured proxy.
|
||||
+ Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
|
||||
+ Only use when configuring a proxy is required (see also the `proxyURL`
|
||||
+ field).
|
||||
+ type: string
|
||||
+ pluginRegistryImage:
|
||||
+ description: Overrides the container image used in the Plugin registry
|
||||
+ deployment. This includes the image tag. Omit it or leave it empty
|
||||
+ to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ pluginRegistryMemoryLimit:
|
||||
+ description: Overrides the memory limit used in the Plugin registry
|
||||
+ deployment. Defaults to 256Mi.
|
||||
+ type: string
|
||||
+ pluginRegistryMemoryRequest:
|
||||
+ description: Overrides the memory request used in the Plugin registry
|
||||
+ deployment. Defaults to 16Mi.
|
||||
+ type: string
|
||||
+ pluginRegistryPullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Plugin
|
||||
+ registry deployment. Default value is `Always` for `nightly` or
|
||||
+ `latest` images, and `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ pluginRegistryUrl:
|
||||
+ description: Public URL of the Plugin registry, that serves sample
|
||||
+ ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
+ devfile registry (see the `externalPluginRegistry` field). By
|
||||
+ default this will be automatically calculated by the operator.
|
||||
+ type: string
|
||||
+ proxyPassword:
|
||||
+ description: Password of the proxy server Only use when proxy configuration
|
||||
+ is required (see also the `proxyUser` field).
|
||||
+ type: string
|
||||
+ proxyPort:
|
||||
+ description: Port of the proxy server. Only use when configuring
|
||||
+ a proxy is required (see also the `proxyURL` field).
|
||||
+ type: string
|
||||
+ proxyURL:
|
||||
+ description: URL (protocol+hostname) of the proxy server. This drives
|
||||
+ the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
|
||||
+ variables in the Che server and workspaces containers. Only use
|
||||
+ when configuring a proxy is required.
|
||||
+ type: string
|
||||
+ proxyUser:
|
||||
+ description: User name of the proxy server. Only use when configuring
|
||||
+ a proxy is required (see also the `proxyURL` field).
|
||||
+ type: string
|
||||
+ selfSignedCert:
|
||||
+ description: Enables the support of OpenShift clusters whose router
|
||||
+ uses self-signed certificates. When enabled, the operator retrieves
|
||||
+ the default self-signed certificate of OpenShift routes and adds
|
||||
+ it to the Java trust store of the Che server. This is usually
|
||||
+ required when activating the `tlsSupport` field on demo OpenShift
|
||||
+ clusters that have not been setup with a valid certificate for
|
||||
+ the routes. This is disabled by default.
|
||||
+ type: boolean
|
||||
+ serverMemoryLimit:
|
||||
+ description: Overrides the memory limit used in the Che server deployment.
|
||||
+ Defaults to 1Gi.
|
||||
+ type: string
|
||||
+ serverMemoryRequest:
|
||||
+ description: Overrides the memory request used in the Che server
|
||||
+ deployment. Defaults to 512Mi.
|
||||
+ type: string
|
||||
+ tlsSupport:
|
||||
+ description: 'Instructs the operator to deploy Che in TLS mode,
|
||||
+ ie with TLS routes or ingresses. This is disabled by default.
|
||||
+ WARNING: Enabling TLS might require enabling the `selfSignedCert`
|
||||
+ field also in some cases.'
|
||||
+ type: boolean
|
||||
+ type: object
|
||||
+ storage:
|
||||
+ description: Configuration settings related to the persistent storage
|
||||
+ used by the Che installation.
|
||||
+ properties:
|
||||
+ postgresPVCStorageClassName:
|
||||
+ description: Storage class for the Persistent Volume Claim dedicated
|
||||
+ to the Postgres database. If omitted or left blank, default storage
|
||||
+ class is used.
|
||||
+ type: string
|
||||
+ preCreateSubPaths:
|
||||
+ description: Instructs the Che server to launch a special pod to
|
||||
+ pre-create a subpath in the Persistent Volumes. Defaults to `false`,
|
||||
+ however it might need to enable it according to the configuration
|
||||
+ of your K8S cluster.
|
||||
+ type: boolean
|
||||
+ pvcClaimSize:
|
||||
+ description: Size of the persistent volume claim for workspaces.
|
||||
+ Defaults to `1Gi`
|
||||
+ type: string
|
||||
+ pvcJobsImage:
|
||||
+ description: Overrides the container image used to create sub-paths
|
||||
+ in the Persistent Volumes. This includes the image tag. Omit it
|
||||
+ or leave it empty to use the defaut container image provided by
|
||||
+ the operator. See also the `preCreateSubPaths` field.
|
||||
+ type: string
|
||||
+ pvcStrategy:
|
||||
+ description: Persistent volume claim strategy for the Che server.
|
||||
+ This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
|
||||
+ (one PVC per workspace for all declared volumes) and `unique`
|
||||
+ (one PVC per declared volume). Defaults to `common`.
|
||||
+ type: string
|
||||
+ workspacePVCStorageClassName:
|
||||
+ description: Storage class for the Persistent Volume Claims dedicated
|
||||
+ to the Che workspaces. If omitted or left blank, default storage
|
||||
+ class is used.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ type: object
|
||||
+ status:
|
||||
+ properties:
|
||||
+ cheClusterRunning:
|
||||
+ description: Status of a Che installation. Can be `Available`, `Unavailable`,
|
||||
+ or `Available, Rolling Update in Progress`
|
||||
+ type: string
|
||||
+ cheURL:
|
||||
+ description: Public URL to the Che server
|
||||
+ type: string
|
||||
+ cheVersion:
|
||||
+ description: Current installed Che version
|
||||
+ type: string
|
||||
+ dbProvisioned:
|
||||
+ description: Indicates if or not a Postgres instance has been correctly
|
||||
+ provisioned
|
||||
+ type: boolean
|
||||
+ devfileRegistryURL:
|
||||
+ description: Public URL to the Devfile registry
|
||||
+ type: string
|
||||
+ helpLink:
|
||||
+ description: A URL that can point to some URL where to find help related
|
||||
+ to the current Operator status.
|
||||
+ type: string
|
||||
+ keycloakProvisioned:
|
||||
+ description: Indicates whether an Identity Provider instance (Keycloak
|
||||
+ / RH SSO) has been provisioned with realm, client and user
|
||||
+ type: boolean
|
||||
+ keycloakURL:
|
||||
+ description: Public URL to the Identity Provider server (Keycloak /
|
||||
+ RH SSO).
|
||||
+ type: string
|
||||
+ message:
|
||||
+ description: A human readable message indicating details about why the
|
||||
+ pod is in this condition.
|
||||
+ type: string
|
||||
+ openShiftoAuthProvisioned:
|
||||
+ description: Indicates whether an Identity Provider instance (Keycloak
|
||||
+ / RH SSO) has been configured to integrate with the OpenShift OAuth.
|
||||
+ type: boolean
|
||||
+ pluginRegistryURL:
|
||||
+ description: Public URL to the Plugin registry
|
||||
+ type: string
|
||||
+ reason:
|
||||
+ description: A brief CamelCase message indicating details about why
|
||||
+ the pod is in this state.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ version: v1
|
||||
+ versions:
|
||||
+ - name: v1
|
||||
+ served: true
|
||||
+ storage: true
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -0,0 +1,25 @@
|
|||
--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1567522875/eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875.clusterserviceversion.yaml 2019-09-17 16:37:37.000000000 +0200
|
||||
+++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml 2019-10-14 12:37:21.000000000 +0200
|
||||
@@ -49,12 +49,12 @@
|
||||
categories: Developer Tools
|
||||
certified: "false"
|
||||
containerImage: quay.io/eclipse/che-operator:nightly
|
||||
- createdAt: "2019-09-03T15:01:15Z"
|
||||
+ createdAt: "2019-10-14T10:37:21Z"
|
||||
description: A Kube-native development solution that delivers portable and collaborative
|
||||
developer workspaces.
|
||||
repository: https://github.com/eclipse/che-operator
|
||||
support: Eclipse Foundation
|
||||
- name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875
|
||||
+ name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441
|
||||
namespace: placeholder
|
||||
spec:
|
||||
apiservicedefinitions: {}
|
||||
@@ -350,5 +350,5 @@
|
||||
maturity: stable
|
||||
provider:
|
||||
name: Eclipse Foundation
|
||||
- replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567514659
|
||||
- version: 9.9.9-nightly.1567522875
|
||||
+ replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875
|
||||
+ version: 9.9.9-nightly.1571049441
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
channels:
|
||||
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875
|
||||
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441
|
||||
name: nightly
|
||||
- currentCSV: eclipse-che-preview-kubernetes.v7.2.0
|
||||
name: stable
|
||||
|
|
|
|||
|
|
@ -0,0 +1,476 @@
|
|||
#
|
||||
# Copyright (c) 2012-2019 Red Hat, Inc.
|
||||
# This program and the accompanying materials are made
|
||||
# available under the terms of the Eclipse Public License 2.0
|
||||
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
#
|
||||
# SPDX-License-Identifier: EPL-2.0
|
||||
#
|
||||
# Contributors:
|
||||
# Red Hat, Inc. - initial API and implementation
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: checlusters.org.eclipse.che
|
||||
spec:
|
||||
group: org.eclipse.che
|
||||
names:
|
||||
kind: CheCluster
|
||||
listKind: CheClusterList
|
||||
plural: checlusters
|
||||
singular: checluster
|
||||
scope: Namespaced
|
||||
subresources:
|
||||
status: {}
|
||||
validation:
|
||||
openAPIV3Schema:
|
||||
properties:
|
||||
apiVersion:
|
||||
description: 'APIVersion defines the versioned schema of this representation
|
||||
of an object. Servers should convert recognized schemas to the latest
|
||||
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
||||
type: string
|
||||
kind:
|
||||
description: 'Kind is a string value representing the REST resource this
|
||||
object represents. Servers may infer this from the endpoint the client
|
||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
properties:
|
||||
auth:
|
||||
description: Configuration settings related to the Authentication used
|
||||
by the Che installation.
|
||||
properties:
|
||||
externalIdentityProvider:
|
||||
description: 'Instructs the operator on whether or not to deploy
|
||||
a dedicated Identity Provider (Keycloak or RH SSO instance). By
|
||||
default a dedicated Identity Provider server is deployed as part
|
||||
of the Che installation. But if `externalIdentityProvider` is
|
||||
`true`, then no dedicated identity provider will be deployed by
|
||||
the operator and you might need to provide details about the external
|
||||
identity provider you want to use. See also all the other fields
|
||||
starting with: `identityProvider`.'
|
||||
type: boolean
|
||||
identityProviderAdminUserName:
|
||||
description: Overrides the name of the Identity Provider admin user.
|
||||
Defaults to `admin`.
|
||||
type: string
|
||||
identityProviderClientId:
|
||||
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
|
||||
that should be used for Che. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to the value
|
||||
of the `flavour` field suffixed with `-public`.
|
||||
type: string
|
||||
identityProviderImage:
|
||||
description: Overrides the container image used in the Identity
|
||||
Provider (Keycloak / RH SSO) deployment. This includes the image
|
||||
tag. Omit it or leave it empty to use the defaut container image
|
||||
provided by the operator.
|
||||
type: string
|
||||
identityProviderImagePullPolicy:
|
||||
description: Overrides the image pull policy used in the Identity
|
||||
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
|
||||
for `nightly` or `latest` images, and `IfNotPresent` in other
|
||||
cases.
|
||||
type: string
|
||||
identityProviderPassword:
|
||||
description: Overrides the password of Keycloak admin user. This
|
||||
is useful to override it ONLY if you use an external Identity
|
||||
Provider (see the `externalIdentityProvider` field). If omitted
|
||||
or left blank, it will be set to an auto-generated password.
|
||||
type: string
|
||||
identityProviderPostgresPassword:
|
||||
description: Password for The Identity Provider (Keycloak / RH SSO)
|
||||
to connect to the database. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to an auto-generated
|
||||
password.
|
||||
type: string
|
||||
identityProviderRealm:
|
||||
description: Name of a Identity provider (Keycloak / RH SSO) realm
|
||||
that should be used for Che. This is useful to override it ONLY
|
||||
if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
field). If omitted or left blank, it will be set to the value
|
||||
of the `flavour` field.
|
||||
type: string
|
||||
identityProviderURL:
|
||||
description: Public URL of the Identity Provider server (Keycloak
|
||||
/ RH SSO server). You should set it ONLY if you use an external
|
||||
Identity Provider (see the `externalIdentityProvider` field).
|
||||
By default this will be automatically calculated and set by the
|
||||
operator.
|
||||
type: string
|
||||
oAuthClientName:
|
||||
description: Name of the OpenShift `OAuthClient` resource used to
|
||||
setup identity federation on the OpenShift side. Auto-generated
|
||||
if left blank. See also the `OpenShiftoAuth` field.
|
||||
type: string
|
||||
oAuthSecret:
|
||||
description: Name of the secret set in the OpenShift `OAuthClient`
|
||||
resource used to setup identity federation on the OpenShift side.
|
||||
Auto-generated if left blank. See also the `OAuthClientName` field.
|
||||
type: string
|
||||
openShiftoAuth:
|
||||
description: 'Enables the integration of the identity provider (Keycloak
|
||||
/ RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
|
||||
This will allow users to directly login with their Openshift user
|
||||
throug the Openshift login, and have their workspaces created
|
||||
under personnal OpenShift namespaces. WARNING: the `kuebadmin`
|
||||
user is NOT supported, and logging through it will NOT allow accessing
|
||||
the Che Dashboard.'
|
||||
type: boolean
|
||||
updateAdminPassword:
|
||||
description: Forces the default `admin` Che user to update password
|
||||
on first login. Defaults to `false`.
|
||||
type: boolean
|
||||
type: object
|
||||
database:
|
||||
description: Configuration settings related to the database used by
|
||||
the Che installation.
|
||||
properties:
|
||||
chePostgresDb:
|
||||
description: Postgres database name that the Che server uses to
|
||||
connect to the DB. Defaults to `dbche`.
|
||||
type: string
|
||||
chePostgresHostName:
|
||||
description: Postgres Database hostname that the Che server uses
|
||||
to connect to. Defaults to postgres. This value should be overridden
|
||||
ONLY when using an external database (see field `externalDb`).
|
||||
In the default case it will be automatically set by the operator.
|
||||
type: string
|
||||
chePostgresPassword:
|
||||
description: Postgres password that the Che server should use to
|
||||
connect to the DB. If omitted or left blank, it will be set to
|
||||
an auto-generated value.
|
||||
type: string
|
||||
chePostgresPort:
|
||||
description: Postgres Database port that the Che server uses to
|
||||
connect to. Defaults to 5432. This value should be overridden
|
||||
ONLY when using an external database (see field `externalDb`).
|
||||
In the default case it will be automatically set by the operator.
|
||||
type: string
|
||||
chePostgresUser:
|
||||
description: Postgres user that the Che server should use to connect
|
||||
to the DB. Defaults to `pgche`.
|
||||
type: string
|
||||
externalDb:
|
||||
description: 'Instructs the operator on whether or not to deploy
|
||||
a dedicated database. By default a dedicated Postgres database
|
||||
is deployed as part of the Che installation. But if `externalDb`
|
||||
is `true`, then no dedicated database will be deployed by the
|
||||
operator and you might need to provide connection details to the
|
||||
external DB you want to use. See also all the fields starting
|
||||
with: `chePostgres`.'
|
||||
type: boolean
|
||||
postgresImage:
|
||||
description: Overrides the container image used in the Postgres
|
||||
database deployment. This includes the image tag. Omit it or leave
|
||||
it empty to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
postgresImagePullPolicy:
|
||||
description: Overrides the image pull policy used in the Postgres
|
||||
database deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
type: object
|
||||
k8s:
|
||||
description: Configuration settings specific to Che installations made
|
||||
on upstream Kubernetes.
|
||||
properties:
|
||||
ingressClass:
|
||||
description: 'Ingress class that will define the which controler
|
||||
will manage ingresses. Defaults to `nginx`. NB: This drives the
|
||||
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
|
||||
type: string
|
||||
ingressDomain:
|
||||
description: 'Global ingress domain for a K8S cluster. This MUST
|
||||
be explicitly specified: there are no defaults.'
|
||||
type: string
|
||||
ingressStrategy:
|
||||
description: Strategy for ingress creation. This can be `multi-host`
|
||||
(host is explicitly provided in ingress), `single-host` (host
|
||||
is provided, path-based rules) and `default-host.*`(no host is
|
||||
provided, path-based rules). Defaults to `"multi-host`
|
||||
type: string
|
||||
securityContextFsGroup:
|
||||
description: FSGroup the Che pod and Workspace pods containers should
|
||||
run in. Defaults to `1724`.
|
||||
type: string
|
||||
securityContextRunAsUser:
|
||||
description: ID of the user the Che pod and Workspace pods containers
|
||||
should run as. Default to `1724`.
|
||||
type: string
|
||||
tlsSecretName:
|
||||
description: Name of a secret that will be used to setup ingress
|
||||
TLS termination if TLS is enabled. See also the `tlsSupport` field.
|
||||
type: string
|
||||
type: object
|
||||
server:
|
||||
description: General configuration settings related to the Che server
|
||||
and the plugin and devfile registries
|
||||
properties:
|
||||
airGapContainerRegistryHostname:
|
||||
description: Optional hostname (or url) to an alternate container
|
||||
registry to pull images from. This value overrides the container
|
||||
registry hostname defined in all the default container images
|
||||
involved in a Che deployment. This is particularly useful to install
|
||||
Che in an air-gapped environment.
