diff --git a/deploy/crds/org_v1_che_crd.yaml b/deploy/crds/org_v1_che_crd.yaml index e57d031eb..bfa449492 100644 --- a/deploy/crds/org_v1_che_crd.yaml +++ b/deploy/crds/org_v1_che_crd.yaml @@ -20,6 +20,457 @@ spec: plural: checlusters singular: checluster scope: Namespaced - version: v1 subresources: - status: {} \ No newline at end of file + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. + This will allow users to directly login with their Openshift user + throug the Openshift login, and have their workspaces created + under personnal OpenShift namespaces. WARNING: the `kuebadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overriden. + type: string + cheHost: + description: Public hostname of the installed Che server. This will + be automatically set by the operator. In most cases the default + value set by the operator should not be overriden. + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required (see also the `proxyURL` + field). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyUser` field). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL` field). + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL` field). + type: string + selfSignedCert: + description: Enables the support of OpenShift clusters whose router + uses self-signed certificates. When enabled, the operator retrieves + the default self-signed certificate of OpenShift routes and adds + it to the Java trust store of the Che server. This is usually + required when activating the `tlsSupport` field on demo OpenShift + clusters that have not been setup with a valid certificate for + the routes. This is disabled by default. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + tlsSupport: + description: 'Instructs the operator to deploy Che in TLS mode, + ie with TLS routes or ingresses. This is disabled by default. + WARNING: Enabling TLS might require enabling the `selfSignedCert` + field also in some cases.' + type: boolean + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/e2e/tests.go b/e2e/tests.go index 6b4ef63ca..fd512c8eb 100644 --- a/e2e/tests.go +++ b/e2e/tests.go @@ -41,7 +41,6 @@ func main() { } logrus.Info("CRD successfully added to schema") - logrus.Infof("Creating a new namespace: %s", namespace) ns := newNamespace() if err := createNamespace(ns); err != nil { @@ -96,7 +95,6 @@ func main() { logrus.Info("Installation succeeded") } - // reconfigure CR to enable TLS support logrus.Info("Patching CR with TLS enabled. This should cause a new Che deployment") patchPath := "/spec/server/tlsSupport" @@ -158,7 +156,7 @@ func main() { if err != nil { logrus.Fatalf("Failed to get CR: %s", err) } - oAuthClientName := cr.Spec.Auth.OauthClientName + oAuthClientName := cr.Spec.Auth.OAuthClientName _, err = getOauthClient(oAuthClientName) if err != nil { logrus.Fatalf("oAuthclient %s not found", oAuthClientName) diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml new file mode 100644 index 000000000..bfa449492 --- /dev/null +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml @@ -0,0 +1,476 @@ +# +# Copyright (c) 2012-2019 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. + This will allow users to directly login with their Openshift user + throug the Openshift login, and have their workspaces created + under personnal OpenShift namespaces. WARNING: the `kuebadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overriden. + type: string + cheHost: + description: Public hostname of the installed Che server. This will + be automatically set by the operator. In most cases the default + value set by the operator should not be overriden. + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required (see also the `proxyURL` + field). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyUser` field). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL` field). + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL` field). + type: string + selfSignedCert: + description: Enables the support of OpenShift clusters whose router + uses self-signed certificates. When enabled, the operator retrieves + the default self-signed certificate of OpenShift routes and adds + it to the Java trust store of the Che server. This is usually + required when activating the `tlsSupport` field on demo OpenShift + clusters that have not been setup with a valid certificate for + the routes. This is disabled by default. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + tlsSupport: + description: 'Instructs the operator to deploy Che in TLS mode, + ie with TLS routes or ingresses. This is disabled by default. + WARNING: Enabling TLS might require enabling the `selfSignedCert` + field also in some cases.' + type: boolean + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml.diff b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml.diff new file mode 100644 index 000000000..6e312d122 --- /dev/null +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml.diff @@ -0,0 +1,475 @@ +--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1567522875/eclipse-che-preview-kubernetes.crd.yaml 2019-09-17 16:37:37.000000000 +0200 ++++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.crd.yaml 2019-10-14 12:37:21.000000000 +0200 +@@ -1,3 +1,13 @@ ++# ++# Copyright (c) 2012-2019 Red Hat, Inc. ++# This program and the accompanying materials are made ++# available under the terms of the Eclipse Public License 2.0 ++# which is available at https://www.eclipse.org/legal/epl-2.0/ ++# ++# SPDX-License-Identifier: EPL-2.0 ++# ++# Contributors: ++# Red Hat, Inc. - initial API and implementation + apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: +@@ -10,6 +20,457 @@ + plural: checlusters + singular: checluster + scope: Namespaced +- version: v1 + subresources: + status: {} ++ validation: ++ openAPIV3Schema: ++ properties: ++ apiVersion: ++ description: 'APIVersion defines the versioned schema of this representation ++ of an object. Servers should convert recognized schemas to the latest ++ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' ++ type: string ++ kind: ++ description: 'Kind is a string value representing the REST resource this ++ object represents. Servers may infer this from the endpoint the client ++ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' ++ type: string ++ metadata: ++ type: object ++ spec: ++ properties: ++ auth: ++ description: Configuration settings related to the Authentication used ++ by the Che installation. ++ properties: ++ externalIdentityProvider: ++ description: 'Instructs the operator on whether or not to deploy ++ a dedicated Identity Provider (Keycloak or RH SSO instance). By ++ default a dedicated Identity Provider server is deployed as part ++ of the Che installation. But if `externalIdentityProvider` is ++ `true`, then no dedicated identity provider will be deployed by ++ the operator and you might need to provide details about the external ++ identity provider you want to use. See also all the other fields ++ starting with: `identityProvider`.' ++ type: boolean ++ identityProviderAdminUserName: ++ description: Overrides the name of the Identity Provider admin user. ++ Defaults to `admin`. ++ type: string ++ identityProviderClientId: ++ description: Name of a Identity provider (Keycloak / RH SSO) `client-id` ++ that should be used for Che. This is useful to override it ONLY ++ if you use an external Identity Provider (see the `externalIdentityProvider` ++ field). If omitted or left blank, it will be set to the value ++ of the `flavour` field suffixed with `-public`. ++ type: string ++ identityProviderImage: ++ description: Overrides the container image used in the Identity ++ Provider (Keycloak / RH SSO) deployment. This includes the image ++ tag. Omit it or leave it empty to use the defaut container image ++ provided by the operator. ++ type: string ++ identityProviderImagePullPolicy: ++ description: Overrides the image pull policy used in the Identity ++ Provider (Keycloak / RH SSO) deployment. Default value is `Always` ++ for `nightly` or `latest` images, and `IfNotPresent` in other ++ cases. ++ type: string ++ identityProviderPassword: ++ description: Overrides the password of Keycloak admin user. This ++ is useful to override it ONLY if you use an external Identity ++ Provider (see the `externalIdentityProvider` field). If omitted ++ or left blank, it will be set to an auto-generated password. ++ type: string ++ identityProviderPostgresPassword: ++ description: Password for The Identity Provider (Keycloak / RH SSO) ++ to connect to the database. This is useful to override it ONLY ++ if you use an external Identity Provider (see the `externalIdentityProvider` ++ field). If omitted or left blank, it will be set to an auto-generated ++ password. ++ type: string ++ identityProviderRealm: ++ description: Name of a Identity provider (Keycloak / RH SSO) realm ++ that should be used for Che. This is useful to override it ONLY ++ if you use an external Identity Provider (see the `externalIdentityProvider` ++ field). If omitted or left blank, it will be set to the value ++ of the `flavour` field. ++ type: string ++ identityProviderURL: ++ description: Public URL of the Identity Provider server (Keycloak ++ / RH SSO server). You should set it ONLY if you use an external ++ Identity Provider (see the `externalIdentityProvider` field). ++ By default this will be automatically calculated and set by the ++ operator. ++ type: string ++ oAuthClientName: ++ description: Name of the OpenShift `OAuthClient` resource used to ++ setup identity federation on the OpenShift side. Auto-generated ++ if left blank. See also the `OpenShiftoAuth` field. ++ type: string ++ oAuthSecret: ++ description: Name of the secret set in the OpenShift `OAuthClient` ++ resource used to setup identity federation on the OpenShift side. ++ Auto-generated if left blank. See also the `OAuthClientName` field. ++ type: string ++ openShiftoAuth: ++ description: 'Enables the integration of the identity provider (Keycloak ++ / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. ++ This will allow users to directly login with their Openshift user ++ throug the Openshift login, and have their workspaces created ++ under personnal OpenShift namespaces. WARNING: the `kuebadmin` ++ user is NOT supported, and logging through it will NOT allow accessing ++ the Che Dashboard.' ++ type: boolean ++ updateAdminPassword: ++ description: Forces the default `admin` Che user to update password ++ on first login. Defaults to `false`. ++ type: boolean ++ type: object ++ database: ++ description: Configuration settings related to the database used by ++ the Che installation. ++ properties: ++ chePostgresDb: ++ description: Postgres database name that the Che server uses to ++ connect to the DB. Defaults to `dbche`. ++ type: string ++ chePostgresHostName: ++ description: Postgres Database hostname that the Che server uses ++ to connect to. Defaults to postgres. This value should be overridden ++ ONLY when using an external database (see field `externalDb`). ++ In the default case it will be automatically set by the operator. ++ type: string ++ chePostgresPassword: ++ description: Postgres password that the Che server should use to ++ connect to the DB. If omitted or left blank, it will be set to ++ an auto-generated value. ++ type: string ++ chePostgresPort: ++ description: Postgres Database port that the Che server uses to ++ connect to. Defaults to 5432. This value should be overridden ++ ONLY when using an external database (see field `externalDb`). ++ In the default case it will be automatically set by the operator. ++ type: string ++ chePostgresUser: ++ description: Postgres user that the Che server should use to connect ++ to the DB. Defaults to `pgche`. ++ type: string ++ externalDb: ++ description: 'Instructs the operator on whether or not to deploy ++ a dedicated database. By default a dedicated Postgres database ++ is deployed as part of the Che installation. But if `externalDb` ++ is `true`, then no dedicated database will be deployed by the ++ operator and you might need to provide connection details to the ++ external DB you want to use. See also all the fields starting ++ with: `chePostgres`.' ++ type: boolean ++ postgresImage: ++ description: Overrides the container image used in the Postgres ++ database deployment. This includes the image tag. Omit it or leave ++ it empty to use the defaut container image provided by the operator. ++ type: string ++ postgresImagePullPolicy: ++ description: Overrides the image pull policy used in the Postgres ++ database deployment. Default value is `Always` for `nightly` or ++ `latest` images, and `IfNotPresent` in other cases. ++ type: string ++ type: object ++ k8s: ++ description: Configuration settings specific to Che installations made ++ on upstream Kubernetes. ++ properties: ++ ingressClass: ++ description: 'Ingress class that will define the which controler ++ will manage ingresses. Defaults to `nginx`. NB: This drives the ++ `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' ++ type: string ++ ingressDomain: ++ description: 'Global ingress domain for a K8S cluster. This MUST ++ be explicitly specified: there are no defaults.' ++ type: string ++ ingressStrategy: ++ description: Strategy for ingress creation. This can be `multi-host` ++ (host is explicitly provided in ingress), `single-host` (host ++ is provided, path-based rules) and `default-host.*`(no host is ++ provided, path-based rules). Defaults to `"multi-host` ++ type: string ++ securityContextFsGroup: ++ description: FSGroup the Che pod and Workspace pods containers should ++ run in. Defaults to `1724`. ++ type: string ++ securityContextRunAsUser: ++ description: ID of the user the Che pod and Workspace pods containers ++ should run as. Default to `1724`. ++ type: string ++ tlsSecretName: ++ description: Name of a secret that will be used to setup ingress ++ TLS termination if TLS is enabled. See also the `tlsSupport` field. ++ type: string ++ type: object ++ server: ++ description: General configuration settings related to the Che server ++ and the plugin and devfile registries ++ properties: ++ airGapContainerRegistryHostname: ++ description: Optional hostname (or url) to an alternate container ++ registry to pull images from. This value overrides the container ++ registry hostname defined in all the default container images ++ involved in a Che deployment. This is particularly useful to install ++ Che in an air-gapped environment. ++ type: string ++ airGapContainerRegistryOrganization: ++ description: Optional repository name of an alternate container ++ registry to pull images from. This value overrides the container ++ registry organization defined in all the default container images ++ involved in a Che deployment. This is particularly useful to install ++ Che in an air-gapped environment. ++ type: string ++ cheDebug: ++ description: Enables the debug mode for Che server. Defaults to ++ `false`. ++ type: string ++ cheFlavor: ++ description: Flavor of the installation. This is either `che` for ++ upstream Che installations, or `codeready` for CodeReady Workspaces ++ installation. In most cases the default value should not be overriden. ++ type: string ++ cheHost: ++ description: Public hostname of the installed Che server. This will ++ be automatically set by the operator. In most cases the default ++ value set by the operator should not be overriden. ++ type: string ++ cheImage: ++ description: Overrides the container image used in Che deployment. ++ This does NOT include the container image tag. Omit it or leave ++ it empty to use the defaut container image provided by the operator. ++ type: string ++ cheImagePullPolicy: ++ description: Overrides the image pull policy used in Che deployment. ++ Default value is `Always` for `nightly` or `latest` images, and ++ `IfNotPresent` in other cases. ++ type: string ++ cheImageTag: ++ description: Overrides the tag of the container image used in Che ++ deployment. Omit it or leave it empty to use the defaut image ++ tag provided by the operator. ++ type: string ++ cheLogLevel: ++ description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults ++ to `INFO`.' ++ type: string ++ cheWorkspaceClusterRole: ++ description: Custom cluster role bound to the user for the Che workspaces. ++ The default roles are used if this is omitted or left blank. ++ type: string ++ customCheProperties: ++ additionalProperties: ++ type: string ++ description: Map of additional environment variables that will be ++ applied in the generated `che` config map to be used by the Che ++ server, in addition to the values already generated from other ++ fields of the `CheCluster` custom resource (CR). If `customCheProperties` ++ contains a property that would be normally generated in `che` ++ config map from other CR fields, then the value defined in the ++ `customCheProperties` will be used instead. ++ type: object ++ devfileRegistryImage: ++ description: Overrides the container image used in the Devfile registry ++ deployment. This includes the image tag. Omit it or leave it empty ++ to use the defaut container image provided by the operator. ++ type: string ++ devfileRegistryMemoryLimit: ++ description: Overrides the memory limit used in the Devfile registry ++ deployment. Defaults to 256Mi. ++ type: string ++ devfileRegistryMemoryRequest: ++ description: Overrides the memory request used in the Devfile registry ++ deployment. Defaults to 16Mi. ++ type: string ++ devfileRegistryPullPolicy: ++ description: Overrides the image pull policy used in the Devfile ++ registry deployment. Default value is `Always` for `nightly` or ++ `latest` images, and `IfNotPresent` in other cases. ++ type: string ++ devfileRegistryUrl: ++ description: Public URL of the Devfile registry, that serves sample, ++ ready-to-use devfiles. You should set it ONLY if you use an external ++ devfile registry (see the `externalDevfileRegistry` field). By ++ default this will be automatically calculated by the operator. ++ type: string ++ externalDevfileRegistry: ++ description: Instructs the operator on whether or not to deploy ++ a dedicated Devfile registry server. By default a dedicated devfile ++ registry server is started. But if `externalDevfileRegistry` is ++ `true`, then no such dedicated server will be started by the operator ++ and you will have to manually set the `devfileRegistryUrl` field ++ type: boolean ++ externalPluginRegistry: ++ description: Instructs the operator on whether or not to deploy ++ a dedicated Plugin registry server. By default a dedicated plugin ++ registry server is started. But if `externalPluginRegistry` is ++ `true`, then no such dedicated server will be started by the operator ++ and you will have to manually set the `pluginRegistryUrl` field. ++ type: boolean ++ nonProxyHosts: ++ description: List of hosts that should not use the configured proxy. ++ Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` ++ Only use when configuring a proxy is required (see also the `proxyURL` ++ field). ++ type: string ++ pluginRegistryImage: ++ description: Overrides the container image used in the Plugin registry ++ deployment. This includes the image tag. Omit it or leave it empty ++ to use the