|
||||
type: string
|
||||
airGapContainerRegistryOrganization:
|
||||
description: Optional repository name of an alternate container
|
||||
registry to pull images from. This value overrides the container
|
||||
registry organization defined in all the default container images
|
||||
involved in a Che deployment. This is particularly useful to install
|
||||
Che in an air-gapped environment.
|
||||
type: string
|
||||
cheDebug:
|
||||
description: Enables the debug mode for Che server. Defaults to
|
||||
`false`.
|
||||
type: string
|
||||
cheFlavor:
|
||||
description: Flavor of the installation. This is either `che` for
|
||||
upstream Che installations, or `codeready` for CodeReady Workspaces
|
||||
installation. In most cases the default value should not be overriden.
|
||||
type: string
|
||||
cheHost:
|
||||
description: Public hostname of the installed Che server. This will
|
||||
be automatically set by the operator. In most cases the default
|
||||
value set by the operator should not be overriden.
|
||||
type: string
|
||||
cheImage:
|
||||
description: Overrides the container image used in Che deployment.
|
||||
This does NOT include the container image tag. Omit it or leave
|
||||
it empty to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
cheImagePullPolicy:
|
||||
description: Overrides the image pull policy used in Che deployment.
|
||||
Default value is `Always` for `nightly` or `latest` images, and
|
||||
`IfNotPresent` in other cases.
|
||||
type: string
|
||||
cheImageTag:
|
||||
description: Overrides the tag of the container image used in Che
|
||||
deployment. Omit it or leave it empty to use the defaut image
|
||||
tag provided by the operator.
|
||||
type: string
|
||||
cheLogLevel:
|
||||
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
|
||||
to `INFO`.'
|
||||
type: string
|
||||
cheWorkspaceClusterRole:
|
||||
description: Custom cluster role bound to the user for the Che workspaces.
|
||||
The default roles are used if this is omitted or left blank.
|
||||
type: string
|
||||
customCheProperties:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: Map of additional environment variables that will be
|
||||
applied in the generated `che` config map to be used by the Che
|
||||
server, in addition to the values already generated from other
|
||||
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
|
||||
contains a property that would be normally generated in `che`
|
||||
config map from other CR fields, then the value defined in the
|
||||
`customCheProperties` will be used instead.
|
||||
type: object
|
||||
devfileRegistryImage:
|
||||
description: Overrides the container image used in the Devfile registry
|
||||
deployment. This includes the image tag. Omit it or leave it empty
|
||||
to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
devfileRegistryMemoryLimit:
|
||||
description: Overrides the memory limit used in the Devfile registry
|
||||
deployment. Defaults to 256Mi.
|
||||
type: string
|
||||
devfileRegistryMemoryRequest:
|
||||
description: Overrides the memory request used in the Devfile registry
|
||||
deployment. Defaults to 16Mi.
|
||||
type: string
|
||||
devfileRegistryPullPolicy:
|
||||
description: Overrides the image pull policy used in the Devfile
|
||||
registry deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
devfileRegistryUrl:
|
||||
description: Public URL of the Devfile registry, that serves sample,
|
||||
ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
devfile registry (see the `externalDevfileRegistry` field). By
|
||||
default this will be automatically calculated by the operator.
|
||||
type: string
|
||||
externalDevfileRegistry:
|
||||
description: Instructs the operator on whether or not to deploy
|
||||
a dedicated Devfile registry server. By default a dedicated devfile
|
||||
registry server is started. But if `externalDevfileRegistry` is
|
||||
`true`, then no such dedicated server will be started by the operator
|
||||
and you will have to manually set the `devfileRegistryUrl` field
|
||||
type: boolean
|
||||
externalPluginRegistry:
|
||||
description: Instructs the operator on whether or not to deploy
|
||||
a dedicated Plugin registry server. By default a dedicated plugin
|
||||
registry server is started. But if `externalPluginRegistry` is
|
||||
`true`, then no such dedicated server will be started by the operator
|
||||
and you will have to manually set the `pluginRegistryUrl` field.
|
||||
type: boolean
|
||||
nonProxyHosts:
|
||||
description: List of hosts that should not use the configured proxy.
|
||||
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
|
||||
Only use when configuring a proxy is required (see also the `proxyURL`
|
||||
field).
|
||||
type: string
|
||||
pluginRegistryImage:
|
||||
description: Overrides the container image used in the Plugin registry
|
||||
deployment. This includes the image tag. Omit it or leave it empty
|
||||
to use the defaut container image provided by the operator.
|
||||
type: string
|
||||
pluginRegistryMemoryLimit:
|
||||
description: Overrides the memory limit used in the Plugin registry
|
||||
deployment. Defaults to 256Mi.
|
||||
type: string
|
||||
pluginRegistryMemoryRequest:
|
||||
description: Overrides the memory request used in the Plugin registry
|
||||
deployment. Defaults to 16Mi.
|
||||
type: string
|
||||
pluginRegistryPullPolicy:
|
||||
description: Overrides the image pull policy used in the Plugin
|
||||
registry deployment. Default value is `Always` for `nightly` or
|
||||
`latest` images, and `IfNotPresent` in other cases.
|
||||
type: string
|
||||
pluginRegistryUrl:
|
||||
description: Public URL of the Plugin registry, that serves sample
|
||||
ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
devfile registry (see the `externalPluginRegistry` field). By
|
||||
default this will be automatically calculated by the operator.
|
||||
type: string
|
||||
proxyPassword:
|
||||
description: Password of the proxy server Only use when proxy configuration
|
||||
is required (see also the `proxyUser` field).
|
||||
type: string
|
||||
proxyPort:
|
||||
description: Port of the proxy server. Only use when configuring
|
||||
a proxy is required (see also the `proxyURL` field).
|
||||
type: string
|
||||
proxyURL:
|
||||
description: URL (protocol+hostname) of the proxy server. This drives
|
||||
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
|
||||
variables in the Che server and workspaces containers. Only use
|
||||
when configuring a proxy is required.
|
||||
type: string
|
||||
proxyUser:
|
||||
description: User name of the proxy server. Only use when configuring
|
||||
a proxy is required (see also the `proxyURL` field).
|
||||
type: string
|
||||
selfSignedCert:
|
||||
description: Enables the support of OpenShift clusters whose router
|
||||
uses self-signed certificates. When enabled, the operator retrieves
|
||||
the default self-signed certificate of OpenShift routes and adds
|
||||
it to the Java trust store of the Che server. This is usually
|
||||
required when activating the `tlsSupport` field on demo OpenShift
|
||||
clusters that have not been setup with a valid certificate for
|
||||
the routes. This is disabled by default.
|
||||
type: boolean
|
||||
serverMemoryLimit:
|
||||
description: Overrides the memory limit used in the Che server deployment.
|
||||
Defaults to 1Gi.
|
||||
type: string
|
||||
serverMemoryRequest:
|
||||
description: Overrides the memory request used in the Che server
|
||||
deployment. Defaults to 512Mi.
|
||||
type: string
|
||||
tlsSupport:
|
||||
description: 'Instructs the operator to deploy Che in TLS mode,
|
||||
ie with TLS routes or ingresses. This is disabled by default.
|
||||
WARNING: Enabling TLS might require enabling the `selfSignedCert`
|
||||
field also in some cases.'
|
||||
type: boolean
|
||||
type: object
|
||||
storage:
|
||||
description: Configuration settings related to the persistent storage
|
||||
used by the Che installation.
|
||||
properties:
|
||||
postgresPVCStorageClassName:
|
||||
description: Storage class for the Persistent Volume Claim dedicated
|
||||
to the Postgres database. If omitted or left blank, default storage
|
||||
class is used.
|
||||
type: string
|
||||
preCreateSubPaths:
|
||||
description: Instructs the Che server to launch a special pod to
|
||||
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
|
||||
however it might need to enable it according to the configuration
|
||||
of your K8S cluster.
|
||||
type: boolean
|
||||
pvcClaimSize:
|
||||
description: Size of the persistent volume claim for workspaces.
|
||||
Defaults to `1Gi`
|
||||
type: string
|
||||
pvcJobsImage:
|
||||
description: Overrides the container image used to create sub-paths
|
||||
in the Persistent Volumes. This includes the image tag. Omit it
|
||||
or leave it empty to use the defaut container image provided by
|
||||
the operator. See also the `preCreateSubPaths` field.
|
||||
type: string
|
||||
pvcStrategy:
|
||||
description: Persistent volume claim strategy for the Che server.
|
||||
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
|
||||
(one PVC per workspace for all declared volumes) and `unique`
|
||||
(one PVC per declared volume). Defaults to `common`.
|
||||
type: string
|
||||
workspacePVCStorageClassName:
|
||||
description: Storage class for the Persistent Volume Claims dedicated
|
||||
to the Che workspaces. If omitted or left blank, default storage
|
||||
class is used.
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
status:
|
||||
properties:
|
||||
cheClusterRunning:
|
||||
description: Status of a Che installation. Can be `Available`, `Unavailable`,
|
||||
or `Available, Rolling Update in Progress`
|
||||
type: string
|
||||
cheURL:
|
||||
description: Public URL to the Che server
|
||||
type: string
|
||||
cheVersion:
|
||||
description: Current installed Che version
|
||||
type: string
|
||||
dbProvisioned:
|
||||
description: Indicates if or not a Postgres instance has been correctly
|
||||
provisioned
|
||||
type: boolean
|
||||
devfileRegistryURL:
|
||||
description: Public URL to the Devfile registry
|
||||
type: string
|
||||
helpLink:
|
||||
description: A URL that can point to some URL where to find help related
|
||||
to the current Operator status.
|
||||
type: string
|
||||
keycloakProvisioned:
|
||||
description: Indicates whether an Identity Provider instance (Keycloak
|
||||
/ RH SSO) has been provisioned with realm, client and user
|
||||
type: boolean
|
||||
keycloakURL:
|
||||
description: Public URL to the Identity Provider server (Keycloak /
|
||||
RH SSO).
|
||||
type: string
|
||||
message:
|
||||
description: A human readable message indicating details about why the
|
||||
pod is in this condition.
|
||||
type: string
|
||||
openShiftoAuthProvisioned:
|
||||
description: Indicates whether an Identity Provider instance (Keycloak
|
||||
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
|
||||
type: boolean
|
||||
pluginRegistryURL:
|
||||
description: Public URL to the Plugin registry
|
||||
type: string
|
||||
reason:
|
||||
description: A brief CamelCase message indicating details about why
|
||||
the pod is in this state.
|
||||
type: string
|
||||
type: object
|
||||
version: v1
|
||||
versions:
|
||||
- name: v1
|
||||
served: true
|
||||
storage: true
|
||||
|
|
@ -0,0 +1,475 @@
|
|||
--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1567522875/eclipse-che-preview-openshift.crd.yaml 2019-09-17 16:37:37.000000000 +0200
|
||||
+++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml 2019-10-14 12:37:21.000000000 +0200
|
||||
@@ -1,3 +1,13 @@
|
||||
+#
|
||||
+# Copyright (c) 2012-2019 Red Hat, Inc.
|
||||
+# This program and the accompanying materials are made
|
||||
+# available under the terms of the Eclipse Public License 2.0
|
||||
+# which is available at https://www.eclipse.org/legal/epl-2.0/
|
||||
+#
|
||||
+# SPDX-License-Identifier: EPL-2.0
|
||||
+#
|
||||
+# Contributors:
|
||||
+# Red Hat, Inc. - initial API and implementation
|
||||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
@@ -10,6 +20,457 @@
|
||||
plural: checlusters
|
||||
singular: checluster
|
||||
scope: Namespaced
|
||||
- version: v1
|
||||
subresources:
|
||||
status: {}
|
||||
+ validation:
|
||||
+ openAPIV3Schema:
|
||||
+ properties:
|
||||
+ apiVersion:
|
||||
+ description: 'APIVersion defines the versioned schema of this representation
|
||||
+ of an object. Servers should convert recognized schemas to the latest
|
||||
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
|
||||
+ type: string
|
||||
+ kind:
|
||||
+ description: 'Kind is a string value representing the REST resource this
|
||||
+ object represents. Servers may infer this from the endpoint the client
|
||||
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
|
||||
+ type: string
|
||||
+ metadata:
|
||||
+ type: object
|
||||
+ spec:
|
||||
+ properties:
|
||||
+ auth:
|
||||
+ description: Configuration settings related to the Authentication used
|
||||
+ by the Che installation.
|
||||
+ properties:
|
||||
+ externalIdentityProvider:
|
||||
+ description: 'Instructs the operator on whether or not to deploy
|
||||
+ a dedicated Identity Provider (Keycloak or RH SSO instance). By
|
||||
+ default a dedicated Identity Provider server is deployed as part
|
||||
+ of the Che installation. But if `externalIdentityProvider` is
|
||||
+ `true`, then no dedicated identity provider will be deployed by
|
||||
+ the operator and you might need to provide details about the external
|
||||
+ identity provider you want to use. See also all the other fields
|
||||
+ starting with: `identityProvider`.'
|
||||
+ type: boolean
|
||||
+ identityProviderAdminUserName:
|
||||
+ description: Overrides the name of the Identity Provider admin user.
|
||||
+ Defaults to `admin`.
|
||||
+ type: string
|
||||
+ identityProviderClientId:
|
||||
+ description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
|
||||
+ that should be used for Che. This is useful to override it ONLY
|
||||
+ if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
+ field). If omitted or left blank, it will be set to the value
|
||||
+ of the `flavour` field suffixed with `-public`.
|
||||
+ type: string
|
||||
+ identityProviderImage:
|
||||
+ description: Overrides the container image used in the Identity
|
||||
+ Provider (Keycloak / RH SSO) deployment. This includes the image
|
||||
+ tag. Omit it or leave it empty to use the defaut container image
|
||||
+ provided by the operator.
|
||||
+ type: string
|
||||
+ identityProviderImagePullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Identity
|
||||
+ Provider (Keycloak / RH SSO) deployment. Default value is `Always`
|
||||
+ for `nightly` or `latest` images, and `IfNotPresent` in other
|
||||
+ cases.
|
||||
+ type: string
|
||||
+ identityProviderPassword:
|
||||
+ description: Overrides the password of Keycloak admin user. This
|
||||
+ is useful to override it ONLY if you use an external Identity
|
||||
+ Provider (see the `externalIdentityProvider` field). If omitted
|
||||
+ or left blank, it will be set to an auto-generated password.
|
||||
+ type: string
|
||||
+ identityProviderPostgresPassword:
|
||||
+ description: Password for The Identity Provider (Keycloak / RH SSO)
|
||||
+ to connect to the database. This is useful to override it ONLY
|
||||
+ if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
+ field). If omitted or left blank, it will be set to an auto-generated
|
||||
+ password.
|
||||
+ type: string
|
||||
+ identityProviderRealm:
|
||||
+ description: Name of a Identity provider (Keycloak / RH SSO) realm
|
||||
+ that should be used for Che. This is useful to override it ONLY
|
||||
+ if you use an external Identity Provider (see the `externalIdentityProvider`
|
||||
+ field). If omitted or left blank, it will be set to the value
|
||||
+ of the `flavour` field.
|
||||
+ type: string
|
||||
+ identityProviderURL:
|
||||
+ description: Public URL of the Identity Provider server (Keycloak
|
||||
+ / RH SSO server). You should set it ONLY if you use an external
|
||||
+ Identity Provider (see the `externalIdentityProvider` field).
|
||||
+ By default this will be automatically calculated and set by the
|
||||
+ operator.
|
||||
+ type: string
|
||||
+ oAuthClientName:
|
||||
+ description: Name of the OpenShift `OAuthClient` resource used to
|
||||
+ setup identity federation on the OpenShift side. Auto-generated
|
||||
+ if left blank. See also the `OpenShiftoAuth` field.
|
||||
+ type: string
|
||||
+ oAuthSecret:
|
||||
+ description: Name of the secret set in the OpenShift `OAuthClient`
|
||||
+ resource used to setup identity federation on the OpenShift side.
|
||||
+ Auto-generated if left blank. See also the `OAuthClientName` field.
|
||||
+ type: string
|
||||
+ openShiftoAuth:
|
||||
+ description: 'Enables the integration of the identity provider (Keycloak
|
||||
+ / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
|
||||
+ This will allow users to directly login with their Openshift user
|
||||
+ throug the Openshift login, and have their workspaces created
|
||||
+ under personnal OpenShift namespaces. WARNING: the `kuebadmin`
|
||||
+ user is NOT supported, and logging through it will NOT allow accessing
|
||||
+ the Che Dashboard.'
|
||||
+ type: boolean
|
||||
+ updateAdminPassword:
|
||||
+ description: Forces the default `admin` Che user to update password
|
||||
+ on first login. Defaults to `false`.
|
||||
+ type: boolean
|
||||
+ type: object
|
||||
+ database:
|
||||
+ description: Configuration settings related to the database used by
|
||||
+ the Che installation.
|
||||
+ properties:
|
||||
+ chePostgresDb:
|
||||
+ description: Postgres database name that the Che server uses to
|
||||
+ connect to the DB. Defaults to `dbche`.
|
||||
+ type: string
|
||||
+ chePostgresHostName:
|
||||
+ description: Postgres Database hostname that the Che server uses
|
||||
+ to connect to. Defaults to postgres. This value should be overridden
|
||||
+ ONLY when using an external database (see field `externalDb`).
|
||||
+ In the default case it will be automatically set by the operator.
|
||||
+ type: string
|
||||
+ chePostgresPassword:
|
||||
+ description: Postgres password that the Che server should use to
|
||||
+ connect to the DB. If omitted or left blank, it will be set to
|
||||
+ an auto-generated value.
|
||||
+ type: string
|
||||
+ chePostgresPort:
|
||||
+ description: Postgres Database port that the Che server uses to
|
||||
+ connect to. Defaults to 5432. This value should be overridden
|
||||
+ ONLY when using an external database (see field `externalDb`).
|
||||
+ In the default case it will be automatically set by the operator.
|
||||
+ type: string
|
||||
+ chePostgresUser:
|
||||
+ description: Postgres user that the Che server should use to connect
|
||||
+ to the DB. Defaults to `pgche`.
|
||||
+ type: string
|
||||
+ externalDb:
|
||||
+ description: 'Instructs the operator on whether or not to deploy
|
||||
+ a dedicated database. By default a dedicated Postgres database
|
||||
+ is deployed as part of the Che installation. But if `externalDb`
|
||||
+ is `true`, then no dedicated database will be deployed by the
|
||||
+ operator and you might need to provide connection details to the
|
||||
+ external DB you want to use. See also all the fields starting
|
||||
+ with: `chePostgres`.'
|
||||
+ type: boolean
|
||||
+ postgresImage:
|
||||
+ description: Overrides the container image used in the Postgres
|
||||
+ database deployment. This includes the image tag. Omit it or leave
|
||||
+ it empty to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ postgresImagePullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Postgres
|
||||
+ database deployment. Default value is `Always` for `nightly` or
|
||||
+ `latest` images, and `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ k8s:
|
||||
+ description: Configuration settings specific to Che installations made
|
||||
+ on upstream Kubernetes.
|
||||
+ properties:
|
||||
+ ingressClass:
|
||||
+ description: 'Ingress class that will define the which controler
|
||||
+ will manage ingresses. Defaults to `nginx`. NB: This drives the
|
||||
+ `is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
|
||||
+ type: string
|
||||
+ ingressDomain:
|
||||
+ description: 'Global ingress domain for a K8S cluster. This MUST
|
||||
+ be explicitly specified: there are no defaults.'
|
||||
+ type: string
|
||||
+ ingressStrategy:
|
||||
+ description: Strategy for ingress creation. This can be `multi-host`
|
||||
+ (host is explicitly provided in ingress), `single-host` (host
|
||||
+ is provided, path-based rules) and `default-host.*`(no host is
|
||||
+ provided, path-based rules). Defaults to `"multi-host`
|
||||
+ type: string
|
||||
+ securityContextFsGroup:
|
||||
+ description: FSGroup the Che pod and Workspace pods containers should
|
||||
+ run in. Defaults to `1724`.
|
||||
+ type: string
|
||||
+ securityContextRunAsUser:
|
||||
+ description: ID of the user the Che pod and Workspace pods containers
|
||||
+ should run as. Default to `1724`.
|
||||
+ type: string
|
||||
+ tlsSecretName:
|
||||
+ description: Name of a secret that will be used to setup ingress
|
||||
+ TLS termination if TLS is enabled. See also the `tlsSupport` field.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ server:
|
||||
+ description: General configuration settings related to the Che server
|
||||
+ and the plugin and devfile registries
|
||||
+ properties:
|
||||
+ airGapContainerRegistryHostname:
|
||||
+ description: Optional hostname (or url) to an alternate container
|
||||
+ registry to pull images from. This value overrides the container
|
||||
+ registry hostname defined in all the default container images
|
||||
+ involved in a Che deployment. This is particularly useful to install
|
||||
+ Che in an air-gapped environment.
|
||||
+ type: string
|
||||
+ airGapContainerRegistryOrganization:
|
||||
+ description: Optional repository name of an alternate container
|
||||
+ registry to pull images from. This value overrides the container
|
||||
+ registry organization defined in all the default container images
|
||||
+ involved in a Che deployment. This is particularly useful to install
|
||||
+ Che in an air-gapped environment.
|
||||
+ type: string
|
||||
+ cheDebug:
|
||||
+ description: Enables the debug mode for Che server. Defaults to
|
||||
+ `false`.
|
||||
+ type: string
|
||||
+ cheFlavor:
|
||||
+ description: Flavor of the installation. This is either `che` for
|
||||
+ upstream Che installations, or `codeready` for CodeReady Workspaces
|
||||
+ installation. In most cases the default value should not be overriden.
|
||||
+ type: string
|
||||
+ cheHost:
|
||||
+ description: Public hostname of the installed Che server. This will
|
||||
+ be automatically set by the operator. In most cases the default
|
||||
+ value set by the operator should not be overriden.
|
||||
+ type: string
|
||||
+ cheImage:
|
||||
+ description: Overrides the container image used in Che deployment.
|
||||
+ This does NOT include the container image tag. Omit it or leave
|
||||
+ it empty to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ cheImagePullPolicy:
|
||||
+ description: Overrides the image pull policy used in Che deployment.
|
||||
+ Default value is `Always` for `nightly` or `latest` images, and
|
||||
+ `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ cheImageTag:
|
||||
+ description: Overrides the tag of the container image used in Che
|
||||
+ deployment. Omit it or leave it empty to use the defaut image
|
||||
+ tag provided by the operator.
|
||||
+ type: string
|
||||
+ cheLogLevel:
|
||||
+ description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
|
||||
+ to `INFO`.'
|
||||
+ type: string
|
||||
+ cheWorkspaceClusterRole:
|
||||
+ description: Custom cluster role bound to the user for the Che workspaces.
|
||||
+ The default roles are used if this is omitted or left blank.
|
||||
+ type: string
|
||||
+ customCheProperties:
|
||||
+ additionalProperties:
|
||||
+ type: string
|
||||
+ description: Map of additional environment variables that will be
|
||||
+ applied in the generated `che` config map to be used by the Che
|
||||
+ server, in addition to the values already generated from other
|
||||
+ fields of the `CheCluster` custom resource (CR). If `customCheProperties`
|
||||
+ contains a property that would be normally generated in `che`
|
||||
+ config map from other CR fields, then the value defined in the
|
||||
+ `customCheProperties` will be used instead.
|
||||
+ type: object
|
||||
+ devfileRegistryImage:
|
||||
+ description: Overrides the container image used in the Devfile registry
|
||||
+ deployment. This includes the image tag. Omit it or leave it empty
|
||||
+ to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ devfileRegistryMemoryLimit:
|
||||
+ description: Overrides the memory limit used in the Devfile registry
|
||||
+ deployment. Defaults to 256Mi.
|
||||
+ type: string
|
||||
+ devfileRegistryMemoryRequest:
|
||||
+ description: Overrides the memory request used in the Devfile registry
|
||||
+ deployment. Defaults to 16Mi.
|
||||
+ type: string
|
||||
+ devfileRegistryPullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Devfile
|
||||
+ registry deployment. Default value is `Always` for `nightly` or
|
||||
+ `latest` images, and `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ devfileRegistryUrl:
|
||||
+ description: Public URL of the Devfile registry, that serves sample,
|
||||
+ ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
+ devfile registry (see the `externalDevfileRegistry` field). By
|
||||
+ default this will be automatically calculated by the operator.
|
||||
+ type: string
|
||||
+ externalDevfileRegistry:
|
||||
+ description: Instructs the operator on whether or not to deploy
|
||||
+ a dedicated Devfile registry server. By default a dedicated devfile
|
||||
+ registry server is started. But if `externalDevfileRegistry` is
|
||||
+ `true`, then no such dedicated server will be started by the operator
|
||||
+ and you will have to manually set the `devfileRegistryUrl` field
|
||||
+ type: boolean
|
||||
+ externalPluginRegistry:
|
||||
+ description: Instructs the operator on whether or not to deploy
|
||||
+ a dedicated Plugin registry server. By default a dedicated plugin
|
||||
+ registry server is started. But if `externalPluginRegistry` is
|
||||
+ `true`, then no such dedicated server will be started by the operator
|
||||
+ and you will have to manually set the `pluginRegistryUrl` field.
|
||||
+ type: boolean
|
||||
+ nonProxyHosts:
|
||||
+ description: List of hosts that should not use the configured proxy.
|
||||
+ Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
|
||||
+ Only use when configuring a proxy is required (see also the `proxyURL`
|
||||
+ field).
|
||||
+ type: string
|
||||
+ pluginRegistryImage:
|
||||
+ description: Overrides the container image used in the Plugin registry
|
||||
+ deployment. This includes the image tag. Omit it or leave it empty
|
||||
+ to use the defaut container image provided by the operator.
|
||||
+ type: string
|
||||
+ pluginRegistryMemoryLimit:
|
||||
+ description: Overrides the memory limit used in the Plugin registry
|
||||
+ deployment. Defaults to 256Mi.
|
||||
+ type: string
|
||||
+ pluginRegistryMemoryRequest:
|
||||
+ description: Overrides the memory request used in the Plugin registry
|
||||
+ deployment. Defaults to 16Mi.
|
||||
+ type: string
|
||||
+ pluginRegistryPullPolicy:
|
||||
+ description: Overrides the image pull policy used in the Plugin
|
||||
+ registry deployment. Default value is `Always` for `nightly` or
|
||||
+ `latest` images, and `IfNotPresent` in other cases.
|
||||
+ type: string
|
||||
+ pluginRegistryUrl:
|
||||
+ description: Public URL of the Plugin registry, that serves sample
|
||||
+ ready-to-use devfiles. You should set it ONLY if you use an external
|
||||
+ devfile registry (see the `externalPluginRegistry` field). By
|
||||
+ default this will be automatically calculated by the operator.
|
||||
+ type: string
|
||||
+ proxyPassword:
|
||||
+ description: Password of the proxy server Only use when proxy configuration
|
||||
+ is required (see also the `proxyUser` field).
|
||||
+ type: string
|
||||
+ proxyPort:
|
||||
+ description: Port of the proxy server. Only use when configuring
|
||||
+ a proxy is required (see also the `proxyURL` field).
|
||||
+ type: string
|
||||
+ proxyURL:
|
||||
+ description: URL (protocol+hostname) of the proxy server. This drives
|
||||
+ the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
|
||||
+ variables in the Che server and workspaces containers. Only use
|
||||
+ when configuring a proxy is required.
|
||||
+ type: string
|
||||
+ proxyUser:
|
||||
+ description: User name of the proxy server. Only use when configuring
|
||||
+ a proxy is required (see also the `proxyURL` field).
|
||||
+ type: string
|
||||
+ selfSignedCert:
|
||||
+ description: Enables the support of OpenShift clusters whose router
|
||||
+ uses self-signed certificates. When enabled, the operator retrieves
|
||||
+ the default self-signed certificate of OpenShift routes and adds
|
||||
+ it to the Java trust store of the Che server. This is usually
|
||||
+ required when activating the `tlsSupport` field on demo OpenShift
|
||||
+ clusters that have not been setup with a valid certificate for
|
||||
+ the routes. This is disabled by default.
|
||||
+ type: boolean
|
||||
+ serverMemoryLimit:
|
||||
+ description: Overrides the memory limit used in the Che server deployment.
|
||||
+ Defaults to 1Gi.
|
||||
+ type: string
|
||||
+ serverMemoryRequest:
|
||||
+ description: Overrides the memory request used in the Che server
|
||||
+ deployment. Defaults to 512Mi.
|
||||
+ type: string
|
||||
+ tlsSupport:
|
||||
+ description: 'Instructs the operator to deploy Che in TLS mode,
|
||||
+ ie with TLS routes or ingresses. This is disabled by default.
|
||||
+ WARNING: Enabling TLS might require enabling the `selfSignedCert`
|
||||
+ field also in some cases.'
|
||||
+ type: boolean
|
||||
+ type: object
|
||||
+ storage:
|
||||
+ description: Configuration settings related to the persistent storage
|
||||
+ used by the Che installation.
|
||||
+ properties:
|
||||
+ postgresPVCStorageClassName:
|
||||
+ description: Storage class for the Persistent Volume Claim dedicated
|
||||
+ to the Postgres database. If omitted or left blank, default storage
|
||||
+ class is used.
|
||||
+ type: string
|
||||
+ preCreateSubPaths:
|
||||
+ description: Instructs the Che server to launch a special pod to
|
||||
+ pre-create a subpath in the Persistent Volumes. Defaults to `false`,
|
||||
+ however it might need to enable it according to the configuration
|
||||
+ of your K8S cluster.
|
||||
+ type: boolean
|
||||
+ pvcClaimSize:
|
||||
+ description: Size of the persistent volume claim for workspaces.
|
||||
+ Defaults to `1Gi`
|
||||
+ type: string
|
||||
+ pvcJobsImage:
|
||||
+ description: Overrides the container image used to create sub-paths
|
||||
+ in the Persistent Volumes. This includes the image tag. Omit it
|
||||
+ or leave it empty to use the defaut container image provided by
|
||||
+ the operator. See also the `preCreateSubPaths` field.
|
||||
+ type: string
|
||||
+ pvcStrategy:
|
||||
+ description: Persistent volume claim strategy for the Che server.
|
||||
+ This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
|
||||
+ (one PVC per workspace for all declared volumes) and `unique`
|
||||
+ (one PVC per declared volume). Defaults to `common`.
|
||||
+ type: string
|
||||
+ workspacePVCStorageClassName:
|
||||
+ description: Storage class for the Persistent Volume Claims dedicated
|
||||
+ to the Che workspaces. If omitted or left blank, default storage
|
||||
+ class is used.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ type: object
|
||||
+ status:
|
||||
+ properties:
|
||||
+ cheClusterRunning:
|
||||
+ description: Status of a Che installation. Can be `Available`, `Unavailable`,
|
||||
+ or `Available, Rolling Update in Progress`
|
||||
+ type: string
|
||||
+ cheURL:
|
||||
+ description: Public URL to the Che server
|
||||
+ type: string
|
||||
+ cheVersion:
|
||||
+ description: Current installed Che version
|
||||
+ type: string
|
||||
+ dbProvisioned:
|
||||
+ description: Indicates if or not a Postgres instance has been correctly
|
||||
+ provisioned
|
||||
+ type: boolean
|
||||
+ devfileRegistryURL:
|
||||
+ description: Public URL to the Devfile registry
|
||||
+ type: string
|
||||
+ helpLink:
|
||||
+ description: A URL that can point to some URL where to find help related
|
||||
+ to the current Operator status.
|
||||
+ type: string
|
||||
+ keycloakProvisioned:
|
||||
+ description: Indicates whether an Identity Provider instance (Keycloak
|
||||
+ / RH SSO) has been provisioned with realm, client and user
|
||||
+ type: boolean
|
||||
+ keycloakURL:
|
||||
+ description: Public URL to the Identity Provider server (Keycloak /
|
||||
+ RH SSO).
|
||||
+ type: string
|
||||
+ message:
|
||||
+ description: A human readable message indicating details about why the
|
||||
+ pod is in this condition.
|
||||
+ type: string
|
||||
+ openShiftoAuthProvisioned:
|
||||
+ description: Indicates whether an Identity Provider instance (Keycloak
|
||||
+ / RH SSO) has been configured to integrate with the OpenShift OAuth.
|
||||
+ type: boolean
|
||||
+ pluginRegistryURL:
|
||||
+ description: Public URL to the Plugin registry
|
||||
+ type: string
|
||||
+ reason:
|
||||
+ description: A brief CamelCase message indicating details about why
|
||||
+ the pod is in this state.
|
||||
+ type: string
|
||||
+ type: object
|
||||
+ version: v1
|
||||
+ versions:
|
||||
+ - name: v1
|
||||
+ served: true
|
||||
+ storage: true
|
||||
File diff suppressed because one or more lines are too long
|
|
@ -0,0 +1,25 @@
|
|||
--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1567522875/eclipse-che-preview-openshift.v9.9.9-nightly.1567522875.clusterserviceversion.yaml 2019-09-17 16:37:37.000000000 +0200
|
||||
+++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml 2019-10-14 12:37:21.000000000 +0200
|
||||
@@ -46,12 +46,12 @@
|
||||
categories: Developer Tools, OpenShift Optional
|
||||
certified: "false"
|
||||
containerImage: quay.io/eclipse/che-operator:nightly
|
||||
- createdAt: "2019-09-03T15:01:15Z"
|
||||
+ createdAt: "2019-10-14T10:37:21Z"
|
||||
description: A Kube-native development solution that delivers portable and collaborative
|
||||
developer workspaces in OpenShift.