defaut container image provided by the operator. ++ type: string ++ pluginRegistryMemoryLimit: ++ description: Overrides the memory limit used in the Plugin registry ++ deployment. Defaults to 256Mi. ++ type: string ++ pluginRegistryMemoryRequest: ++ description: Overrides the memory request used in the Plugin registry ++ deployment. Defaults to 16Mi. ++ type: string ++ pluginRegistryPullPolicy: ++ description: Overrides the image pull policy used in the Plugin ++ registry deployment. Default value is `Always` for `nightly` or ++ `latest` images, and `IfNotPresent` in other cases. ++ type: string ++ pluginRegistryUrl: ++ description: Public URL of the Plugin registry, that serves sample ++ ready-to-use devfiles. You should set it ONLY if you use an external ++ devfile registry (see the `externalPluginRegistry` field). By ++ default this will be automatically calculated by the operator. ++ type: string ++ proxyPassword: ++ description: Password of the proxy server Only use when proxy configuration ++ is required (see also the `proxyUser` field). ++ type: string ++ proxyPort: ++ description: Port of the proxy server. Only use when configuring ++ a proxy is required (see also the `proxyURL` field). ++ type: string ++ proxyURL: ++ description: URL (protocol+hostname) of the proxy server. This drives ++ the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` ++ variables in the Che server and workspaces containers. Only use ++ when configuring a proxy is required. ++ type: string ++ proxyUser: ++ description: User name of the proxy server. Only use when configuring ++ a proxy is required (see also the `proxyURL` field). ++ type: string ++ selfSignedCert: ++ description: Enables the support of OpenShift clusters whose router ++ uses self-signed certificates. When enabled, the operator retrieves ++ the default self-signed certificate of OpenShift routes and adds ++ it to the Java trust store of the Che server. This is usually ++ required when activating the `tlsSupport` field on demo OpenShift ++ clusters that have not been setup with a valid certificate for ++ the routes. This is disabled by default. ++ type: boolean ++ serverMemoryLimit: ++ description: Overrides the memory limit used in the Che server deployment. ++ Defaults to 1Gi. ++ type: string ++ serverMemoryRequest: ++ description: Overrides the memory request used in the Che server ++ deployment. Defaults to 512Mi. ++ type: string ++ tlsSupport: ++ description: 'Instructs the operator to deploy Che in TLS mode, ++ ie with TLS routes or ingresses. This is disabled by default. ++ WARNING: Enabling TLS might require enabling the `selfSignedCert` ++ field also in some cases.' ++ type: boolean ++ type: object ++ storage: ++ description: Configuration settings related to the persistent storage ++ used by the Che installation. ++ properties: ++ postgresPVCStorageClassName: ++ description: Storage class for the Persistent Volume Claim dedicated ++ to the Postgres database. If omitted or left blank, default storage ++ class is used. ++ type: string ++ preCreateSubPaths: ++ description: Instructs the Che server to launch a special pod to ++ pre-create a subpath in the Persistent Volumes. Defaults to `false`, ++ however it might need to enable it according to the configuration ++ of your K8S cluster. ++ type: boolean ++ pvcClaimSize: ++ description: Size of the persistent volume claim for workspaces. ++ Defaults to `1Gi` ++ type: string ++ pvcJobsImage: ++ description: Overrides the container image used to create sub-paths ++ in the Persistent Volumes. This includes the image tag. Omit it ++ or leave it empty to use the defaut container image provided by ++ the operator. See also the `preCreateSubPaths` field. ++ type: string ++ pvcStrategy: ++ description: Persistent volume claim strategy for the Che server. ++ This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` ++ (one PVC per workspace for all declared volumes) and `unique` ++ (one PVC per declared volume). Defaults to `common`. ++ type: string ++ workspacePVCStorageClassName: ++ description: Storage class for the Persistent Volume Claims dedicated ++ to the Che workspaces. If omitted or left blank, default storage ++ class is used. ++ type: string ++ type: object ++ type: object ++ status: ++ properties: ++ cheClusterRunning: ++ description: Status of a Che installation. Can be `Available`, `Unavailable`, ++ or `Available, Rolling Update in Progress` ++ type: string ++ cheURL: ++ description: Public URL to the Che server ++ type: string ++ cheVersion: ++ description: Current installed Che version ++ type: string ++ dbProvisioned: ++ description: Indicates if or not a Postgres instance has been correctly ++ provisioned ++ type: boolean ++ devfileRegistryURL: ++ description: Public URL to the Devfile registry ++ type: string ++ helpLink: ++ description: A URL that can point to some URL where to find help related ++ to the current Operator status. ++ type: string ++ keycloakProvisioned: ++ description: Indicates whether an Identity Provider instance (Keycloak ++ / RH SSO) has been provisioned with realm, client and user ++ type: boolean ++ keycloakURL: ++ description: Public URL to the Identity Provider server (Keycloak / ++ RH SSO). ++ type: string ++ message: ++ description: A human readable message indicating details about why the ++ pod is in this condition. ++ type: string ++ openShiftoAuthProvisioned: ++ description: Indicates whether an Identity Provider instance (Keycloak ++ / RH SSO) has been configured to integrate with the OpenShift OAuth. ++ type: boolean ++ pluginRegistryURL: ++ description: Public URL to the Plugin registry ++ type: string ++ reason: ++ description: A brief CamelCase message indicating details about why ++ the pod is in this state. ++ type: string ++ type: object ++ version: v1 ++ versions: ++ - name: v1 ++ served: true ++ storage: true diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml new file mode 100644 index 000000000..1084debdf --- /dev/null +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml @@ -0,0 +1,354 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "org.eclipse.che/v1", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che" + }, + "spec": { + "k8s": { + "ingressDomain": "", + "tlsSecretName": "" + }, + "server": { + "cheImageTag": "nightly", + "devfileRegistryImage": "quay.io/eclipse/che-devfile-registry:nightly", + "pluginRegistryImage": "quay.io/eclipse/che-plugin-registry:nightly", + "tlsSupport": false, + "selfSignedCert": false + }, + "database": { + "externalDb": false, + "chePostgresHostname": "", + "chePostgresPort": "", + "chePostgresUser": "", + "chePostgresPassword": "", + "chePostgresDb": "" + }, + "auth": { + "identityProviderImage": "eclipse/che-keycloak:nightly", + "externalIdentityProvider": false, + "identityProviderURL": "", + "identityProviderRealm": "", + "identityProviderClientId": "" + }, + "storage": { + "pvcStrategy": "per-workspace", + "pvcClaimSize": "1Gi", + "preCreateSubPaths": true + } + } + } + ] + capabilities: Seamless Upgrades + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly + createdAt: "2019-10-14T10:37:21Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation + name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Eclipse Che cluster with DB and Auth Server + displayName: Eclipse Che Cluster + kind: CheCluster + name: checlusters.org.eclipse.che + specDescriptors: + - description: TLS routes + displayName: TLS Mode + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Ingress to access Eclipse Che + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Ingress to access Keycloak Admin Console + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Eclipse Che server version + displayName: Eclipse Che version + path: cheVersion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The current status of the application + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Reason of the current status + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: Message explaining the current status + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: Link providing help related to the current status + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers Kubernetes workspaces and in-browser IDE for rapid cloud application development. + This operator installs PostgreSQL, Keycloak, Registries and the Eclipse Che server, as well as configures all these services. + ## Prerequisites + - Operator Lifecycle Manager (OLM) needs to be installed. + - Kubernetes Platform. For OpenShift, the installation is directly made from OperatorHub UI in the admin console. + + OLM installation can be checked by running the command: + ``` + $ kubectl get pods --all-namespaces | grep olm + olm catalog-operator-7b8cd7f8bf-2v7zj 1/1 Running 0 10m + olm olm-operator-5c5c798cd5-s6ll5 1/1 Running 0 10m + olm olm-operators-fm5wc 1/1 Running 0 10m + olm operatorhubio-catalog-d78km 1/1 Running 0 10m + olm packageserver-5c5f64947b-trghp 1/1 Running 0 9m56s + olm packageserver-5c5f64947b-zqvxg 1/1 Running 0 9m56s + ``` + + ## How to Install + Install `Eclipse Che Operator` by following instructions in top right button `Install`. + + A new pod che-operator is created in `my-eclipse-che` namespace + + ``` + $ kubectl get pods --all-namespaces | grep my-eclipse-che + my-eclipse-che che-operator-554c564476-fl98z 1/1 Running 0 13s + ``` + + The operator is now providing new Custom Resources Definitions: `checluster.org.eclipse.che` + + Create a new Eclipse Che instance by creating a new CheCluster resource: + + On the bottom of this page, there is a section `Custom Resource Definitions` with `Eclipse Che Cluster` name. + + Click on `View YAML Example` *Link* and copy the content to a new file named `my-eclipse-che.yaml` + **Important!** Make sure you provide **K8s.ingressDomain** which is a global ingress domain of your k8s cluster, for example, `gcp.my-ide.cloud` + Create the new CheCluster by creating the resource in the `my-eclipse-che` namespace : + ``` + $ kubectl create -f my-eclipse-che.yaml -n my-eclipse-che + ``` + ***important:*** The operator is only tracking resources in its own namespace. If CheCluster is not created in this namespace it's ignored. + The operator will now create pods for Eclipse Che. The deployment status can be tracked by looking at the Operator logs by using the command: + ``` + $ kubectl logs -n my-eclipse-che che-operator-554c564476-fl98z + ``` + ***important:*** pod name is different on each installation + + When all Eclipse Che containers are running, the Eclipse Che URL is printed + + + Eclipse Che URL can be tracked by searching for available trace: + ``` + $ kubectl logs -f -n my-eclipse-che che-operator-7b6b4bcb9c-m4m2m | grep "Eclipse Che is now available" + time="2019-08-01T13:31:05Z" level=info msg="Eclipse Che is now available at: http://che-my-eclipse-che.gcp.my-ide.cloud" + ``` + When Eclipse Che is ready, the Eclipse Che URL is displayed in CheCluster resource in `status` section + ``` + $ kubectl describe checluster/eclipse-che -n my-eclipse-che + ``` + + ``` + Status: + Che Cluster Running: Available + Che URL: http://che-my-eclipse-che.gcp.my-ide.cloud + Che Version: 7.0.0 + ... + ``` + + By opening this URL in a web browser, Eclipse Che is ready to use. + ## Defaults + By default, the operator deploys Eclipse Che with: + * Bundled PostgreSQL and Keycloak + * Per-Workspace PVC strategy + * Auto-generated passwords + * HTTP mode (non-secure ingresses) + ## Installation Options + Eclipse Che operator installation options include: + * Connection to external database and Keycloak + * Configuration of default passwords and object names + * TLS mode + * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) + * Authentication options + ### External Database and Keycloak + To instruct the operator to skip deploying PostgreSQL and Keycloak and connect to an existing DB and Keycloak instead: + * set respective fields to `true` in a custom resource spec + * provide the operator with connection and authentication details: + ``` + externalDb: true + chePostgresHostname: 'yourPostgresHost' + chePostgresPort: '5432' + chePostgresUser: 'myuser' + chePostgresPassword: 'mypass' + chePostgresDb: 'mydb' + externalIdentityProvider: true + identityProviderURL: 'https://my-keycloak.com' + identityProviderRealm: 'myrealm' + identityProviderClientId: 'myClient' + ``` + ### TLS Mode + To activate TLS mode, set the respective field in the CR spec to `true` (in the `server` block): + ``` + tlsSupport: true + ``` + You will also need to provide name of tls secret that will be used for Eclipse Che and workspaces ingresses: + ``` + tlsSecretName: 'my-ingress-tls-secret' + ``` + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: {} + template: + metadata: + labels: + app: che-operator + spec: + containers: + - command: + - /usr/local/bin/che-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + image: quay.io/eclipse/che-operator:nightly + imagePullPolicy: Always + name: che-operator + ports: + - containerPort: 60000 + name: metrics + resources: {} + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 5 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - '*' + verbs: + - '*' + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - eclipse che + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse/che-operator + maintainers: + - email: dfestal@redhat.com + name: David Festal + maturity: stable + provider: + name: Eclipse Foundation + replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875 + version: 9.9.9-nightly.1571049441 diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml.diff b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml.diff new file mode 100644 index 000000000..b50887ebc --- /dev/null +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml.diff @@ -0,0 +1,25 @@ +--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1567522875/eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875.clusterserviceversion.yaml 2019-09-17 16:37:37.000000000 +0200 ++++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1571049441/eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441.clusterserviceversion.yaml 2019-10-14 12:37:21.000000000 +0200 +@@ -49,12 +49,12 @@ + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly +- createdAt: "2019-09-03T15:01:15Z" ++ createdAt: "2019-10-14T10:37:21Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation +- name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875 ++ name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441 + namespace: placeholder + spec: + apiservicedefinitions: {} +@@ -350,5 +350,5 @@ + maturity: stable + provider: + name: Eclipse Foundation +- replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567514659 +- version: 9.9.9-nightly.1567522875 ++ replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875 ++ version: 9.9.9-nightly.1571049441 diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml index 0932f34a6..fd4620a7f 100644 --- a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml @@ -1,5 +1,5 @@ channels: -- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1567522875 +- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1571049441 name: nightly - currentCSV: eclipse-che-preview-kubernetes.v7.2.0 name: stable diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml new file mode 100644 index 000000000..bfa449492 --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml @@ -0,0 +1,476 @@ +# +# Copyright (c) 2012-2019 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. + This will allow users to directly login with their Openshift user + throug the Openshift login, and have their workspaces created + under personnal OpenShift namespaces. WARNING: the `kuebadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overriden. + type: string + cheHost: + description: Public hostname of the installed Che server. This will + be automatically set by the operator. In most cases the default + value set by the operator should not be overriden. + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required (see also the `proxyURL` + field). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyUser` field). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL` field). + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL` field). + type: string + selfSignedCert: + description: Enables the support of OpenShift clusters whose router + uses self-signed certificates. When enabled, the operator retrieves + the default self-signed certificate of OpenShift routes and adds + it to the Java trust store of the Che server. This is usually + required when activating the `tlsSupport` field on demo OpenShift + clusters that have not been setup with a valid certificate for + the routes. This is disabled by default. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + tlsSupport: + description: 'Instructs the operator to deploy Che in TLS mode, + ie with TLS routes or ingresses. This is disabled by default. + WARNING: Enabling TLS might require enabling the `selfSignedCert` + field also in some cases.' + type: boolean + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml.diff b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml.diff new file mode 100644 index 000000000..4560d9075 --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml.diff @@ -0,0 +1,475 @@ +--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1567522875/eclipse-che-preview-openshift.crd.yaml 2019-09-17 16:37:37.000000000 +0200 ++++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.crd.yaml 2019-10-14 12:37:21.000000000 +0200 +@@ -1,3 +1,13 @@ ++# ++# Copyright (c) 2012-2019 Red Hat, Inc. ++# This program and the accompanying materials are made ++# available under the terms of the Eclipse Public License 2.0 ++# which is available at https://www.eclipse.org/legal/epl-2.0/ ++# ++# SPDX-License-Identifier: EPL-2.0 ++# ++# Contributors: ++# Red Hat, Inc. - initial API and implementation + apiVersion: apiextensions.k8s.io/v1beta1 + kind: CustomResourceDefinition + metadata: +@@ -10,6 +20,457 @@ + plural: checlusters + singular: checluster + scope: Namespaced +- version: v1 + subresources: + status: {} ++ validation: ++ openAPIV3Schema: ++ properties: ++ apiVersion: ++ description: 'APIVersion defines the versioned schema of this representation ++ of an object. Servers should convert recognized schemas to the latest ++ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' ++ type: string ++ kind: ++ description: 'Kind is a string value representing the REST resource this ++ object represents. Servers may infer this from the endpoint the client ++ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' ++ type: string ++ metadata: ++ type: object ++ spec: ++ properties: ++ auth: ++ description: Configuration settings related to the Authentication used ++ by the Che installation. ++ properties: ++ externalIdentityProvider: ++ description: 'Instructs the operator on whether or not to deploy ++ a dedicated Identity Provider (Keycloak or RH SSO instance). By ++ default a dedicated Identity Provider server is deployed as part ++ of the Che installation. But if `externalIdentityProvider` is ++ `true`, then no dedicated identity provider will be deployed by ++ the operator and you might need to provide details about the external ++ identity provider you want to use. See also all the other fields ++ starting with: `identityProvider`.' ++ type: boolean ++ identityProviderAdminUserName: ++ description: Overrides the name of the Identity Provider admin user. ++ Defaults to `admin`. ++ type: string ++ identityProviderClientId: ++ description: Name of a Identity provider (Keycloak / RH SSO) `client-id` ++ that should be used for Che. This is useful to override it ONLY ++ if you use an external Identity Provider (see the `externalIdentityProvider` ++ field). If omitted or left blank, it will be set to the value ++ of the `flavour` field suffixed with `-public`. ++ type: string ++ identityProviderImage: ++ description: Overrides the container image used in the Identity ++ Provider (Keycloak / RH SSO) deployment. This includes the image ++ tag. Omit it or leave it empty to use the defaut container image ++ provided by the operator. ++ type: string ++ identityProviderImagePullPolicy: ++ description: Overrides the image pull policy used in the Identity ++ Provider (Keycloak / RH SSO) deployment. Default value is `Always` ++ for `nightly` or `latest` images, and `IfNotPresent` in other ++ cases. ++ type: string ++ identityProviderPassword: ++ description: Overrides the password of Keycloak admin user. This ++ is useful to override it ONLY if you use an external Identity ++ Provider (see the `externalIdentityProvider` field). If omitted ++ or left blank, it will be set to an auto-generated password. ++ type: string ++ identityProviderPostgresPassword: ++ description: Password for The Identity Provider (Keycloak / RH SSO) ++ to connect to the database. This is useful to override it ONLY ++ if you use an external Identity Provider (see the `externalIdentityProvider` ++ field). If omitted or left blank, it will be set to an auto-generated ++ password. ++ type: string ++ identityProviderRealm: ++ description: Name of a Identity provider (Keycloak / RH SSO) realm ++ that should be used for Che. This is useful to override it ONLY ++ if you use an external Identity Provider (see the `externalIdentityProvider` ++ field). If omitted or left blank, it will be set to the value ++ of the `flavour` field. ++ type: string ++ identityProviderURL: ++ description: Public URL of the Identity Provider server (Keycloak ++ / RH SSO server). You should set it ONLY if you use an external ++ Identity Provider (see the `externalIdentityProvider` field). ++ By default this will be automatically calculated and set by the ++ operator. ++ type: string ++ oAuthClientName: ++ description: Name of the OpenShift `OAuthClient` resource used to ++ setup identity federation on the OpenShift side. Auto-generated ++ if left blank. See also the `OpenShiftoAuth` field. ++ type: string ++ oAuthSecret: ++ description: Name of the secret set in the OpenShift `OAuthClient` ++ resource used to setup identity federation on the OpenShift side. ++ Auto-generated if left blank. See also the `OAuthClientName` field. ++ type: string ++ openShiftoAuth: ++ description: 'Enables the integration of the identity provider (Keycloak ++ / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. ++ This will allow users to directly login with their Openshift user ++ throug the Openshift login, and have their workspaces created ++ under personnal OpenShift namespaces. WARNING: the `kuebadmin` ++ user is NOT supported, and logging through it will NOT allow accessing ++ the Che Dashboard.' ++ type: boolean ++ updateAdminPassword: ++ description: Forces the default `admin` Che user to update password ++ on first login. Defaults to `false`. ++ type: boolean ++ type: object ++ database: ++ description: Configuration settings related to the database used by ++ the Che installation. ++ properties: ++ chePostgresDb: ++ description: Postgres database name that the Che server uses to ++ connect to the DB. Defaults to `dbche`. ++ type: string ++ chePostgresHostName: ++ description: Postgres Database hostname that the Che server uses ++ to connect to. Defaults to postgres. This value should be overridden ++ ONLY when using an external database (see field `externalDb`). ++ In the default case it will be automatically set by the operator. ++ type: string ++ chePostgresPassword: ++ description: Postgres password that the Che server should use to ++ connect to the DB. If omitted or left blank, it will be set to ++ an auto-generated value. ++ type: string ++ chePostgresPort: ++ description: Postgres Database port that the Che server uses to ++ connect to. Defaults to 5432. This value should be overridden ++ ONLY when using an external database (see field `externalDb`). ++ In the default case it will be automatically set by the operator. ++ type: string ++ chePostgresUser: ++ description: Postgres user that the Che server should use to connect ++ to the DB. Defaults to `pgche`. ++ type: string ++ externalDb: ++ description: 'Instructs the operator on whether or not to deploy ++ a dedicated database. By default a dedicated Postgres database ++ is deployed as part of the Che installation. But if `externalDb` ++ is `true`, then no dedicated database will be deployed by the ++ operator and you might need to provide connection details to the ++ external DB you want to use. See also all the fields starting ++ with: `chePostgres`.' ++ type: boolean ++ postgresImage: ++ description: Overrides the container image used in the Postgres ++ database deployment. This includes the image tag. Omit it or leave ++ it empty to use the defaut container image provided by the operator. ++ type: string ++ postgresImagePullPolicy: ++ description: Overrides the image pull policy used in the Postgres ++ database deployment. Default value is `Always` for `nightly` or ++ `latest` images, and `IfNotPresent` in other cases. ++ type: string ++ type: object ++ k8s: ++ description: Configuration settings specific to Che installations made ++ on upstream Kubernetes. ++ properties: ++ ingressClass: ++ description: 'Ingress class that will define the which controler ++ will manage ingresses. Defaults to `nginx`. NB: This drives the ++ `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' ++ type: string ++ ingressDomain: ++ description: 'Global ingress domain for a K8S cluster. This MUST ++ be explicitly specified: there are no defaults.' ++ type: string ++ ingressStrategy: ++ description: Strategy for ingress creation. This can be `multi-host` ++ (host is explicitly provided in ingress), `single-host` (host ++ is provided, path-based rules) and `default-host.*`(no host is ++ provided, path-based rules). Defaults to `"multi-host` ++ type: string ++ securityContextFsGroup: ++ description: FSGroup the Che pod and Workspace pods containers should ++ run in. Defaults to `1724`. ++ type: string ++ securityContextRunAsUser: ++ description: ID of the user the Che pod and Workspace pods containers ++ should run as. Default to `1724`. ++ type: string ++ tlsSecretName: ++ description: Name of a secret that will be used to setup ingress ++ TLS termination if TLS is enabled. See also the `tlsSupport` field. ++ type: string ++ type: object ++ server: ++ description: General configuration settings related to the Che server ++ and the plugin and devfile registries ++ properties: ++ airGapContainerRegistryHostname: ++ description: Optional hostname (or url) to an alternate container ++ registry to pull images from. This value overrides the container ++ registry hostname defined in all the default container images ++ involved in a Che deployment. This is particularly useful to install ++ Che in an air-gapped environment. ++ type: string ++ airGapContainerRegistryOrganization: ++ description: Optional repository name of an alternate container ++ registry to pull images from. This value overrides the container ++ registry organization defined in all the default container images ++ involved in a Che deployment. This is particularly useful to install ++ Che in an air-gapped environment. ++ type: string ++ cheDebug: ++ description: Enables the debug mode for Che server. Defaults to ++ `false`. ++ type: string ++ cheFlavor: ++ description: Flavor of the installation. This is either `che` for ++ upstream Che installations, or `codeready` for CodeReady Workspaces ++ installation. In most cases the default value should not be overriden. ++ type: string ++ cheHost: ++ description: Public hostname of the installed Che server. This will ++ be automatically set by the operator. In most cases the default ++ value set by the operator should not be overriden. ++ type: string ++ cheImage: ++ description: Overrides the container image used in Che deployment. ++ This does NOT include the container image tag. Omit it or leave ++ it empty to use the defaut container image provided by the operator. ++ type: string ++ cheImagePullPolicy: ++ description: Overrides the image pull policy used in Che deployment. ++ Default value is `Always` for `nightly` or `latest` images, and ++ `IfNotPresent` in other cases. ++ type: string ++ cheImageTag: ++ description: Overrides the tag of the container image used in Che ++ deployment. Omit it or leave it empty to use the defaut image ++ tag provided by the operator. ++ type: string ++ cheLogLevel: ++ description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults ++ to `INFO`.' ++ type: string ++ cheWorkspaceClusterRole: ++ description: Custom cluster role bound to the user for the Che workspaces. ++ The default roles are used if this is omitted or left blank. ++ type: string ++ customCheProperties: ++ additionalProperties: ++ type: string ++ description: Map of additional environment variables that will be ++ applied in the generated `che` config map to be used by the Che ++ server, in addition to the values already generated from other ++ fields of the `CheCluster` custom resource (CR). If `customCheProperties` ++ contains a property that would be normally generated in `che` ++ config map from other CR fields, then the value defined in the ++ `customCheProperties` will be used instead. ++ type: object ++ devfileRegistryImage: ++ description: Overrides the container image used in the Devfile registry ++ deployment. This includes the image tag. Omit it or leave it empty ++ to use the defaut container image provided by the operator. ++ type: string ++ devfileRegistryMemoryLimit: ++ description: Overrides the memory limit used in the Devfile registry ++ deployment. Defaults to 256Mi. ++ type: string ++ devfileRegistryMemoryRequest: ++ description: Overrides the memory request used in the Devfile registry ++ deployment. Defaults to 16Mi. ++ type: string ++ devfileRegistryPullPolicy: ++ description: Overrides the image pull policy used in the Devfile ++ registry deployment. Default value is `Always` for `nightly` or ++ `latest` images, and `IfNotPresent` in other cases. ++ type: string ++ devfileRegistryUrl: ++ description: Public URL of the Devfile registry, that serves sample, ++ ready-to-use devfiles. You should set it ONLY if you use an external ++ devfile registry (see the `externalDevfileRegistry` field). By ++ default this will be automatically calculated by the operator. ++ type: string ++ externalDevfileRegistry: ++ description: Instructs the operator on whether or not to deploy ++ a dedicated Devfile registry server. By default a dedicated devfile ++ registry server is started. But if `externalDevfileRegistry` is ++ `true`, then no such dedicated server will be started by the operator ++ and you will have to manually set the `devfileRegistryUrl` field ++ type: boolean ++ externalPluginRegistry: ++ description: Instructs the operator on whether or not to deploy ++ a dedicated Plugin registry server. By default a dedicated plugin ++ registry server is started. But if `externalPluginRegistry` is ++ `true`, then no such dedicated server will be started by the operator ++ and you will have to manually set the `pluginRegistryUrl` field. ++ type: boolean ++ nonProxyHosts: ++ description: List of hosts that should not use the configured proxy. ++ Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` ++ Only use when configuring a proxy is required (see also the `proxyURL` ++ field). ++ type: string ++ pluginRegistryImage: ++ description: Overrides the container image used in the Plugin registry ++ deployment. This includes the image tag. Omit it or leave it empty ++ to use the defaut container image provided by the operator. ++ type: string ++ pluginRegistryMemoryLimit: ++ description: Overrides the memory limit used in the Plugin registry ++ deployment. Defaults to 256Mi. ++ type: string ++ pluginRegistryMemoryRequest: ++ description: Overrides the memory request used in the Plugin registry ++ deployment. Defaults to 16Mi. ++ type: string ++ pluginRegistryPullPolicy: ++ description: Overrides the image pull policy used in the Plugin ++ registry deployment. Default value is `Always` for `nightly` or ++ `latest` images, and `IfNotPresent` in other cases. ++ type: string ++ pluginRegistryUrl: ++ description: Public URL of the Plugin registry, that serves sample ++ ready-to-use devfiles. You should set it ONLY if you use an external ++ devfile registry (see the `externalPluginRegistry` field). By ++ default this will be automatically calculated by the operator. ++ type: string ++ proxyPassword: ++ description: Password of the proxy server Only use when proxy configuration ++ is required (see also the `proxyUser` field). ++ type: string ++ proxyPort: ++ description: Port of the proxy server. Only use when configuring ++ a proxy is required (see also the `proxyURL` field). ++ type: string ++ proxyURL: ++ description: URL (protocol+hostname) of the proxy server. This drives ++ the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` ++ variables in the Che server and workspaces containers. Only use ++ when configuring a proxy is required. ++ type: string ++ proxyUser: ++ description: User name of the proxy server. Only use when configuring ++ a proxy is required (see also the `proxyURL` field). ++ type: string ++ selfSignedCert: ++ description: Enables the support of OpenShift clusters whose router ++ uses self-signed certificates. When enabled, the operator retrieves ++ the default self-signed certificate of OpenShift routes and adds ++ it to the Java trust store of the Che server. This is usually ++ required when activating the `tlsSupport` field on demo OpenShift ++ clusters that have not been setup with a valid certificate for ++ the routes. This is disabled by default. ++ type: boolean ++ serverMemoryLimit: ++ description: Overrides the memory limit used in the Che server deployment. ++ Defaults to 1Gi. ++ type: string ++ serverMemoryRequest: ++ description: Overrides the memory request used in the Che server ++ deployment. Defaults to 512Mi. ++ type: string ++ tlsSupport: ++ description: 'Instructs the operator to deploy Che in TLS mode, ++ ie with TLS routes or ingresses. This is disabled by default. ++ WARNING: Enabling TLS might require enabling the `selfSignedCert` ++ field also in some cases.' ++ type: boolean ++ type: object ++ storage: ++ description: Configuration settings related to the persistent storage ++ used by the Che installation. ++ properties: ++ postgresPVCStorageClassName: ++ description: Storage class for the Persistent Volume Claim dedicated ++ to the Postgres database. If omitted or left blank, default storage ++ class is used. ++ type: string ++ preCreateSubPaths: ++ description: Instructs the Che server to launch a special pod to ++ pre-create a subpath in the Persistent Volumes. Defaults to `false`, ++ however it might need to enable it according to the configuration ++ of your K8S cluster. ++ type: boolean ++ pvcClaimSize: ++ description: Size of the persistent volume claim for workspaces. ++ Defaults to `1Gi` ++ type: string ++ pvcJobsImage: ++ description: Overrides the container image used to create sub-paths ++ in the Persistent Volumes. This includes the image tag. Omit it ++ or leave it empty to use the defaut container image provided by ++ the operator. See also the `preCreateSubPaths` field. ++ type: string ++ pvcStrategy: ++ description: Persistent volume claim strategy for the Che server. ++ This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` ++ (one PVC per workspace for all declared volumes) and `unique` ++ (one PVC per declared volume). Defaults to `common`. ++ type: string ++ workspacePVCStorageClassName: ++ description: Storage class for the Persistent Volume Claims dedicated ++ to the Che workspaces. If omitted or left blank, default storage ++ class is used. ++ type: string ++ type: object ++ type: object ++ status: ++ properties: ++ cheClusterRunning: ++ description: Status of a Che installation. Can be `Available`, `Unavailable`, ++ or `Available, Rolling Update in Progress` ++ type: string ++ cheURL: ++ description: Public URL to the Che server ++ type: string ++ cheVersion: ++ description: Current installed Che version ++ type: string ++ dbProvisioned: ++ description: Indicates if or not a Postgres instance has been correctly ++ provisioned ++ type: boolean ++ devfileRegistryURL: ++ description: Public URL to the Devfile registry ++ type: string ++ helpLink: ++ description: A URL that can point to some URL where to find help related ++ to the current Operator status. ++ type: string ++ keycloakProvisioned: ++ description: Indicates whether an Identity Provider instance (Keycloak ++ / RH SSO) has been provisioned with realm, client and user ++ type: boolean ++ keycloakURL: ++ description: Public URL to the Identity Provider server (Keycloak / ++ RH SSO). ++ type: string ++ message: ++ description: A human readable message indicating details about why the ++ pod is in this condition. ++ type: string ++ openShiftoAuthProvisioned: ++ description: Indicates whether an Identity Provider instance (Keycloak ++ / RH SSO) has been configured to integrate with the OpenShift OAuth. ++ type: boolean ++ pluginRegistryURL: ++ description: Public URL to the Plugin registry ++ type: string ++ reason: ++ description: A brief CamelCase message indicating details about why ++ the pod is in this state. ++ type: string ++ type: object ++ version: v1 ++ versions: ++ - name: v1 ++ served: true ++ storage: true diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml new file mode 100644 index 000000000..828760b38 --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml @@ -0,0 +1,399 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "org.eclipse.che/v1", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che" + }, + "spec": { + "server": { + "cheImageTag": "nightly", + "devfileRegistryImage": "quay.io/eclipse/che-devfile-registry:nightly", + "pluginRegistryImage": "quay.io/eclipse/che-plugin-registry:nightly", + "tlsSupport": false, + "selfSignedCert": false + }, + "database": { + "externalDb": false, + "chePostgresHostname": "", + "chePostgresPort": "", + "chePostgresUser": "", + "chePostgresPassword": "", + "chePostgresDb": "" + }, + "auth": { + "openShiftoAuth": true, + "identityProviderImage": "eclipse/che-keycloak:nightly", + "externalIdentityProvider": false, + "identityProviderURL": "", + "identityProviderRealm": "", + "identityProviderClientId": "" + }, + "storage": { + "pvcStrategy": "per-workspace", + "pvcClaimSize": "1Gi", + "preCreateSubPaths": true + } + } + } + ] + capabilities: Seamless Upgrades + categories: Developer Tools, OpenShift Optional + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly + createdAt: "2019-10-14T10:37:21Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces in OpenShift. + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation + name: eclipse-che-preview-openshift.v9.9.9-nightly.1571049441 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Eclipse Che cluster with DB and Auth Server + displayName: Eclipse Che Cluster + kind: CheCluster + name: checlusters.org.eclipse.che + specDescriptors: + - description: Log in to Eclipse Che with OpenShift credentials + displayName: OpenShift oAuth + path: auth.openShiftoAuth + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: TLS routes + displayName: TLS Mode + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Route to access Eclipse Che + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Route to access Keycloak Admin Console + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Eclipse Che server version + displayName: Eclipse Che version + path: cheVersion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The current status of the application + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Reason of the current status + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: Message explaining the current status + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: Link providing help related to the current status + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers OpenShift workspaces and in-browser IDE for rapid cloud application development. + This operator installs PostgreSQL, Keycloak, and the Eclipse Che server, as well as configures all three services. + + ## How to Install + + Press the **Install** button, choose the upgrade strategy, and wait for the **Installed** Operator status. + + When the operator is installed, create a new CR of Kind CheCluster (click the **Create New** button). + The CR spec contains all defaults (see below). + + You can start using Eclipse Che when the CR status is set to **Available**, and you see a URL to Eclipse Che. + + ## Defaults + + By default, the operator deploys Eclipse Che with: + + * Bundled PostgreSQL and Keycloak + + * Per-Workspace PVC strategy + + * Auto-generated passwords + + * HTTP mode (non-secure routes) + + * Regular login extended with OpenShift OAuth authentication + + ## Installation Options + + Eclipse Che operator installation options include: + + * Connection to external database and Keycloak + + * Configuration of default passwords and object names + + * TLS mode + + * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) + + * Authentication options + + ### External Database and Keycloak + + To instruct the operator to skip deploying PostgreSQL and Keycloak and connect to an existing DB and Keycloak instead: + + * set respective fields to `true` in a custom resource spec + + * provide the operator with connection and authentication details: + + + + `externalDb: true` + + + `chePostgresHostname: 'yourPostgresHost'` + + + `chePostgresPort: '5432'` + + + `chePostgresUser: 'myuser'` + + + `chePostgresPassword: 'mypass'` + + + `chePostgresDb: 'mydb'` + + + `externalIdentityProvider: true` + + + `identityProviderURL: 'https://my-keycloak.com'` + + + `identityProviderRealm: 'myrealm'` + + + `identityProviderClientId: 'myClient'` + + + ### TLS Mode + + To activate TLS mode, set the respective field in the CR spec to `true` (in the `server` block): + + + ``` + tlsSupport: true + ``` + + #### Self-signed Certificates + + To use Eclipse Che with TLS enabled, but the OpenShift router does not use certificates signed by a public authority, you can use self-signed certificates, which the operator can fetch for you: + + + ``` + selfSignedCert: true + ``` + + + You can also manually create a secret: + + + + ``` + oc create secret self-signed-certificate generic --from-file=/path/to/certificate/ca.crt -n=$codeReadyNamespace + ``` + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - get + - delete + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + verbs: + - get + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - list + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - get + - list + - create + - update + - patch + - delete + serviceAccountName: che-operator + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: {} + template: + metadata: + labels: + app: che-operator + spec: + containers: + - command: + - /usr/local/bin/che-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + image: quay.io/eclipse/che-operator:nightly + imagePullPolicy: Always + name: che-operator + ports: + - containerPort: 60000 + name: metrics + resources: {} + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 5 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - '*' + verbs: + - '*' + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse/che-operator + maintainers: + - email: dfestal@redhat.com + name: David Festal + maturity: stable + provider: + name: Eclipse Foundation + replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875 + version: 9.9.9-nightly.1571049441 diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml.diff b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml.diff new file mode 100644 index 000000000..07b144dd4 --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml.diff @@ -0,0 +1,25 @@ +--- /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1567522875/eclipse-che-preview-openshift.v9.9.9-nightly.1567522875.clusterserviceversion.yaml 2019-09-17 16:37:37.000000000 +0200 ++++ /home/dfestal/go/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1571049441/eclipse-che-preview-openshift.v9.9.9-nightly.1571049441.clusterserviceversion.yaml 2019-10-14 12:37:21.000000000 +0200 +@@ -46,12 +46,12 @@ + categories: Developer Tools, OpenShift Optional + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly +- createdAt: "2019-09-03T15:01:15Z" ++ createdAt: "2019-10-14T10:37:21Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces in OpenShift. + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation +- name: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875 ++ name: eclipse-che-preview-openshift.v9.9.9-nightly.1571049441 + namespace: placeholder + spec: + apiservicedefinitions: {} +@@ -395,5 +395,5 @@ + maturity: stable + provider: + name: Eclipse Foundation +- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1567514660 +- version: 9.9.9-nightly.1567522875 ++ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875 ++ version: 9.9.9-nightly.1571049441 diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.crd.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.crd.yaml deleted file mode 100644 index ec7b9103f..000000000 --- a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.crd.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: checlusters.org.eclipse.che -spec: - group: org.eclipse.che - names: - kind: CheCluster - listKind: CheClusterList - plural: checlusters - singular: checluster - scope: Namespaced - version: v1 - subresources: - status: {} diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml index a55998dd3..07a17c1ba 100644 --- a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml @@ -1,5 +1,5 @@ channels: -- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1567522875 +- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1571049441 name: nightly - currentCSV: eclipse-che-preview-openshift.v7.2.0 name: stable diff --git a/olm/update-nightly-olm-files.sh b/olm/update-nightly-olm-files.sh index 854c9cf99..00355daff 100755 --- a/olm/update-nightly-olm-files.sh +++ b/olm/update-nightly-olm-files.sh @@ -46,7 +46,10 @@ do mv "${packageFolderPath}/${newNightlyPackageVersion}/${packageName}.v${newNightlyPackageVersion}.clusterserviceversion.yaml.new" \ "${packageFolderPath}/${newNightlyPackageVersion}/${packageName}.v${newNightlyPackageVersion}.clusterserviceversion.yaml" echo " - Copying the CRD file" - cp "${packageFolderPath}/${lastPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" + cp "${BASE_DIR}/../deploy/crds/org_v1_che_crd.yaml" "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" + diff -u "${packageFolderPath}/${lastPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" \ + "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml" \ + > "${packageFolderPath}/${newNightlyPackageVersion}/eclipse-che-preview-${platform}.crd.yaml.diff" || true echo " - Updating the 'nightly' channel with new version in the package descriptor: ${packageFilePath}" sed -e "s/${lastPackageVersion}/${newNightlyPackageVersion}/" "${packageFilePath}" > "${packageFilePath}.new" mv "${packageFilePath}.new" "${packageFilePath}" diff --git a/pkg/apis/org/v1/che_types.go b/pkg/apis/org/v1/che_types.go index 21aebda21..9fd98ba9f 100644 --- a/pkg/apis/org/v1/che_types.go +++ b/pkg/apis/org/v1/che_types.go @@ -11,214 +11,388 @@ // package v1 +// Important: You should regenerate some generated code after modifying this file. At the root o fthe project: +// - Run "operator-sdk generate k8s": this will perform required changes in the "pkg/apis/org/v1/zz_generatedxxx" files +// - Run "operator-sdk generate openapi": this will generate the "deploy/crds/org_v1_checluster_crd.yaml" file +// - In the updated "deploy/crds/org_v1_checluster_crd.yaml": Delete all the `required:` openAPI rules in the CRD OpenApi schema. +// - Rename the new "deploy/crds/org_v1_checluster_crd.yaml" to "deploy/crds/org_v1_che_crd.yaml" to override it. +// IMPORTANT These 2 last steps are important to ensure backward compatibility with already existing `CheCluster` CRs that were created when no schema was provided. + import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -// EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! -// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. - -// CheClusterSpec defines the desired state of CheCluster +// +k8s:openapi-gen=true +// Desired configuration of the Che installation. +// Based on these settings, the operator automatically creates and maintains +// several config maps that will contain the appropriate environment variables +// the various components of the Che installation. +// These generated config maps should NOT be updated manually. type CheClusterSpec struct { - // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file - Server CheClusterSpecServer `json:"server"` - Database CheClusterSpecDB `json:"database"` - Auth CheClusterSpecAuth `json:"auth"` - Storage CheClusterSpecStorage `json:"storage"` - K8SOnly CheClusterSpecK8SOnly `json:"k8s"` + // General configuration settings related to the Che server + // and the plugin and devfile registries + // +optional + Server CheClusterSpecServer `json:"server"` + // Configuration settings related to the database used by the Che installation. + // +optional + Database CheClusterSpecDB `json:"database"` + // Configuration settings related to the Authentication used by the Che installation. + // +optional + Auth CheClusterSpecAuth `json:"auth"` + // Configuration settings related to the persistent storage used by the Che installation. + // +optional + Storage CheClusterSpecStorage `json:"storage"` + + // Configuration settings specific to Che installations made on upstream Kubernetes. + // +optional + K8s CheClusterSpecK8SOnly `json:"k8s"` } +// +k8s:openapi-gen=true +// General configuration settings related to the Che server +// and the plugin and devfile registries. type CheClusterSpecServer struct { - // AirGapContainerRegistryHostname is the hostname to the internal registry to pull images from in the air-gapped environment - AirGapContainerRegistryHostname string `json:"airGapContainerRegistryHostname"` - // AirGapContainerRegistryOrganization is the repository name in the registry to pull images from in the air-gapped environment - AirGapContainerRegistryOrganization string `json:"airGapContainerRegistryOrganization"` - // CheImage is a server image used in Che deployment - CheImage string `json:"cheImage"` - // CheImageTag is a tag of an image used in Che deployment - CheImageTag string `json:"cheImageTag"` - // CheImagePullPolicy is the image pull policy used in Che registry deployment: default value is Always - CheImagePullPolicy corev1.PullPolicy `json:"cheImagePullPolicy"` - // CheFlavor is an installation flavor. Can be 'che' - upstream or 'codeready' - CodeReady Workspaces. Defaults to 'che' - CheFlavor string `json:"cheFlavor"` - // CheHost is an env consumer by server. Detected automatically from Che route - CheHost string `json:"cheHost"` - // CheLostLevel is log level for Che server: INFO or DEBUG. Defaults to INFO - CheLogLevel string `json:"cheLogLevel"` - // CheDebug is debug mode for Che server. Defaults to false - CheDebug string `json:"cheDebug"` - // CustomClusterRoleName specifies a custom cluster role to user for the Che workspaces - // The default roles are used if this is left blank. - CheWorkspaceClusterRole string `json:"cheWorkspaceClusterRole"` - // SelfSignedCert signal about the necessity to get OpenShift router tls secret - // and extract certificate to add it to Java trust store for Che server + // Optional hostname (or url) to an alternate container registry to pull images from. + // This value overrides the container registry hostname defined in all the default container images + // involved in a Che deployment. + // This is particularly useful to install Che in an air-gapped environment. + // +optional + AirGapContainerRegistryHostname string `json:"airGapContainerRegistryHostname,omitempty"` + // Optional repository name of an alternate container registry to pull images from. + // This value overrides the container registry organization defined in all the default container images + // involved in a Che deployment. + // This is particularly useful to install Che in an air-gapped environment. + // +optional + AirGapContainerRegistryOrganization string `json:"airGapContainerRegistryOrganization,omitempty"` + // Overrides the container image used in Che deployment. This does NOT include the container image tag. + // Omit it or leave it empty to use the defaut container image provided by the operator. + // +optional + CheImage string `json:"cheImage,omitempty"` + // Overrides the tag of the container image used in Che deployment. + // Omit it or leave it empty to use the defaut image tag provided by the operator. + // +optional + CheImageTag string `json:"cheImageTag,omitempty"` + // Overrides the image pull policy used in Che deployment. + // Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. + // +optional + CheImagePullPolicy corev1.PullPolicy `json:"cheImagePullPolicy,omitempty"` + // Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. + // In most cases the default value should not be overriden. + // +optional + CheFlavor string `json:"cheFlavor,omitempty"` + // Public hostname of the installed Che server. This will be automatically set by the operator. + // In most cases the default value set by the operator should not be overriden. + // +optional + CheHost string `json:"cheHost,omitempty"` + // Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`. + // +optional + CheLogLevel string `json:"cheLogLevel,omitempty"` + // Enables the debug mode for Che server. Defaults to `false`. + // +optional + CheDebug string `json:"cheDebug,omitempty"` + // Custom cluster role bound to the user for the Che workspaces. + // The default roles are used if this is omitted or left blank. + // +optional + CheWorkspaceClusterRole string `json:"cheWorkspaceClusterRole,omitempty"` + // Enables the support of OpenShift clusters whose router uses self-signed certificates. + // When enabled, the operator retrieves the default self-signed certificate of OpenShift routes + // and adds it to the Java trust store of the Che server. + // This is usually required when activating the `tlsSupport` field on demo OpenShift clusters + // that have not been setup with a valid certificate for the routes. + // This is disabled by default. + // +optional SelfSignedCert bool `json:"selfSignedCert"` - // TlsSupport instructs an operator to deploy Che in TLS mode, ie with TLS routes or ingresses + // Instructs the operator to deploy Che in TLS mode, ie with TLS routes or ingresses. + // This is disabled by default. + // WARNING: Enabling TLS might require enabling the `selfSignedCert` field also in some cases. + // +optional TlsSupport bool `json:"tlsSupport"` - // DevfileRegistryUrl is an endpoint serving sample ready-to-use devfiles. Defaults to generated route - DevfileRegistryUrl string `json:"devfileRegistryUrl"` - // DevfileRegistryImage is image:tag used in Devfile registry deployment - DevfileRegistryImage string `json:"devfileRegistryImage"` - // DevfileRegistryImagePullPolicy is the image pull policy used in Devfile registry deployment - DevfileRegistryImagePullPolicy corev1.PullPolicy `json:"devfileRegistryPullPolicy"` - // DevfileRegistryMemoryLimit is the memory limit used in Devfile registry deployment - DevfileRegistryMemoryLimit string `json:"devfileRegistryMemoryLimit"` - // DevfileRegistryMemoryRequest is the memory request used in Devfile registry deployment - DevfileRegistryMemoryRequest string `json:"devfileRegistryMemoryRequest"` - // ExternalDevfileRegistry instructs operator on whether or not to deploy a dedicated Devfile registry server + // Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. + // You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). + // By default this will be automatically calculated by the operator. + // +optional + DevfileRegistryUrl string `json:"devfileRegistryUrl,omitempty"` + // Overrides the container image used in the Devfile registry deployment. This includes the image tag. + // Omit it or leave it empty to use the defaut container image provided by the operator. + // +optional + DevfileRegistryImage string `json:"devfileRegistryImage,omitempty"` + // Overrides the image pull policy used in the Devfile registry deployment. + // Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. + // +optional + DevfileRegistryPullPolicy corev1.PullPolicy `json:"devfileRegistryPullPolicy,omitempty"` + // Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi. + // +optional + DevfileRegistryMemoryLimit string `json:"devfileRegistryMemoryLimit,omitempty"` + // Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi. + // +optional + DevfileRegistryMemoryRequest string `json:"devfileRegistryMemoryRequest,omitempty"` + // Instructs the operator on whether or not to deploy a dedicated Devfile registry server. // By default a dedicated devfile registry server is started. - // But if ExternalDevfileRegistry is `true`, then no such dedicated server will be started by the operator + // But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator + // and you will have to manually set the `devfileRegistryUrl` field + // +optional ExternalDevfileRegistry bool `json:"externalDevfileRegistry"` - // PluginRegistryUrl is an endpoint serving plugin definitions. Defaults to generated route - PluginRegistryUrl string `json:"pluginRegistryUrl"` - // PluginRegistryImage is image:tag used in Plugin registry deployment - PluginRegistryImage string `json:"pluginRegistryImage"` - // PluginRegistryImagePullPolicy is the image pull policy used in Plugin registry deployment - PluginRegistryImagePullPolicy corev1.PullPolicy `json:"pluginRegistryPullPolicy"` - // PluginRegistryMemoryLimit is the memory limit used in Plugin registry deployment - PluginRegistryMemoryLimit string `json:"pluginRegistryMemoryLimit"` - // PluginRegistryMemoryRequest is the memory request used in Plugin registry deployment - PluginRegistryMemoryRequest string `json:"pluginRegistryMemoryRequest"` - // ExternalPluginRegistry instructs operator on whether or not to deploy a dedicated Plugin registry server + // Public URL of the Plugin registry, that serves sample ready-to-use devfiles. + // You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field). + // By default this will be automatically calculated by the operator. + // +optional + PluginRegistryUrl string `json:"pluginRegistryUrl,omitempty"` + // Overrides the container image used in the Plugin registry deployment. This includes the image tag. + // Omit it or leave it empty to use the defaut container image provided by the operator. + // +optional + PluginRegistryImage string `json:"pluginRegistryImage,omitempty"` + // Overrides the image pull policy used in the Plugin registry deployment. + // Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. + // +optional + PluginRegistryPullPolicy corev1.PullPolicy `json:"pluginRegistryPullPolicy,omitempty"` + // Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi. + // +optional + PluginRegistryMemoryLimit string `json:"pluginRegistryMemoryLimit,omitempty"` + // Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi. + // +optional + PluginRegistryMemoryRequest string `json:"pluginRegistryMemoryRequest,omitempty"` + // Instructs the operator on whether or not to deploy a dedicated Plugin registry server. // By default a dedicated plugin registry server is started. - // But if ExternalPluginRegistry is `true`, then no such dedicated server will be started by the operator + // But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator + // and you will have to manually set the `pluginRegistryUrl` field. + // +optional ExternalPluginRegistry bool `json:"externalPluginRegistry"` - // CustomCheProperties is a list of additional environment variables that will be applied in the che config map, - // in addition to the values already generated from other fields of the custom resource (CR). - // If CustomCheProperties contains a property that would be normally generated in che config map from other - // CR fields, then the value in the CustomCheProperties will be used. - CustomCheProperties map[string]string `json:"customCheProperties"` - // ProxyURL is protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy - // to Che server and workspaces containers - ProxyURL string `json:"proxyURL"` - // ProxyPort is port of a proxy server - ProxyPort string `json:"proxyPort"` - // NonProxyHosts is a list of non-proxy hosts. Use | as delimiter, eg localhost|my.host.com|123.42.12.32 - NonProxyHosts string `json:"nonProxyHosts"` - // ProxyUser is username for a proxy server - ProxyUser string `json:"proxyUser"` - // ProxyPassword is password for a proxy user - ProxyPassword string `json:"proxyPassword"` - // ServerMemoryRequest sets mem request for server deployment. Defaults to 512Mi - ServerMemoryRequest string `json:"serverMemoryRequest"` - // ServerMemoryLimit sets mem limit for server deployment. Defaults to 1Gi - ServerMemoryLimit string `json:"serverMemoryLimit"` + // Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, + // in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). + // If `customCheProperties` contains a property that would be normally generated in `che` config map from other + // CR fields, then the value defined in the `customCheProperties` will be used instead. + // +optional + CustomCheProperties map[string]string `json:"customCheProperties,omitempty"` + // URL (protocol+hostname) of the proxy server. + // This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables + // in the Che server and workspaces containers. + // Only use when configuring a proxy is required. + // +optional + ProxyURL string `json:"proxyURL,omitempty"` + // Port of the proxy server. + // Only use when configuring a proxy is required + // (see also the `proxyURL` field). + // +optional + ProxyPort string `json:"proxyPort,omitempty"` + // List of hosts that should not use the configured proxy. Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + // Only use when configuring a proxy is required + // (see also the `proxyURL` field). + NonProxyHosts string `json:"nonProxyHosts,omitempty"` + // User name of the proxy server. + // Only use when configuring a proxy is required + // (see also the `proxyURL` field). + // +optional + ProxyUser string `json:"proxyUser,omitempty"` + // Password of the proxy server + // + // Only use when proxy configuration is required + // (see also the `proxyUser` field). + // +optional + ProxyPassword string `json:"proxyPassword,omitempty"` + // Overrides the memory request used in the Che server deployment. Defaults to 512Mi. + // +optional + ServerMemoryRequest string `json:"serverMemoryRequest,omitempty"` + // Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. + // +optional + ServerMemoryLimit string `json:"serverMemoryLimit,omitempty"` } +// +k8s:openapi-gen=true +// Configuration settings related to the database used by the Che installation. type CheClusterSpecDB struct { - // ExternalDB instructs the operator either to skip deploying Postgres, - // and passes connection details of existing DB to Che server (when set to true) - // or a new Postgres deployment is created - ExternalDB bool `json:"externalDb"` - // ChePostgresDBHostname is Postgres Database hostname that Che server uses to connect to. Defaults to postgres - ChePostgresDBHostname string `json:"chePostgresHostName"` - // ChePostgresPort is Postgres Database port that Che server uses to connect to. Defaults to 5432 - ChePostgresPort string `json:"chePostgresPort"` - // ChePostgresUser is Postgres user that Che server when making a db connection. Defaults to pgche - ChePostgresUser string `json:"chePostgresUser"` - // ChePostgresPassword is password of a postgres user. Auto-generated when left blank - ChePostgresPassword string `json:"chePostgresPassword"` - // ChePostgresDb is Postgres database name that Che server uses to connect to. Defaults to dbche - ChePostgresDb string `json:"chePostgresDb"` - // PostgresImage is an image used in Postgres deployment in format image:tag. Defaults to registry.redhat.io/rhscl/postgresql-96-rhel7 (see pkg/deploy/defaults.go for latest tag) - PostgresImage string `json:"postgresImage"` - // PostgresImagePullPolicy is the image pull policy used in Postgres registry deployment: default value is Always - PostgresImagePullPolicy corev1.PullPolicy `json:"postgresImagePullPolicy"` + // Instructs the operator on whether or not to deploy a dedicated database. + // By default a dedicated Postgres database is deployed as part of the Che installation. + // But if `externalDb` is `true`, then no dedicated database will be deployed by the operator + // and you might need to provide connection details to the external DB you want to use. + // See also all the fields starting with: `chePostgres`. + // +optional + ExternalDb bool `json:"externalDb"` + // Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. + // This value should be overridden ONLY when using an external database (see field `externalDb`). + // In the default case it will be automatically set by the operator. + // +optional + ChePostgresHostName string `json:"chePostgresHostName,omitempty"` + // Postgres Database port that the Che server uses to connect to. Defaults to 5432. + // This value should be overridden ONLY when using an external database (see field `externalDb`). + // In the default case it will be automatically set by the operator. + // +optional + ChePostgresPort string `json:"chePostgresPort,omitempty"` + // Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`. + // +optional + ChePostgresUser string `json:"chePostgresUser,omitempty"` + // Postgres password that the Che server should use to connect to the DB. + // If omitted or left blank, it will be set to an auto-generated value. + // +optional + ChePostgresPassword string `json:"chePostgresPassword,omitempty"` + // Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. + // +optional + ChePostgresDb string `json:"chePostgresDb,omitempty"` + // Overrides the container image used in the Postgres database deployment. This includes the image tag. + // Omit it or leave it empty to use the defaut container image provided by the operator. + // +optional + PostgresImage string `json:"postgresImage,omitempty"` + // Overrides the image pull policy used in the Postgres database deployment. + // Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. + // +optional + PostgresImagePullPolicy corev1.PullPolicy `json:"postgresImagePullPolicy,omitempty"` } +// +k8s:openapi-gen=true +// Configuration settings related to the Authentication used by the Che installation. type CheClusterSpecAuth struct { - // ExternalKeycloak instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details - ExternalKeycloak bool `json:"externalIdentityProvider"` - // KeycloakURL is retrieved from respective route/ingress unless explicitly specified in CR (when externalIdentityProvider is true) - KeycloakURL string `json:"identityProviderURL"` - // KeycloakURL is retrieved from respective route/ingress unless explicitly specified in CR (when externalIdentityProvider is true) - //IdentityProviderURL string `json:"identityProviderURL"` - // KeycloakAdminUserName is a desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false) - KeycloakAdminUserName string `json:"identityProviderAdminUserName"` - // KeycloakAdminPassword is a desired password of Keycloak admin user (applicable only when externalIdentityProvider is false) - KeycloakAdminPassword string `json:"identityProviderPassword"` - // KeycloakRealm is name of a keycloak realm. When externalIdentityProvider is false this realm will be created, otherwise passed to Che server - KeycloakRealm string `json:"identityProviderRealm"` - // KeycloakClientId is id of a keycloak client. When externalIdentityProvider is false this client will be created, otherwise passed to Che server - KeycloakClientId string `json:"identityProviderClientId"` - // KeycloakPostgresPassword is password for keycloak database user. Auto generated if left blank - KeycloakPostgresPassword string `json:"identityProviderPostgresPassword"` - // UpdateAdminPassword forces the default admin Che user to update password on first login. False by default + // Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). + // By default a dedicated Identity Provider server is deployed as part of the Che installation. + // But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator + // and you might need to provide details about the external identity provider you want to use. + // See also all the other fields starting with: `identityProvider`. + // +optional + ExternalIdentityProvider bool `json:"externalIdentityProvider"` + // Public URL of the Identity Provider server (Keycloak / RH SSO server). + // You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). + // By default this will be automatically calculated and set by the operator. + // +optional + IdentityProviderURL string `json:"identityProviderURL,omitempty"` + // Overrides the name of the Identity Provider admin user. Defaults to `admin`. + // +optional + IdentityProviderAdminUserName string `json:"identityProviderAdminUserName,omitempty"` + // Overrides the password of Keycloak admin user. + // This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). + // If omitted or left blank, it will be set to an auto-generated password. + // +optional + IdentityProviderPassword string `json:"identityProviderPassword,omitempty"` + // Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. + // This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). + // If omitted or left blank, it will be set to the value of the `flavour` field. + // +optional + IdentityProviderRealm string `json:"identityProviderRealm,omitempty"` + // Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. + // This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). + // If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. + // +optional + IdentityProviderClientId string `json:"identityProviderClientId,omitempty"` + // Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. + // This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). + // If omitted or left blank, it will be set to an auto-generated password. + // +optional + IdentityProviderPostgresPassword string `json:"identityProviderPostgresPassword,omitempty"` + // Forces the default `admin` Che user to update password on first login. Defaults to `false`. + // +optional UpdateAdminPassword bool `json:"updateAdminPassword"` - // OpenShiftOauth instructs an Operator to enable OpenShift v3 identity provider in Keycloak, - // as well as create respective oAuthClient and configure Che configMap accordingly - OpenShiftOauth bool `json:"openShiftoAuth"` - // OauthClientName is name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank - OauthClientName string `json:"oAuthClientName"` - // OauthSecret is secret used in oAuthClient. Auto generated if left blank - OauthSecret string `json:"oAuthSecret"` - // KeycloakImage is image:tag used in Keycloak deployment - KeycloakImage string `json:"identityProviderImage"` - // KeycloakImagePullPolicy is the image pull policy used in Keycloak registry deployment: default value is Always - KeycloakImagePullPolicy corev1.PullPolicy `json:"identityProviderImagePullPolicy"` + // Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. + // This will allow users to directly login with their Openshift user throug the Openshift login, + // and have their workspaces created under personnal OpenShift namespaces. + // WARNING: the `kuebadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. + // +optional + OpenShiftoAuth bool `json:"openShiftoAuth"` + // Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. + // See also the `OpenShiftoAuth` field. + // +optional + OAuthClientName string `json:"oAuthClientName,omitempty"` + // Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. + // See also the `OAuthClientName` field. + // +optional + OAuthSecret string `json:"oAuthSecret,omitempty"` + // Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. + // Omit it or leave it empty to use the defaut container image provided by the operator. + // +optional + IdentityProviderImage string `json:"identityProviderImage,omitempty"` + // Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. + // Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. + // +optional + IdentityProviderImagePullPolicy corev1.PullPolicy `json:"identityProviderImagePullPolicy,omitempty"` } +// +k8s:openapi-gen=true +// Configuration settings related to the persistent storage used by the Che installation. type CheClusterSpecStorage struct { - // PvcStrategy is a persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume), - // per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common - PvcStrategy string `json:"pvcStrategy"` - // PvcClaimSize is size of a persistent volume claim for workspaces. Defaults to 1Gi - PvcClaimSize string `json:"pvcClaimSize"` - // PreCreateSubPaths instructs Che server to launch a special pod to precreate a subpath in a PV + // Persistent volume claim strategy for the Che server. + // This Can be:`common` (all workspaces PVCs in one volume), + // `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). + // Defaults to `common`. + // +optional + PvcStrategy string `json:"pvcStrategy,omitempty"` + // Size of the persistent volume claim for workspaces. Defaults to `1Gi` + // +optional + PvcClaimSize string `json:"pvcClaimSize,omitempty"` + // Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. + // Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. + // +optional PreCreateSubPaths bool `json:"preCreateSubPaths"` - // PvcJobsImage is image:tag for preCreateSubPaths jobs - PvcJobsImage string `json:"pvcJobsImage"` - // PostgresPVCStorageClassName is storage class for a postgres pvc. Empty string by default, which means default storage class is used - PostgresPVCStorageClassName string `json:"postgresPVCStorageClassName"` - // WorkspacePVCStorageClassName is storage class for a workspaces pvc. Empty string by default, which means default storage class is used - WorkspacePVCStorageClassName string `json:"workspacePVCStorageClassName"` + // Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. + // Omit it or leave it empty to use the defaut container image provided by the operator. + // See also the `preCreateSubPaths` field. + // +optional + PvcJobsImage string `json:"pvcJobsImage,omitempty"` + // Storage class for the Persistent Volume Claim dedicated to the Postgres database. + // If omitted or left blank, default storage class is used. + // +optional + PostgresPVCStorageClassName string `json:"postgresPVCStorageClassName,omitempty"` + // Storage class for the Persistent Volume Claims dedicated to the Che workspaces. + // If omitted or left blank, default storage class is used. + // +optional + WorkspacePVCStorageClassName string `json:"workspacePVCStorageClassName,omitempty"` } +// +k8s:openapi-gen=true +// Configuration settings specific to Che installations made on upstream Kubernetes. type CheClusterSpecK8SOnly struct { - // IngressDomain is a global ingress domain for a k8s cluster. Must be explicitly specified in CR. There are no defaults - IngressDomain string `json:"ingressDomain"` - // IngressStrategy is the way ingresses are created. Casn be multi-host (host is explicitly provided in ingress), - // single-host (host is provided, path based rules) and default-host *(no host is provided, path based rules) - IngressStrategy string `json:"ingressStrategy"` - // IngressClass is kubernetes.io/ingress.class, defaults to nginx - IngressClass string `json:"ingressClass"` - // secret name used for tls termination - TlsSecretName string `json:"tlsSecretName"` - // FSGroup the Che POD and Workspace pod containers should run in - SecurityContextFsGroup string `json:"securityContextFsGroup"` - // User the Che POD and Workspace pod containers should run as - SecurityContextRunAsUser string `json:"securityContextRunAsUser"` + // Global ingress domain for a K8S cluster. This MUST be explicitly specified: there are no defaults. + IngressDomain string `json:"ingressDomain,omitempty"` + // Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), + // `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). + // Defaults to `"multi-host` + // +optional + IngressStrategy string `json:"ingressStrategy,omitempty"` + // Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. + // NB: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. + // +optional + IngressClass string `json:"ingressClass,omitempty"` + // Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. + // See also the `tlsSupport` field. + // +optional + TlsSecretName string `json:"tlsSecretName,omitempty"` + // FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`. + // +optional + SecurityContextFsGroup string `json:"securityContextFsGroup,omitempty"` + // ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`. + // +optional + SecurityContextRunAsUser string `json:"securityContextRunAsUser,omitempty"` } -// CheClusterStatus defines the observed state of CheCluster +// CheClusterStatus defines the observed state of Che installation type CheClusterStatus struct { - // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster - // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file - // DbProvisoned indicates if or not a Postgres instance has been provisioned with db and user + // Indicates if or not a Postgres instance has been correctly provisioned + // +optional DbProvisoned bool `json:"dbProvisioned"` - // KeycloakProvisoned indicates if or not a Keycloak instance has been provisioned with realm, client, user + // Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user + // +optional KeycloakProvisoned bool `json:"keycloakProvisioned"` - // OpenShiftoAuthProvisioned indicates if or not a Keycloak instance has been provisioned identity provider and oAuthclient + // Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth. + // +optional OpenShiftoAuthProvisioned bool `json:"openShiftoAuthProvisioned"` - // CheClusterRunning is status of a cluster. Can be Available, Unavailable, Available, Rolling Update in Progress + // Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` + // +optional CheClusterRunning string `json:"cheClusterRunning"` - // CheVersion is current Che version retrieved from image tag + // Current installed Che version + // +optional CheVersion string `json:"cheVersion"` - // CheURL is Che protocol+route/ingress + // Public URL to the Che server + // +optional CheURL string `json:"cheURL"` - // KeycloakURL is Keycloak protocol+route/ingress + // Public URL to the Identity Provider server (Keycloak / RH SSO). + // +optional KeycloakURL string `json:"keycloakURL"` - // DevfileRegistryURL is the Devfile registry protocol+route/ingress + // Public URL to the Devfile registry + // +optional DevfileRegistryURL string `json:"devfileRegistryURL"` - // PluginRegistryURL is the Plugin registry protocol+route/ingress + // Public URL to the Plugin registry + // +optional PluginRegistryURL string `json:"pluginRegistryURL"` // A human readable message indicating details about why the pod is in this condition. // +optional Message string `json:"message,omitempty"` // A brief CamelCase message indicating details about why the pod is in this state. - // e.g. 