|
||||
repository: https://github.com/eclipse/che-operator
|
||||
support: Eclipse Foundation
|
||||
- name: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875
|
||||
+ name: eclipse-che-preview-openshift.v9.9.9-nightly.1571049441
|
||||
namespace: placeholder
|
||||
spec:
|
||||
apiservicedefinitions: {}
|
||||
@@ -395,5 +395,5 @@
|
||||
maturity: stable
|
||||
provider:
|
||||
name: Eclipse Foundation
|
||||
- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1567514660
|
||||
- version: 9.9.9-nightly.1567522875
|
||||
+ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875
|
||||
+ version: 9.9.9-nightly.1571049441
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
apiVersion: apiextensions.k8s.io/v1beta1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
name: checlusters.org.eclipse.che
|
||||
spec:
|
||||
group: org.eclipse.che
|
||||
names:
|
||||
kind: CheCluster
|
||||
listKind: CheClusterList
|
||||
plural: checlusters
|
||||
singular: checluster
|
||||
scope: Namespaced
|
||||
version: v1
|
||||
subresources:
|
||||
status: {}
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
channels:
|
||||
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875
|
||||
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1571049441
|
||||
name: nightly
|
||||
- currentCSV: eclipse-che-preview-openshift.v7.2.0
|
||||
name: stable
|
||||
|
|
|
|||
|
|
@ -46,7 +46,10 @@ do
|
|||
mv "${packageFolderPath}/${newNightlyPackageVersion}/${packageName}.v${newNightlyPackageVersion}.clusterserviceversion.yaml.new" \
|
||||
"${packageFolderPath}/${newNightlyPackageVersion}/${packageName}.v${newNightlyPackageVersion}.clusterserviceversion.yaml"
|
||||
echo " - Copying the CRD file"
|
||||
cp "${packageFolderPath}/${lastPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml"
|
||||
cp "${BASE_DIR}/../deploy/crds/org_v1_che_crd.yaml" "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml"
|
||||
diff -u "${packageFolderPath}/${lastPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" \
|
||||
"${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" \
|
||||
> "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml.diff" || true
|
||||
echo " - Updating the 'nightly' channel with new version in the package descriptor: ${packageFilePath}"
|
||||
sed -e "s/${lastPackageVersion}/${newNightlyPackageVersion}/" "${packageFilePath}" > "${packageFilePath}.new"
|
||||
mv "${packageFilePath}.new" "${packageFilePath}"
|
||||
|
|
|
|||
|
|
@ -11,214 +11,388 @@
|
|||
//
|
||||
package v1
|
||||
|
||||
// Important: You should regenerate some generated code after modifying this file. At the root o fthe project:
|
||||
// - Run "operator-sdk generate k8s": this will perform required changes in the "pkg/apis/org/v1/zz_generatedxxx" files
|
||||
// - Run "operator-sdk generate openapi": this will generate the "deploy/crds/org_v1_checluster_crd.yaml" file
|
||||
// - In the updated "deploy/crds/org_v1_checluster_crd.yaml": Delete all the `required:` openAPI rules in the CRD OpenApi schema.
|
||||
// - Rename the new "deploy/crds/org_v1_checluster_crd.yaml" to "deploy/crds/org_v1_che_crd.yaml" to override it.
|
||||
// IMPORTANT These 2 last steps are important to ensure backward compatibility with already existing `CheCluster` CRs that were created when no schema was provided.
|
||||
|
||||
import (
|
||||
corev1 "k8s.io/api/core/v1"
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
)
|
||||
|
||||
// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN!
|
||||
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
|
||||
|
||||
// CheClusterSpec defines the desired state of CheCluster
|
||||
// +k8s:openapi-gen=true
|
||||
// Desired configuration of the Che installation.
|
||||
// Based on these settings, the operator automatically creates and maintains
|
||||
// several config maps that will contain the appropriate environment variables
|
||||
// the various components of the Che installation.
|
||||
// These generated config maps should NOT be updated manually.
|
||||
type CheClusterSpec struct {
|
||||
// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
|
||||
// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
|
||||
Server CheClusterSpecServer `json:"server"`
|
||||
Database CheClusterSpecDB `json:"database"`
|
||||
Auth CheClusterSpecAuth `json:"auth"`
|
||||
Storage CheClusterSpecStorage `json:"storage"`
|
||||
K8SOnly CheClusterSpecK8SOnly `json:"k8s"`
|
||||
// General configuration settings related to the Che server
|
||||
// and the plugin and devfile registries
|
||||
// +optional
|
||||
Server CheClusterSpecServer `json:"server"`
|
||||
// Configuration settings related to the database used by the Che installation.
|
||||
// +optional
|
||||
Database CheClusterSpecDB `json:"database"`
|
||||
// Configuration settings related to the Authentication used by the Che installation.
|
||||
// +optional
|
||||
Auth CheClusterSpecAuth `json:"auth"`
|
||||
// Configuration settings related to the persistent storage used by the Che installation.
|
||||
// +optional
|
||||
Storage CheClusterSpecStorage `json:"storage"`
|
||||
|
||||
// Configuration settings specific to Che installations made on upstream Kubernetes.
|
||||
// +optional
|
||||
K8s CheClusterSpecK8SOnly `json:"k8s"`
|
||||
}
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// General configuration settings related to the Che server
|
||||
// and the plugin and devfile registries.
|
||||
type CheClusterSpecServer struct {
|
||||
// AirGapContainerRegistryHostname is the hostname to the internal registry to pull images from in the air-gapped environment
|
||||
AirGapContainerRegistryHostname string `json:"airGapContainerRegistryHostname"`
|
||||
// AirGapContainerRegistryOrganization is the repository name in the registry to pull images from in the air-gapped environment
|
||||
AirGapContainerRegistryOrganization string `json:"airGapContainerRegistryOrganization"`
|
||||
// CheImage is a server image used in Che deployment
|
||||
CheImage string `json:"cheImage"`
|
||||
// CheImageTag is a tag of an image used in Che deployment
|
||||
CheImageTag string `json:"cheImageTag"`
|
||||
// CheImagePullPolicy is the image pull policy used in Che registry deployment: default value is Always
|
||||
CheImagePullPolicy corev1.PullPolicy `json:"cheImagePullPolicy"`
|
||||
// CheFlavor is an installation flavor. Can be 'che' - upstream or 'codeready' - CodeReady Workspaces. Defaults to 'che'
|
||||
CheFlavor string `json:"cheFlavor"`
|
||||
// CheHost is an env consumer by server. Detected automatically from Che route
|
||||
CheHost string `json:"cheHost"`
|
||||
// CheLostLevel is log level for Che server: INFO or DEBUG. Defaults to INFO
|
||||
CheLogLevel string `json:"cheLogLevel"`
|
||||
// CheDebug is debug mode for Che server. Defaults to false
|
||||
CheDebug string `json:"cheDebug"`
|
||||
// CustomClusterRoleName specifies a custom cluster role to user for the Che workspaces
|
||||
// The default roles are used if this is left blank.
|
||||
CheWorkspaceClusterRole string `json:"cheWorkspaceClusterRole"`
|
||||
// SelfSignedCert signal about the necessity to get OpenShift router tls secret
|
||||
// and extract certificate to add it to Java trust store for Che server
|
||||
// Optional hostname (or url) to an alternate container registry to pull images from.
|
||||
// This value overrides the container registry hostname defined in all the default container images
|
||||
// involved in a Che deployment.
|
||||
// This is particularly useful to install Che in an air-gapped environment.
|
||||
// +optional
|
||||
AirGapContainerRegistryHostname string `json:"airGapContainerRegistryHostname,omitempty"`
|
||||
// Optional repository name of an alternate container registry to pull images from.
|
||||
// This value overrides the container registry organization defined in all the default container images
|
||||
// involved in a Che deployment.
|
||||
// This is particularly useful to install Che in an air-gapped environment.
|
||||
// +optional
|
||||
AirGapContainerRegistryOrganization string `json:"airGapContainerRegistryOrganization,omitempty"`
|
||||
// Overrides the container image used in Che deployment. This does NOT include the container image tag.
|
||||
// Omit it or leave it empty to use the defaut container image provided by the operator.
|
||||
// +optional
|
||||
CheImage string `json:"cheImage,omitempty"`
|
||||
// Overrides the tag of the container image used in Che deployment.
|
||||
// Omit it or leave it empty to use the defaut image tag provided by the operator.
|
||||
// +optional
|
||||
CheImageTag string `json:"cheImageTag,omitempty"`
|
||||
// Overrides the image pull policy used in Che deployment.
|
||||
// Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.
|
||||
// +optional
|
||||
CheImagePullPolicy corev1.PullPolicy `json:"cheImagePullPolicy,omitempty"`
|
||||
// Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation.
|
||||
// In most cases the default value should not be overriden.
|
||||
// +optional
|
||||
CheFlavor string `json:"cheFlavor,omitempty"`
|
||||
// Public hostname of the installed Che server. This will be automatically set by the operator.
|
||||
// In most cases the default value set by the operator should not be overriden.
|
||||
// +optional
|
||||
CheHost string `json:"cheHost,omitempty"`
|
||||
// Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`.
|
||||
// +optional
|
||||
CheLogLevel string `json:"cheLogLevel,omitempty"`
|
||||
// Enables the debug mode for Che server. Defaults to `false`.
|
||||
// +optional
|
||||
CheDebug string `json:"cheDebug,omitempty"`
|
||||
// Custom cluster role bound to the user for the Che workspaces.
|
||||
// The default roles are used if this is omitted or left blank.
|
||||
// +optional
|
||||
CheWorkspaceClusterRole string `json:"cheWorkspaceClusterRole,omitempty"`
|
||||
// Enables the support of OpenShift clusters whose router uses self-signed certificates.
|
||||
// When enabled, the operator retrieves the default self-signed certificate of OpenShift routes
|
||||
// and adds it to the Java trust store of the Che server.
|
||||
// This is usually required when activating the `tlsSupport` field on demo OpenShift clusters
|
||||
// that have not been setup with a valid certificate for the routes.
|
||||
// This is disabled by default.
|
||||
// +optional
|
||||
SelfSignedCert bool `json:"selfSignedCert"`
|
||||
// TlsSupport instructs an operator to deploy Che in TLS mode, ie with TLS routes or ingresses
|
||||
// Instructs the operator to deploy Che in TLS mode, ie with TLS routes or ingresses.
|
||||
// This is disabled by default.
|
||||
// WARNING: Enabling TLS might require enabling the `selfSignedCert` field also in some cases.
|
||||
// +optional
|
||||
TlsSupport bool `json:"tlsSupport"`
|
||||
// DevfileRegistryUrl is an endpoint serving sample ready-to-use devfiles. Defaults to generated route
|
||||
DevfileRegistryUrl string `json:"devfileRegistryUrl"`
|
||||
// DevfileRegistryImage is image:tag used in Devfile registry deployment
|
||||
DevfileRegistryImage string `json:"devfileRegistryImage"`
|
||||
// DevfileRegistryImagePullPolicy is the image pull policy used in Devfile registry deployment
|
||||
DevfileRegistryImagePullPolicy corev1.PullPolicy `json:"devfileRegistryPullPolicy"`
|
||||
// DevfileRegistryMemoryLimit is the memory limit used in Devfile registry deployment
|
||||
DevfileRegistryMemoryLimit string `json:"devfileRegistryMemoryLimit"`
|
||||
// DevfileRegistryMemoryRequest is the memory request used in Devfile registry deployment
|
||||
DevfileRegistryMemoryRequest string `json:"devfileRegistryMemoryRequest"`
|
||||
// ExternalDevfileRegistry instructs operator on whether or not to deploy a dedicated Devfile registry server
|
||||
// Public URL of the Devfile registry, that serves sample, ready-to-use devfiles.
|
||||
// You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field).
|
||||
// By default this will be automatically calculated by the operator.
|
||||
// +optional
|
||||
DevfileRegistryUrl string `json:"devfileRegistryUrl,omitempty"`
|
||||
// Overrides the container image used in the Devfile registry deployment. This includes the image tag.
|
||||
// Omit it or leave it empty to use the defaut container image provided by the operator.
|
||||
// +optional
|
||||
DevfileRegistryImage string `json:"devfileRegistryImage,omitempty"`
|
||||
// Overrides the image pull policy used in the Devfile registry deployment.
|
||||
// Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.
|
||||
// +optional
|
||||
DevfileRegistryPullPolicy corev1.PullPolicy `json:"devfileRegistryPullPolicy,omitempty"`
|
||||
// Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi.
|
||||
// +optional
|
||||
DevfileRegistryMemoryLimit string `json:"devfileRegistryMemoryLimit,omitempty"`
|
||||
// Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi.
|
||||
// +optional
|
||||
DevfileRegistryMemoryRequest string `json:"devfileRegistryMemoryRequest,omitempty"`
|
||||
// Instructs the operator on whether or not to deploy a dedicated Devfile registry server.
|
||||
// By default a dedicated devfile registry server is started.
|
||||
// But if ExternalDevfileRegistry is `true`, then no such dedicated server will be started by the operator
|
||||
// But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator
|
||||
// and you will have to manually set the `devfileRegistryUrl` field
|
||||
// +optional
|
||||
ExternalDevfileRegistry bool `json:"externalDevfileRegistry"`
|
||||
// PluginRegistryUrl is an endpoint serving plugin definitions. Defaults to generated route
|
||||
PluginRegistryUrl string `json:"pluginRegistryUrl"`
|
||||
// PluginRegistryImage is image:tag used in Plugin registry deployment
|
||||
PluginRegistryImage string `json:"pluginRegistryImage"`
|
||||
// PluginRegistryImagePullPolicy is the image pull policy used in Plugin registry deployment
|
||||
PluginRegistryImagePullPolicy corev1.PullPolicy `json:"pluginRegistryPullPolicy"`
|
||||
// PluginRegistryMemoryLimit is the memory limit used in Plugin registry deployment
|
||||
PluginRegistryMemoryLimit string `json:"pluginRegistryMemoryLimit"`
|
||||
// PluginRegistryMemoryRequest is the memory request used in Plugin registry deployment
|
||||
PluginRegistryMemoryRequest string `json:"pluginRegistryMemoryRequest"`
|
||||
// ExternalPluginRegistry instructs operator on whether or not to deploy a dedicated Plugin registry server
|
||||
// Public URL of the Plugin registry, that serves sample ready-to-use devfiles.
|
||||
// You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field).
|
||||
// By default this will be automatically calculated by the operator.
|
||||
// +optional
|
||||
PluginRegistryUrl string `json:"pluginRegistryUrl,omitempty"`
|
||||
// Overrides the container image used in the Plugin registry deployment. This includes the image tag.
|
||||
// Omit it or leave it empty to use the defaut container image provided by the operator.
|
||||
// +optional
|
||||
PluginRegistryImage string `json:"pluginRegistryImage,omitempty"`
|
||||
// Overrides the image pull policy used in the Plugin registry deployment.
|
||||
// Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.
|
||||
// +optional
|
||||
PluginRegistryPullPolicy corev1.PullPolicy `json:"pluginRegistryPullPolicy,omitempty"`
|
||||
// Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi.
|
||||
// +optional
|
||||
PluginRegistryMemoryLimit string `json:"pluginRegistryMemoryLimit,omitempty"`
|
||||
// Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi.
|
||||
// +optional
|
||||
PluginRegistryMemoryRequest string `json:"pluginRegistryMemoryRequest,omitempty"`
|
||||
// Instructs the operator on whether or not to deploy a dedicated Plugin registry server.
|
||||
// By default a dedicated plugin registry server is started.
|
||||
// But if ExternalPluginRegistry is `true`, then no such dedicated server will be started by the operator
|
||||
// But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator
|
||||
// and you will have to manually set the `pluginRegistryUrl` field.
|
||||
// +optional
|
||||
ExternalPluginRegistry bool `json:"externalPluginRegistry"`
|
||||
// CustomCheProperties is a list of additional environment variables that will be applied in the che config map,
|
||||
// in addition to the values already generated from other fields of the custom resource (CR).
|
||||
// If CustomCheProperties contains a property that would be normally generated in che config map from other
|
||||
// CR fields, then the value in the CustomCheProperties will be used.
|
||||
CustomCheProperties map[string]string `json:"customCheProperties"`
|
||||
// ProxyURL is protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy
|
||||
// to Che server and workspaces containers
|
||||
ProxyURL string `json:"proxyURL"`
|
||||
// ProxyPort is port of a proxy server
|
||||
ProxyPort string `json:"proxyPort"`
|
||||
// NonProxyHosts is a list of non-proxy hosts. Use | as delimiter, eg localhost|my.host.com|123.42.12.32
|
||||
NonProxyHosts string `json:"nonProxyHosts"`
|
||||
// ProxyUser is username for a proxy server
|
||||
ProxyUser string `json:"proxyUser"`
|
||||
// ProxyPassword is password for a proxy user
|
||||
ProxyPassword string `json:"proxyPassword"`
|
||||
// ServerMemoryRequest sets mem request for server deployment. Defaults to 512Mi
|
||||
ServerMemoryRequest string `json:"serverMemoryRequest"`
|
||||
// ServerMemoryLimit sets mem limit for server deployment. Defaults to 1Gi
|
||||
ServerMemoryLimit string `json:"serverMemoryLimit"`
|
||||
// Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server,
|
||||
// in addition to the values already generated from other fields of the `CheCluster` custom resource (CR).
|
||||
// If `customCheProperties` contains a property that would be normally generated in `che` config map from other
|
||||
// CR fields, then the value defined in the `customCheProperties` will be used instead.
|
||||
// +optional
|
||||
CustomCheProperties map[string]string `json:"customCheProperties,omitempty"`
|
||||
// URL (protocol+hostname) of the proxy server.
|
||||
// This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables
|
||||
// in the Che server and workspaces containers.
|
||||
// Only use when configuring a proxy is required.
|
||||
// +optional
|
||||
ProxyURL string `json:"proxyURL,omitempty"`
|
||||
// Port of the proxy server.
|
||||
// Only use when configuring a proxy is required
|
||||
// (see also the `proxyURL` field).
|
||||
// +optional
|
||||
ProxyPort string `json:"proxyPort,omitempty"`
|
||||
// List of hosts that should not use the configured proxy. Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
|
||||
// Only use when configuring a proxy is required
|
||||
// (see also the `proxyURL` field).
|
||||
NonProxyHosts string `json:"nonProxyHosts,omitempty"`
|
||||
// User name of the proxy server.
|
||||
// Only use when configuring a proxy is required
|
||||
// (see also the `proxyURL` field).
|
||||
// +optional
|
||||
ProxyUser string `json:"proxyUser,omitempty"`
|
||||
// Password of the proxy server
|
||||
//
|
||||
// Only use when proxy configuration is required
|
||||
// (see also the `proxyUser` field).
|
||||
// +optional
|
||||
ProxyPassword string `json:"proxyPassword,omitempty"`
|
||||
// Overrides the memory request used in the Che server deployment. Defaults to 512Mi.
|
||||
// +optional
|
||||
ServerMemoryRequest string `json:"serverMemoryRequest,omitempty"`
|
||||
// Overrides the memory limit used in the Che server deployment. Defaults to 1Gi.
|
||||
// +optional
|
||||
ServerMemoryLimit string `json:"serverMemoryLimit,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// Configuration settings related to the database used by the Che installation.
|
||||
type CheClusterSpecDB struct {
|
||||
// ExternalDB instructs the operator either to skip deploying Postgres,
|
||||
// and passes connection details of existing DB to Che server (when set to true)
|
||||
// or a new Postgres deployment is created
|
||||
ExternalDB bool `json:"externalDb"`
|
||||
// ChePostgresDBHostname is Postgres Database hostname that Che server uses to connect to. Defaults to postgres
|
||||
ChePostgresDBHostname string `json:"chePostgresHostName"`
|
||||
// ChePostgresPort is Postgres Database port that Che server uses to connect to. Defaults to 5432
|
||||
ChePostgresPort string `json:"chePostgresPort"`
|
||||
// ChePostgresUser is Postgres user that Che server when making a db connection. Defaults to pgche
|
||||
ChePostgresUser string `json:"chePostgresUser"`
|
||||
// ChePostgresPassword is password of a postgres user. Auto-generated when left blank
|
||||
ChePostgresPassword string `json:"chePostgresPassword"`
|
||||
// ChePostgresDb is Postgres database name that Che server uses to connect to. Defaults to dbche
|
||||
ChePostgresDb string `json:"chePostgresDb"`
|
||||
// PostgresImage is an image used in Postgres deployment in format image:tag. Defaults to registry.redhat.io/rhscl/postgresql-96-rhel7 (see pkg/deploy/defaults.go for latest tag)
|
||||
PostgresImage string `json:"postgresImage"`
|
||||
// PostgresImagePullPolicy is the image pull policy used in Postgres registry deployment: default value is Always
|
||||
PostgresImagePullPolicy corev1.PullPolicy `json:"postgresImagePullPolicy"`
|
||||
// Instructs the operator on whether or not to deploy a dedicated database.
|
||||
// By default a dedicated Postgres database is deployed as part of the Che installation.
|
||||
// But if `externalDb` is `true`, then no dedicated database will be deployed by the operator
|
||||
// and you might need to provide connection details to the external DB you want to use.
|
||||
// See also all the fields starting with: `chePostgres`.
|
||||
// +optional
|
||||
ExternalDb bool `json:"externalDb"`
|
||||
// Postgres Database hostname that the Che server uses to connect to. Defaults to postgres.
|
||||
// This value should be overridden ONLY when using an external database (see field `externalDb`).
|
||||
// In the default case it will be automatically set by the operator.
|
||||
// +optional
|
||||
ChePostgresHostName string `json:"chePostgresHostName,omitempty"`
|
||||
// Postgres Database port that the Che server uses to connect to. Defaults to 5432.
|
||||
// This value should be overridden ONLY when using an external database (see field `externalDb`).
|
||||
// In the default case it will be automatically set by the operator.
|
||||
// +optional
|
||||
ChePostgresPort string `json:"chePostgresPort,omitempty"`
|
||||
// Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`.
|
||||
// +optional
|
||||
ChePostgresUser string `json:"chePostgresUser,omitempty"`
|
||||
// Postgres password that the Che server should use to connect to the DB.
|
||||
// If omitted or left blank, it will be set to an auto-generated value.
|
||||
// +optional
|
||||
ChePostgresPassword string `json:"chePostgresPassword,omitempty"`
|
||||
// Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`.
|
||||
// +optional
|
||||
ChePostgresDb string `json:"chePostgresDb,omitempty"`
|
||||
// Overrides the container image used in the Postgres database deployment. This includes the image tag.
|
||||
// Omit it or leave it empty to use the defaut container image provided by the operator.
|
||||
// +optional
|
||||
PostgresImage string `json:"postgresImage,omitempty"`
|
||||
// Overrides the image pull policy used in the Postgres database deployment.
|
||||
// Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.
|
||||
// +optional
|
||||
PostgresImagePullPolicy corev1.PullPolicy `json:"postgresImagePullPolicy,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// Configuration settings related to the Authentication used by the Che installation.
|
||||
type CheClusterSpecAuth struct {
|
||||
// ExternalKeycloak instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details
|
||||
ExternalKeycloak bool `json:"externalIdentityProvider"`
|
||||
// KeycloakURL is retrieved from respective route/ingress unless explicitly specified in CR (when externalIdentityProvider is true)
|
||||
KeycloakURL string `json:"identityProviderURL"`
|
||||
// KeycloakURL is retrieved from respective route/ingress unless explicitly specified in CR (when externalIdentityProvider is true)
|
||||
//IdentityProviderURL string `json:"identityProviderURL"`
|
||||
// KeycloakAdminUserName is a desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false)
|
||||
KeycloakAdminUserName string `json:"identityProviderAdminUserName"`
|
||||
// KeycloakAdminPassword is a desired password of Keycloak admin user (applicable only when externalIdentityProvider is false)
|
||||
KeycloakAdminPassword string `json:"identityProviderPassword"`
|
||||
// KeycloakRealm is name of a keycloak realm. When externalIdentityProvider is false this realm will be created, otherwise passed to Che server
|
||||
KeycloakRealm string `json:"identityProviderRealm"`
|
||||
// KeycloakClientId is id of a keycloak client. When externalIdentityProvider is false this client will be created, otherwise passed to Che server
|
||||
KeycloakClientId string `json:"identityProviderClientId"`
|
||||
// KeycloakPostgresPassword is password for keycloak database user. Auto generated if left blank
|
||||
KeycloakPostgresPassword string `json:"identityProviderPostgresPassword"`
|
||||
// UpdateAdminPassword forces the default admin Che user to update password on first login. False by default
|
||||
// Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance).
|
||||
// By default a dedicated Identity Provider server is deployed as part of the Che installation.
|
||||
// But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator
|
||||
// and you might need to provide details about the external identity provider you want to use.
|
||||
// See also all the other fields starting with: `identityProvider`.
|
||||
// +optional
|
||||
ExternalIdentityProvider bool `json:"externalIdentityProvider"`
|
||||
// Public URL of the Identity Provider server (Keycloak / RH SSO server).
|
||||
// You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field).
|
||||
// By default this will be automatically calculated and set by the operator.
|
||||
// +optional
|
||||
IdentityProviderURL string `json:"identityProviderURL,omitempty"`
|
||||
// Overrides the name of the Identity Provider admin user. Defaults to `admin`.
|
||||
// +optional
|
||||
IdentityProviderAdminUserName string `json:"identityProviderAdminUserName,omitempty"`
|
||||
// Overrides the password of Keycloak admin user.
|
||||
// This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field).
|
||||
// If omitted or left blank, it will be set to an auto-generated password.
|
||||
// +optional
|
||||
IdentityProviderPassword string `json:"identityProviderPassword,omitempty"`
|
||||
// Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che.
|
||||
// This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field).
|
||||
// If omitted or left blank, it will be set to the value of the `flavour` field.
|
||||
// +optional
|
||||
IdentityProviderRealm string `json:"identityProviderRealm,omitempty"`
|
||||
// Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che.
|
||||
// This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field).
|
||||
// If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`.
|
||||
// +optional
|
||||
IdentityProviderClientId string `json:"identityProviderClientId,omitempty"`
|
||||
// Password for The Identity Provider (Keycloak / RH SSO) to connect to the database.
|
||||
// This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field).
|
||||
// If omitted or left blank, it will be set to an auto-generated password.
|
||||
// +optional
|
||||
IdentityProviderPostgresPassword string `json:"identityProviderPostgresPassword,omitempty"`
|
||||
// Forces the default `admin` Che user to update password on first login. Defaults to `false`.
|
||||
// +optional
|
||||
UpdateAdminPassword bool `json:"updateAdminPassword"`
|
||||
// OpenShiftOauth instructs an Operator to enable OpenShift v3 identity provider in Keycloak,
|
||||
// as well as create respective oAuthClient and configure Che configMap accordingly
|
||||
OpenShiftOauth bool `json:"openShiftoAuth"`
|
||||
// OauthClientName is name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank
|
||||
OauthClientName string `json:"oAuthClientName"`
|
||||
// OauthSecret is secret used in oAuthClient. Auto generated if left blank
|
||||
OauthSecret string `json:"oAuthSecret"`
|
||||
// KeycloakImage is image:tag used in Keycloak deployment
|
||||
KeycloakImage string `json:"identityProviderImage"`
|
||||
// KeycloakImagePullPolicy is the image pull policy used in Keycloak registry deployment: default value is Always
|
||||
KeycloakImagePullPolicy corev1.PullPolicy `json:"identityProviderImagePullPolicy"`
|
||||
// Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
|
||||
// This will allow users to directly login with their Openshift user throug the Openshift login,
|
||||
// and have their workspaces created under personnal OpenShift namespaces.
|
||||
// WARNING: the `kuebadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard.
|
||||
// +optional
|
||||
OpenShiftoAuth bool `json:"openShiftoAuth"`
|
||||
// Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank.
|
||||
// See also the `OpenShiftoAuth` field.
|
||||
// +optional
|
||||
OAuthClientName string `json:"oAuthClientName,omitempty"`
|
||||
// Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank.
|
||||
// See also the `OAuthClientName` field.
|
||||
// +optional
|
||||
OAuthSecret string `json:"oAuthSecret,omitempty"`
|
||||
// Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag.
|
||||
// Omit it or leave it empty to use the defaut container image provided by the operator.
|
||||
// +optional
|
||||
IdentityProviderImage string `json:"identityProviderImage,omitempty"`
|
||||
// Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment.
|
||||
// Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.
|
||||
// +optional
|
||||
IdentityProviderImagePullPolicy corev1.PullPolicy `json:"identityProviderImagePullPolicy,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// Configuration settings related to the persistent storage used by the Che installation.
|
||||
type CheClusterSpecStorage struct {
|
||||
// PvcStrategy is a persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume),
|
||||
// per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common
|
||||
PvcStrategy string `json:"pvcStrategy"`
|
||||
// PvcClaimSize is size of a persistent volume claim for workspaces. Defaults to 1Gi
|
||||
PvcClaimSize string `json:"pvcClaimSize"`
|
||||
// PreCreateSubPaths instructs Che server to launch a special pod to precreate a subpath in a PV
|
||||
// Persistent volume claim strategy for the Che server.
|
||||
// This Can be:`common` (all workspaces PVCs in one volume),
|
||||
// `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume).
|
||||
// Defaults to `common`.
|
||||
// +optional
|
||||
PvcStrategy string `json:"pvcStrategy,omitempty"`
|
||||
// Size of the persistent volume claim for workspaces. Defaults to `1Gi`
|
||||
// +optional
|
||||
PvcClaimSize string `json:"pvcClaimSize,omitempty"`
|
||||
// Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes.
|
||||
// Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster.
|
||||
// +optional
|
||||
PreCreateSubPaths bool `json:"preCreateSubPaths"`
|
||||
// PvcJobsImage is image:tag for preCreateSubPaths jobs
|
||||
PvcJobsImage string `json:"pvcJobsImage"`
|
||||
// PostgresPVCStorageClassName is storage class for a postgres pvc. Empty string by default, which means default storage class is used
|
||||
PostgresPVCStorageClassName string `json:"postgresPVCStorageClassName"`
|
||||
// WorkspacePVCStorageClassName is storage class for a workspaces pvc. Empty string by default, which means default storage class is used
|
||||
WorkspacePVCStorageClassName string `json:"workspacePVCStorageClassName"`
|
||||
// Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag.
|
||||
// Omit it or leave it empty to use the defaut container image provided by the operator.
|
||||
// See also the `preCreateSubPaths` field.
|
||||
// +optional
|
||||
PvcJobsImage string `json:"pvcJobsImage,omitempty"`
|
||||
// Storage class for the Persistent Volume Claim dedicated to the Postgres database.
|
||||
// If omitted or left blank, default storage class is used.
|
||||
// +optional
|
||||
PostgresPVCStorageClassName string `json:"postgresPVCStorageClassName,omitempty"`
|
||||
// Storage class for the Persistent Volume Claims dedicated to the Che workspaces.
|
||||
// If omitted or left blank, default storage class is used.
|
||||
// +optional
|
||||
WorkspacePVCStorageClassName string `json:"workspacePVCStorageClassName,omitempty"`
|
||||
}
|
||||
|
||||
// +k8s:openapi-gen=true
|
||||
// Configuration settings specific to Che installations made on upstream Kubernetes.
|
||||
type CheClusterSpecK8SOnly struct {
|
||||
// IngressDomain is a global ingress domain for a k8s cluster. Must be explicitly specified in CR. There are no defaults
|
||||
IngressDomain string `json:"ingressDomain"`
|
||||
// IngressStrategy is the way ingresses are created. Casn be multi-host (host is explicitly provided in ingress),
|
||||
// single-host (host is provided, path based rules) and default-host *(no host is provided, path based rules)
|
||||
IngressStrategy string `json:"ingressStrategy"`
|
||||
// IngressClass is kubernetes.io/ingress.class, defaults to nginx
|
||||
IngressClass string `json:"ingressClass"`
|
||||
// secret name used for tls termination
|
||||
TlsSecretName string `json:"tlsSecretName"`
|
||||
// FSGroup the Che POD and Workspace pod containers should run in
|
||||
SecurityContextFsGroup string `json:"securityContextFsGroup"`
|
||||
// User the Che POD and Workspace pod containers should run as
|
||||
SecurityContextRunAsUser string `json:"securityContextRunAsUser"`
|
||||
// Global ingress domain for a K8S cluster. This MUST be explicitly specified: there are no defaults.
|
||||
IngressDomain string `json:"ingressDomain,omitempty"`
|
||||
// Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress),
|
||||
// `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules).
|
||||
// Defaults to `"multi-host`
|
||||
// +optional
|
||||
IngressStrategy string `json:"ingressStrategy,omitempty"`
|
||||
// Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`.
|
||||
// NB: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses.
|
||||
// +optional
|
||||
IngressClass string `json:"ingressClass,omitempty"`
|
||||
// Name of a secret that will be used to setup ingress TLS termination if TLS is enabled.
|
||||
// See also the `tlsSupport` field.
|
||||
// +optional
|
||||
TlsSecretName string `json:"tlsSecretName,omitempty"`
|
||||
// FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`.
|
||||
// +optional
|
||||
SecurityContextFsGroup string `json:"securityContextFsGroup,omitempty"`
|
||||
// ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`.
|
||||
// +optional
|
||||
SecurityContextRunAsUser string `json:"securityContextRunAsUser,omitempty"`
|
||||
}
|
||||
|
||||
// CheClusterStatus defines the observed state of CheCluster
|
||||
// CheClusterStatus defines the observed state of Che installation
|
||||
type CheClusterStatus struct {
|
||||
// INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
|
||||
// Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file
|
||||
// DbProvisoned indicates if or not a Postgres instance has been provisioned with db and user
|
||||
// Indicates if or not a Postgres instance has been correctly provisioned
|
||||
// +optional
|
||||
DbProvisoned bool `json:"dbProvisioned"`
|
||||
// KeycloakProvisoned indicates if or not a Keycloak instance has been provisioned with realm, client, user
|
||||
// Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user
|
||||
// +optional
|
||||
KeycloakProvisoned bool `json:"keycloakProvisioned"`
|
||||
// OpenShiftoAuthProvisioned indicates if or not a Keycloak instance has been provisioned identity provider and oAuthclient
|
||||
// Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth.
|
||||
// +optional
|
||||
OpenShiftoAuthProvisioned bool `json:"openShiftoAuthProvisioned"`
|
||||
// CheClusterRunning is status of a cluster. Can be Available, Unavailable, Available, Rolling Update in Progress
|
||||
// Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`
|
||||
// +optional
|
||||
CheClusterRunning string `json:"cheClusterRunning"`
|
||||
// CheVersion is current Che version retrieved from image tag
|
||||
// Current installed Che version
|
||||
// +optional
|
||||
CheVersion string `json:"cheVersion"`
|
||||
// CheURL is Che protocol+route/ingress
|
||||
// Public URL to the Che server
|
||||
// +optional
|
||||
CheURL string `json:"cheURL"`
|
||||
// KeycloakURL is Keycloak protocol+route/ingress
|
||||
// Public URL to the Identity Provider server (Keycloak / RH SSO).
|
||||
// +optional
|
||||
KeycloakURL string `json:"keycloakURL"`
|
||||
// DevfileRegistryURL is the Devfile registry protocol+route/ingress
|
||||
// Public URL to the Devfile registry
|
||||
// +optional
|
||||
DevfileRegistryURL string `json:"devfileRegistryURL"`
|
||||
// PluginRegistryURL is the Plugin registry protocol+route/ingress
|
||||
// Public URL to the Plugin registry
|
||||
// +optional
|
||||
PluginRegistryURL string `json:"pluginRegistryURL"`
|
||||
// A human readable message indicating details about why the pod is in this condition.
|
||||
// +optional
|
||||
Message string `json:"message,omitempty"`
|
||||
// A brief CamelCase message indicating details about why the pod is in this state.
|
||||
// e.g. 'Evicted'
|
||||
// +optional
|
||||
Reason string `json:"reason,omitempty"`
|
||||
// A URL that can point to some URL where to find help related to the current Operator status.