'Evicted' // +optional Reason string `json:"reason,omitempty"` // A URL that can point to some URL where to find help related to the current Operator status. @@ -228,8 +402,9 @@ type CheClusterStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// CheCluster is the Schema for the ches API +// The `CheCluster` custom resource allows defining and managing a Che server installation // +k8s:openapi-gen=true +// +kubebuilder:subresource:status type CheCluster struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/pkg/apis/org/v1/zz_generated.deepcopy.go b/pkg/apis/org/v1/zz_generated.deepcopy.go index 672a3e946..27bf6197f 100644 --- a/pkg/apis/org/v1/zz_generated.deepcopy.go +++ b/pkg/apis/org/v1/zz_generated.deepcopy.go @@ -1,22 +1,6 @@ // +build !ignore_autogenerated -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. +// Code generated by operator-sdk. DO NOT EDIT. package v1 @@ -92,7 +76,7 @@ func (in *CheClusterSpec) DeepCopyInto(out *CheClusterSpec) { out.Database = in.Database out.Auth = in.Auth out.Storage = in.Storage - out.K8SOnly = in.K8SOnly + out.K8s = in.K8s return } diff --git a/pkg/apis/org/v1/zz_generated.openapi.go b/pkg/apis/org/v1/zz_generated.openapi.go new file mode 100644 index 000000000..f597571f5 --- /dev/null +++ b/pkg/apis/org/v1/zz_generated.openapi.go @@ -0,0 +1,636 @@ +// +build !ignore_autogenerated + +// This file was autogenerated by openapi-gen. Do not edit it manually! + +package v1 + +import ( + spec "github.com/go-openapi/spec" + common "k8s.io/kube-openapi/pkg/common" +) + +func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenAPIDefinition { + return map[string]common.OpenAPIDefinition{ + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheCluster": schema_pkg_apis_org_v1_CheCluster(ref), + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpec": schema_pkg_apis_org_v1_CheClusterSpec(ref), + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecAuth": schema_pkg_apis_org_v1_CheClusterSpecAuth(ref), + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecDB": schema_pkg_apis_org_v1_CheClusterSpecDB(ref), + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecK8SOnly": schema_pkg_apis_org_v1_CheClusterSpecK8SOnly(ref), + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecServer": schema_pkg_apis_org_v1_CheClusterSpecServer(ref), + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecStorage": schema_pkg_apis_org_v1_CheClusterSpecStorage(ref), + } +} + +func schema_pkg_apis_org_v1_CheCluster(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "The `CheCluster` custom resource allows defining and managing a Che server installation", + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpec"), + }, + }, + "status": { + SchemaProps: spec.SchemaProps{ + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterStatus"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpec", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterStatus", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_pkg_apis_org_v1_CheClusterSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Desired configuration of the Che installation. Based on these settings, the operator automatically creates and maintains several config maps that will contain the appropriate environment variables the various components of the Che installation. These generated config maps should NOT be updated manually.", + Properties: map[string]spec.Schema{ + "server": { + SchemaProps: spec.SchemaProps{ + Description: "General configuration settings related to the Che server and the plugin and devfile registries", + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecServer"), + }, + }, + "database": { + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings related to the database used by the Che installation.", + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecDB"), + }, + }, + "auth": { + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings related to the Authentication used by the Che installation.", + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecAuth"), + }, + }, + "storage": { + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings related to the persistent storage used by the Che installation.", + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecStorage"), + }, + }, + "k8s": { + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings specific to Che installations made on upstream Kubernetes.", + Ref: ref("github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecK8SOnly"), + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecAuth", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecDB", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecK8SOnly", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecServer", "github.com/eclipse/che-operator/pkg/apis/org/v1.CheClusterSpecStorage"}, + } +} + +func schema_pkg_apis_org_v1_CheClusterSpecAuth(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings related to the Authentication used by the Che installation.", + Properties: map[string]spec.Schema{ + "externalIdentityProvider": { + SchemaProps: spec.SchemaProps{ + Description: "Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with: `identityProvider`.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "identityProviderURL": { + SchemaProps: spec.SchemaProps{ + Description: "Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderAdminUserName": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the name of the Identity Provider admin user. Defaults to `admin`.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderPassword": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderRealm": { + SchemaProps: spec.SchemaProps{ + Description: "Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderClientId": { + SchemaProps: spec.SchemaProps{ + Description: "Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderPostgresPassword": { + SchemaProps: spec.SchemaProps{ + Description: "Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password.", + Type: []string{"string"}, + Format: "", + }, + }, + "updateAdminPassword": { + SchemaProps: spec.SchemaProps{ + Description: "Forces the default `admin` Che user to update password on first login. Defaults to `false`.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "openShiftoAuth": { + SchemaProps: spec.SchemaProps{ + Description: "Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift. This will allow users to directly login with their Openshift user throug the Openshift login, and have their workspaces created under personnal OpenShift namespaces. WARNING: the `kuebadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "oAuthClientName": { + SchemaProps: spec.SchemaProps{ + Description: "Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field.", + Type: []string{"string"}, + Format: "", + }, + }, + "oAuthSecret": { + SchemaProps: spec.SchemaProps{ + Description: "Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderImage": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "identityProviderImagePullPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{}, + } +} + +func schema_pkg_apis_org_v1_CheClusterSpecDB(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings related to the database used by the Che installation.", + Properties: map[string]spec.Schema{ + "externalDb": { + SchemaProps: spec.SchemaProps{ + Description: "Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with: `chePostgres`.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "chePostgresHostName": { + SchemaProps: spec.SchemaProps{ + Description: "Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "chePostgresPort": { + SchemaProps: spec.SchemaProps{ + Description: "Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "chePostgresUser": { + SchemaProps: spec.SchemaProps{ + Description: "Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`.", + Type: []string{"string"}, + Format: "", + }, + }, + "chePostgresPassword": { + SchemaProps: spec.SchemaProps{ + Description: "Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value.", + Type: []string{"string"}, + Format: "", + }, + }, + "chePostgresDb": { + SchemaProps: spec.SchemaProps{ + Description: "Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`.", + Type: []string{"string"}, + Format: "", + }, + }, + "postgresImage": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "postgresImagePullPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{}, + } +} + +func schema_pkg_apis_org_v1_CheClusterSpecK8SOnly(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings specific to Che installations made on upstream Kubernetes.", + Properties: map[string]spec.Schema{ + "ingressDomain": { + SchemaProps: spec.SchemaProps{ + Description: "Global ingress domain for a K8S cluster. This MUST be explicitly specified: there are no defaults.", + Type: []string{"string"}, + Format: "", + }, + }, + "ingressStrategy": { + SchemaProps: spec.SchemaProps{ + Description: "Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `\"multi-host`", + Type: []string{"string"}, + Format: "", + }, + }, + "ingressClass": { + SchemaProps: spec.SchemaProps{ + Description: "Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses.", + Type: []string{"string"}, + Format: "", + }, + }, + "tlsSecretName": { + SchemaProps: spec.SchemaProps{ + Description: "Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. See also the `tlsSupport` field.", + Type: []string{"string"}, + Format: "", + }, + }, + "securityContextFsGroup": { + SchemaProps: spec.SchemaProps{ + Description: "FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`.", + Type: []string{"string"}, + Format: "", + }, + }, + "securityContextRunAsUser": { + SchemaProps: spec.SchemaProps{ + Description: "ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{}, + } +} + +func schema_pkg_apis_org_v1_CheClusterSpecServer(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "General configuration settings related to the Che server and the plugin and devfile registries.", + Properties: map[string]spec.Schema{ + "airGapContainerRegistryHostname": { + SchemaProps: spec.SchemaProps{ + Description: "Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment.", + Type: []string{"string"}, + Format: "", + }, + }, + "airGapContainerRegistryOrganization": { + SchemaProps: spec.SchemaProps{ + Description: "Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheImage": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheImageTag": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheImagePullPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheFlavor": { + SchemaProps: spec.SchemaProps{ + Description: "Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overriden.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheHost": { + SchemaProps: spec.SchemaProps{ + Description: "Public hostname of the installed Che server. This will be automatically set by the operator. In most cases the default value set by the operator should not be overriden.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheLogLevel": { + SchemaProps: spec.SchemaProps{ + Description: "Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheDebug": { + SchemaProps: spec.SchemaProps{ + Description: "Enables the debug mode for Che server. Defaults to `false`.", + Type: []string{"string"}, + Format: "", + }, + }, + "cheWorkspaceClusterRole": { + SchemaProps: spec.SchemaProps{ + Description: "Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank.", + Type: []string{"string"}, + Format: "", + }, + }, + "selfSignedCert": { + SchemaProps: spec.SchemaProps{ + Description: "Enables the support of OpenShift clusters whose router uses self-signed certificates. When enabled, the operator retrieves the default self-signed certificate of OpenShift routes and adds it to the Java trust store of the Che server. This is usually required when activating the `tlsSupport` field on demo OpenShift clusters that have not been setup with a valid certificate for the routes. This is disabled by default.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "tlsSupport": { + SchemaProps: spec.SchemaProps{ + Description: "Instructs the operator to deploy Che in TLS mode, ie with TLS routes or ingresses. This is disabled by default. WARNING: Enabling TLS might require enabling the `selfSignedCert` field also in some cases.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "devfileRegistryUrl": { + SchemaProps: spec.SchemaProps{ + Description: "Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "devfileRegistryImage": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "devfileRegistryPullPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the image pull policy used in the Devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.", + Type: []string{"string"}, + Format: "", + }, + }, + "devfileRegistryMemoryLimit": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi.", + Type: []string{"string"}, + Format: "", + }, + }, + "devfileRegistryMemoryRequest": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi.", + Type: []string{"string"}, + Format: "", + }, + }, + "externalDevfileRegistry": { + SchemaProps: spec.SchemaProps{ + Description: "Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field", + Type: []string{"boolean"}, + Format: "", + }, + }, + "pluginRegistryUrl": { + SchemaProps: spec.SchemaProps{ + Description: "Public URL of the Plugin registry, that serves sample ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field). By default this will be automatically calculated by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "pluginRegistryImage": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator.", + Type: []string{"string"}, + Format: "", + }, + }, + "pluginRegistryPullPolicy": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the image pull policy used in the Plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases.", + Type: []string{"string"}, + Format: "", + }, + }, + "pluginRegistryMemoryLimit": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi.", + Type: []string{"string"}, + Format: "", + }, + }, + "pluginRegistryMemoryRequest": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi.", + Type: []string{"string"}, + Format: "", + }, + }, + "externalPluginRegistry": { + SchemaProps: spec.SchemaProps{ + Description: "Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "customCheProperties": { + SchemaProps: spec.SchemaProps{ + Description: "Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead.", + Type: []string{"object"}, + AdditionalProperties: &spec.SchemaOrBool{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + "proxyURL": { + SchemaProps: spec.SchemaProps{ + Description: "URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required.", + Type: []string{"string"}, + Format: "", + }, + }, + "proxyPort": { + SchemaProps: spec.SchemaProps{ + Description: "Port of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field).", + Type: []string{"string"}, + Format: "", + }, + }, + "nonProxyHosts": { + SchemaProps: spec.SchemaProps{ + Description: "List of hosts that should not use the configured proxy. Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` Only use when configuring a proxy is required (see also the `proxyURL` field).", + Type: []string{"string"}, + Format: "", + }, + }, + "proxyUser": { + SchemaProps: spec.SchemaProps{ + Description: "User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field).", + Type: []string{"string"}, + Format: "", + }, + }, + "proxyPassword": { + SchemaProps: spec.SchemaProps{ + Description: "Password of the proxy server\n\nOnly use when proxy configuration is required (see also the `proxyUser` field).", + Type: []string{"string"}, + Format: "", + }, + }, + "serverMemoryRequest": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the memory request used in the Che server deployment. Defaults to 512Mi.", + Type: []string{"string"}, + Format: "", + }, + }, + "serverMemoryLimit": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the memory limit used in the Che server deployment. Defaults to 1Gi.