|
||||
|
|
@ -228,8 +402,9 @@ type CheClusterStatus struct {
|
|||
|
||||
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
|
||||
|
||||
// CheCluster is the Schema for the ches API
|
||||
// The `CheCluster` custom resource allows defining and managing a Che server installation
|
||||
// +k8s:openapi-gen=true
|
||||
// +kubebuilder:subresource:status
|
||||
type CheCluster struct {
|
||||
metav1.TypeMeta `json:",inline"`
|
||||
metav1.ObjectMeta `json:"metadata,omitempty"`
|
||||
|
|
|
|||
|
|
@ -1,22 +1,6 @@
|
|||
// +build !ignore_autogenerated
|
||||
|
||||
/*
|
||||
Copyright The Kubernetes Authors.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
// Code generated by deepcopy-gen. DO NOT EDIT.
|
||||
// Code generated by operator-sdk. DO NOT EDIT.
|
||||
|
||||
package v1
|
||||
|
||||
|
|
@ -92,7 +76,7 @@ func (in *CheClusterSpec) DeepCopyInto(out *CheClusterSpec) {
|
|||
out.Database = in.Database
|
||||
out.Auth = in.Auth
|
||||
out.Storage = in.Storage
|
||||
out.K8SOnly = in.K8SOnly
|
||||
out.K8s = in.K8s
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,636 @@
|
|||
// +build !ignore_autogenerated
|
||||
|
||||
// This file was autogenerated by openapi-gen. Do not edit it manually!
|
||||
|
||||
package v1
|
||||
|
||||
import (
|
||||
spec "github.com/go-openapi/spec"
|
||||
common "k8s.io/kube-openapi/pkg/common"
|
||||
)
|
||||
|
||||
func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition {
|
||||
return map[string]common.OpenAPIDefinition{
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheCluster": schema_pkg_apis_org_v1_CheCluster(ref),
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpec": schema_pkg_apis_org_v1_CheClusterSpec(ref),
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecAuth": schema_pkg_apis_org_v1_CheClusterSpecAuth(ref),
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecDB": schema_pkg_apis_org_v1_CheClusterSpecDB(ref),
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecK8SOnly": schema_pkg_apis_org_v1_CheClusterSpecK8SOnly(ref),
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecServer": schema_pkg_apis_org_v1_CheClusterSpecServer(ref),
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecStorage": schema_pkg_apis_org_v1_CheClusterSpecStorage(ref),
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheCluster(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "The `CheCluster` custom resource allows defining and managing a Che server installation",
|
||||
Properties: map[string]spec.Schema{
|
||||
"kind": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"apiVersion": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"metadata": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"),
|
||||
},
|
||||
},
|
||||
"spec": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpec"),
|
||||
},
|
||||
},
|
||||
"status": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterStatus"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpec", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"},
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheClusterSpec(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Desired configuration of the Che installation. Based on these settings, the operator automatically creates and maintains several config maps that will contain the appropriate environment variables the various components of the Che installation. These generated config maps should NOT be updated manually.",
|
||||
Properties: map[string]spec.Schema{
|
||||
"server": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "General configuration settings related to the Che server and the plugin and devfile registries",
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecServer"),
|
||||
},
|
||||
},
|
||||
"database": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings related to the database used by the Che installation.",
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecDB"),
|
||||
},
|
||||
},
|
||||
"auth": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings related to the Authentication used by the Che installation.",
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecAuth"),
|
||||
},
|
||||
},
|
||||
"storage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings related to the persistent storage used by the Che installation.",
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecStorage"),
|
||||
},
|
||||
},
|
||||
"k8s": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings specific to Che installations made on upstream Kubernetes.",
|
||||
Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecK8SOnly"),
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{
|
||||
"github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecAuth", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecDB", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecK8SOnly", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecServer", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecStorage"},
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheClusterSpecAuth(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings related to the Authentication used by the Che installation.",
|
||||
Properties: map[string]spec.Schema{
|
||||
"externalIdentityProvider": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with: `identityProvider`.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderURL": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderAdminUserName": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the name of the Identity Provider admin user. Defaults to `admin`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderPassword": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderRealm": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderClientId": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderPostgresPassword": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"updateAdminPassword": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Forces the default `admin` Che user to update password on first login. Defaults to `false`.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"openShiftoAuth": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. This will allow users to directly login with their Openshift user throug the Openshift login, and have their workspaces created under personnal OpenShift namespaces. WARNING: the `kuebadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"oAuthClientName": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"oAuthSecret": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderImage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"identityProviderImagePullPolicy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{},
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheClusterSpecDB(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings related to the database used by the Che installation.",
|
||||
Properties: map[string]spec.Schema{
|
||||
"externalDb": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with: `chePostgres`.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"chePostgresHostName": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"chePostgresPort": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"chePostgresUser": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"chePostgresPassword": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"chePostgresDb": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"postgresImage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"postgresImagePullPolicy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{},
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheClusterSpecK8SOnly(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings specific to Che installations made on upstream Kubernetes.",
|
||||
Properties: map[string]spec.Schema{
|
||||
"ingressDomain": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Global ingress domain for a K8S cluster. This MUST be explicitly specified: there are no defaults.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"ingressStrategy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `\"multi-host`",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"ingressClass": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"tlsSecretName": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. See also the `tlsSupport` field.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"securityContextFsGroup": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"securityContextRunAsUser": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{},
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheClusterSpecServer(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "General configuration settings related to the Che server and the plugin and devfile registries.",
|
||||
Properties: map[string]spec.Schema{
|
||||
"airGapContainerRegistryHostname": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"airGapContainerRegistryOrganization": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheImage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheImageTag": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheImagePullPolicy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheFlavor": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overriden.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheHost": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Public hostname of the installed Che server. This will be automatically set by the operator. In most cases the default value set by the operator should not be overriden.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheLogLevel": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheDebug": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Enables the debug mode for Che server. Defaults to `false`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"cheWorkspaceClusterRole": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"selfSignedCert": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Enables the support of OpenShift clusters whose router uses self-signed certificates. When enabled, the operator retrieves the default self-signed certificate of OpenShift routes and adds it to the Java trust store of the Che server. This is usually required when activating the `tlsSupport` field on demo OpenShift clusters that have not been setup with a valid certificate for the routes. This is disabled by default.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"tlsSupport": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Instructs the operator to deploy Che in TLS mode, ie with TLS routes or ingresses. This is disabled by default. WARNING: Enabling TLS might require enabling the `selfSignedCert` field also in some cases.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"devfileRegistryUrl": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"devfileRegistryImage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"devfileRegistryPullPolicy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the image pull policy used in the Devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"devfileRegistryMemoryLimit": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"devfileRegistryMemoryRequest": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"externalDevfileRegistry": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pluginRegistryUrl": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Public URL of the Plugin registry, that serves sample ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field). By default this will be automatically calculated by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pluginRegistryImage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pluginRegistryPullPolicy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the image pull policy used in the Plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pluginRegistryMemoryLimit": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pluginRegistryMemoryRequest": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"externalPluginRegistry": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"customCheProperties": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead.",
|
||||
Type: []string{"object"},
|
||||
AdditionalProperties: &spec.SchemaOrBool{
|
||||
Schema: &spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
"proxyURL": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"proxyPort": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Port of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field).",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"nonProxyHosts": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "List of hosts that should not use the configured proxy. Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` Only use when configuring a proxy is required (see also the `proxyURL` field).",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"proxyUser": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field).",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"proxyPassword": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Password of the proxy server\n\nOnly use when proxy configuration is required (see also the `proxyUser` field).",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"serverMemoryRequest": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the memory request used in the Che server deployment. Defaults to 512Mi.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"serverMemoryLimit": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the memory limit used in the Che server deployment. Defaults to 1Gi.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{},
|
||||
}
|
||||
}
|
||||
|
||||
func schema_pkg_apis_org_v1_CheClusterSpecStorage(ref common.ReferenceCallback) common.OpenAPIDefinition {
|
||||
return common.OpenAPIDefinition{
|
||||
Schema: spec.Schema{
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Configuration settings related to the persistent storage used by the Che installation.",
|
||||
Properties: map[string]spec.Schema{
|
||||
"pvcStrategy": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pvcClaimSize": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Size of the persistent volume claim for workspaces. Defaults to `1Gi`",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"preCreateSubPaths": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster.",
|
||||
Type: []string{"boolean"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"pvcJobsImage": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"postgresPVCStorageClassName": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
"workspacePVCStorageClassName": {
|
||||
SchemaProps: spec.SchemaProps{
|
||||
Description: "Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used.",
|
||||
Type: []string{"string"},
|
||||
Format: "",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
Dependencies: []string{},
|
||||
}
|
||||
}
|
||||
|
|
@ -246,7 +246,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
|
||||
if isOpenShift {
|
||||
// delete oAuthClient before CR is deleted
|
||||
doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftOauth
|
||||
doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftoAuth
|
||||
if doInstallOpenShiftoAuthProvider {
|
||||
if err := r.ReconcileFinalizer(instance); err != nil {
|
||||
return reconcile.Result{}, err
|
||||
|
|
@ -287,7 +287,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
// To use Openshift v4 OAuth, the OAuth endpoints are served from a namespace
|
||||
// and NOT from the Openshift API Master URL (as in v3)
|
||||
// So we also need the self-signed certificate to access them (same as the Che server)
|
||||
(isOpenShift4 && instance.Spec.Auth.OpenShiftOauth && !instance.Spec.Server.TlsSupport) {
|
||||
(isOpenShift4 && instance.Spec.Auth.OpenShiftoAuth && !instance.Spec.Server.TlsSupport) {
|
||||
if err := r.CreateTLSSecret(instance, "", "self-signed-certificate"); err != nil {
|
||||
return reconcile.Result{}, err
|
||||
}
|
||||
|
|
@ -308,7 +308,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
}
|
||||
}
|
||||
|
||||
if instance.Spec.Auth.OpenShiftOauth {
|
||||
if instance.Spec.Auth.OpenShiftoAuth {
|
||||
users := &userv1.UserList{}
|
||||
listOptions := &client.ListOptions{}
|
||||
if err := r.nonCachedClient.List(context.TODO(), listOptions, users); err != nil {
|
||||
|
|
@ -392,13 +392,13 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
|
||||
}
|
||||
chePostgresPassword := instance.Spec.Database.ChePostgresPassword
|
||||
keycloakPostgresPassword := instance.Spec.Auth.KeycloakPostgresPassword
|
||||
keycloakAdminPassword := instance.Spec.Auth.KeycloakAdminPassword
|
||||
keycloakPostgresPassword := instance.Spec.Auth.IdentityProviderPostgresPassword
|
||||
keycloakAdminPassword := instance.Spec.Auth.IdentityProviderPassword
|
||||
|
||||
cheFlavor := util.GetValue(instance.Spec.Server.CheFlavor, deploy.DefaultCheFlavor)
|
||||
|
||||
// Create Postgres resources and provisioning unless an external DB is used
|
||||
externalDB := instance.Spec.Database.ExternalDB
|
||||
externalDB := instance.Spec.Database.ExternalDb
|
||||
if !externalDB {
|
||||
// Create a new postgres service
|
||||
postgresLabels := deploy.GetLabels(instance, "postgres")
|
||||
|
|
@ -485,8 +485,8 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
}
|
||||
}
|
||||
|
||||
ingressStrategy := util.GetValue(instance.Spec.K8SOnly.IngressStrategy, deploy.DefaultIngressStrategy)
|
||||
ingressDomain := instance.Spec.K8SOnly.IngressDomain
|
||||
ingressStrategy := util.GetValue(instance.Spec.K8s.IngressStrategy, deploy.DefaultIngressStrategy)
|
||||
ingressDomain := instance.Spec.K8s.IngressDomain
|
||||
tlsSupport := instance.Spec.Server.TlsSupport
|
||||
protocol := "http"
|
||||
if tlsSupport {
|
||||
|
|
@ -538,7 +538,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
}
|
||||
|
||||
// create and provision Keycloak related objects
|
||||
ExternalKeycloak := instance.Spec.Auth.ExternalKeycloak
|
||||
ExternalKeycloak := instance.Spec.Auth.ExternalIdentityProvider
|
||||
|
||||
if !ExternalKeycloak {
|
||||
keycloakLabels := deploy.GetLabels(instance, "keycloak")
|
||||
|
|
@ -556,9 +556,9 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
if ingressStrategy == "multi-host" {
|
||||
keycloakURL = protocol + "://keycloak-" + instance.Namespace + "." + ingressDomain
|
||||
}
|
||||
if len(instance.Spec.Auth.KeycloakURL) == 0 {
|
||||
instance.Spec.Auth.KeycloakURL = keycloakURL
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.KeycloakURL); err != nil {
|
||||
if len(instance.Spec.Auth.IdentityProviderURL) == 0 {
|
||||
instance.Spec.Auth.IdentityProviderURL = keycloakURL
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.IdentityProviderURL); err != nil {
|
||||
instance, _ = r.GetCR(request)
|
||||
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
|
||||
}
|
||||
|
|
@ -573,17 +573,17 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
return reconcile.Result{}, err
|
||||
}
|
||||
keycloakURL := keycloakRoute.Spec.Host
|
||||
if len(instance.Spec.Auth.KeycloakURL) == 0 {
|
||||
instance.Spec.Auth.KeycloakURL = protocol + "://" + keycloakURL
|
||||
if len(instance.Spec.Auth.IdentityProviderURL) == 0 {
|
||||
instance.Spec.Auth.IdentityProviderURL = protocol + "://" + keycloakURL
|
||||
if len(keycloakURL) < 1 {
|
||||
keycloakURL := r.GetEffectiveRoute(instance, keycloakRoute.Name).Spec.Host
|
||||
instance.Spec.Auth.KeycloakURL = protocol + "://" + keycloakURL
|
||||
instance.Spec.Auth.IdentityProviderURL = protocol + "://" + keycloakURL
|
||||
}
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.KeycloakURL); err != nil {
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.IdentityProviderURL); err != nil {
|
||||
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
|
||||
}
|
||||
instance.Status.KeycloakURL = protocol + "://" + keycloakURL
|
||||
if err := r.UpdateCheCRStatus(instance, "status: Keycloak URL", instance.Spec.Auth.KeycloakURL); err != nil {
|
||||
if err := r.UpdateCheCRStatus(instance, "status: Keycloak URL", instance.Spec.Auth.IdentityProviderURL); err != nil {
|
||||
instance, _ = r.GetCR(request)
|
||||
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
|
||||
}
|
||||
|
|
@ -614,9 +614,9 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
k8sclient.GetDeploymentRollingUpdateStatus("keycloak", instance.Namespace)
|
||||
}
|
||||
|
||||
desiredImage := util.GetValue(instance.Spec.Auth.KeycloakImage, deploy.DefaultKeycloakImage(instance, cheFlavor))
|
||||
desiredImage := util.GetValue(instance.Spec.Auth.IdentityProviderImage, deploy.DefaultKeycloakImage(instance, cheFlavor))
|
||||
effectiveImage := effectiveKeycloakDeployment.Spec.Template.Spec.Containers[0].Image
|
||||
desiredImagePullPolicy := util.GetValue(string(instance.Spec.Auth.KeycloakImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(desiredImage))
|
||||
desiredImagePullPolicy := util.GetValue(string(instance.Spec.Auth.IdentityProviderImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(desiredImage))
|
||||
effectiveImagePullPolicy := string(effectiveKeycloakDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy)
|
||||
cheCertSecretVersion := r.GetEffectiveSecretResourceVersion(instance, "self-signed-certificate")
|
||||
storedCheCertSecretVersion := effectiveKeycloakDeployment.Annotations["che.self-signed-certificate.version"]
|
||||
|
|
@ -654,7 +654,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
}
|
||||
|
||||
if isOpenShift {
|
||||
doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftOauth
|
||||
doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftoAuth
|
||||
if doInstallOpenShiftoAuthProvider {
|
||||
openShiftIdentityProviderStatus := instance.Status.OpenShiftoAuthProvisioned
|
||||
if !openShiftIdentityProviderStatus {
|
||||
|
|
@ -808,7 +808,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
result, err := addRegistryDeployment(
|
||||
"devfile",
|
||||
devfileRegistryImage,
|
||||
corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(devfileRegistryImage))),
|
||||
corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryPullPolicy), deploy.DefaultPullPolicyFromDockerImage(devfileRegistryImage))),
|
||||
util.GetValue(string(instance.Spec.Server.DevfileRegistryMemoryLimit), deploy.DefaultDevfileRegistryMemoryLimit),
|
||||
util.GetValue(string(instance.Spec.Server.DevfileRegistryMemoryRequest), deploy.DefaultDevfileRegistryMemoryRequest),
|
||||
"/devfiles/",
|
||||
|
|
@ -844,7 +844,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
result, err := addRegistryDeployment(
|
||||
"plugin",
|
||||
pluginRegistryImage,
|
||||
corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(pluginRegistryImage))),
|
||||
corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryPullPolicy), deploy.DefaultPullPolicyFromDockerImage(pluginRegistryImage))),
|
||||
util.GetValue(string(instance.Spec.Server.PluginRegistryMemoryLimit), deploy.DefaultPluginRegistryMemoryLimit),
|
||||
util.GetValue(string(instance.Spec.Server.PluginRegistryMemoryRequest), deploy.DefaultPluginRegistryMemoryRequest),
|
||||
"/v3/plugins/",
|
||||
|
|
@ -1008,8 +1008,8 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
|
|||
break
|
||||
}
|
||||
for {
|
||||
instance.Spec.Auth.OauthSecret = ""
|
||||
instance.Spec.Auth.OauthClientName = ""
|
||||
instance.Spec.Auth.OAuthSecret = ""
|
||||
instance.Spec.Auth.OAuthClientName = ""
|
||||
if err := r.UpdateCheCRSpec(instance, "clean oAuth secret name and client name", ""); err != nil &&
|
||||
errors.IsConflict(err) {
|
||||
instance, _ = r.GetCR(request)
|
||||
|
|
|
|||
|
|
@ -184,7 +184,7 @@ func TestCheController(t *testing.T) {
|
|||
}
|
||||
|
||||
// update CR and make sure Che configmap has been updated
|
||||
cheCR.Spec.Auth.OpenShiftOauth = true
|
||||
cheCR.Spec.Auth.OpenShiftoAuth = true
|
||||
if err := cl.Update(context.TODO(), cheCR); err != nil {
|
||||
t.Error("Failed to update CheCluster custom resource")
|
||||
}
|
||||
|
|
@ -217,8 +217,8 @@ func TestCheController(t *testing.T) {
|
|||
|
||||
err = r.client.Get(context.TODO(), types.NamespacedName{Name: cheCR.Name, Namespace: cheCR.Namespace}, cheCR)
|
||||
err = r.CreateIdentityProviderItems(cheCR, req, "che", "keycloak", false)
|
||||
oAuthClientName := cheCR.Spec.Auth.OauthClientName
|
||||
oauthSecret := cheCR.Spec.Auth.OauthSecret
|
||||
oAuthClientName := cheCR.Spec.Auth.OAuthClientName
|
||||
oauthSecret := cheCR.Spec.Auth.OAuthSecret
|
||||
if err = r.client.Get(context.TODO(), types.NamespacedName{Name: oAuthClientName, Namespace: ""}, oAuthClient); err != nil {
|
||||
t.Errorf("Failed to Get oAuthClient %s: %s", oAuthClient.Name, err)
|
||||
}
|
||||
|
|
@ -227,7 +227,7 @@ func TestCheController(t *testing.T) {
|
|||
}
|
||||
|
||||
// check if a new Postgres deployment is not created when spec.Database.ExternalDB is true
|
||||
cheCR.Spec.Database.ExternalDB = true
|
||||
cheCR.Spec.Database.ExternalDb = true
|
||||
if err := cl.Update(context.TODO(), cheCR); err != nil {
|
||||
t.Error("Failed to update CheCluster custom resource")
|
||||
}
|
||||
|
|
@ -246,7 +246,7 @@ func TestCheController(t *testing.T) {
|
|||
// check of storageClassName ends up in pvc spec
|
||||
fakeStorageClassName := "fake-storage-class-name"
|
||||
cheCR.Spec.Storage.PostgresPVCStorageClassName = fakeStorageClassName
|
||||
cheCR.Spec.Database.ExternalDB = false
|
||||
cheCR.Spec.Database.ExternalDb = false
|
||||
if err := r.client.Update(context.TODO(), cheCR); err != nil {
|
||||
t.Fatalf("Failed to update %s CR: %s", cheCR.Name, err)
|
||||
}
|
||||
|
|
@ -281,7 +281,7 @@ func TestCheController(t *testing.T) {
|
|||
if err := r.ReconcileFinalizer(cheCR); err != nil {
|
||||
t.Fatal("Failed to reconcile oAuthClient")
|
||||
}
|
||||
oauthClientName := cheCR.Spec.Auth.OauthClientName
|
||||
oauthClientName := cheCR.Spec.Auth.OAuthClientName
|
||||
_, err = r.GetOAuthClient(oauthClientName)
|
||||
if err == nil {
|
||||
t.Fatalf("OauthClient %s has not been deleted", oauthClientName)
|
||||
|
|
|
|||
|
|
@ -271,25 +271,25 @@ func (r *ReconcileChe) CreateNewRoleBinding(instance *orgv1.CheCluster, roleBind
|
|||
|
||||
func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, request reconcile.Request, cheFlavor string, keycloakDeploymentName string, isOpenShift4 bool) (err error) {
|
||||
tests := r.tests
|
||||
keycloakAdminPassword := instance.Spec.Auth.KeycloakAdminPassword
|
||||
oAuthClientName := instance.Spec.Auth.OauthClientName
|
||||
keycloakAdminPassword := instance.Spec.Auth.IdentityProviderPassword
|
||||
oAuthClientName := instance.Spec.Auth.OAuthClientName
|
||||
if len(oAuthClientName) < 1 {
|
||||
oAuthClientName = instance.Name + "-openshift-identity-provider-" + strings.ToLower(util.GeneratePasswd(6))
|
||||
instance.Spec.Auth.OauthClientName = oAuthClientName
|
||||
instance.Spec.Auth.OAuthClientName = oAuthClientName
|
||||
if err := r.UpdateCheCRSpec(instance, "oAuthClient name", oAuthClientName); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
oauthSecret := instance.Spec.Auth.OauthSecret
|
||||
oauthSecret := instance.Spec.Auth.OAuthSecret
|
||||
if len(oauthSecret) < 1 {
|
||||
oauthSecret = util.GeneratePasswd(12)
|
||||
instance.Spec.Auth.OauthSecret = oauthSecret
|
||||
instance.Spec.Auth.OAuthSecret = oauthSecret
|
||||
if err := r.UpdateCheCRSpec(instance, "oAuthC secret name", oauthSecret); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
keycloakURL := instance.Spec.Auth.KeycloakURL
|
||||
keycloakRealm := util.GetValue(instance.Spec.Auth.KeycloakRealm, cheFlavor)
|
||||
keycloakURL := instance.Spec.Auth.IdentityProviderURL
|
||||
keycloakRealm := util.GetValue(instance.Spec.Auth.IdentityProviderRealm, cheFlavor)
|
||||
oAuthClient := deploy.NewOAuthClient(oAuthClientName, oauthSecret, keycloakURL, keycloakRealm, isOpenShift4)
|
||||
if err := r.CreateNewOauthClient(instance, oAuthClient); err != nil {
|
||||
return err
|
||||
|
|
@ -311,7 +311,7 @@ func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, r
|
|||
for {
|
||||
instance.Status.OpenShiftoAuthProvisioned = true
|
||||
if err := r.UpdateCheCRStatus(instance, "status: provisioned with OpenShift identity provider", "true"); err != nil &&
|
||||
errors.IsConflict(err) {
|
||||
errors.IsConflict(err) {
|
||||
instance, _ = r.GetCR(request)
|
||||
continue
|
||||
}
|
||||
|
|
@ -354,9 +354,9 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request
|
|||
}
|
||||
|
||||
}
|
||||
keycloakPostgresPassword := util.GetValue(instance.Spec.Auth.KeycloakPostgresPassword, util.GeneratePasswd(12))
|
||||
if len(instance.Spec.Auth.KeycloakPostgresPassword) < 1 {
|
||||
instance.Spec.Auth.KeycloakPostgresPassword = keycloakPostgresPassword
|
||||
keycloakPostgresPassword := util.GetValue(instance.Spec.Auth.IdentityProviderPostgresPassword, util.GeneratePasswd(12))
|
||||
if len(instance.Spec.Auth.IdentityProviderPostgresPassword) < 1 {
|
||||
instance.Spec.Auth.IdentityProviderPostgresPassword = keycloakPostgresPassword
|
||||
keycloakDeployment, err := r.GetEffectiveDeployment(instance, "keycloak")
|
||||
if err != nil {
|
||||
logrus.Info("Disregard the error. No existing Identity provider deployment found. Generating passwd")
|
||||
|
|
@ -367,28 +367,28 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request
|
|||
return err
|
||||
}
|
||||
}
|
||||
if len(instance.Spec.Auth.KeycloakAdminPassword) < 1 {
|
||||
keycloakAdminPassword := util.GetValue(instance.Spec.Auth.KeycloakAdminPassword, util.GeneratePasswd(12))
|
||||
if len(instance.Spec.Auth.IdentityProviderPassword) < 1 {
|
||||
keycloakAdminPassword := util.GetValue(instance.Spec.Auth.IdentityProviderPassword, util.GeneratePasswd(12))
|
||||
keycloakDeployment, err := r.GetEffectiveDeployment(instance, "keycloak")
|
||||
if err != nil {
|
||||
logrus.Info("Disregard the error. No existing Identity provider deployment found. Generating passwd")
|
||||
} else {
|
||||
keycloakAdminPassword = r.GetDeploymentEnv(keycloakDeployment, "SSO_ADMIN_PASSWORD")
|
||||
}
|
||||
instance.Spec.Auth.KeycloakAdminPassword = keycloakAdminPassword
|
||||
instance.Spec.Auth.IdentityProviderPassword = keycloakAdminPassword
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak admin password", "password hidden"); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
if len(instance.Spec.Auth.KeycloakAdminUserName) < 1 {
|
||||
keycloakAdminUserName := util.GetValue(instance.Spec.Auth.KeycloakAdminUserName, "admin")
|
||||
if len(instance.Spec.Auth.IdentityProviderAdminUserName) < 1 {
|
||||
keycloakAdminUserName := util.GetValue(instance.Spec.Auth.IdentityProviderAdminUserName, "admin")
|
||||
keycloakDeployment, err := r.GetEffectiveDeployment(instance, "keycloak")
|
||||
if err != nil {
|
||||
logrus.Info("Disregard the error. No existing Identity provider deployment found. Generating admin username")
|
||||
} else {
|
||||
keycloakAdminUserName = r.GetDeploymentEnv(keycloakDeployment, "SSO_ADMIN_USERNAME")
|
||||
}
|
||||
instance.Spec.Auth.KeycloakAdminUserName = keycloakAdminUserName
|
||||
instance.Spec.Auth.IdentityProviderAdminUserName = keycloakAdminUserName
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak admin username", keycloakAdminUserName); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -407,9 +407,9 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request
|
|||
return err
|
||||
}
|
||||
}
|
||||
chePostgresHostName := util.GetValue(instance.Spec.Database.ChePostgresDBHostname, deploy.DefaultChePostgresHostName)
|
||||
if len(instance.Spec.Database.ChePostgresDBHostname) < 1 {
|
||||
instance.Spec.Database.ChePostgresDBHostname = chePostgresHostName
|
||||
chePostgresHostName := util.GetValue(instance.Spec.Database.ChePostgresHostName, deploy.DefaultChePostgresHostName)
|
||||
if len(instance.Spec.Database.ChePostgresHostName) < 1 {
|
||||
instance.Spec.Database.ChePostgresHostName = chePostgresHostName
|
||||
if err := r.UpdateCheCRSpec(instance, "Postgres hostname", chePostgresHostName); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -428,16 +428,16 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request
|
|||
return err
|
||||
}
|
||||
}
|
||||
keycloakRealm := util.GetValue(instance.Spec.Auth.KeycloakRealm, cheFlavor)
|
||||
if len(instance.Spec.Auth.KeycloakRealm) < 1 {
|
||||
instance.Spec.Auth.KeycloakRealm = keycloakRealm
|
||||
keycloakRealm := util.GetValue(instance.Spec.Auth.IdentityProviderRealm, cheFlavor)
|
||||
if len(instance.Spec.Auth.IdentityProviderRealm) < 1 {
|
||||
instance.Spec.Auth.IdentityProviderRealm = keycloakRealm
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak realm", keycloakRealm); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
keycloakClientId := util.GetValue(instance.Spec.Auth.KeycloakClientId, cheFlavor+"-public")
|
||||
if len(instance.Spec.Auth.KeycloakClientId) < 1 {
|
||||
instance.Spec.Auth.KeycloakClientId = keycloakClientId
|
||||
keycloakClientId := util.GetValue(instance.Spec.Auth.IdentityProviderClientId, cheFlavor+"-public")
|
||||
if len(instance.Spec.Auth.IdentityProviderClientId) < 1 {
|
||||
instance.Spec.Auth.IdentityProviderClientId = keycloakClientId
|
||||
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak client ID", keycloakClientId); err != nil {
|
||||
return err
|
||||
|
|
@ -491,9 +491,9 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request
|
|||
}
|
||||
}
|
||||
|
||||
if instance.Spec.Auth.KeycloakImage == deploy.OldDefaultKeycloakUpstreamImageToDetect {
|
||||
instance.Spec.Auth.KeycloakImage = ""
|
||||
if err := r.UpdateCheCRSpec(instance, "keycloak image", instance.Spec.Auth.KeycloakImage); err != nil {
|
||||
if instance.Spec.Auth.IdentityProviderImage == deploy.OldDefaultKeycloakUpstreamImageToDetect {
|
||||
instance.Spec.Auth.IdentityProviderImage = ""
|
||||
if err := r.UpdateCheCRSpec(instance, "keycloak image", instance.Spec.Auth.IdentityProviderImage); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
package che
|
||||
|
||||
import (
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
"context"
|
||||
orgv1 "github.com/eclipse/che-operator/pkg/apis/org/v1"
|
||||
"github.com/eclipse/che-operator/pkg/util"
|
||||
"github.com/sirupsen/logrus"
|
||||
"k8s.io/apimachinery/pkg/api/errors"
|
||||
)
|
||||
|
||||
func (r *ReconcileChe) ReconcileFinalizer(instance *orgv1.CheCluster) (err error) {
|
||||
|
|
@ -18,7 +18,7 @@ func (r *ReconcileChe) ReconcileFinalizer(instance *orgv1.CheCluster) (err error
|
|||
}
|
||||
} else {
|
||||
if util.ContainsString(instance.ObjectMeta.Finalizers, oAuthFinalizerName) {
|
||||
oAuthClientName := instance.Spec.Auth.OauthClientName
|
||||
oAuthClientName := instance.Spec.Auth.OAuthClientName
|
||||
logrus.Infof("Custom resource %s is being deleted. Deleting oAuthClient %s first", instance.Name, oAuthClientName)
|
||||
oAuthClient, err := r.GetOAuthClient(oAuthClientName)
|
||||
if err == nil {
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ func (r *ReconcileChe) SetCheAvailableStatus(instance *orgv1.CheCluster, request
|
|||
if cheFlavor == "codeready" {
|
||||
name = "CodeReady Workspaces"
|
||||
}
|
||||
keycloakURL := instance.Spec.Auth.KeycloakURL
|
||||
keycloakURL := instance.Spec.Auth.IdentityProviderURL
|
||||
instance.Status.KeycloakURL = keycloakURL
|
||||
if err := r.UpdateCheCRStatus(instance, "Keycloak URL status", keycloakURL); err != nil {
|
||||
instance, _ = r.GetCR(request)
|
||||
|
|
@ -88,7 +88,6 @@ func (r *ReconcileChe) SetStatusDetails(instance *orgv1.CheCluster, request reco
|
|||
return nil
|
||||
}
|
||||
|
||||
|
||||
func (r *ReconcileChe) SetCheRollingUpdateStatus(instance *orgv1.CheCluster, request reconcile.Request) (err error) {
|
||||
|
||||
instance.Status.CheClusterRunning = RollingUpdateInProgressStatus
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ func (r *ReconcileChe) UpdateConfigMap(instance *orgv1.CheCluster) (updated bool