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{}, + } +} + +func schema_pkg_apis_org_v1_CheClusterSpecStorage(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "Configuration settings related to the persistent storage used by the Che installation.", + Properties: map[string]spec.Schema{ + "pvcStrategy": { + SchemaProps: spec.SchemaProps{ + Description: "Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`.", + Type: []string{"string"}, + Format: "", + }, + }, + "pvcClaimSize": { + SchemaProps: spec.SchemaProps{ + Description: "Size of the persistent volume claim for workspaces. Defaults to `1Gi`", + Type: []string{"string"}, + Format: "", + }, + }, + "preCreateSubPaths": { + SchemaProps: spec.SchemaProps{ + Description: "Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster.", + Type: []string{"boolean"}, + Format: "", + }, + }, + "pvcJobsImage": { + SchemaProps: spec.SchemaProps{ + Description: "Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field.", + Type: []string{"string"}, + Format: "", + }, + }, + "postgresPVCStorageClassName": { + SchemaProps: spec.SchemaProps{ + Description: "Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used.", + Type: []string{"string"}, + Format: "", + }, + }, + "workspacePVCStorageClassName": { + SchemaProps: spec.SchemaProps{ + Description: "Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used.", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + Dependencies: []string{}, + } +} diff --git a/pkg/controller/che/che_controller.go b/pkg/controller/che/che_controller.go index fcc93094e..8e1547d26 100644 --- a/pkg/controller/che/che_controller.go +++ b/pkg/controller/che/che_controller.go @@ -246,7 +246,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e if isOpenShift { // delete oAuthClient before CR is deleted - doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftOauth + doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftoAuth if doInstallOpenShiftoAuthProvider { if err := r.ReconcileFinalizer(instance); err != nil { return reconcile.Result{}, err @@ -287,7 +287,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e // To use Openshift v4 OAuth, the OAuth endpoints are served from a namespace // and NOT from the Openshift API Master URL (as in v3) // So we also need the self-signed certificate to access them (same as the Che server) - (isOpenShift4 && instance.Spec.Auth.OpenShiftOauth && !instance.Spec.Server.TlsSupport) { + (isOpenShift4 && instance.Spec.Auth.OpenShiftoAuth && !instance.Spec.Server.TlsSupport) { if err := r.CreateTLSSecret(instance, "", "self-signed-certificate"); err != nil { return reconcile.Result{}, err } @@ -308,7 +308,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e } } - if instance.Spec.Auth.OpenShiftOauth { + if instance.Spec.Auth.OpenShiftoAuth { users := &userv1.UserList{} listOptions := &client.ListOptions{} if err := r.nonCachedClient.List(context.TODO(), listOptions, users); err != nil { @@ -392,13 +392,13 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err } chePostgresPassword := instance.Spec.Database.ChePostgresPassword - keycloakPostgresPassword := instance.Spec.Auth.KeycloakPostgresPassword - keycloakAdminPassword := instance.Spec.Auth.KeycloakAdminPassword + keycloakPostgresPassword := instance.Spec.Auth.IdentityProviderPostgresPassword + keycloakAdminPassword := instance.Spec.Auth.IdentityProviderPassword cheFlavor := util.GetValue(instance.Spec.Server.CheFlavor, deploy.DefaultCheFlavor) // Create Postgres resources and provisioning unless an external DB is used - externalDB := instance.Spec.Database.ExternalDB + externalDB := instance.Spec.Database.ExternalDb if !externalDB { // Create a new postgres service postgresLabels := deploy.GetLabels(instance, "postgres") @@ -485,8 +485,8 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e } } - ingressStrategy := util.GetValue(instance.Spec.K8SOnly.IngressStrategy, deploy.DefaultIngressStrategy) - ingressDomain := instance.Spec.K8SOnly.IngressDomain + ingressStrategy := util.GetValue(instance.Spec.K8s.IngressStrategy, deploy.DefaultIngressStrategy) + ingressDomain := instance.Spec.K8s.IngressDomain tlsSupport := instance.Spec.Server.TlsSupport protocol := "http" if tlsSupport { @@ -538,7 +538,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e } // create and provision Keycloak related objects - ExternalKeycloak := instance.Spec.Auth.ExternalKeycloak + ExternalKeycloak := instance.Spec.Auth.ExternalIdentityProvider if !ExternalKeycloak { keycloakLabels := deploy.GetLabels(instance, "keycloak") @@ -556,9 +556,9 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e if ingressStrategy == "multi-host" { keycloakURL = protocol + "://keycloak-" + instance.Namespace + "." + ingressDomain } - if len(instance.Spec.Auth.KeycloakURL) == 0 { - instance.Spec.Auth.KeycloakURL = keycloakURL - if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.KeycloakURL); err != nil { + if len(instance.Spec.Auth.IdentityProviderURL) == 0 { + instance.Spec.Auth.IdentityProviderURL = keycloakURL + if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.IdentityProviderURL); err != nil { instance, _ = r.GetCR(request) return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err } @@ -573,17 +573,17 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e return reconcile.Result{}, err } keycloakURL := keycloakRoute.Spec.Host - if len(instance.Spec.Auth.KeycloakURL) == 0 { - instance.Spec.Auth.KeycloakURL = protocol + "://" + keycloakURL + if len(instance.Spec.Auth.IdentityProviderURL) == 0 { + instance.Spec.Auth.IdentityProviderURL = protocol + "://" + keycloakURL if len(keycloakURL) < 1 { keycloakURL := r.GetEffectiveRoute(instance, keycloakRoute.Name).Spec.Host - instance.Spec.Auth.KeycloakURL = protocol + "://" + keycloakURL + instance.Spec.Auth.IdentityProviderURL = protocol + "://" + keycloakURL } - if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.KeycloakURL); err != nil { + if err := r.UpdateCheCRSpec(instance, "Keycloak URL", instance.Spec.Auth.IdentityProviderURL); err != nil { return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err } instance.Status.KeycloakURL = protocol + "://" + keycloakURL - if err := r.UpdateCheCRStatus(instance, "status: Keycloak URL", instance.Spec.Auth.KeycloakURL); err != nil { + if err := r.UpdateCheCRStatus(instance, "status: Keycloak URL", instance.Spec.Auth.IdentityProviderURL); err != nil { instance, _ = r.GetCR(request) return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err } @@ -614,9 +614,9 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e k8sclient.GetDeploymentRollingUpdateStatus("keycloak", instance.Namespace) } - desiredImage := util.GetValue(instance.Spec.Auth.KeycloakImage, deploy.DefaultKeycloakImage(instance, cheFlavor)) + desiredImage := util.GetValue(instance.Spec.Auth.IdentityProviderImage, deploy.DefaultKeycloakImage(instance, cheFlavor)) effectiveImage := effectiveKeycloakDeployment.Spec.Template.Spec.Containers[0].Image - desiredImagePullPolicy := util.GetValue(string(instance.Spec.Auth.KeycloakImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(desiredImage)) + desiredImagePullPolicy := util.GetValue(string(instance.Spec.Auth.IdentityProviderImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(desiredImage)) effectiveImagePullPolicy := string(effectiveKeycloakDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy) cheCertSecretVersion := r.GetEffectiveSecretResourceVersion(instance, "self-signed-certificate") storedCheCertSecretVersion := effectiveKeycloakDeployment.Annotations["che.self-signed-certificate.version"] @@ -654,7 +654,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e } if isOpenShift { - doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftOauth + doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftoAuth if doInstallOpenShiftoAuthProvider { openShiftIdentityProviderStatus := instance.Status.OpenShiftoAuthProvisioned if !openShiftIdentityProviderStatus { @@ -808,7 +808,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e result, err := addRegistryDeployment( "devfile", devfileRegistryImage, - corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(devfileRegistryImage))), + corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryPullPolicy), deploy.DefaultPullPolicyFromDockerImage(devfileRegistryImage))), util.GetValue(string(instance.Spec.Server.DevfileRegistryMemoryLimit), deploy.DefaultDevfileRegistryMemoryLimit), util.GetValue(string(instance.Spec.Server.DevfileRegistryMemoryRequest), deploy.DefaultDevfileRegistryMemoryRequest), "/devfiles/", @@ -844,7 +844,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e result, err := addRegistryDeployment( "plugin", pluginRegistryImage, - corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryImagePullPolicy), deploy.DefaultPullPolicyFromDockerImage(pluginRegistryImage))), + corev1.PullPolicy(util.GetValue(string(instance.Spec.Server.PluginRegistryPullPolicy), deploy.DefaultPullPolicyFromDockerImage(pluginRegistryImage))), util.GetValue(string(instance.Spec.Server.PluginRegistryMemoryLimit), deploy.DefaultPluginRegistryMemoryLimit), util.GetValue(string(instance.Spec.Server.PluginRegistryMemoryRequest), deploy.DefaultPluginRegistryMemoryRequest), "/v3/plugins/", @@ -1008,8 +1008,8 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e break } for { - instance.Spec.Auth.OauthSecret = "" - instance.Spec.Auth.OauthClientName = "" + instance.Spec.Auth.OAuthSecret = "" + instance.Spec.Auth.OAuthClientName = "" if err := r.UpdateCheCRSpec(instance, "clean oAuth secret name and client name", ""); err != nil && errors.IsConflict(err) { instance, _ = r.GetCR(request) diff --git a/pkg/controller/che/che_controller_test.go b/pkg/controller/che/che_controller_test.go index 1d3e1d33e..4ed20489d 100644 --- a/pkg/controller/che/che_controller_test.go +++ b/pkg/controller/che/che_controller_test.go @@ -184,7 +184,7 @@ func TestCheController(t *testing.T) { } // update CR and make sure Che configmap has been updated - cheCR.Spec.Auth.OpenShiftOauth = true + cheCR.Spec.Auth.OpenShiftoAuth = true if err := cl.Update(context.TODO(), cheCR); err != nil { t.Error("Failed to update CheCluster custom resource") } @@ -217,8 +217,8 @@ func TestCheController(t *testing.T) { err = r.client.Get(context.TODO(), types.NamespacedName{Name: cheCR.Name, Namespace: cheCR.Namespace}, cheCR) err = r.CreateIdentityProviderItems(cheCR, req, "che", "keycloak", false) - oAuthClientName := cheCR.Spec.Auth.OauthClientName - oauthSecret := cheCR.Spec.Auth.OauthSecret + oAuthClientName := cheCR.Spec.Auth.OAuthClientName + oauthSecret := cheCR.Spec.Auth.OAuthSecret if err = r.client.Get(context.TODO(), types.NamespacedName{Name: oAuthClientName, Namespace: ""}, oAuthClient); err != nil { t.Errorf("Failed to Get oAuthClient %s: %s", oAuthClient.Name, err) } @@ -227,7 +227,7 @@ func TestCheController(t *testing.T) { } // check if a new Postgres deployment is not created when spec.Database.ExternalDB is true - cheCR.Spec.Database.ExternalDB = true + cheCR.Spec.Database.ExternalDb = true if err := cl.Update(context.TODO(), cheCR); err != nil { t.Error("Failed to update CheCluster custom resource") } @@ -246,7 +246,7 @@ func TestCheController(t *testing.T) { // check of storageClassName ends up in pvc spec fakeStorageClassName := "fake-storage-class-name" cheCR.Spec.Storage.PostgresPVCStorageClassName = fakeStorageClassName - cheCR.Spec.Database.ExternalDB = false + cheCR.Spec.Database.ExternalDb = false if err := r.client.Update(context.TODO(), cheCR); err != nil { t.Fatalf("Failed to update %s CR: %s", cheCR.Name, err) } @@ -281,7 +281,7 @@ func TestCheController(t *testing.T) { if err := r.ReconcileFinalizer(cheCR); err != nil { t.Fatal("Failed to reconcile oAuthClient") } - oauthClientName := cheCR.Spec.Auth.OauthClientName + oauthClientName := cheCR.Spec.Auth.OAuthClientName _, err = r.GetOAuthClient(oauthClientName) if err == nil { t.Fatalf("OauthClient %s has not been deleted", oauthClientName) diff --git a/pkg/controller/che/create.go b/pkg/controller/che/create.go index 98d5918d4..79c6cbc10 100644 --- a/pkg/controller/che/create.go +++ b/pkg/controller/che/create.go @@ -271,25 +271,25 @@ func (r *ReconcileChe) CreateNewRoleBinding(instance *orgv1.CheCluster, roleBind func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, request reconcile.Request, cheFlavor string, keycloakDeploymentName string, isOpenShift4 bool) (err error) { tests := r.tests - keycloakAdminPassword := instance.Spec.Auth.KeycloakAdminPassword - oAuthClientName := instance.Spec.Auth.OauthClientName + keycloakAdminPassword := instance.Spec.Auth.IdentityProviderPassword + oAuthClientName := instance.Spec.Auth.OAuthClientName if len(oAuthClientName) < 1 { oAuthClientName = instance.Name + "-openshift-identity-provider-" + strings.ToLower(util.GeneratePasswd(6)) - instance.Spec.Auth.OauthClientName = oAuthClientName + instance.Spec.Auth.OAuthClientName = oAuthClientName if err := r.UpdateCheCRSpec(instance, "oAuthClient name", oAuthClientName); err != nil { return err } } - oauthSecret := instance.Spec.Auth.OauthSecret + oauthSecret := instance.Spec.Auth.OAuthSecret if len(oauthSecret) < 1 { oauthSecret = util.GeneratePasswd(12) - instance.Spec.Auth.OauthSecret = oauthSecret + instance.Spec.Auth.OAuthSecret = oauthSecret if err := r.UpdateCheCRSpec(instance, "oAuthC secret name", oauthSecret); err != nil { return err } } - keycloakURL := instance.Spec.Auth.KeycloakURL - keycloakRealm := util.GetValue(instance.Spec.Auth.KeycloakRealm, cheFlavor) + keycloakURL := instance.Spec.Auth.IdentityProviderURL + keycloakRealm := util.GetValue(instance.Spec.Auth.IdentityProviderRealm, cheFlavor) oAuthClient := deploy.NewOAuthClient(oAuthClientName, oauthSecret, keycloakURL, keycloakRealm, isOpenShift4) if err := r.CreateNewOauthClient(instance, oAuthClient); err != nil { return err @@ -311,7 +311,7 @@ func (r *ReconcileChe) CreateIdentityProviderItems(instance *orgv1.CheCluster, r for { instance.Status.OpenShiftoAuthProvisioned = true if err := r.UpdateCheCRStatus(instance, "status: provisioned with OpenShift identity provider", "true"); err != nil && - errors.IsConflict(err) { + errors.IsConflict(err) { instance, _ = r.GetCR(request) continue } @@ -354,9 +354,9 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request } } - keycloakPostgresPassword := util.GetValue(instance.Spec.Auth.KeycloakPostgresPassword, util.GeneratePasswd(12)) - if len(instance.Spec.Auth.KeycloakPostgresPassword) < 1 { - instance.Spec.Auth.KeycloakPostgresPassword = keycloakPostgresPassword + keycloakPostgresPassword := util.GetValue(instance.Spec.Auth.IdentityProviderPostgresPassword, util.GeneratePasswd(12)) + if len(instance.Spec.Auth.IdentityProviderPostgresPassword) < 1 { + instance.Spec.Auth.IdentityProviderPostgresPassword = keycloakPostgresPassword keycloakDeployment, err := r.GetEffectiveDeployment(instance, "keycloak") if err != nil { logrus.Info("Disregard the error. No existing Identity provider deployment found. Generating passwd") @@ -367,28 +367,28 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request return err } } - if len(instance.Spec.Auth.KeycloakAdminPassword) < 1 { - keycloakAdminPassword := util.GetValue(instance.Spec.Auth.KeycloakAdminPassword, util.GeneratePasswd(12)) + if len(instance.Spec.Auth.IdentityProviderPassword) < 1 { + keycloakAdminPassword := util.GetValue(instance.Spec.Auth.IdentityProviderPassword, util.GeneratePasswd(12)) keycloakDeployment, err := r.GetEffectiveDeployment(instance, "keycloak") if err != nil { logrus.Info("Disregard the error. No existing Identity provider deployment found. Generating passwd") } else { keycloakAdminPassword = r.GetDeploymentEnv(keycloakDeployment, "SSO_ADMIN_PASSWORD") } - instance.Spec.Auth.KeycloakAdminPassword = keycloakAdminPassword + instance.Spec.Auth.IdentityProviderPassword = keycloakAdminPassword if err := r.UpdateCheCRSpec(instance, "Keycloak admin password", "password hidden"); err != nil { return err } } - if len(instance.Spec.Auth.KeycloakAdminUserName) < 1 { - keycloakAdminUserName := util.GetValue(instance.Spec.Auth.KeycloakAdminUserName, "admin") + if len(instance.Spec.Auth.IdentityProviderAdminUserName) < 1 { + keycloakAdminUserName := util.GetValue(instance.Spec.Auth.IdentityProviderAdminUserName, "admin") keycloakDeployment, err := r.GetEffectiveDeployment(instance, "keycloak") if err != nil { logrus.Info("Disregard the error. No existing Identity provider deployment found. Generating admin username") } else { keycloakAdminUserName = r.GetDeploymentEnv(keycloakDeployment, "SSO_ADMIN_USERNAME") } - instance.Spec.Auth.KeycloakAdminUserName = keycloakAdminUserName + instance.Spec.Auth.IdentityProviderAdminUserName = keycloakAdminUserName if err := r.UpdateCheCRSpec(instance, "Keycloak admin username", keycloakAdminUserName); err != nil { return err } @@ -407,9 +407,9 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request return err } } - chePostgresHostName := util.GetValue(instance.Spec.Database.ChePostgresDBHostname, deploy.DefaultChePostgresHostName) - if len(instance.Spec.Database.ChePostgresDBHostname) < 1 { - instance.Spec.Database.ChePostgresDBHostname = chePostgresHostName + chePostgresHostName := util.GetValue(instance.Spec.Database.ChePostgresHostName, deploy.DefaultChePostgresHostName) + if len(instance.Spec.Database.ChePostgresHostName) < 1 { + instance.Spec.Database.ChePostgresHostName = chePostgresHostName if err := r.UpdateCheCRSpec(instance, "Postgres hostname", chePostgresHostName); err != nil { return err } @@ -428,16 +428,16 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request return err } } - keycloakRealm := util.GetValue(instance.Spec.Auth.KeycloakRealm, cheFlavor) - if len(instance.Spec.Auth.KeycloakRealm) < 1 { - instance.Spec.Auth.KeycloakRealm = keycloakRealm + keycloakRealm := util.GetValue(instance.Spec.Auth.IdentityProviderRealm, cheFlavor) + if len(instance.Spec.Auth.IdentityProviderRealm) < 1 { + instance.Spec.Auth.IdentityProviderRealm = keycloakRealm if err := r.UpdateCheCRSpec(instance, "Keycloak realm", keycloakRealm); err != nil { return err } } - keycloakClientId := util.GetValue(instance.Spec.Auth.KeycloakClientId, cheFlavor+"-public") - if len(instance.Spec.Auth.KeycloakClientId) < 1 { - instance.Spec.Auth.KeycloakClientId = keycloakClientId + keycloakClientId := util.GetValue(instance.Spec.Auth.IdentityProviderClientId, cheFlavor+"-public") + if len(instance.Spec.Auth.IdentityProviderClientId) < 1 { + instance.Spec.Auth.IdentityProviderClientId = keycloakClientId if err := r.UpdateCheCRSpec(instance, "Keycloak client ID", keycloakClientId); err != nil { return err @@ -491,9 +491,9 @@ func (r *ReconcileChe) GenerateAndSaveFields(instance *orgv1.CheCluster, request } } - if instance.Spec.Auth.KeycloakImage == deploy.OldDefaultKeycloakUpstreamImageToDetect { - instance.Spec.Auth.KeycloakImage = "" - if err := r.UpdateCheCRSpec(instance, "keycloak image", instance.Spec.Auth.KeycloakImage); err != nil { + if instance.Spec.Auth.IdentityProviderImage == deploy.OldDefaultKeycloakUpstreamImageToDetect { + instance.Spec.Auth.IdentityProviderImage = "" + if err := r.UpdateCheCRSpec(instance, "keycloak image", instance.Spec.Auth.IdentityProviderImage); err != nil { return err } } diff --git a/pkg/controller/che/finalizer.go b/pkg/controller/che/finalizer.go index dbfb401e9..e4084d5d2 100644 --- a/pkg/controller/che/finalizer.go +++ b/pkg/controller/che/finalizer.go @@ -1,11 +1,11 @@ package che import ( - "k8s.io/apimachinery/pkg/api/errors" "context" orgv1 "github.com/eclipse/che-operator/pkg/apis/org/v1" "github.com/eclipse/che-operator/pkg/util" "github.com/sirupsen/logrus" + "k8s.io/apimachinery/pkg/api/errors" ) func (r *ReconcileChe) ReconcileFinalizer(instance *orgv1.CheCluster) (err error) { @@ -18,7 +18,7 @@ func (r *ReconcileChe) ReconcileFinalizer(instance *orgv1.CheCluster) (err error } } else { if util.ContainsString(instance.ObjectMeta.Finalizers, oAuthFinalizerName) { - oAuthClientName := instance.Spec.Auth.OauthClientName + oAuthClientName := instance.Spec.Auth.OAuthClientName logrus.Infof("Custom resource %s is being deleted. Deleting oAuthClient %s first", instance.Name, oAuthClientName) oAuthClient, err := r.GetOAuthClient(oAuthClientName) if err == nil { diff --git a/pkg/controller/che/status.go b/pkg/controller/che/status.go index 3dd433f15..2f7f60fa0 100644 --- a/pkg/controller/che/status.go +++ b/pkg/controller/che/status.go @@ -31,7 +31,7 @@ func (r *ReconcileChe) SetCheAvailableStatus(instance *orgv1.CheCluster, request if cheFlavor == "codeready" { name = "CodeReady Workspaces" } - keycloakURL := instance.Spec.Auth.KeycloakURL + keycloakURL := instance.Spec.Auth.IdentityProviderURL instance.Status.KeycloakURL = keycloakURL if err := r.UpdateCheCRStatus(instance, "Keycloak URL status", keycloakURL); err != nil { instance, _ = r.GetCR(request) @@ -88,7 +88,6 @@ func (r *ReconcileChe) SetStatusDetails(instance *orgv1.CheCluster, request reco return nil } - func (r *ReconcileChe) SetCheRollingUpdateStatus(instance *orgv1.CheCluster, request reconcile.Request) (err error) { instance.Status.CheClusterRunning = RollingUpdateInProgressStatus diff --git a/pkg/controller/che/update.go b/pkg/controller/che/update.go index de7de2b64..84d51b4e1 100644 --- a/pkg/controller/che/update.go +++ b/pkg/controller/che/update.go @@ -80,7 +80,7 @@ func (r *ReconcileChe) UpdateConfigMap(instance *orgv1.CheCluster) (updated bool func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request reconcile.Request, cheFlavor string, tlsSupport bool, isOpenShift bool) (updated bool, err error) { - updateRegistryRoute := func (registryType string) (bool, error) { + updateRegistryRoute := func(registryType string) (bool, error) { registryName := registryType + "-registry" if !isOpenShift { currentRegistryIngress := r.GetEffectiveIngress(instance, registryName) @@ -93,7 +93,7 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r return false, err } registryIngress := deploy.NewIngress(instance, registryName, registryName, 8080) - + if err := r.CreateNewIngress(instance, registryIngress); err != nil { logrus.Errorf("Failed to create %s %s: %s", registryIngress.Name, registryIngress.Kind, err) return false, err @@ -111,11 +111,11 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r return false, err } registryRoute := deploy.NewRoute(instance, registryName, registryName, 8080) - + if tlsSupport { registryRoute = deploy.NewTlsRoute(instance, registryName, registryName, 8080) } - + if err := r.CreateNewRoute(instance, registryRoute); err != nil { logrus.Errorf("Failed to create %s %s: %s", registryRoute.Name, registryRoute.Kind, err) return false, err @@ -124,12 +124,12 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r } updated, err = updateRegistryRoute("devfile") - if !(updated || instance.Spec.Server.ExternalDevfileRegistry) || err != nil { + if !(updated || instance.Spec.Server.ExternalDevfileRegistry) || err != nil { return updated, err } updated, err = updateRegistryRoute("plugin") - if !(updated || instance.Spec.Server.ExternalPluginRegistry) || err != nil { + if !(updated || instance.Spec.Server.ExternalPluginRegistry) || err != nil { return updated, err } @@ -139,8 +139,8 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r } // reconcile ingresses if !isOpenShift { - ingressDomain := instance.Spec.K8SOnly.IngressDomain - ingressStrategy := util.GetValue(instance.Spec.K8SOnly.IngressStrategy, deploy.DefaultIngressStrategy) + ingressDomain := instance.Spec.K8s.IngressDomain + ingressStrategy := util.GetValue(instance.Spec.K8s.IngressStrategy, deploy.DefaultIngressStrategy) currentCheIngress := r.GetEffectiveIngress(instance, cheFlavor) if currentCheIngress == nil { return false, err @@ -164,7 +164,7 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r if ingressStrategy == "multi-host" { keycloakURL = protocol + "://keycloak-" + instance.Namespace + "." + ingressDomain } - instance.Spec.Auth.KeycloakURL = keycloakURL + instance.Spec.Auth.IdentityProviderURL = keycloakURL if err := r.UpdateCheCRSpec(instance, "Keycloak URL", keycloakURL); err != nil { return false, err } @@ -211,7 +211,7 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r } else { keycloakURL := currentKeycloakRoute.Spec.Host - instance.Spec.Auth.KeycloakURL = protocol + "://" + keycloakURL + instance.Spec.Auth.IdentityProviderURL = protocol + "://" + keycloakURL if err := r.UpdateCheCRSpec(instance, "Keycloak URL", protocol+"://"+keycloakURL); err != nil { return false, err } @@ -235,8 +235,8 @@ func (r *ReconcileChe) ReconcileTLSObjects(instance *orgv1.CheCluster, request r } func (r *ReconcileChe) ReconcileIdentityProvider(instance *orgv1.CheCluster, isOpenShift4 bool) (deleted bool, err error) { - if instance.Spec.Auth.OpenShiftOauth == false && instance.Status.OpenShiftoAuthProvisioned == true { - keycloakAdminPassword := instance.Spec.Auth.KeycloakAdminPassword + if instance.Spec.Auth.OpenShiftoAuth == false && instance.Status.OpenShiftoAuthProvisioned == true { + keycloakAdminPassword := instance.Spec.Auth.IdentityProviderPassword keycloakDeployment := &appsv1.Deployment{} if err := r.client.Get(context.TODO(), types.NamespacedName{Name: "keycloak", Namespace: instance.Namespace}, keycloakDeployment); err != nil { logrus.Errorf("Deployment %s not found: %s", keycloakDeployment.Name, err) @@ -249,7 +249,7 @@ func (r *ReconcileChe) ReconcileIdentityProvider(instance *orgv1.CheCluster, isO provisioned := ExecIntoPod(podToExec, deleteOpenShiftIdentityProviderProvisionCommand, "delete OpenShift identity provider", instance.Namespace) if provisioned { oAuthClient := &oauth.OAuthClient{} - oAuthClientName := instance.Spec.Auth.OauthClientName + oAuthClientName := instance.Spec.Auth.OAuthClientName if err := r.client.Get(context.TODO(), types.NamespacedName{Name: oAuthClientName, Namespace: ""}, oAuthClient); err != nil { logrus.Errorf("OAuthClient %s not found: %s", oAuthClient.Name, err) } diff --git a/pkg/deploy/che_configmap.go b/pkg/deploy/che_configmap.go index 9e23f4d29..a4ffb4de2 100644 --- a/pkg/deploy/che_configmap.go +++ b/pkg/deploy/che_configmap.go @@ -74,7 +74,7 @@ type CheConfigMap struct { // which is used in CheCluster ConfigMap to configure CheCluster master behavior func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) { cheHost := cr.Spec.Server.CheHost - keycloakURL := cr.Spec.Auth.KeycloakURL + keycloakURL := cr.Spec.Auth.IdentityProviderURL isOpenShift, isOpenshift4, err := util.DetectOpenShift() if err != nil { logrus.Errorf("Failed to get current infra: %s", err) @@ -88,7 +88,7 @@ func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) { workspacesNamespace := cr.Namespace tls := "false" openShiftIdentityProviderId := "NULL" - openshiftOAuth := cr.Spec.Auth.OpenShiftOauth + openshiftOAuth := cr.Spec.Auth.OpenShiftoAuth if openshiftOAuth && isOpenShift { workspacesNamespace = "" openShiftIdentityProviderId = "openshift-v3" @@ -122,10 +122,10 @@ func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) { cheWorkspaceHttpProxy, cheWorkspaceNoProxy = util.GenerateProxyEnvs(cr.Spec.Server.ProxyURL, cr.Spec.Server.ProxyPort, cr.Spec.Server.NonProxyHosts, proxyUser, proxyPassword) } - ingressDomain := cr.Spec.K8SOnly.IngressDomain - tlsSecretName := cr.Spec.K8SOnly.TlsSecretName - securityContextFsGroup := util.GetValue(cr.Spec.K8SOnly.SecurityContextFsGroup, DefaultSecurityContextFsGroup) - securityContextRunAsUser := util.GetValue(cr.Spec.K8SOnly.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser) + ingressDomain := cr.Spec.K8s.IngressDomain + tlsSecretName := cr.Spec.K8s.TlsSecretName + securityContextFsGroup := util.GetValue(cr.Spec.K8s.SecurityContextFsGroup, DefaultSecurityContextFsGroup) + securityContextRunAsUser := util.GetValue(cr.Spec.K8s.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser) pvcStrategy := util.GetValue(cr.Spec.Storage.PvcStrategy, DefaultPvcStrategy) pvcClaimSize := util.GetValue(cr.Spec.Storage.PvcClaimSize, DefaultPvcClaimSize) workspacePvcStorageClassName := cr.Spec.Storage.WorkspacePVCStorageClassName @@ -136,14 +136,14 @@ func GetConfigMapData(cr *orgv1.CheCluster) (cheEnv map[string]string) { if !cr.Spec.Storage.PreCreateSubPaths { preCreateSubPaths = "false" } - chePostgresHostName := util.GetValue(cr.Spec.Database.ChePostgresDBHostname, DefaultChePostgresHostName) + chePostgresHostName := util.GetValue(cr.Spec.Database.ChePostgresHostName, DefaultChePostgresHostName) chePostgresUser := util.GetValue(cr.Spec.Database.ChePostgresUser, DefaultChePostgresUser) chePostgresPort := util.GetValue(cr.Spec.Database.ChePostgresPort, DefaultChePostgresPort) chePostgresDb := util.GetValue(cr.Spec.Database.ChePostgresDb, DefaultChePostgresDb) - keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor) - keycloakClientId := util.GetValue(cr.Spec.Auth.KeycloakClientId, cheFlavor+"-public") - ingressStrategy := util.GetValue(cr.Spec.K8SOnly.IngressStrategy, DefaultIngressStrategy) - ingressClass := util.GetValue(cr.Spec.K8SOnly.IngressClass, DefaultIngressClass) + keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor) + keycloakClientId := util.GetValue(cr.Spec.Auth.IdentityProviderClientId, cheFlavor+"-public") + ingressStrategy := util.GetValue(cr.Spec.K8s.IngressStrategy, DefaultIngressStrategy) + ingressClass := util.GetValue(cr.Spec.K8s.IngressClass, DefaultIngressClass) devfileRegistryUrl := cr.Status.DevfileRegistryURL pluginRegistryUrl := cr.Status.PluginRegistryURL cheLogLevel := util.GetValue(cr.Spec.Server.CheLogLevel, DefaultCheLogLevel) diff --git a/pkg/deploy/che_configmap_test.go b/pkg/deploy/che_configmap_test.go index 6f632cb3c..32a746d96 100644 --- a/pkg/deploy/che_configmap_test.go +++ b/pkg/deploy/che_configmap_test.go @@ -27,7 +27,7 @@ func TestNewCheConfigMap(t *testing.T) { cr := &orgv1.CheCluster{} cr.Spec.Server.CheHost = "myhostname.com" cr.Spec.Server.TlsSupport = true - cr.Spec.Auth.OpenShiftOauth = true + cr.Spec.Auth.OpenShiftoAuth = true cheEnv := GetConfigMapData(cr) testCm := NewCheConfigMap(cr, cheEnv) identityProvider := testCm.Data["CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER"] @@ -52,7 +52,7 @@ func TestConfigMapOverride(t *testing.T) { cr.Spec.Server.CustomCheProperties = map[string]string{ "CHE_WORKSPACE_NO_PROXY": "myproxy.myhostname.com", } - cr.Spec.Auth.OpenShiftOauth = true + cr.Spec.Auth.OpenShiftoAuth = true cheEnv := GetConfigMapData(cr) testCm := NewCheConfigMap(cr, cheEnv) if testCm.Data["CHE_WORKSPACE_NO_PROXY"] != "myproxy.myhostname.com" { diff --git a/pkg/deploy/deployment_che.go b/pkg/deploy/deployment_che.go index 8a1ede943..f4881bf77 100644 --- a/pkg/deploy/deployment_che.go +++ b/pkg/deploy/deployment_che.go @@ -162,11 +162,11 @@ func NewCheDeployment(cr *orgv1.CheCluster, cheImage string, cheTag string, cmRe }, } if !isOpenshift { - runAsUser, err := strconv.ParseInt(util.GetValue(cr.Spec.K8SOnly.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser), 10, 64) + runAsUser, err := strconv.ParseInt(util.GetValue(cr.Spec.K8s.SecurityContextRunAsUser, DefaultSecurityContextRunAsUser), 10, 64) if err != nil { return nil, err } - fsGroup, err := strconv.ParseInt(util.GetValue(cr.Spec.K8SOnly.SecurityContextFsGroup, DefaultSecurityContextFsGroup), 10, 64) + fsGroup, err := strconv.ParseInt(util.GetValue(cr.Spec.K8s.SecurityContextFsGroup, DefaultSecurityContextFsGroup), 10, 64) if err != nil { return nil, err } diff --git a/pkg/deploy/deployment_keycloak.go b/pkg/deploy/deployment_keycloak.go index 94871a6cc..10f52bfa9 100644 --- a/pkg/deploy/deployment_keycloak.go +++ b/pkg/deploy/deployment_keycloak.go @@ -25,8 +25,8 @@ func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string optionalEnv := true keycloakName := "keycloak" labels := GetLabels(cr, keycloakName) - keycloakImage := util.GetValue(cr.Spec.Auth.KeycloakImage, DefaultKeycloakImage(cr, cheFlavor)) - pullPolicy := corev1.PullPolicy(util.GetValue(string(cr.Spec.Auth.KeycloakImagePullPolicy), DefaultPullPolicyFromDockerImage(keycloakImage))) + keycloakImage := util.GetValue(cr.Spec.Auth.IdentityProviderImage, DefaultKeycloakImage(cr, cheFlavor)) + pullPolicy := corev1.PullPolicy(util.GetValue(string(cr.Spec.Auth.IdentityProviderImagePullPolicy), DefaultPullPolicyFromDockerImage(keycloakImage))) trustpass := util.GeneratePasswd(12) jbossDir := "/opt/eap" if cheFlavor == "che" { @@ -68,7 +68,7 @@ func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string "\"" + jbossDir + "/openshift.jks\", password => \"" + trustpass + "\", disabled => \"false\" },enabled=true) \n" + "stop-embedded-server\" > /scripts/add_openshift_certificate.cli && " + "/opt/jboss/keycloak/bin/jboss-cli.sh --file=/scripts/add_openshift_certificate.cli" - keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, DefaultKeycloakAdminUserName) + keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, DefaultKeycloakAdminUserName) keycloakEnv := []corev1.EnvVar{ { Name: "PROXY_ADDRESS_FORWARDING", diff --git a/pkg/deploy/exec_commands.go b/pkg/deploy/exec_commands.go index 6bdbec6d7..7f2d1a48e 100644 --- a/pkg/deploy/exec_commands.go +++ b/pkg/deploy/exec_commands.go @@ -25,7 +25,7 @@ import ( func GetPostgresProvisionCommand(cr *orgv1.CheCluster) (command string) { chePostgresUser := util.GetValue(cr.Spec.Database.ChePostgresUser, DefaultChePostgresUser) - keycloakPostgresPassword := cr.Spec.Auth.KeycloakPostgresPassword + keycloakPostgresPassword := cr.Spec.Auth.IdentityProviderPostgresPassword command = "OUT=$(psql postgres -tAc \"SELECT 1 FROM pg_roles WHERE rolname='keycloak'\"); " + "if [ $OUT -eq 1 ]; then echo \"DB exists\"; exit 0; fi " + @@ -38,13 +38,13 @@ func GetPostgresProvisionCommand(cr *orgv1.CheCluster) (command string) { } func GetKeycloakProvisionCommand(cr *orgv1.CheCluster, cheHost string) (command string) { - keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, "admin") - keycloakAdminPassword := util.GetValue(cr.Spec.Auth.KeycloakAdminPassword, "admin") + keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, "admin") + keycloakAdminPassword := util.GetValue(cr.Spec.Auth.IdentityProviderPassword, "admin") requiredActions := "" updateAdminPassword := cr.Spec.Auth.UpdateAdminPassword cheFlavor := util.GetValue(cr.Spec.Server.CheFlavor, DefaultCheFlavor) - keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor) - keycloakClientId := util.GetValue(cr.Spec.Auth.KeycloakClientId, cheFlavor+"-public") + keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor) + keycloakClientId := util.GetValue(cr.Spec.Auth.IdentityProviderClientId, cheFlavor+"-public") if updateAdminPassword { requiredActions = "\"UPDATE_PASSWORD\"" @@ -88,8 +88,8 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli return "", err } - keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor) - keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, DefaultKeycloakAdminUserName) + keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor) + keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, DefaultKeycloakAdminUserName) script := "/opt/jboss/keycloak/bin/kcadm.sh" if cheFlavor == "codeready" { script = "/opt/eap/bin/kcadm.sh" @@ -106,11 +106,11 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli logrus.Errorf("Failed to locate keycloak oauth provisioning file: %s", err) } createOpenShiftIdentityProviderTemplate := string(file) -/* - In order to have the token-exchange currently working and easily usable, we should (in case of Keycloak) be able to - - Automatically redirect the user to its Keycloak account page to set those required values when the email is empty (instead of failing here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakEnvironmentInitalizationFilter.java#L125) - - Or at least point with a link to the place where it can be set (the KeycloakSettings PROFILE_ENDPOINT_SETTING value) - (cf. here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSettings.java#L117) + /* + In order to have the token-exchange currently working and easily usable, we should (in case of Keycloak) be able to + - Automatically redirect the user to its Keycloak account page to set those required values when the email is empty (instead of failing here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakEnvironmentInitalizationFilter.java#L125) + - Or at least point with a link to the place where it can be set (the KeycloakSettings PROFILE_ENDPOINT_SETTING value) + (cf. here: https://github.com/eclipse/che/blob/master/multiuser/keycloak/che-multiuser-keycloak-server/src/main/java/org/eclipse/che/multiuser/keycloak/server/KeycloakSettings.java#L117) */ template, err := template.New("IdentityProviderProvisioning").Parse(createOpenShiftIdentityProviderTemplate) @@ -144,7 +144,7 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli } command = buffer.String() - + if cheFlavor == "che" { command = "cd /scripts && export JAVA_TOOL_OPTIONS=-Duser.home=. && " + command } @@ -153,8 +153,8 @@ func GetOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, oAuthCli func GetDeleteOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, keycloakAdminPassword string, isOpenShift4 bool) (command string) { cheFlavor := util.GetValue(cr.Spec.Server.CheFlavor, DefaultCheFlavor) - keycloakRealm := util.GetValue(cr.Spec.Auth.KeycloakRealm, cheFlavor) - keycloakAdminUserName := util.GetValue(cr.Spec.Auth.KeycloakAdminUserName, DefaultKeycloakAdminUserName) + keycloakRealm := util.GetValue(cr.Spec.Auth.IdentityProviderRealm, cheFlavor) + keycloakAdminUserName := util.GetValue(cr.Spec.Auth.IdentityProviderAdminUserName, DefaultKeycloakAdminUserName) script := "/opt/jboss/keycloak/bin/kcadm.sh" if cheFlavor == "codeready" { script = "/opt/eap/bin/kcadm.sh" @@ -176,4 +176,3 @@ func GetDeleteOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, ke } return command } - diff --git a/pkg/deploy/ingress.go b/pkg/deploy/ingress.go index 390ffcdce..9ecbad74b 100644 --- a/pkg/deploy/ingress.go +++ b/pkg/deploy/ingress.go @@ -21,14 +21,14 @@ import ( func NewIngress(cr *orgv1.CheCluster, name string, serviceName string, port int) *v1beta1.Ingress { tlsSupport := cr.Spec.Server.TlsSupport - ingressStrategy := cr.Spec.K8SOnly.IngressStrategy + ingressStrategy := cr.Spec.K8s.IngressStrategy if len(ingressStrategy) < 1 { ingressStrategy = "multi-host" } - ingressDomain := cr.Spec.K8SOnly.IngressDomain - ingressClass := util.GetValue(cr.Spec.K8SOnly.IngressClass, DefaultIngressClass) + ingressDomain := cr.Spec.K8s.IngressDomain + ingressClass := util.GetValue(cr.Spec.K8s.IngressClass, DefaultIngressClass) labels := GetLabels(cr, name) - tlsSecretName := cr.Spec.K8SOnly.TlsSecretName + tlsSecretName := cr.Spec.K8s.TlsSecretName tls := "false" if tlsSupport { tls = "true" @@ -95,4 +95,3 @@ func NewIngress(cr *orgv1.CheCluster, name string, serviceName string, port int) }, } } -