|
|||
|
||||
func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request reconcile.Request, cheFlavor string, tlsSupport bool, isOpenShift bool) (updated bool, err error) {
|
||||
|
||||
updateRegistryRoute := func (registryType string) (bool, error) {
|
||||
updateRegistryRoute := func(registryType string) (bool, error) {
|
||||
registryName := registryType + "-registry"
|
||||
if !isOpenShift {
|
||||
currentRegistryIngress := r.GetEffectiveIngress(instance, registryName)
|
||||
|
|
@ -93,7 +93,7 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
return false, err
|
||||
}
|
||||
registryIngress := deploy.NewIngress(instance, registryName, registryName, 8080)
|
||||
|
||||
|
||||
if err := r.CreateNewIngress(instance, registryIngress); err != nil {
|
||||
logrus.Errorf("Failed to create %s %s: %s", registryIngress.Name, registryIngress.Kind, err)
|
||||
return false, err
|
||||
|
|
@ -111,11 +111,11 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
return false, err
|
||||
}
|
||||
registryRoute := deploy.NewRoute(instance, registryName, registryName, 8080)
|
||||
|
||||
|
||||
if tlsSupport {
|
||||
registryRoute = deploy.NewTlsRoute(instance, registryName, registryName, 8080)
|
||||
}
|
||||
|
||||
|
||||
if err := r.CreateNewRoute(instance, registryRoute); err != nil {
|
||||
logrus.Errorf("Failed to create %s %s: %s", registryRoute.Name, registryRoute.Kind, err)
|
||||
return false, err
|
||||
|
|
@ -124,12 +124,12 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
}
|
||||
|
||||
updated, err = updateRegistryRoute("devfile")
|
||||
if !(updated || instance.Spec.Server.ExternalDevfileRegistry) || err != nil {
|
||||
if !(updated || instance.Spec.Server.ExternalDevfileRegistry) || err != nil {
|
||||
return updated, err
|
||||
}
|
||||
|
||||
updated, err = updateRegistryRoute("plugin")
|
||||
if !(updated || instance.Spec.Server.ExternalPluginRegistry) || err != nil {
|
||||
if !(updated || instance.Spec.Server.ExternalPluginRegistry) || err != nil {
|
||||
return updated, err
|
||||
}
|
||||
|
||||
|
|
@ -139,8 +139,8 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
}
|
||||
// reconcile ingresses
|
||||
if !isOpenShift {
|
||||
ingressDomain := instance.Spec.K8SOnly.IngressDomain
|
||||
ingressStrategy := util.GetValue(instance.Spec.K8SOnly.IngressStrategy, deploy.DefaultIngressStrategy)
|
||||
ingressDomain := instance.Spec.K8s.IngressDomain
|
||||
ingressStrategy := util.GetValue(instance.Spec.K8s.IngressStrategy, deploy.DefaultIngressStrategy)
|
||||
currentCheIngress := r.GetEffectiveIngress(instance, cheFlavor)
|
||||
if currentCheIngress == nil {
|
||||
return false, err
|
||||
|
|
@ -164,7 +164,7 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
if ingressStrategy == "multi-host" {
|
||||
keycloakURL = protocol + "://keycloak-" + instance.Namespace + "." + ingressDomain
|
||||
}
|
||||
instance.Spec.Auth.KeycloakURL = keycloakURL
|
||||
instance.Spec.Auth.IdentityProviderURL = keycloakURL
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", keycloakURL); err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
|
@ -211,7 +211,7 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
|
||||
} else {
|
||||
keycloakURL := currentKeycloakRoute.Spec.Host
|
||||
instance.Spec.Auth.KeycloakURL = protocol + "://" + keycloakURL
|
||||
instance.Spec.Auth.IdentityProviderURL = protocol + "://" + keycloakURL
|
||||
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", protocol+"://"+keycloakURL); err != nil {
|
||||
return false, err
|
||||
}
|
||||
|
|
@ -235,8 +235,8 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r
|
|||
}
|
||||
|
||||
func (r *ReconcileChe) ReconcileIdentityProvider(instance *orgv1.CheCluster, isOpenShift4 bool) (deleted bool, err error) {
|
||||
if instance.Spec.Auth.OpenShiftOauth == false && instance.Status.OpenShiftoAuthProvisioned == true {
|
||||
keycloakAdminPassword := instance.Spec.Auth.KeycloakAdminPassword
|
||||
if instance.Spec.Auth.OpenShiftoAuth == false && instance.Status.OpenShiftoAuthProvisioned == true {
|
||||
keycloakAdminPassword := instance.Spec.Auth.IdentityProviderPassword
|
||||
keycloakDeployment := &appsv1.Deployment{}
|
||||
if err := r.client.Get(context.TODO(), types.NamespacedName{Name: "keycloak", Namespace: instance.Namespace}, keycloakDeployment); err != nil {
|
||||
logrus.Errorf("Deployment %s not found: %s", keycloakDeployment.Name, err)
|
||||
|
|
@ -249,7 +249,7 @@ func (r *ReconcileChe) ReconcileIdentityProvider(instance *orgv1.CheCluster, isO
|
|||
provisioned := ExecIntoPod(podToExec, deleteOpenShiftIdentityProviderProvisionCommand, "delete OpenShift identity provider", instance.Namespace)
|
||||
if provisioned {
|
||||
oAuthClient := &oauth.OAuthClient{}
|
||||
oAuthClientName := instance.Spec.Auth.OauthClientName
|
||||
oAuthClientName := instance.Spec.Auth.OAuthClientName
|
||||
if err := r.client.Get(context.TODO(), types.NamespacedName{Name: oAuthClientName, Namespace: ""}, oAuthClient); err != nil {
|
||||
logrus.Errorf("OAuthClient %s not found: %s", oAuthClient.Name, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -74,7 +74,7 @@ type CheConfigMap struct {
|
|||
// which is used in CheCluster ConfigMap to configure CheCluster master behavior
|
||||
func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) {
|
||||
cheHost := cr.Spec.Server.CheHost
|
||||
keycloakURL := cr.Spec.Auth.KeycloakURL
|
||||
keycloakURL := cr.Spec.Auth.IdentityProviderURL
|
||||
isOpenShift, isOpenshift4, err := util.DetectOpenShift()
|
||||
if err != nil {
|
||||
logrus.Errorf("Failed to get current infra: %s", err)
|
||||
|
|
@ -88,7 +88,7 @@ func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) {
|
|||
workspacesNamespace := cr.Namespace
|
||||
tls := "false"
|
||||
openShiftIdentityProviderId := "NULL"
|
||||
openshiftOAuth := cr.Spec.Auth.OpenShiftOauth
|
||||
openshiftOAuth := cr.Spec.Auth.OpenShiftoAuth
|
||||
if openshiftOAuth && isOpenShift {
|
||||
workspacesNamespace = ""
|
||||
openShiftIdentityProviderId = "openshift-v3"
|
||||
|
|
@ -122,10 +122,10 @@ func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) {
|
|||
cheWorkspaceHttpProxy, cheWorkspaceNoProxy = util.GenerateProxyEnvs(cr.Spec.Server.ProxyURL, cr.Spec.Server.ProxyPort, cr.Spec.Server.NonProxyHosts, proxyUser, proxyPassword)
|
||||
}
|
||||
|
||||
ingressDomain := cr.Spec.K8SOnly.IngressDomain
|
||||
tlsSecretName := cr.Spec.K8SOnly.TlsSecretName
|
||||
securityContextFsGroup := util.GetValue(cr.Spec.K8SOnly.SecurityContextFsGroup, DefaultSecurityContextFsGroup)
|
||||
securityContextRunAsUser := util.GetValue(cr.Spec.K8SOnly.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser)
|
||||
ingressDomain := cr.Spec.K8s.IngressDomain
|
||||
tlsSecretName := cr.Spec.K8s.TlsSecretName
|
||||
securityContextFsGroup := util.GetValue(cr.Spec.K8s.SecurityContextFsGroup, DefaultSecurityContextFsGroup)
|
||||
securityContextRunAsUser := util.GetValue(cr.Spec.K8s.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser)
|
||||
pvcStrategy := util.GetValue(cr.Spec.Storage.PvcStrategy, DefaultPvcStrategy)
|
||||
pvcClaimSize := util.GetValue(cr.Spec.Storage.PvcClaimSize, DefaultPvcClaimSize)
|
||||
workspacePvcStorageClassName := cr.Spec.Storage.WorkspacePVCStorageClassName
|
||||
|
|
@ -136,14 +136,14 @@ func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) {
|
|||
if !cr.Spec.Storage.PreCreateSubPaths {
|
||||
preCreateSubPaths = "false"
|
||||
}
|
||||
chePostgresHostName := util.GetValue(cr.Spec.Database.ChePostgresDBHostname, DefaultChePostgresHostName)
|
||||
chePostgresHostName := util.GetValue(cr.Spec.Database.ChePostgresHostName, DefaultChePostgresHostName)
|
||||
chePostgresUser := util.GetValue(cr.Spec.Database.ChePostgresUser, DefaultChePostgresUser)
|
||||
chePostgresPort := util.GetValue(cr.Spec.Database.ChePostgresPort, DefaultChePostgresPort)
|
||||
chePostgresDb := util.GetValue(cr.Spec.Database.ChePostgresDb, DefaultChePostgresDb)
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor)
|
||||
keycloakClientId := util.GetValue(cr.Spec.Auth.KeycloakClientId, cheFlavor+"-public")
|
||||
ingressStrategy := util.GetValue(cr.Spec.K8SOnly.IngressStrategy, DefaultIngressStrategy)
|
||||
ingressClass := util.GetValue(cr.Spec.K8SOnly.IngressClass, DefaultIngressClass)
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor)
|
||||
keycloakClientId := util.GetValue(cr.Spec.Auth.IdentityProviderClientId, cheFlavor+"-public")
|
||||
ingressStrategy := util.GetValue(cr.Spec.K8s.IngressStrategy, DefaultIngressStrategy)
|
||||
ingressClass := util.GetValue(cr.Spec.K8s.IngressClass, DefaultIngressClass)
|
||||
devfileRegistryUrl := cr.Status.DevfileRegistryURL
|
||||
pluginRegistryUrl := cr.Status.PluginRegistryURL
|
||||
cheLogLevel := util.GetValue(cr.Spec.Server.CheLogLevel, DefaultCheLogLevel)
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ func TestNewCheConfigMap(t *testing.T) {
|
|||
cr := &orgv1.CheCluster{}
|
||||
cr.Spec.Server.CheHost = "myhostname.com"
|
||||
cr.Spec.Server.TlsSupport = true
|
||||
cr.Spec.Auth.OpenShiftOauth = true
|
||||
cr.Spec.Auth.OpenShiftoAuth = true
|
||||
cheEnv := GetConfigMapData(cr)
|
||||
testCm := NewCheConfigMap(cr, cheEnv)
|
||||
identityProvider := testCm.Data["CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER"]
|
||||
|
|
@ -52,7 +52,7 @@ func TestConfigMapOverride(t *testing.T) {
|
|||
cr.Spec.Server.CustomCheProperties = map[string]string{
|
||||
"CHE_WORKSPACE_NO_PROXY": "myproxy.myhostname.com",
|
||||
}
|
||||
cr.Spec.Auth.OpenShiftOauth = true
|
||||
cr.Spec.Auth.OpenShiftoAuth = true
|
||||
cheEnv := GetConfigMapData(cr)
|
||||
testCm := NewCheConfigMap(cr, cheEnv)
|
||||
if testCm.Data["CHE_WORKSPACE_NO_PROXY"] != "myproxy.myhostname.com" {
|
||||
|
|
|
|||
|
|
@ -162,11 +162,11 @@ func NewCheDeployment(cr *orgv1.CheCluster, cheImage string, cheTag string, cmRe
|
|||
},
|
||||
}
|
||||
if !isOpenshift {
|
||||
runAsUser, err := strconv.ParseInt(util.GetValue(cr.Spec.K8SOnly.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser), 10, 64)
|
||||
runAsUser, err := strconv.ParseInt(util.GetValue(cr.Spec.K8s.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser), 10, 64)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
fsGroup, err := strconv.ParseInt(util.GetValue(cr.Spec.K8SOnly.SecurityContextFsGroup, DefaultSecurityContextFsGroup), 10, 64)
|
||||
fsGroup, err := strconv.ParseInt(util.GetValue(cr.Spec.K8s.SecurityContextFsGroup, DefaultSecurityContextFsGroup), 10, 64)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,8 +25,8 @@ func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string
|
|||
optionalEnv := true
|
||||
keycloakName := "keycloak"
|
||||
labels := GetLabels(cr, keycloakName)
|
||||
keycloakImage := util.GetValue(cr.Spec.Auth.KeycloakImage, DefaultKeycloakImage(cr, cheFlavor))
|
||||
pullPolicy := corev1.PullPolicy(util.GetValue(string(cr.Spec.Auth.KeycloakImagePullPolicy), DefaultPullPolicyFromDockerImage(keycloakImage)))
|
||||
keycloakImage := util.GetValue(cr.Spec.Auth.IdentityProviderImage, DefaultKeycloakImage(cr, cheFlavor))
|
||||
pullPolicy := corev1.PullPolicy(util.GetValue(string(cr.Spec.Auth.IdentityProviderImagePullPolicy), DefaultPullPolicyFromDockerImage(keycloakImage)))
|
||||
trustpass := util.GeneratePasswd(12)
|
||||
jbossDir := "/opt/eap"
|
||||
if cheFlavor == "che" {
|
||||
|
|
@ -68,7 +68,7 @@ func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string
|
|||
"\"" + jbossDir + "/openshift.jks\", password => \"" + trustpass + "\", disabled => \"false\" },enabled=true) \n" +
|
||||
"stop-embedded-server\" > /scripts/add_openshift_certificate.cli && " +
|
||||
"/opt/jboss/keycloak/bin/jboss-cli.sh --file=/scripts/add_openshift_certificate.cli"
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, DefaultKeycloakAdminUserName)
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, DefaultKeycloakAdminUserName)
|
||||
keycloakEnv := []corev1.EnvVar{
|
||||
{
|
||||
Name: "PROXY_ADDRESS_FORWARDING",
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ import (
|
|||
func GetPostgresProvisionCommand(cr *orgv1.CheCluster) (command string) {
|
||||
|
||||
chePostgresUser := util.GetValue(cr.Spec.Database.ChePostgresUser, DefaultChePostgresUser)
|
||||
keycloakPostgresPassword := cr.Spec.Auth.KeycloakPostgresPassword
|
||||
keycloakPostgresPassword := cr.Spec.Auth.IdentityProviderPostgresPassword
|
||||
|
||||
command = "OUT=$(psql postgres -tAc \"SELECT 1 FROM pg_roles WHERE rolname='keycloak'\"); " +
|
||||
"if [ $OUT -eq 1 ]; then echo \"DB exists\"; exit 0; fi " +
|
||||
|
|
@ -38,13 +38,13 @@ func GetPostgresProvisionCommand(cr *orgv1.CheCluster) (command string) {
|
|||
}
|
||||
|
||||
func GetKeycloakProvisionCommand(cr *orgv1.CheCluster, cheHost string) (command string) {
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, "admin")
|
||||
keycloakAdminPassword := util.GetValue(cr.Spec.Auth.KeycloakAdminPassword, "admin")
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, "admin")
|
||||
keycloakAdminPassword := util.GetValue(cr.Spec.Auth.IdentityProviderPassword, "admin")
|
||||
requiredActions := ""
|
||||
updateAdminPassword := cr.Spec.Auth.UpdateAdminPassword
|
||||
cheFlavor := util.GetValue(cr.Spec.Server.CheFlavor, DefaultCheFlavor)
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor)
|
||||
keycloakClientId := util.GetValue(cr.Spec.Auth.KeycloakClientId, cheFlavor+"-public")
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor)
|
||||
keycloakClientId := util.GetValue(cr.Spec.Auth.IdentityProviderClientId, cheFlavor+"-public")
|
||||
|
||||
if updateAdminPassword {
|
||||
requiredActions = "\"UPDATE_PASSWORD\""
|
||||
|
|
@ -88,8 +88,8 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli
|
|||
return "", err
|
||||
}
|
||||
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor)
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, DefaultKeycloakAdminUserName)
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor)
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, DefaultKeycloakAdminUserName)
|
||||
script := "/opt/jboss/keycloak/bin/kcadm.sh"
|
||||
if cheFlavor == "codeready" {
|
||||
script = "/opt/eap/bin/kcadm.sh"
|
||||
|
|
@ -106,11 +106,11 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli
|
|||
logrus.Errorf("Failed to locate keycloak oauth provisioning file: %s", err)
|
||||
}
|
||||
createOpenShiftIdentityProviderTemplate := string(file)
|
||||
/*
|
||||
In order to have the token-exchange currently working and easily usable, we should (in case of Keycloak) be able to
|
||||
- Automatically redirect the user to its Keycloak account page to set those required values when the email is empty (instead of failing here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakEnvironmentInitalizationFilter.java#L125)
|
||||
- Or at least point with a link to the place where it can be set (the KeycloakSettings PROFILE_ENDPOINT_SETTING value)
|
||||
(cf. here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSettings.java#L117)
|
||||
/*
|
||||
In order to have the token-exchange currently working and easily usable, we should (in case of Keycloak) be able to
|
||||
- Automatically redirect the user to its Keycloak account page to set those required values when the email is empty (instead of failing here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakEnvironmentInitalizationFilter.java#L125)
|
||||
- Or at least point with a link to the place where it can be set (the KeycloakSettings PROFILE_ENDPOINT_SETTING value)
|
||||
(cf. here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSettings.java#L117)
|
||||
*/
|
||||
|
||||
template, err := template.New("IdentityProviderProvisioning").Parse(createOpenShiftIdentityProviderTemplate)
|
||||
|
|
@ -144,7 +144,7 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli
|
|||
}
|
||||
|
||||
command = buffer.String()
|
||||
|
||||
|
||||
if cheFlavor == "che" {
|
||||
command = "cd /scripts && export JAVA_TOOL_OPTIONS=-Duser.home=. && " + command
|
||||
}
|
||||
|
|
@ -153,8 +153,8 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli
|
|||
|
||||
func GetDeleteOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, keycloakAdminPassword string, isOpenShift4 bool) (command string) {
|
||||
cheFlavor := util.GetValue(cr.Spec.Server.CheFlavor, DefaultCheFlavor)
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor)
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, DefaultKeycloakAdminUserName)
|
||||
keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor)
|
||||
keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, DefaultKeycloakAdminUserName)
|
||||
script := "/opt/jboss/keycloak/bin/kcadm.sh"
|
||||
if cheFlavor == "codeready" {
|
||||
script = "/opt/eap/bin/kcadm.sh"
|
||||
|
|
@ -176,4 +176,3 @@ func GetDeleteOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, ke
|
|||
}
|
||||
return command
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,14 +21,14 @@ import (
|
|||
|
||||
func NewIngress(cr *orgv1.CheCluster, name string, serviceName string, port int) *v1beta1.Ingress {
|
||||
tlsSupport := cr.Spec.Server.TlsSupport
|
||||
ingressStrategy := cr.Spec.K8SOnly.IngressStrategy
|
||||
ingressStrategy := cr.Spec.K8s.IngressStrategy
|
||||
if len(ingressStrategy) < 1 {
|
||||
ingressStrategy = "multi-host"
|
||||
}
|
||||
ingressDomain := cr.Spec.K8SOnly.IngressDomain
|
||||
ingressClass := util.GetValue(cr.Spec.K8SOnly.IngressClass, DefaultIngressClass)
|
||||
ingressDomain := cr.Spec.K8s.IngressDomain
|
||||
ingressClass := util.GetValue(cr.Spec.K8s.IngressClass, DefaultIngressClass)
|
||||
labels := GetLabels(cr, name)
|
||||
tlsSecretName := cr.Spec.K8SOnly.TlsSecretName
|
||||
tlsSecretName := cr.Spec.K8s.TlsSecretName
|
||||
tls := "false"
|
||||
if tlsSupport {
|
||||
tls = "true"
|
||||
|
|
@ -95,4 +95,3 @@ func NewIngress(cr *orgv1.CheCluster, name string, serviceName string, port int)
|
|||
},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue