seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use new opm bundle format. (#423) 

* Use new opm bundle format.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Fix csv file. Check works :)

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Add old files to pass check...

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Improve code.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Code clean up. Remove separated code for crc in the TestCatalogSource.sh. Test works for Crc in the same way like Openshift ci. Fix build opm bundle script.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Make bigger timeout for minishift ci test.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Remove not used script testCSV.sh. Update contribution README.md. Worked on fix minishift CI test.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Use eclipse image registry to push images.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Fix and simplify testUpdate.sh for openshift nightly channel.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Improve docs. Provide buildFirstBundle.sh script for dev purpose.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Add more info to the docs.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Improve docs about private registry

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Use only nightly in the nightly bundles.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Fix README.md typos.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Handle requested code review changes.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Pr code check works notified me one time :) . So update nightly bundle and fix some docs.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Fix testCatalogSource.sh

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Remove accidentally commited generated file.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>

* Update gitignore.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
pull/436/head
Oleksandr Andriienko 2020-09-10 03:33:24 -04:00 committed by GitHub
parent b85472926f
commit 84ac62cbd3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
48 changed files with 5408 additions and 219 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
.ci/cico_olm_minikube.sh
View File

@ -40,6 +40,9 @@ export NAMESPACE
OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly"
export OPERATOR_IMAGE
IMAGE_REGISTRY_HOST="0.0.0.0:5000"
export IMAGE_REGISTRY_HOST
# run function run the tests in ci of custom catalog source.
function run() {
# Execute test catalog source script
@ -56,11 +59,28 @@ function run() {
waitWorkspaceStart
}
function setPrivateRegistryForDocker {
dockerDaemonConfig="/etc/docker/daemon.json"
mkdir -p "/etc/docker"
touch "${dockerDaemonConfig}"
config="{\"insecure-registries\" : [\"${IMAGE_REGISTRY_HOST}\"]}"
echo "${config}" | sudo tee "${dockerDaemonConfig}"
if [ -x "$(command -v docker)" ]; then
echo "[INFO] Restart docker daemon to set up private registry info."
systemctl restart docker
fi
}
source "${OPERATOR_REPO}"/.ci/util/ci_common.sh
installYQ
installJQ
install_VirtPackages
# Docker should trust minikube private registry provided by "registry" addon
setPrivateRegistryForDocker
installStartDocker
source ${OPERATOR_REPO}/.ci/start-minikube.sh
installChectl
run

5
.ci/cico_olm_openshift.sh
View File

@ -25,9 +25,12 @@ export ARTIFACTS_DIR
CI_COMPONENT="che-operator-catalog"
export CI_COMPONENT
CATALOG_SOURCE_IMAGE_NAME=${CI_COMPONENT}:stable
export CATALOG_SOURCE_IMAGE_NAME
# This image is builded by Openshift CI and exposed to be consumed for olm tests.
#OPENSHIFT_BUILD_NAMESPACE env var exposed by Openshift CI. More info about how images are builded in Openshift CI: https://github.com/openshift/ci-tools/blob/master/TEMPLATES.md#parameters-available-to-templates
CATALOG_SOURCE_IMAGE=registry.svc.ci.openshift.org/${OPENSHIFT_BUILD_NAMESPACE}/stable:${CI_COMPONENT}
CATALOG_SOURCE_IMAGE=registry.svc.ci.openshift.org/${OPENSHIFT_BUILD_NAMESPACE}/${CATALOG_SOURCE_IMAGE_NAME}
export CATALOG_SOURCE_IMAGE
# Choose if install Eclipse Che using an operatorsource or Custom Catalog Source

2
.ci/cico_operator_prcheck.sh
View File

@ -45,7 +45,7 @@ run_tests() {
oc apply -f ${OPERATOR_REPO}/deploy/crds/org_v1_che_crd.yaml
oc_tls_mode
printInfo "Starting to compile e2e tests binary"
docker run -t \
-v ${OPERATOR_REPO}/tmp:/operator \

35
.ci/cico_updates_minishift.sh Normal file → Executable file
View File

@ -33,9 +33,9 @@ init() {
OPERATOR_REPO=$(dirname "$SCRIPT_DIR");
fi
# Create tmp folder and add che operator templates used by server:update command.
mkdir -p "$OPERATOR_REPO/tmp" && chmod 777 "$OPERATOR_REPO/tmp"
cp -r deploy "$OPERATOR_REPO/tmp/che-operator"
# Create tmp folder to save "operator" installer templates
mkdir -p "${OPERATOR_REPO}/tmp" && chmod 777 "${OPERATOR_REPO}/tmp"
cp -rf "${OPERATOR_REPO}/deploy" "${OPERATOR_REPO}/tmp/che-operator"
}
installDependencies() {
@ -65,27 +65,28 @@ installLatestCheStable() {
# Add stable Che images and tag to CR
sed -i "s/cheImage: ''/cheImage: quay.io\/eclipse\/che-server/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
sed -i "s/cheImageTag: ''/cheImageTag: ${previousPackageVersion}/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
sed -i "s/devfileRegistryImage: ''/devfileRegistryImage: quay.io\/eclipse\/che-devfile-registry:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
sed -i "s/pluginRegistryImage: ''/pluginRegistryImage: quay.io\/eclipse\/che-plugin-registry:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
sed -i "s/identityProviderImage: ''/identityProviderImage: quay.io\/eclipse\/che-keycloak:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
# set 'openShiftoAuth: false'
sed -i "s/openShiftoAuth: .*/openShiftoAuth: false/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
# Change operator images defaults in the deployment
sed -i -e "s|nightly|${previousPackageVersion}|" "${OPERATOR_REPO}/tmp/che-operator/operator.yaml"
# Start last stable version of che
chectl server:start --platform=minishift --skip-kubernetes-health-check --che-operator-cr-yaml=${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml \
--che-operator-image=quay.io/eclipse/che-operator:${previousPackageVersion} --installer=operator
chectl server:start --platform=minishift --skip-kubernetes-health-check \
--che-operator-cr-yaml="${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml" --templates="${OPERATOR_REPO}/tmp" \
--installer=operator
}
# Utility to wait for new release to be up
waitForNewCheVersion() {
export n=0
while [ $n -le 360 ]
while [ $n -le 500 ]
do
cheVersion=$(oc get checluster/eclipse-che -n "${NAMESPACE}" -o jsonpath={.status.cheVersion})
cheVersion=$(oc get checluster/eclipse-che -n "${NAMESPACE}" -o "jsonpath={.status.cheVersion}")
cheIsRunning=$(oc get checluster/eclipse-che -n "${NAMESPACE}" -o "jsonpath={.status.cheClusterRunning}" )
oc get pods -n ${NAMESPACE}
if [ "${cheVersion}" == $lastPackageVersion ]
if [ "${cheVersion}" == "${lastPackageVersion}" ] && [ "${cheIsRunning}" == "Available" ]
then
echo -e "\u001b[32m Installed latest version che-operator: ${lastCSV} \u001b[0m"
break
@ -129,15 +130,13 @@ testUpdates() {
# Create an workspace
getCheAcessToken # Function from ./util/ci_common.sh
chectl workspace:create --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml
chectl workspace:create --devfile=${OPERATOR_REPO}/.ci/util/devfile-test.yaml
# Change operator images defaults in the deployment
sed -i -e "s|${previousPackageVersion}|${lastPackageVersion}|" "${OPERATOR_REPO}/tmp/che-operator/operator.yaml"
# Update the operator to the new release
chectl server:update --skip-version-check --installer=operator --platform=minishift --che-operator-image=quay.io/eclipse/che-operator:${lastPackageVersion} --templates="tmp"
chectl server:update --skip-version-check --installer=operator --platform=minishift --templates="${OPERATOR_REPO}/tmp"
# Patch images and tag the latest release
oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/auth/identityProviderImage", "value":"quay.io/eclipse/che-keycloak:'${lastPackageVersion}'"}]' -n ${NAMESPACE}
oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/server/devfileRegistryImage", "value":"quay.io/eclipse/che-devfile-registry:'${lastPackageVersion}'"}]' -n ${NAMESPACE}
oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/server/pluginRegistryImage", "value":"quay.io/eclipse/che-plugin-registry:'${lastPackageVersion}'"}]' -n ${NAMESPACE}
oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/server/cheImageTag", "value":"'${lastPackageVersion}'"}]' -n ${NAMESPACE}
waitForNewCheVersion

2
.ci/operator_code_check.sh
View File

@ -10,6 +10,8 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
# Deprecated. Use .github/action_scripts/operator_code_check.sh instead of it.
set -e
# Perform git installation before execute.

19
.ci/start-minikube.sh Normal file → Executable file
View File

@ -52,9 +52,6 @@ minikube version
# minikube start
minikube start --kubernetes-version=$KUBERNETES_VERSION --extra-config=apiserver.authorization-mode=RBAC
# Add minikube ingress
minikube addons enable ingress
# waiting for node(s) to be ready
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done
@ -72,3 +69,19 @@ rules:
verbs: ["*"]
EOF
echo "[INFO] Enable ingress addon."
minikube addons enable ingress
echo "[INFO] Enable registry addon."
minikube addons enable registry
echo "[INFO] Minikube Addon list"
minikube addons list
echo "[INFO] Trying to get pod name of the registry proxy..."
REGISTRY_PROXY_POD=$(kubectl get pods -n kube-system -o yaml | grep "name: registry-proxy-" | sed -e 's;.*name: \(\);\1;') || true
echo "[INFO] Proxy pod name is ${REGISTRY_PROXY_POD}"
kubectl wait --for=condition=ready "pods/${REGISTRY_PROXY_POD}" --timeout=120s -n "kube-system" || true
echo "[INFO] Minikube started!"

2
.ci/util/ci_common.sh
View File

@ -171,7 +171,7 @@ waitWorkspaceStart() {
if [ "${workspaceStatus:-NOT_RUNNING}" == "RUNNING" ]
then
printInfo "Workspace started started successfully"
printInfo "Workspace started successfully"
break
fi
sleep 10

44
.github/action_scripts/build_olm_bundle_images.sh vendored Executable file
View File

@ -0,0 +1,44 @@
#!/bin/bash
# Todo: set eclipse value
IMAGE_REGISTRY_USERNAME=eclipse
IMAGE_REGISTRY=quay.io
ROOT_PROJECT_DIR="${GITHUB_WORKSPACE}"
export BASE_DIR="${ROOT_PROJECT_DIR}/olm"
# install yq
pip3 install wheel
pip3 install --upgrade setuptools
pip3 install yq
# Make python3 installed modules "visible"
export PATH=$HOME/.local/bin:$PATH
for platform in 'kubernetes' 'openshift'
do
OPM_BUNDLE_DIR="${ROOT_PROJECT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}"
OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests"
CSV="${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml"
nightlyVersion=$(yq -r ".spec.version" "${CSV}")
CATALOG_BUNDLE_IMAGE_NAME_LOCAL="${IMAGE_REGISTRY}/${IMAGE_REGISTRY_USERNAME}/eclipse-che-${platform}-opm-bundles:${nightlyVersion}"
CATALOG_IMAGENAME="${IMAGE_REGISTRY}/${IMAGE_REGISTRY_USERNAME}/eclipse-che-${platform}-opm-catalog:preview"
source "${ROOT_PROJECT_DIR}/olm/olm.sh" "${platform}" "${nightlyVersion}" "che"
source "${ROOT_PROJECT_DIR}/olm/incrementNightlyBundles.sh"
installOPM
${OPM_BINARY} version
incrementPart=$(getNightlyVersionIncrementPart "${nightlyVersion}")
echo "Nightly increment version ${incrementPart}"
buildBundleImage "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}"
if [ "${incrementPart}" == 0 ]; then
echo "Build very first bundle."
buildCatalogImage "${CATALOG_IMAGENAME}" "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}"
else
buildCatalogImage "${CATALOG_IMAGENAME}" "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" "${CATALOG_IMAGENAME}"
fi
done

121
.github/action_scripts/operator_code_check.sh vendored Executable file
View File

@ -0,0 +1,121 @@
#!/bin/bash
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
set -e
# PR_FILES_CHANGED store all Modified/Created files in Pull Request.
export PR_FILES_CHANGED=$(git --no-pager diff --name-only HEAD "$(git merge-base HEAD origin/master)")
echo "========================="
echo "${PR_FILES_CHANGED}"
echo "========================="
# transform_files function transform PR_FILES_CHANGED into a new array => FILES_CHANGED_ARRAY.
function transform_files() {
for files in ${PR_FILES_CHANGED}
do
FILES_CHANGED_ARRAY+=("${files}")
done
}
# check_che_types function check first if pkg/apis/org/v1/che_types.go file suffer modifications and
# in case of modification should exist also modifications in deploy/crds/* folder.
function check_che_types() {
# CHE_TYPES_FILE make reference to generated code by operator-sdk.
local CHE_TYPES_FILE='pkg/apis/org/v1/che_types.go'
# Export variables for cr/crds files.
local CR_CRD_FOLDER="deploy/crds/"
local CR_CRD_REGEX="\S*org_v1_che_crd.yaml"
if [[ " ${FILES_CHANGED_ARRAY[*]} " =~ ${CHE_TYPES_FILE} ]]; then
echo "[INFO] File ${CHE_TYPES_FILE} suffer modifications in PR. Checking if exist modifications for cr/crd files."
# The script should fail if deploy/crds folder didn't suffer any modification.
if [[ " ${FILES_CHANGED_ARRAY[*]} " =~ $CR_CRD_REGEX ]]; then
echo "[INFO] CR/CRD file modified: ${BASH_REMATCH}"
else
echo "[ERROR] Detected modification in ${CHE_TYPES_FILE} file, but cr/crd files didn't suffer any modification."
exit 1
fi
else
echo "[INFO] ${CHE_TYPES_FILE} don't have any modification."
fi
}
set -e
go version
ROOT_PROJECT_DIR="${GITHUB_WORKSPACE}"
if [ -z "${ROOT_PROJECT_DIR}" ]; then
BASE_DIR=$(cd "$(dirname "$0")"; pwd)
ROOT_PROJECT_DIR=$(dirname "$(dirname "${BASE_DIR}")")
fi
# Unfortunately ${GOPATH} is required for an old operator-sdk
if [ -z "${GOPATH}" ]; then
export GOPATH="/home/runner/work/che-operator/go"
echo "[INFO] GOPATH: ${GOPATH}"
fi
installYq() {
YQ=$(command -v yq) || true
if [[ ! -x "${YQ}" ]]; then
pip3 install wheel
pip3 install yq
# Make python3 installed modules "visible"
export PATH=$HOME/.local/bin:$PATH
ls "${HOME}/.local/bin"
fi
echo "[INFO] $(yq --version)"
echo "[INFO] $(jq --version)"
}
installOperatorSDK() {
YQ=$(command -v operator-sdk) || true
if [[ ! -x "${YQ}" ]]; then
OPERATOR_SDK_TEMP_DIR="$(mktemp -q -d -t "OPERATOR_SDK_XXXXXX" 2>/dev/null || mktemp -q -d)"
pushd "${OPERATOR_SDK_TEMP_DIR}" || exit
echo "[INFO] Downloading 'operator-sdk' cli tool..."
curl -sLo operator-sdk "$(curl -sL https://api.github.com/repos/operator-framework/operator-sdk/releases/19175509 | jq -r '[.assets[] | select(.name == "operator-sdk-v0.10.0-x86_64-linux-gnu")] | first | .browser_download_url')"
export OPERATOR_SDK_BINARY="${OPERATOR_SDK_TEMP_DIR}/operator-sdk"
chmod +x "${OPERATOR_SDK_BINARY}"
echo "[INFO] Downloading completed!"
echo "[INFO] $(${OPERATOR_SDK_BINARY} version)"
popd || exit
fi
}
isActualNightlyOlmBundleCSVFiles() {
cd "${ROOT_PROJECT_DIR}"
export BASE_DIR="${ROOT_PROJECT_DIR}/olm"
export NO_DATE_UPDATE="true"
export NO_INCREMENT="true"
source "${ROOT_PROJECT_DIR}/olm/update-nightly-bundle.sh"
CSV_FILE_KUBERNETES="deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml"
CSV_FILE_OPENSHIFT="deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml"
IFS=$'\n' read -d '' -r -a changedFiles < <( git ls-files -m ) || true
for file in "${changedFiles[@]}"
do
if [ "${CSV_FILE_KUBERNETES}" == "${file}" ] || [ "${CSV_FILE_OPENSHIFT}" == "${file}" ]; then
echo "[ERROR] Nightly bundle file ${file} should be updated in your pr, please. Use script 'che-operator/olm/update-nightly-bundle.sh' for this purpose."
exit 1
fi
done
echo "[INFO] Nightly Olm bundle is in actual state."
}
transform_files
check_che_types
installYq
installOperatorSDK
isActualNightlyOlmBundleCSVFiles
echo "[INFO] Done."

6
.github/workflows/build.yml vendored
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -8,7 +8,8 @@
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
name: Docker
#
name: Che operator image build check.
on: [pull_request, push]
jobs:
@ -17,5 +18,6 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Build the Docker image
run: docker build .

26
.github/workflows/checkNightlyOpmBundle.yaml vendored Normal file
View File

@ -0,0 +1,26 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
name: Check nightly "opm" bundle
on: [pull_request, push]
jobs:
build:
name: Check nightly "opm" bundle
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v1
with:
path: go/src/github.com/${{ github.repository }}
- name:
run: "${GITHUB_WORKSPACE}/.github/action_scripts/operator_code_check.sh"

35
.github/workflows/pushCatalogImages.yaml vendored Normal file
View File

@ -0,0 +1,35 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
name: Push catalog and bundle images.
on:
schedule:
- cron: '0 21 * * *'
branches:
- master
jobs:
build:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Docker login
uses: azure/docker-login@v1
with:
login-server: quay.io
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build catalog source and opm bundle images
run: "${GITHUB_WORKSPACE}/.github/action_scripts/build_olm_bundle_images.sh"

2
.gitignore vendored
View File

@ -110,5 +110,7 @@ tags
build/
bin/
olm/generated
deploy/olm-catalog/eclipse-che-preview-kubernetes/generated
deploy/olm-catalog/eclipse-che-preview-openshift/generated
# End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode

121
.vscode/launch.json vendored
View File

@ -11,6 +11,127 @@
"7.13.2"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testCatalogSource.sh) minikube stable",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/testCatalogSource.sh",
"args": [
"kubernetes",
"stable",
"che",
"Marketplace"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testCatalogSource.sh) minikube nightly",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/testCatalogSource.sh",
"args": [
"kubernetes",
"nightly",
"che",
"catalog",
"my_catalog"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testCatalogSource.sh) openshift nightly",
"cwd": "${workspaceFolder}",
"program": "${workspaceFolder}/olm/testCatalogSource.sh",
"args": [
"openshift",
"nightly",
"che",
"catalog"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testCatalogSource.sh) openshift stable",
"cwd": "${workspaceFolder}",
"program": "${workspaceFolder}/olm/testCatalogSource.sh",
"args": [
"openshift",
"stable",
"che",
"Marketplace"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testUpdate.sh) minikube stable",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/testUpdate.sh",
"args": [
"kubernetes",
"stable",
"che"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testUpdate.sh) minikube nightly",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/testUpdate.sh",
"args": [
"kubernetes",
"nightly",
"che"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testUpdate.sh) openshift stable",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/testUpdate.sh",
"args": [
"openshift",
"stable",
"che"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (testUpdate.sh) openshift nightly",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/testUpdate.sh",
"args": [
"openshift",
"nightly",
"che"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (buildAndPushInitialBundle.sh) kubernetes",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/buildAndPushInitialBundle.sh",
"args": [
"kubernetes"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (buildAndPushInitialBundle.sh) openshift",
"cwd": "${workspaceFolder}/olm",
"program": "${workspaceFolder}/olm/buildAndPushInitialBundle.sh",
"args": [
"openshift"
]
},
{
"type": "bashdb",
"request": "launch",

42
README.md
View File

@ -40,42 +40,45 @@ When on pure k8s, make sure you provide a global ingress domain in `deploy/crds/
### How to test operator via OLM
The following instructions show how to test Che operator under development using OLM installer.
Steps below are applicable to Openshift infrastructure only.
1. Build your custom operator image
```sh
docker build -t user/che-operator .
1. Build your custom operator image and use it in the operator deployment: [How to Build Operator Image](#how-to-build-operator-image)).
Push operator image to an image registry.
2. Create newer OLM files by executing: `olm/update-nightly-bundle.sh`
3. Build catalog source and bundle images.
Use `olm/buildAndPushInitialBundle.sh` script with `platform` argument('openshift' or 'kubernetes'):
```bash
$ export IMAGE_REGISTRY_USER_NAME=${userName} && \
export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \
olm/buildAndPushInitialBundle.sh ${platform}
```
and push it to a docker registry.
2. Specify your operator image.
Open deploy/operator.yaml, replace default operator image `quay.io/eclipse/che-operator:nightly` with yours (say, `docker.io/user/che-operator:latest`).
Where are:
- `IMAGE_REGISTRY_USER_NAME` - your user account name in the image registry.
- `IMAGE_REGISTRY_HOST` - host of the image registry, for example: "docker.io", "quay.io". Host could be with non default port: localhost:5000, 127.0.0.1:3000 and etc.
3. Create newer OLM files by executing: `olm/update-nightly-olm-files.sh`
4. Create custom catalog source yaml(update strategy is workaround for https://github.com/operator-framework/operator-lifecycle-manager/issues/903):
4. Build catalog source image.
Go to `olm/eclipse-che-preview-openshift` folder and build the image: `docker build -t user/custom-catalog-source:latest .`
Push it into your docker registry.
5. Create custom catalog source yaml(update strategy is workaround for https://github.com/operator-framework/operator-lifecycle-manager/issues/903):
```yaml
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: eclipse-che-preview-openshift
name: eclipse-che-preview-custom
namespace: che-namespace
spec:
image: docker.io/user/custom-catalog-source:latest
image: ${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-catalog:preview
sourceType: grpc
updateStrategy:
registryPoll:
interval: 5m
```
Replace value of `image` field with your catalog source image.
Replace value of `image` field with your catalog source image. Don't forget to specify desired platform.
6. Deploy Che using chectl:
5. Deploy Che using chectl:
```sh
chectl server:start --installer=olm --multiuser --platform=openshift -n che-namespace --catalog-source-yaml /home/user/path/to/custom-catalog-source.yaml --olm-channel=nightly --package-manifest-name=eclipse-che-preview-openshift
$ chectl server:start --installer=olm --multiuser --platform=${platform} -n ${che-namespace} --catalog-source-yaml ${path_to_custom_catalog_source_yaml} --olm-channel=nightly --package-manifest-name=eclipse-che-preview-${platform}
```
### OpenShift oAuth
@ -106,12 +109,13 @@ Since not all Che configuration properties are custom resource spec fields (ther
which you can use for any environment variables not supported by CR field. The operator will not reconcile configMap custom.
## How to Build Operator Image
In the root of the che-operator project:
```bash
docker build -t $registry/$repo:$tag .
```
You can then use the resulting image in operator deployment (deploy/operator.yaml)
You can then use the resulting image in operator deployment (deploy/operator.yaml): replace default operator image `quay.io/eclipse/che-operator:nightly` with yours (say, `docker.io/user/che-operator:latest`)
## Build and Deploy to a local cluster:

27
deploy/olm-catalog/eclipse-che-preview-kubernetes/build-roles.sh Executable file
View File

@ -0,0 +1,27 @@
#!/bin/bash
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
BASE_DIR=$(cd "$(dirname "$0")" && pwd)
rm -Rf "${BASE_DIR}/generated/roles"
mkdir -p "${BASE_DIR}/generated/roles"
roleYaml="${BASE_DIR}/../../role.yaml"
index=0
while [ $index -le 20 ]
do
if yq -r -e ".rules[${index}] | select(.apiGroups[0] == \"route.openshift.io\") | \"\"" "${roleYaml}"
then
yq -y "del(.rules[${index}])" "${roleYaml}" > "${BASE_DIR}/generated/roles/role.yaml"
exit $?
fi
((index++))
done
exit 1

11
deploy/olm-catalog/eclipse-che-preview-kubernetes/bundle.Dockerfile Normal file
View File

@ -0,0 +1,11 @@
FROM scratch
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=eclipse-che-preview-kubernetes
LABEL operators.operatorframework.io.bundle.channels.v1=nightly
LABEL operators.operatorframework.io.bundle.channel.default.v1=nightly
COPY manifests /manifests/
COPY metadata /metadata/

3
deploy/olm-catalog/eclipse-che-preview-kubernetes/csv-config.yaml Normal file
View File

@ -0,0 +1,3 @@
role-paths: [ "deploy/olm-catalog/eclipse-che-preview-kubernetes/generated/roles/role.yaml" ]
operator-path: deploy/operator.yaml
crd-cr-paths: ["deploy/crds/org_v1_che_crd.yaml"]

356
deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

567
deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml Normal file
View File

@ -0,0 +1,567 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional configuration
is required, but defining `nonProxyHosts` in a custom resource
leads to merging non proxy hosts lists from the cluster proxy
configuration and ones defined in the custom resources. (see the
doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyURL` fields).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyURL`, `proxyUser` and `proxySecret`
fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. (see also the `proxyURL` and `nonProxyHosts`
fields).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required. Operator respects OpenShift
cluster wide proxy configuration and no additional configuration
is required, but defining `proxyUrl` in a custom resource leads
to overrides the cluster proxy configuration with fields `proxyUrl`,
`proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
(see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyPort` and `nonProxyHosts` fields).
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL`, `proxyPassword`
and `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

9
deploy/olm-catalog/eclipse-che-preview-kubernetes/metadata/annotations.yaml Normal file
View File

@ -0,0 +1,9 @@
annotations:
operators.operatorframework.io.bundle.channel.default.v1: nightly
operators.operatorframework.io.bundle.channels.v1: nightly
operators.operatorframework.io.bundle.manifests.v1: manifests/
operators.operatorframework.io.bundle.mediatype.v1: registry+v1
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: eclipse-che-preview-kubernetes
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: go

13
olm/testCSV.sh → deploy/olm-catalog/eclipse-che-preview-openshift/build-roles.sh
View File

@ -10,11 +10,8 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
source olm.sh
installOperatorMarketPlace
installPackage
applyCRCheCluster
waitCheServerDeploy
echo -e "\u001b[32m Installation of the che-operator version: ${CSV} succesfully completed \u001b[0m"
BASE_DIR=$(cd "$(dirname "$0")" && pwd)
rm -Rf "${BASE_DIR}/generated/roles"
mkdir -p "${BASE_DIR}/generated/roles"
cp "${BASE_DIR}/../../role.yaml" "${BASE_DIR}/generated/roles/role.yaml"
cp "${BASE_DIR}/../../cluster_role.yaml" "${BASE_DIR}/generated/roles/cluster_role.yaml"

11
deploy/olm-catalog/eclipse-che-preview-openshift/bundle.Dockerfile Normal file
View File

@ -0,0 +1,11 @@
FROM scratch
LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
LABEL operators.operatorframework.io.bundle.package.v1=eclipse-che-preview-openshift
LABEL operators.operatorframework.io.bundle.channels.v1=nightly
LABEL operators.operatorframework.io.bundle.channel.default.v1=nightly
COPY manifests /manifests/
COPY metadata /metadata/

3
deploy/olm-catalog/eclipse-che-preview-openshift/csv-config.yaml Normal file
View File

@ -0,0 +1,3 @@
operator-path: deploy/operator.yaml
role-paths: [ "deploy/olm-catalog/eclipse-che-preview-openshift/generated/roles/role.yaml", "deploy/olm-catalog/eclipse-che-preview-openshift/generated/roles/cluster_role.yaml"]
crd-cr-paths: ["deploy/crds/org_v1_che_crd.yaml"]

403
deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

567
deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml Normal file
View File

@ -0,0 +1,567 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional configuration
is required, but defining `nonProxyHosts` in a custom resource
leads to merging non proxy hosts lists from the cluster proxy
configuration and ones defined in the custom resources. (see the
doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyURL` fields).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyURL`, `proxyUser` and `proxySecret`
fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. (see also the `proxyURL` and `nonProxyHosts`
fields).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required. Operator respects OpenShift
cluster wide proxy configuration and no additional configuration
is required, but defining `proxyUrl` in a custom resource leads
to overrides the cluster proxy configuration with fields `proxyUrl`,
`proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
(see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyPort` and `nonProxyHosts` fields).
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL`, `proxyPassword`
and `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

9
deploy/olm-catalog/eclipse-che-preview-openshift/metadata/annotations.yaml Normal file
View File

@ -0,0 +1,9 @@
annotations:
operators.operatorframework.io.bundle.channel.default.v1: nightly
operators.operatorframework.io.bundle.channels.v1: nightly
operators.operatorframework.io.bundle.manifests.v1: manifests/
operators.operatorframework.io.bundle.mediatype.v1: registry+v1
operators.operatorframework.io.bundle.metadata.v1: metadata/
operators.operatorframework.io.bundle.package.v1: eclipse-che-preview-openshift
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1
operators.operatorframework.io.metrics.project_layout: go

213
olm/README.md
View File

@ -1,4 +1,4 @@
# Pre-Requisites
# 1. Pre-Requisites
OLM packages scripts are using some required dependencies that need to be installed
- [curl](https://curl.haxx.se/)
@ -9,73 +9,200 @@ WARNING: Please make sure to use the precise `v0.10.0` version of the `operator-
If these dependencies are not installed, `docker-run.sh` can be used as a container bootstrap to run a given script with the appropriate dependencies.
Example : `$ docker-run.sh update-nightly-olm-files.sh`
Example : `$ docker-run.sh update-nightly-bundle.sh`
# 2. Eclipse Che Olm bundles
# Make new changes to OLM artifacts
There two "nightly" platform specific Olm bundles:
Every change needs to be done in a new OLM artifact as previous artifacts are frozen.
`deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests`
`deploy/olm-catalog/eclipse-che-preview-openshift/manifests`
A script is generating new folders/files that can be edited.
Each bundle consists of a cluster service version file(CSV) and a custom resource definition file(CRD).
CRD file describes "checluster" kubernetes api resource object(object fields name, format, description and so on).
Kubernetes api needs this information to correctly store a custom resource object "checluster".
Custom resource object users could modify to change Eclipse Che configuration.
Che operator watches "checluster" object and re-deploy Che with desired configuration.
The CSV file contains all "deploy" and "permission" specific information, which Olm needs to install The Eclipse Che operator.
# 3. Make new changes to OLM bundle
In `olm` folder
- If all dependencies are installed on the system:
```shell
$ update-nightly-olm-files.sh
```bash
$ ./update-nightly-bundle.sh
```
- To use a docker environment
```shell
$ docker-run.sh update-nightly-olm-files.sh
```bash
$ ./docker-run.sh update-nightly-bundle.sh
```
Then the changes can be applied in the newly created CSV files.
Every change will be included to the deploy/olm-catalog bundles and override all previous changes.
## Local testing che-operator development version using OLM
To update a bundle without version incrementation and time update you can use env variables `NO_DATE_UPDATE` and `NO_INCREMENT`. For example, during development you need to update bundle a lot of times with changed che-operator deployment or role, rolebinding and etc, but you want to increment the bundle version and time creation, when all desired changes were completed:
To test a che-operator with OLM you need to have an application registry. You can register on the quay.io and
use application registry from this service.
Build your custom che-operator image and push it to the image registry(you also can use quay.io).
Change in the `deploy/operator.yaml` operator image from official to development.
Generate new nightly olm bundle packages:
```shell
$ ./update-nightly-olm-files.sh
```bash
$ export NO_DATE_UPDATE="true" && export NO_INCREMENT="true" && ./update-nightly-bundle.sh
```
Olm bundle packages will be generated in the folders `olm/eclipse-che-preview-${platform}`.
# 4. Test scripts pre-requisites
Start your kubernetes/openshift cluster. For openshift cluster make sure that you was logged in like
"system:admin" or "kube:admin".
Push che-operator bundles to your application registry:
# 5.Test installation "stable" Eclipse Che using Application registry(Deprecated)
To test stable versions che-operator you have to use Eclipse Che application registry.
```shell
$ export QUAY_ECLIPSE_CHE_USERNAME=${username} && \
export QUAY_ECLIPSE_CHE_PASSWORD=${password} && \
export APPLICATION_REGISTRY=${application_registry_namespace} && \
./push-olm-files-to-quay.sh
To test the latest stable Che launch test script in the olm folder:
```bash
$ ./testCatalogSource.sh ${platform} "stable" ${namespace} "Marketplace"
```
Go to the quay.io and use ui(tab Settings) to make your application public.
Start minikube(or CRC) and after that launch test script in the olm folder:
To test migration from one stable version to another one:
```shell
$ export APPLICATION_REGISTRY=${application_registry_namespace} && ./testCSV.sh ${platform} ${package_version} ${optional-namespace}
```bash
$ ./testUpdate.sh ${platform} "stable" ${namespace}
```
Where are:
See more information about test arguments in the chapter: [Test arguments](#test-script-arguments)
## 6. Test installation "nightly" Eclipse Che using CatalogSource(index) image
To test nightly che-operator you have to use Olm CatalogSource(index) image.
CatalogSource image stores in the internal database information about Olm bundles with different versions of the Eclipse Che.
For nightly channel (dependent on platform) Eclipse Che provides two CatalogSource images:
- `quay.io/eclipse/eclipse-che-kubernetes-opm-catalog:preview` for kubernetes platform;
- `quay.io/eclipse/eclipse-che-openshift-opm-catalog:preview` for openshift platform;
For each new nightly version Eclipse Che provides nightly bundle image with name pattern:
`quay.io/eclipse/eclipse-che-${platform}-opm-bundles:${cheVersion}-${incrementVersion}.nightly`
For example:
```
quay.io/eclipse/eclipse-che-kubernetes-opm-bundles:7.18.0-1.nightly
...
quay.io/eclipse/eclipse-che-kubernetes-opm-bundles:7.19.0-5.nightly
...
```
To test the latest "nightly" bundle use `olm/testCatalogSource.sh` script:
```bash
$ ./testCatalogSource.sh ${platform} "nightly" ${namespace} "catalog"
```
To test migration Che from previous nightly version to the latest you can use `olm/testUpdate.sh` script:
```bash
$ ./testUpdate.sh ${platform} "nightly" ${namespace}
```
See more information about test arguments in the chapter: [Test arguments](#test-script-arguments)
### 7. Build custom nightly bundle images
For test purpose you can build your own "nightly" CatalogSource and bundle images
with your latest development changes and use it in the test scripts.
To build these images you can use script `olm/buildAndPushInitialBundle.sh`:
```bash
$ export IMAGE_REGISTRY_USER_NAME=${userName} && \
export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \
./buildAndPushInitialBundle.sh ${platform} ${optional-from-index-image}
```
This script will build and push for you two images: CatalogSource(index) image and bundle image:
```
"${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-bundles:${cheVersion}-${incrementVersion}.nightly"
"${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-catalog:preview"
```
CatalogSource images are additive. It's mean that you can re-use bundles from another CatalogSource image and
include them to your custom CatalogSource image. For this purpose you can specify the argument `optional-from-index-image`. For example:
```bash
$ export IMAGE_REGISTRY_USER_NAME=${userName} && \
export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \
./buildAndPushInitialBundle.sh "openshift" "quay.io/eclipse/eclipse-che-openshift-opm-catalog:preview"
```
### 7.1 Testing custom CatalogSource and bundle images on the Openshift
To test the latest custom "nightly" bundle use `olm/TestCatalogSource.sh`. For Openshift platform script build your test bundle: `deploy/olm-catalog/eclipse-che-preview-${platform}/manifests` using Openshift image stream:
```bash
$ ./testCatalogSource.sh "openshift" "nightly" ${namespace} "catalog"
```
If your CatalogSource image contains few bundles, you can test migration from previous bundle to the latest:
```bash
$ export IMAGE_REGISTRY_USER_NAME=${userName} && \
export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \
./testUpdate.sh "openshift" "nightly" ${namespace}
```
### 7.2 Testing custom CatalogSource and bundle images on the Kubernetes
To test your custom CatalogSource and bundle images on the Kubernetes you need to use public image registry.
For "docker.io" you don't need any extra steps with pre-creation image repositories. But for "quay.io" you should pre-create the bundle and and catalog image repositories manually and make them publicly visible. If you want to save repositories "private", then it is not necessary to pre-create them, but you need to provide an image pull secret to the cluster to prevent image pull 'unauthorized' error.
You can test your custom bundle and CatalogSource images:
```bash
$ export IMAGE_REGISTRY_USER_NAME=${userName} && \
export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \
./testCatalogSource.sh "kubernetes" "nightly" ${namespace} "catalog"
```
If your CatalogSource image contains few bundles, you can test migration from previous bundle to the latest:
```bash
$ export IMAGE_REGISTRY_USER_NAME=${userName} && \
export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \
./testUpdate.sh "kubernetes" "nightly" ${namespace}
```
Also you can test your changes without a public registry. You can use the minikube cluster and enable the minikube "registry" addon. For this purpose we have script
`olm/minikube-private-registry.sh`. This script creates port forward to minikube private registry thought `localhost:5000`:
```bash
$ minikube-registry-addon.sh
```
This script should be launched before test execution in the separated terminal. To stop this script you can use `Ctrl+C`. You can check that private registry was forwarded to the localhost:
```bash
$ curl -X GET localhost:5000/v2/_catalog
{"repositories":[]}
```
With this private registry you can test installation Che from development bundle:
```bash
$ export IMAGE_REGISTRY_HOST="localhost:5000" && \
export IMAGE_REGISTRY_USER_NAME="" && \
./testCatalogSource.sh kubernetes nightly che catalog
```
> Tips: If minikube was installed locally(driver 'none', local installation minikube), then registry is available on the host 0.0.0.0 without port forwarding.
But local installation minikube required 'sudo'.
### 8. Test script arguments
There are some often used test script arguments:
- `platform` - 'openshift' or 'kubernetes'
- `package_version` - your generated che-operator package version(for example: `7.8.0` or `9.9.9-nightly.1562083645`)
- `optional-namespace` - kubernetes namespace to deploy che-operator. Optional parameter, by default operator will be deployed to the namespace `eclipse-che-preview-test`
- `channel` - installation channel: 'nightly' or 'stable'
- `namespace` - kubernetes namespace to deploy che-operator, for example 'che'
- `optional-source-install` - installation method: 'Marketplace'(deprecated olm feature) or 'catalog'. By default will be used 'Marketplace'.
To test che-operator with OLM files without push to a related Quay.io application, we can build a required docker image of a dedicated catalog,
in order to install directly through a CatalogSource. To test this options start minikube and after that launch
test script in the olm folder:
```shell
$ ./testCatalogSource.sh {platform} ${channel} ${namespace}
```
This scripts should install che-operator using OLM and check that the Che server was deployed.
### 9. Debug test scripts
To debug test scripts you can use the "Bash debug" VSCode extension.
For a lot of test scripts you can find different debug configurations in the `.vscode/launch.json`.

65
olm/buildAndPushInitialBundle.sh Executable file
View File

@ -0,0 +1,65 @@
#!/bin/bash
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
set -e
printHelp() {
echo ''
echo 'Please consider to pass this values to the script to run script:'
echo ' PLATFORM - cluster platform: "kubernetes" or "openshift".'
echo ' FROM_INDEX_IMAGE - (Optional) Using this argument you can include Olm bundles from another index image to you index(CatalogSource) image'
echo ''
echo 'EXAMPLE of running: ${OPERATOR_REPO}/olm/buildAndPushInitialBundle.sh openshift'
}
# Check if a 'from index image' was defined...
PLATFORM="${1}"
if [ "${PLATFORM}" == "" ]; then
echo -e "${RED}[ERROR]: Please specify a valid platform. The posible platforms are kubernetes or openshift.The script will exit with code 1.${NC}"
printHelp
exit 1
else
echo "[INFO]: Successfully validated platform. Starting olm tests in platform: ${PLATFORM}."
fi
FROM_INDEX_IMAGE="${2}"
if [ -z "${IMAGE_REGISTRY_HOST}" ] || [ -z "${IMAGE_REGISTRY_USER_NAME}" ]; then
echo "[ERROR] Specify env variables with information about image registry 'IMAGE_REGISTRY_HOST' and 'IMAGE_REGISTRY_USER_NAME'."
fi
SCRIPT=$(readlink -f "$0")
BASE_DIR=$(dirname "$SCRIPT")
ROOT_PROJECT_DIR=$(dirname "${BASE_DIR}")
OPM_BUNDLE_DIR="${ROOT_PROJECT_DIR}/deploy/olm-catalog/eclipse-che-preview-${PLATFORM}"
OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests"
CSV="${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml"
nightlyVersion=$(yq -r ".spec.version" "${CSV}")
source ${BASE_DIR}/olm.sh "${PLATFORM}" "${nightlyVersion}" "che"
CATALOG_BUNDLE_IMAGE="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-bundles:${nightlyVersion}"
echo "${nightlyVersion}"
installOPM
echo "[INFO] Build bundle image: ${CATALOG_BUNDLE_IMAGE}"
buildBundleImage "${CATALOG_BUNDLE_IMAGE}"
echo "[INFO] Build CatalogSource image: ${CATALOG_BUNDLE_IMAGE}"
CATALOG_IMAGENAME="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-catalog:preview"
buildCatalogImage "${CATALOG_IMAGENAME}" "${CATALOG_BUNDLE_IMAGE}" "docker" "${FROM_INDEX_IMAGE}"
echo "[INFO] Done. Images '${CATALOG_IMAGENAME}' and '${CATALOG_BUNDLE_IMAGE}' were build and pushed"

4
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/csv-config.yaml
View File

@ -1,3 +1,3 @@
role-paths: [ "generated/roles/role.yaml" ]
operator-path: ../../deploy/operator.yaml
crd-cr-paths: ["../../deploy/crds/org_v1_che_crd.yaml"]
operator-path: ../../operator.yaml
crd-cr-paths: ["../../crds/org_v1_che_crd.yaml"]

567
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml Normal file
View File

@ -0,0 +1,567 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional configuration
is required, but defining `nonProxyHosts` in a custom resource
leads to merging non proxy hosts lists from the cluster proxy
configuration and ones defined in the custom resources. (see the
doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyURL` fields).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyURL`, `proxyUser` and `proxySecret`
fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. (see also the `proxyURL` and `nonProxyHosts`
fields).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required. Operator respects OpenShift
cluster wide proxy configuration and no additional configuration
is required, but defining `proxyUrl` in a custom resource leads
to overrides the cluster proxy configuration with fields `proxyUrl`,
`proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
(see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyPort` and `nonProxyHosts` fields).
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL`, `proxyPassword`
and `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

0
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml.diff Normal file
View File

0
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml Normal file
View File

405
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml.diff Normal file
View File

File diff suppressed because one or more lines are too long

2
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1599235271
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635
name: nightly
- currentCSV: eclipse-che-preview-kubernetes.v7.18.1
name: stable

567
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml Normal file
View File

@ -0,0 +1,567 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional configuration
is required, but defining `nonProxyHosts` in a custom resource
leads to merging non proxy hosts lists from the cluster proxy
configuration and ones defined in the custom resources. (see the
doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyURL` fields).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyURL`, `proxyUser` and `proxySecret`
fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. (see also the `proxyURL` and `nonProxyHosts`
fields).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required. Operator respects OpenShift
cluster wide proxy configuration and no additional configuration
is required, but defining `proxyUrl` in a custom resource leads
to overrides the cluster proxy configuration with fields `proxyUrl`,
`proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
(see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyPort` and `nonProxyHosts` fields).
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL`, `proxyPassword`
and `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

0
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml.diff Normal file
View File

435
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

26
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,26 @@
--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598450052/eclipse-che-preview-openshift.v9.9.9-nightly.1598450052.clusterserviceversion.yaml 2020-08-31 14:26:26.899134663 +0300
+++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml 2020-08-31 21:30:37.617952538 +0300
@@ -49,13 +49,13 @@
categories: Developer Tools, OpenShift Optional
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-08-26T13:54:12Z"
+ createdAt: "2020-08-31T18:30:36Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces in OpenShift.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-openshift.v9.9.9-nightly.1598450052
+ name: eclipse-che-preview-openshift.v9.9.9-nightly.1598898636
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -431,5 +431,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1597916268
- version: 9.9.9-nightly.1598450052
+ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1598450052
+ version: 9.9.9-nightly.1598898636

2
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1599235272
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1598898636
name: nightly
- currentCSV: eclipse-che-preview-openshift.v7.18.1
name: stable

63
olm/force-pulling-olm-images-job.yaml Normal file
View File

@ -0,0 +1,63 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
kind: Job
apiVersion: batch/v1
metadata:
name: force-pulling-olm-images-job
spec:
parallelism: 1
completions: 1
backoffLimit: 6
template:
metadata:
name: force-pulling-olm-images-job
spec:
imagePullSecrets:
- name: 'myregistrykey'
volumes:
- name: util
emptyDir: {}
initContainers:
- name: util
image: >-
busybox
command:
- /bin/cp
- '-Rv'
- /bin/echo
- /util/echo
volumeMounts:
- name: util
mountPath: /util
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
containers:
- name: pull-bundle-image
image: "${BUNDLE_IMAGE_NAME}"
command:
- /util/echo
- "Pull completed"
volumeMounts:
- name: util
mountPath: /util
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: Always
restartPolicy: OnFailure
terminationGracePeriodSeconds: 30
dnsPolicy: ClusterFirst
schedulerName: default-scheduler

58
olm/incrementNightlyBundles.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
set -e
if [ -z "${BASE_DIR}" ]; then
BASE_DIR=$(cd "$(dirname "$0")" && pwd)
fi
ROOT_PROJECT_DIR=$(dirname "${BASE_DIR}")
source ${BASE_DIR}/check-yq.sh
incrementNightlyVersion() {
for platform in 'kubernetes' 'openshift'
do
OPM_BUNDLE_DIR="${ROOT_PROJECT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}"
OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests"
CSV="${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml"
currentNightlyVersion=$(yq -r ".spec.version" "${CSV}")
echo "[INFO] current nightly ${platform} version: ${currentNightlyVersion}"
getNightlyVersionIncrementPart "${currentNightlyVersion}"
PACKAGE_NAME="eclipse-che-preview-${platform}"
PACKAGE_FOLDER_PATH="${ROOT_PROJECT_DIR}/olm/eclipse-che-preview-${platform}/deploy/olm-catalog/${PACKAGE_NAME}"
PACKAGE_FILE_PATH="${PACKAGE_FOLDER_PATH}/${PACKAGE_NAME}.package.yaml"
CLUSTER_SERVICE_VERSION=$(yq -r ".channels[] | select(.name == \"stable\") | .currentCSV" "${PACKAGE_FILE_PATH}")
STABLE_PACKAGE_VERSION=$(echo "${CLUSTER_SERVICE_VERSION}" | sed -e "s/${PACKAGE_NAME}.v//")
newVersion="${STABLE_PACKAGE_VERSION}-$((incrementPart+1)).nightly"
echo "[INFO] Set up nightly ${platform} version: ${newVersion}"
yq -rY "(.spec.version) = \"${newVersion}\" | (.metadata.name) = \"eclipse-che-preview-${platform}.v${newVersion}\"" "${CSV}" > "${CSV}.old"
mv "${CSV}.old" "${CSV}"
done
}
getNightlyVersionIncrementPart() {
nightlyVersion="${1}"
versionWithoutNightly="${nightlyVersion%.nightly}"
version="${versionWithoutNightly%-*}"
incrementPart="${versionWithoutNightly#*-}"
echo "${incrementPart}"
}

33
olm/minikube-registry-addon.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/bash
#
# Copyright (c) 2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# Scripts to prepare OLM(operator lifecycle manager) and install che-operator package
# with specific version using OLM.
set -e
if [ -z "${BASE_DIR}" ]; then
SCRIPT=$(readlink -f "$0")
export SCRIPT
BASE_DIR=$(dirname "$(dirname "$SCRIPT")")/olm;
export BASE_DIR
fi
ROOT_DIR=$(dirname "${BASE_DIR}")
source ${ROOT_DIR}/olm/check-yq.sh
minikube addons enable registry
registryPod=$(kubectl get pods -n kube-system -o yaml | yq -r ".items[] | select(.metadata.labels.\"actual-registry\") | .metadata.name")
kubectl wait --for=condition=ready "pods/${registryPod}" --timeout=120s -n "kube-system"
kubectl port-forward --namespace kube-system "pod/${registryPod}" 5000:5000

293
olm/olm.sh
View File

@ -13,12 +13,17 @@
# Scripts to prepare OLM(operator lifecycle manager) and install che-operator package
# with specific version using OLM.
SCRIPT=$(readlink -f "$0")
export SCRIPT
BASE_DIR=$(dirname "$(dirname "$SCRIPT")")/olm;
export BASE_DIR
if [ -z "${BASE_DIR}" ]; then
SCRIPT=$(readlink -f "$0")
export SCRIPT
source ${BASE_DIR}/check-yq.sh
BASE_DIR=$(dirname "$(dirname "$SCRIPT")")/olm;
export BASE_DIR
fi
ROOT_DIR=$(dirname "${BASE_DIR}")
source ${ROOT_DIR}/olm/check-yq.sh
SOURCE_INSTALL=$4
@ -46,21 +51,33 @@ fi
channel="stable"
if [[ "${PACKAGE_VERSION}" =~ "nightly" ]]
then
channel="nightly"
channel="nightly"
OPM_BUNDLE_DIR="${ROOT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}"
OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests"
fi
packageName=eclipse-che-preview-${platform}
platformPath=${BASE_DIR}/${packageName}
packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}"
packageFilePath="${packageFolderPath}/${packageName}.package.yaml"
CSV="eclipse-che-preview-${platform}.v${PACKAGE_VERSION}"
if [ "${channel}" == 'nightly' ]; then
CSV_FILE="${ROOT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}/manifests/che-operator.clusterserviceversion.yaml"
else
if [ ${SOURCE_INSTALL} == "catalog" ]; then
echo "[ERROR] Stable preview channel doesn't support installation using 'catalog'. Use 'Marketplace' instead of it."
exit 1
fi
platformPath="${BASE_DIR}/${packageName}"
packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}"
CSV_FILE="${packageFolderPath}/${PACKAGE_VERSION}/${packageName}.v${PACKAGE_VERSION}.clusterserviceversion.yaml"
fi
CSV=$(yq -r ".metadata.name" "${CSV_FILE}")
echo -e "\u001b[32m PACKAGE_VERSION=${PACKAGE_VERSION} \u001b[0m"
echo -e "\u001b[32m CSV=${CSV} \u001b[0m"
echo -e "\u001b[32m Channel=${channel} \u001b[0m"
echo -e "\u001b[32m Namespace=${namespace} \u001b[0m"
# We don't need to delete ${namepsace} anymore since tls secret is precreated there.
# We don't need to delete ${namespace} anymore since tls secret is precreated there.
# if kubectl get namespace "${namespace}" >/dev/null 2>&1
# then
# echo "You should delete namespace '${namespace}' before running the update test first."
@ -68,8 +85,6 @@ echo -e "\u001b[32m Namespace=${namespace} \u001b[0m"
# fi
catalog_source() {
echo "--- Use default eclipse che application registry ---"
if [ ${SOURCE_INSTALL} == "catalog" ]; then
marketplaceNamespace=${namespace};
kubectl apply -f - <<EOF
apiVersion: operators.coreos.com/v1alpha1
@ -79,58 +94,186 @@ metadata:
namespace: ${namespace}
spec:
sourceType: grpc
image: ${CATALOG_SOURCE_IMAGE}
image: ${CATALOG_IMAGENAME}
updateStrategy:
registryPoll:
interval: 5m
EOF
}
# Create catalog source to communicate with OLM using google rpc protocol.
createRpcCatalogSource() {
NAMESPACE=${1}
indexIp=${2}
cat <<EOF | oc apply -n "${NAMESPACE}" -f - || return $?
apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
name: ${packageName}
spec:
address: "${indexIp}:50051"
displayName: "Serverless Operator"
publisher: Red Hat
sourceType: grpc
EOF
}
applyCheOperatorInstallationSource() {
if [ ${SOURCE_INSTALL} == "catalog" ]; then
echo "[INFO] Use catalog source(index) image"
catalog_source
else
cat ${platformPath}/operator-source.yaml
kubectl apply -f ${platformPath}/operator-source.yaml
if [ "${APPLICATION_REGISTRY}" == "" ]; then
echo "[INFO] Use default Eclipse Che application registry"
cat "${platformPath}/operator-source.yaml"
kubectl apply -f "${platformPath}/operator-source.yaml"
else
echo "[INFO] Use custom Che application registry"
cat "${platformPath}/operator-source.yaml" | \
sed -e "s/registryNamespace:.*$/registryNamespace: \"${APPLICATION_REGISTRY}\"/" | \
kubectl apply -f -
fi
fi
}
applyCheOperatorSource() {
echo "Apply che-operator source"
if [ "${APPLICATION_REGISTRY}" == "" ]; then
catalog_source
else
echo "---- Use non default application registry ${APPLICATION_REGISTRY} ---"
cat ${platformPath}/operator-source.yaml | \
sed -e "s/registryNamespace:.*$/registryNamespace: \"${APPLICATION_REGISTRY}\"/" | \
kubectl apply -f -
buildBundleImage() {
CATALOG_BUNDLE_IMAGE_NAME_LOCAL=${1}
if [ -z "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" ]; then
echo "Please specify second argument: opm bundle image"
exit 1
fi
}
installOperatorMarketPlace() {
echo "Installing test pre-requisistes"
imageTool=${2:-docker}
pushd "${OPM_BUNDLE_DIR}" || exit
echo "[INFO] build bundle image for dir: ${OPM_BUNDLE_MANIFESTS_DIR}"
${OPM_BINARY} alpha bundle build \
-d "${OPM_BUNDLE_MANIFESTS_DIR}" \
--tag "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" \
--package "eclipse-che-preview-${platform}" \
--channels "nightly" \
--default "nightly" \
--image-builder "${imageTool}"
# ${OPM_BINARY} alpha bundle validate -t "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" --image-builder "${imageTool}"
if [ "${imageTool}" == "podman" ]; then
SKIP_TLS_VERIFY=" --tls-verify=false"
fi
eval "${imageTool}" push "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" "${SKIP_TLS_VERIFY}"
popd || exit
}
# Build catalog source image with index based on bundle image.
buildCatalogImage() {
CATALOG_IMAGENAME=${1}
if [ -z "${CATALOG_IMAGENAME}" ]; then
echo "Please specify first argument: catalog image"
exit 1
fi
CATALOG_BUNDLE_IMAGE_NAME_LOCAL=${2}
if [ -z "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" ]; then
echo "Please specify second argument: opm bundle image"
exit 1
fi
imageTool=${3:-docker}
FROM_INDEX=${4}
if [ -n "${FROM_INDEX}" ]; then
BUILD_INDEX_IMAGE_ARG=" --from-index ${FROM_INDEX}"
fi
if [ "${imageTool}" == "podman" ]; then
SKIP_TLS_ARG=" --skip-tls"
SKIP_TLS_VERIFY=" --tls-verify=false"
fi
eval "${OPM_BINARY}" index add \
--bundles "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" \
--tag "${CATALOG_IMAGENAME}" \
--pull-tool "${imageTool}" \
--build-tool "${imageTool}" \
--mode semver \
"${BUILD_INDEX_IMAGE_ARG}" "${SKIP_TLS_ARG}"
eval "${imageTool}" push "${CATALOG_IMAGENAME}" "${SKIP_TLS_VERIFY}"
}
# HACK. Unfortunately catalog source image bundle job has image pull policy "IfNotPresent".
# It makes troubles for test scripts, because image bundle could be outdated with
# such pull policy. That's why we launch job to fource image bundle pulling before Che installation.
forcePullingOlmImages() {
CATALOG_BUNDLE_IMAGE_NAME_LOCAL=${1}
if [ -z "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" ]; then
echo "Please specify first argument: opm bundle image"
exit 1
fi
yq -r "(.spec.template.spec.containers[0].image) = \"${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}\"" "${BASE_DIR}/force-pulling-olm-images-job.yaml" | kubectl apply -f - -n "${namespace}"
kubectl wait --for=condition=complete --timeout=30s job/force-pulling-olm-images-job -n "${namespace}"
kubectl delete job/force-pulling-olm-images-job -n "${namespace}"
}
installOPM() {
OPM_BINARY=$(command -v opm) || true
if [[ ! -x $OPM_BINARY ]]; then
OPM_TEMP_DIR="$(mktemp -q -d -t "OPM_XXXXXX" 2>/dev/null || mktemp -q -d)"
pushd "${OPM_TEMP_DIR}" || exit
echo "[INFO] Downloading 'opm' cli tool..."
curl -sLo opm "$(curl -sL https://api.github.com/repos/operator-framework/operator-registry/releases/30101377 | jq -r '[.assets[] | select(.name == "linux-amd64-opm")] | first | .browser_download_url')"
export OPM_BINARY="${OPM_TEMP_DIR}/opm"
chmod +x "${OPM_BINARY}"
echo "[INFO] Downloading completed!"
echo "[INFO] 'opm' binary path: ${OPM_BINARY}"
popd || exit
fi
}
createNamespace() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: ${namespace}
EOF
}
installOperatorMarketPlace() {
echo "Installing test pre-requisistes"
marketplaceNamespace="marketplace"
if [ "${platform}" == "openshift" ];
then
marketplaceNamespace="openshift-marketplace";
applyCheOperatorSource
applyCheOperatorInstallationSource
else
OLM_VERSION=0.15.1
MARKETPLACE_VERSION=4.5
OPERATOR_MARKETPLACE_VERSION="release-${MARKETPLACE_VERSION}"
curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh | bash -s ${OLM_VERSION}
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/01_namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/03_operatorsource.crd.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/04_service_account.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/05_role.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/06_role_binding.yaml
sleep 1
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/07_upstream_operatorsource.cr.yaml
curl -sL https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/08_operator.yaml | \
sed -e "s;quay.io/openshift/origin-operator-marketplace:latest;quay.io/openshift/origin-operator-marketplace:${MARKETPLACE_VERSION};" | \
kubectl apply -f -
IFS=$'\n' read -d '' -r -a olmApiGroups < <( kubectl api-resources --api-group=operators.coreos.com -o name ) || true
if [ -z "${olmApiGroups[*]}" ]; then
OLM_VERSION=0.15.1
MARKETPLACE_VERSION=4.5
OPERATOR_MARKETPLACE_VERSION="release-${MARKETPLACE_VERSION}"
curl -sL https://github.com/operator-framework/operator-lifecycle-manager/releases/download/${OLM_VERSION}/install.sh | bash -s ${OLM_VERSION}
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/01_namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/03_operatorsource.crd.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/04_service_account.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/05_role.yaml
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/06_role_binding.yaml
sleep 1
kubectl apply -f https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/07_upstream_operatorsource.cr.yaml
curl -sL https://raw.githubusercontent.com/operator-framework/operator-marketplace/${OPERATOR_MARKETPLACE_VERSION}/deploy/upstream/08_operator.yaml | \
sed -e "s;quay.io/openshift/origin-operator-marketplace:latest;quay.io/openshift/origin-operator-marketplace:${MARKETPLACE_VERSION};" | \
kubectl apply -f -
fi
applyCheOperatorSource
applyCheOperatorInstallationSource
i=0
while [ $i -le 240 ]
@ -153,8 +296,15 @@ EOF
marketplaceNamespace="olm"
fi
fi
}
echo "Subscribing to version: ${CSV}"
subscribeToInstallation() {
CSV_NAME="${1}"
if [ -z "${CSV_NAME}" ]; then
CSV_NAME="${CSV}"
fi
echo "Subscribing to version: ${CSV_NAME}"
kubectl apply -f - <<EOF
apiVersion: operators.coreos.com/v1
@ -177,7 +327,7 @@ spec:
name: ${packageName}
source: ${packageName}
sourceNamespace: ${marketplaceNamespace}
startingCSV: ${CSV}
startingCSV: ${CSV_NAME}
EOF
kubectl describe subscription/"${packageName}" -n "${namespace}"
@ -190,11 +340,10 @@ EOF
fi
kubectl describe subscription/"${packageName}" -n "${namespace}"
}
installPackage() {
echo "Install operator package ${packageName} into namespace ${namespace}"
echo "[INFO] Install operator package ${packageName} into namespace ${namespace}"
installPlan=$(kubectl get subscription/"${packageName}" -n "${namespace}" -o jsonpath='{.status.installplan.name}')
kubectl patch installplan/"${installPlan}" -n "${namespace}" --type=merge -p '{"spec":{"approved":true}}'
@ -209,8 +358,7 @@ installPackage() {
applyCRCheCluster() {
echo "Creating Custom Resource"
CRs=$(yq -r '.metadata.annotations["alm-examples"]' "${packageFolderPath}/${PACKAGE_VERSION}/${packageName}.v${PACKAGE_VERSION}.clusterserviceversion.yaml")
CRs=$(yq -r '.metadata.annotations["alm-examples"]' "${CSV_FILE}")
CR=$(echo "$CRs" | yq -r ".[0]")
if [ "${platform}" == "kubernetes" ]
then
@ -242,3 +390,44 @@ waitCheServerDeploy() {
exit 1
fi
}
getBundleListFromCatalogSource() {
CATALOG_POD=$(kubectl get pods -n ${namespace} -o yaml | yq -r ".items[] | select(.metadata.name | startswith(\"eclipse-che-preview-${platform}\")) | .metadata.name")
kubectl wait --for=condition=ready "pods/${CATALOG_POD}" --timeout=60s -n "${namespace}"
CATALOG_SERVICE=$(kubectl get service "eclipse-che-preview-${platform}" -n "${namespace}" -o yaml)
CATALOG_IP=$(echo "${CATALOG_SERVICE}" | yq -r ".spec.clusterIP")
CATALOG_PORT=$(echo "${CATALOG_SERVICE}" | yq -r ".spec.ports[0].targetPort")
LIST_BUNDLES=$(kubectl run --generator=run-pod/v1 grpcurl-query -n che \
--rm=true \
--restart=Never \
--attach=true \
--image=docker.io/fullstorydev/grpcurl:v1.7.0 \
-- -plaintext "${CATALOG_IP}:${CATALOG_PORT}" api.Registry.ListBundles
)
LIST_BUNDLES=$(echo "${LIST_BUNDLES}" | head -n -1)
echo "${LIST_BUNDLES}"
}
getPreviousCSVInfo() {
previousBundle=$(echo "${LIST_BUNDLES}" | jq -s '.' | jq ". | map(. | select(.channelName == \"${channel}\"))" | yq -r '. |=sort_by(.csvName) | .[length - 2]')
PREVIOUS_CSV_NAME=$(echo "${previousBundle}" | yq -r ".csvName")
if [ "${PREVIOUS_CSV_NAME}" == "null" ]; then
echo "Error: bundle hasn't go previous bundle."
exit 1
fi
export PREVIOUS_CSV_NAME
PREVIOUS_CSV_BUNDLE_IMAGE=$(echo "${previousBundle}" | yq -r ".bundlePath")
export PREVIOUS_CSV_BUNDLE_IMAGE
}
getLatestCSVInfo() {
latestBundle=$(echo "${LIST_BUNDLES}" | jq -s '.' | jq ". | map(. | select(.channelName == \"${channel}\"))" | yq -r '. |=sort_by(.csvName) | .[length - 1]')
LATEST_CSV_NAME=$(echo "${latestBundle}" | yq -r ".csvName")
export LATEST_CSV_NAME
LATEST_CSV_BUNDLE_IMAGE=$(echo "${latestBundle}" | yq -r ".bundlePath")
export LATEST_CSV_BUNDLE_IMAGE
}

244
olm/testCatalogSource.sh
View File

@ -11,15 +11,22 @@
# Red Hat, Inc. - initial API and implementation
# bash ansi colors
GREEN='\033[0;32m'
NC='\033[0m'
# Detect the base directory where che-operator is cloned
SCRIPT=$(readlink -f "$0")
export SCRIPT
echo "===================PATH to compare"
readlink -f "$0"
ROOT_DIR=$(dirname "$(dirname "$SCRIPT")")/olm;
export ROOT_DIR
if [ -z "${OPERATOR_REPO}" ]; then
SCRIPT=$(readlink -f "$0")
OPERATOR_REPO=$(dirname "$(dirname "$SCRIPT")");
fi
echo "Operator repo path is ${OPERATOR_REPO}"
OLM_DIR="${OPERATOR_REPO}/olm"
export OPERATOR_REPO
# Function which will print all arguments need it to run this script
printHelp() {
@ -31,10 +38,7 @@ printHelp() {
echo ' INSTALLATION_TYPE - Olm tests now includes two types of installation: Catalog source and marketplace'
echo ' CATALOG_SOURCE_IMAGE - Image name used to create a catalog source in cluster'
echo ''
echo 'EXAMPLE of running: ${ROOT_DIR}/olm/testCatalogSource.sh crc nightly che catalog my_image_name'
echo ''
echo -e "${GREEN}!!!ATTENTION!!! To run in your local machine the script, please change PLATFORM VARIABLE to crc"
echo -e "${GREEN} olm test in CRC cluster.${NC}"
echo 'EXAMPLE of running: ${OPERATOR_REPO}/olm/testCatalogSource.sh openshift nightly che catalog my_image_name'
}
# Check if a platform was defined...
@ -45,7 +49,7 @@ if [ "${PLATFORM}" == "" ]; then
exit 1
else
echo "[INFO]: Successfully validated platform. Starting olm tests in platform: ${PLATFORM}."
fi
fi
# Check if a channel was defined... The available channels are nightly and stable
CHANNEL=$2
@ -70,7 +74,7 @@ fi
# Check if a INSTALLATION_TYPE was defined... The possible installation are marketplace or catalog source
INSTALLATION_TYPE=$4
if [ "${INSTALLATION_TYPE}" == "" ]; then
echo "[ERROR]: Please specify a valid installation type. The valid values are: CATALOG_SOURCE or marketplace"
echo "[ERROR]: Please specify a valid installation type. The valid values are: 'catalog' or 'marketplace'"
printHelp
exit 1
else
@ -80,69 +84,172 @@ fi
# Assign catalog source image
CATALOG_SOURCE_IMAGE=$5
if [ -z "${IMAGE_REGISTRY_USER_NAME}" ]; then
IMAGE_REGISTRY_USER_NAME=eclipse
fi
echo "[INFO] Image 'IMAGE_REGISTRY_USER_NAME': ${IMAGE_REGISTRY_USER_NAME}"
init() {
# GET the package version to apply. In case of CRC we should detect somehow the platform is openshift to get packageversion
if [[ "${PLATFORM}" == "crc" ]]
if [[ "${PLATFORM}" == "openshift" ]]
then
export PLATFORM=openshift
PACKAGE_NAME=eclipse-che-preview-openshift
PACKAGE_FOLDER_PATH="${ROOT_DIR}/eclipse-che-preview-openshift/deploy/olm-catalog/${PACKAGE_NAME}"
PACKAGE_FOLDER_PATH="${OLM_DIR}/eclipse-che-preview-openshift/deploy/olm-catalog/${PACKAGE_NAME}"
else
PACKAGE_NAME=eclipse-che-preview-${PLATFORM}
PACKAGE_FOLDER_PATH="${ROOT_DIR}/eclipse-che-preview-${PLATFORM}/deploy/olm-catalog/${PACKAGE_NAME}"
PACKAGE_FOLDER_PATH="${OLM_DIR}/eclipse-che-preview-${PLATFORM}/deploy/olm-catalog/${PACKAGE_NAME}"
fi
PACKAGE_FILE_PATH="${PACKAGE_FOLDER_PATH}/${PACKAGE_NAME}.package.yaml"
CLUSTER_SERVICE_VERSION=$(yq -r ".channels[] | select(.name == \"${CHANNEL}\") | .currentCSV" "${PACKAGE_FILE_PATH}")
PACKAGE_VERSION=$(echo "${CLUSTER_SERVICE_VERSION}" | sed -e "s/${PACKAGE_NAME}.v//")
if [ "${CHANNEL}" == "nightly" ]; then
PACKAGE_FOLDER_PATH="${OPERATOR_REPO}/deploy/olm-catalog/eclipse-che-preview-${PLATFORM}"
CLUSTER_SERVICE_VERSION_FILE="${OPERATOR_REPO}/deploy/olm-catalog/eclipse-che-preview-${PLATFORM}/manifests/che-operator.clusterserviceversion.yaml"
PACKAGE_VERSION=$(yq -r ".spec.version" "${CLUSTER_SERVICE_VERSION_FILE}")
else
PACKAGE_FILE_PATH="${PACKAGE_FOLDER_PATH}/${PACKAGE_NAME}.package.yaml"
CLUSTER_SERVICE_VERSION=$(yq -r ".channels[] | select(.name == \"${CHANNEL}\") | .currentCSV" "${PACKAGE_FILE_PATH}")
PACKAGE_VERSION=$(echo "${CLUSTER_SERVICE_VERSION}" | sed -e "s/${PACKAGE_NAME}.v//")
fi
source "${OLM_DIR}/olm.sh" "${PLATFORM}" "${PACKAGE_VERSION}" "${NAMESPACE}" "${INSTALLATION_TYPE}"
if [ "${CHANNEL}" == "nightly" ]; then
installOPM
fi
}
buildOLMImages() {
# Manage catalog source for every platform in part.
# 1.Kubernetes: We need to eval minikube docker image and build there the catalog source
# 2.Openshift: Openshift platform will be run as part of Openshift CI and the catalog source will be build automatically and exposed
# 3.CRC: To run in our Code Ready Container Cluster we need have installed podman and running crc cluster...
# 1. Kubernetes:
# a) Enable registry addon, build catalog source and olm bundle images, push them to embedded private registry.
# b) Provide image registry env variables to push images to the real public registry(docker.io, quay.io etc).
# 2. Openshift: build bundle image and push it using image stream. Launch deployment with custom grpc based catalog source image to install the latest bundle.
if [[ "${PLATFORM}" == "kubernetes" ]]
then
echo "[INFO]: Kubernetes platform detected"
eval "$(minikube docker-env)"
# Build operator image
echo "[INFO]: Build operator image...${OPERATOR_IMAGE}"
cd "$OPERATOR_REPO" && docker build -t "${OPERATOR_IMAGE}" -f Dockerfile .
if [ -n "${OPERATOR_IMAGE}" ];then
echo "[INFO]: Build operator image ${OPERATOR_IMAGE}..."
cd "${OPERATOR_REPO}" && docker build -t "${OPERATOR_IMAGE}" -f Dockerfile .
# Use operator image in the latest CSV
sed -i 's|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|' "${PACKAGE_FOLDER_PATH}/${PACKAGE_VERSION}/${PACKAGE_NAME}.v${PACKAGE_VERSION}.clusterserviceversion.yaml"
# Use operator image in the latest CSV
if [ "${CHANNEL}" == "nightly" ]; then
sed -i 's|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|' "${CLUSTER_SERVICE_VERSION_FILE}"
else
sed -i 's|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|' "${PACKAGE_FOLDER_PATH}/${PACKAGE_VERSION}/${PACKAGE_NAME}.v${PACKAGE_VERSION}.clusterserviceversion.yaml"
fi
fi
echo "[INFO]: Starting to build catalog source image..."
CATALOG_BUNDLE_IMAGE="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/che_operator_bundle:0.0.1"
CATALOG_SOURCE_IMAGE="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/testing_catalog:0.0.1"
docker build -t ${CATALOG_SOURCE_IMAGE} -f "${ROOT_DIR}"/eclipse-che-preview-"${PLATFORM}"/Dockerfile \
"${ROOT_DIR}"/eclipse-che-preview-"${PLATFORM}"
if [ "${CHANNEL}" == "nightly" ]; then
echo "[INFO] Build bundle image... ${CATALOG_BUNDLE_IMAGE}"
buildBundleImage "${CATALOG_BUNDLE_IMAGE}"
echo "[INFO] Build catalog image... ${CATALOG_BUNDLE_IMAGE}"
buildCatalogImage "${CATALOG_SOURCE_IMAGE}" "${CATALOG_BUNDLE_IMAGE}"
fi
minikube addons enable ingress
echo "[INFO]: Successfully created catalog cource container image and enabled minikube ingress."
echo "[INFO]: Successfully created catalog source container image and enabled minikube ingress."
elif [[ "${PLATFORM}" == "openshift" ]]
then
echo "[INFO]: Catalog Source container image to run olm tests in openshift platform is: ${CATALOG_SOURCE_IMAGE}"
if [ "${INSTALLATION_TYPE}" == "Marketplace" ];then
return
fi
echo "[INFO]: Starting to build catalog image and push to ImageStream."
elif [[ "${PLATFORM}" == "crc" ]]
then
echo "[INFO]: Starting to build catalog image and push to CRC ImageStream."
export PLATFORM="openshift"
echo "============"
echo "[INFO] Current user is $(oc whoami)"
echo "============"
if [[ "${OPENSHIFT_CI}" == "true" ]];then echo "Openshift ci!"; fi
oc login -u kubeadmin -p $(crc console --credentials | awk -F "kubeadmin" '{print $2}' | cut -c 5- | rev | cut -c31- | rev) https://api.crc.testing:6443
oc new-project ${NAMESPACE}
oc new-project "${NAMESPACE}" || true
# Get Openshift Image registry host
IMAGE_REGISTRY_HOST=$(oc get route default-route -n openshift-image-registry --template='{{ .spec.host }}')
podman login -u kubeadmin -p $(oc whoami -t) ${IMAGE_REGISTRY_HOST} --tls-verify=false
pull_user="puller"
pull_password="puller"
add_user "${pull_user}" "${pull_password}"
if [ -z "${KUBECONFIG}" ]; then
KUBECONFIG="${HOME}/.kube/config"
fi
TEMP_KUBE_CONFIG="/tmp/$pull_user.kubeconfig"
rm -rf "${TEMP_KUBE_CONFIG}"
cp "${KUBECONFIG}" "${TEMP_KUBE_CONFIG}"
sleep 180
podman build -t ${IMAGE_REGISTRY_HOST}/${NAMESPACE}/${CATALOG_SOURCE_IMAGE} -f "${ROOT_DIR}"/eclipse-che-preview-"${PLATFORM}"/Dockerfile \
"${ROOT_DIR}"/eclipse-che-preview-"${PLATFORM}"
podman push ${IMAGE_REGISTRY_HOST}/${NAMESPACE}/${CATALOG_SOURCE_IMAGE}:latest --tls-verify=false
loginLogFile="/tmp/login-log"
touch "${loginLogFile}"
loginCMD="oc login --kubeconfig=${TEMP_KUBE_CONFIG} --username=${pull_user} --password=${pull_password} > ${loginLogFile}"
timeout 900 bash -c "${loginCMD}" || echo "[ERROR] Login Fail"
echo "[INFO] $(cat "${loginLogFile}" || true)"
# For some reason CRC external registry exposed is not working. I'll use the internal registry in cluster which is:image-registry.openshift-image-registry.svc:5000
export CATALOG_SOURCE_IMAGE=image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/${CATALOG_SOURCE_IMAGE}
echo "[INFO]: Successfully added catalog source image to crc image registry: ${CATALOG_SOURCE_IMAGE}"
echo "[INFO] Applying policy registry-viewer to user '${pull_user}'..."
oc -n "$NAMESPACE" policy add-role-to-user registry-viewer "$pull_user"
echo "[INFO] Trying to retrieve user '${pull_user}' token..."
token=$(oc --kubeconfig=${TEMP_KUBE_CONFIG} whoami -t)
echo "[INFO] User '${pull_user}' token is: ${token}"
oc -n "${NAMESPACE}" new-build --binary --strategy=docker --name serverless-bundle
cp -rf "${PACKAGE_FOLDER_PATH}/bundle.Dockerfile" "${PACKAGE_FOLDER_PATH}/Dockerfile"
if oc -n "${NAMESPACE}" start-build serverless-bundle --from-dir "${PACKAGE_FOLDER_PATH}"; then
rm -rf "${PACKAGE_FOLDER_PATH}/Dockerfile"
else
rm -rf "${PACKAGE_FOLDER_PATH}/Dockerfile"
echo "[ERROR ]Failed to build bundle image."
exit 1
fi
cat <<EOF | oc apply -n "${NAMESPACE}" -f - || return $?
apiVersion: apps/v1
kind: Deployment
metadata:
name: catalog-source-app
spec:
selector:
matchLabels:
app: catalog-source-app
template:
metadata:
labels:
app: catalog-source-app
spec:
containers:
- name: registry
image: quay.io/openshift-knative/index
ports:
- containerPort: 50051
name: grpc
protocol: TCP
livenessProbe:
exec:
command:
- grpc_health_probe
- -addr=localhost:50051
readinessProbe:
exec:
command:
- grpc_health_probe
- -addr=localhost:50051
command:
- /bin/sh
- -c
- |-
podman login -u ${pull_user} -p ${token} image-registry.openshift-image-registry.svc:5000
/bin/opm registry add --container-tool=podman -d index.db --mode=semver -b image-registry.openshift-image-registry.svc:5000/${NAMESPACE}/serverless-bundle && \
/bin/opm registry serve -d index.db -p 50051
EOF
# Wait for the index pod to be up to avoid inconsistencies with the catalog source.
kubectl wait --for=condition=ready "pods" -l app=catalog-source-app --timeout=120s -n "${NAMESPACE}" || true
indexip="$(oc -n "$NAMESPACE" get pods -l app=catalog-source-app -o jsonpath='{.items[0].status.podIP}')"
# Install the catalogsource.
createRpcCatalogSource "${NAMESPACE}" "${indexip}"
else
echo "[ERROR]: Error to start olm tests. Invalid Platform"
printHelp
@ -151,12 +258,55 @@ init() {
}
run() {
source ${ROOT_DIR}/olm.sh ${PLATFORM} ${PACKAGE_VERSION} ${NAMESPACE} ${INSTALLATION_TYPE}
createNamespace
if [ ! ${PLATFORM} == "openshift" ] && [ "${CHANNEL}" == "nightly" ]; then
forcePullingOlmImages "${CATALOG_BUNDLE_IMAGE}"
fi
installOperatorMarketPlace
subscribeToInstallation
installPackage
applyCRCheCluster
waitCheServerDeploy
}
function add_user {
name=$1
pass=$2
echo "Creating user $name:$pass"
PASSWD_TEMP_DIR="$(mktemp -q -d -t "passwd_XXXXXX" 2>/dev/null || mktemp -q -d)"
HT_PASSWD_FILE="${PASSWD_TEMP_DIR}/users.htpasswd"
touch "${HT_PASSWD_FILE}"
htpasswd -b "${HT_PASSWD_FILE}" "$name" "$pass"
echo "HTPASSWD content is:======================="
cat "${HT_PASSWD_FILE}"
echo "==================================="
kubectl create secret generic htpass-secret \
--from-file=htpasswd="${HT_PASSWD_FILE}" \
-n openshift-config
cat <<EOF | oc apply -n "${NAMESPACE}" -f - || return $?
apiVersion: config.openshift.io/v1
kind: OAuth
metadata:
name: cluster
spec:
identityProviders:
- name: my_htpasswd_provider
mappingMethod: claim
type: HTPasswd
htpasswd:
fileData:
name: htpass-secret
EOF
}
init
buildOLMImages
run
echo -e "\u001b[32m Done. \u001b[0m"

78
olm/testUpdate.sh
View File

@ -10,11 +10,12 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
SCRIPT=$(readlink -f "$0")
SCRIPT_DIR=$(dirname "$SCRIPT")
BASE_DIR=$(dirname "$SCRIPT_DIR");
if [ -z "${OPERATOR_REPO}" ]; then
SCRIPT=$(readlink -f "$0")
OPERATOR_REPO=$(dirname "$(dirname "$SCRIPT")");
fi
source ${BASE_DIR}/olm/check-yq.sh
source ${OPERATOR_REPO}/olm/check-yq.sh
platform=$1
if [ "${platform}" == "" ]; then
@ -29,24 +30,61 @@ if [ "${channel}" == "" ]; then
channel="nightly"
fi
packageName=eclipse-che-preview-${platform}
platformPath=${BASE_DIR}/olm/${packageName}
packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}"
packageFilePath="${packageFolderPath}/${packageName}.package.yaml"
namespace=$3
if [ "${namespace}" == "" ]; then
namespace="eclipse-che-preview-test"
fi
lastCSV=$(yq -r ".channels[] | select(.name == \"${channel}\") | .currentCSV" "${packageFilePath}")
lastPackageVersion=$(echo "${lastCSV}" | sed -e "s/${packageName}.v//")
previousCSV=$(sed -n 's|^ *replaces: *\([^ ]*\) *|\1|p' "${packageFolderPath}/${lastPackageVersion}/${packageName}.v${lastPackageVersion}.clusterserviceversion.yaml")
previousPackageVersion=$(echo "${previousCSV}" | sed -e "s/${packageName}.v//")
IMAGE_REGISTRY_HOST=${IMAGE_REGISTRY_HOST:-quay.io}
IMAGE_REGISTRY_USER_NAME=${IMAGE_REGISTRY_USER_NAME:-eclipse}
# $3 -> namespace
source ${BASE_DIR}/olm/olm.sh ${platform} ${previousPackageVersion} $3
init() {
if [ "${channel}" == "stable" ]; then
packageName=eclipse-che-preview-${platform}
platformPath=${OPERATOR_REPO}/olm/${packageName}
packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}"
packageFilePath="${packageFolderPath}/${packageName}.package.yaml"
installOperatorMarketPlace
installPackage
applyCRCheCluster
waitCheServerDeploy
LATEST_CSV_NAME=$(yq -r ".channels[] | select(.name == \"${channel}\") | .currentCSV" "${packageFilePath}")
lastPackageVersion=$(echo "${LATEST_CSV_NAME}" | sed -e "s/${packageName}.v//")
PREVIOUS_CSV_NAME=$(sed -n 's|^ *replaces: *\([^ ]*\) *|\1|p' "${packageFolderPath}/${lastPackageVersion}/${packageName}.v${lastPackageVersion}.clusterserviceversion.yaml")
PACKAGE_VERSION=$(echo "${PREVIOUS_CSV_NAME}" | sed -e "s/${packageName}.v//")
INSTALLATION_TYPE="Marketplace"
else
packageFolderPath="${OPERATOR_REPO}/deploy/olm-catalog/eclipse-che-preview-${platform}"
PACKAGE_VERSION="nightly"
export CATALOG_IMAGENAME="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${platform}-opm-catalog:preview"
INSTALLATION_TYPE="catalog"
fi
}
echo -e "\u001b[32m Installation of the previous che-operator version: ${previousCSV} succesfully completed \u001b[0m"
run() {
# $3 -> namespace
source "${OPERATOR_REPO}/olm/olm.sh" "${platform}" "${PACKAGE_VERSION}" "${namespace}" "${INSTALLATION_TYPE}"
installPackage
createNamespace
installOperatorMarketPlace
if [ "${channel}" == "nightly" ]; then
getBundleListFromCatalogSource
getPreviousCSVInfo
getLatestCSVInfo
forcePullingOlmImages "${PREVIOUS_CSV_BUNDLE_IMAGE}"
forcePullingOlmImages "${LATEST_CSV_BUNDLE_IMAGE}"
fi
subscribeToInstallation "${PREVIOUS_CSV_NAME}"
echo -e "\u001b[32m Installation of the previous che-operator version: ${PREVIOUS_CSV_NAME} successfully completed \u001b[0m"
installPackage
applyCRCheCluster
waitCheServerDeploy
echo -e "\u001b[32m Installation of the latest che-operator version: ${LATEST_CSV_NAME} successfully completed \u001b[0m"
installPackage
}
init
run
echo -e "\u001b[32m Done. \u001b[0m"

109
olm/update-nightly-bundle.sh Executable file
View File

@ -0,0 +1,109 @@
#!/bin/bash
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
set -e
if [ -z "${BASE_DIR}" ]; then
BASE_DIR=$(cd "$(dirname "$0")"; pwd)
fi
if [ -z "${OPERATOR_SDK_BINARY}" ]; then
OPERATOR_SDK_BINARY=$(command -v operator-sdk)
if [[ ! -x "${OPERATOR_SDK_BINARY}" ]]; then
echo "[ERROR] operator-sdk is not installed."
exit 1
fi
fi
operatorVersion=$("${OPERATOR_SDK_BINARY}" version)
[[ $operatorVersion =~ .*v0.10.0.* ]] || { echo "operator-sdk v0.10.0 is required"; exit 1; }
ROOT_PROJECT_DIR=$(dirname "${BASE_DIR}")
TAG=$1
source ${BASE_DIR}/check-yq.sh
if [ -z "${NO_INCREMENT}" ]; then
source "${BASE_DIR}/incrementNightlyBundles.sh"
incrementNightlyVersion
fi
for platform in 'kubernetes' 'openshift'
do
echo "[INFO] Updating OperatorHub bundle for platform '${platform}' for platform '${platform}'"
pushd "${ROOT_PROJECT_DIR}" || true
olmCatalog=${ROOT_PROJECT_DIR}/deploy/olm-catalog
operatorFolder=${olmCatalog}/che-operator
bundleFolder=${olmCatalog}/eclipse-che-preview-${platform}
bundleCSVName="che-operator.clusterserviceversion.yaml"
NEW_CSV=${bundleFolder}/manifests/${bundleCSVName}
newNightlyBundleVersion=$(yq -r ".spec.version" "${NEW_CSV}")
echo "[INFO] Will create new nightly bundle version: ${newNightlyBundleVersion}"
"${bundleFolder}"/build-roles.sh
packageManifestFolderPath=${ROOT_PROJECT_DIR}/deploy/olm-catalog/che-operator/${newNightlyBundleVersion}
packageManifestCSVPath=${packageManifestFolderPath}/che-operator.v${newNightlyBundleVersion}.clusterserviceversion.yaml
mkdir -p "${packageManifestFolderPath}"
cp -rf "${NEW_CSV}" "${packageManifestCSVPath}"
cp -rf "${bundleFolder}/csv-config.yaml" "${olmCatalog}"
echo "[INFO] Updating new package version..."
"${OPERATOR_SDK_BINARY}" olm-catalog gen-csv --csv-version "${newNightlyBundleVersion}" 2>&1 | sed -e 's/^/ /'
cp -rf "${packageManifestCSVPath}" "${NEW_CSV}"
rm -rf "${operatorFolder}" "${olmCatalog}/csv-config.yaml"
containerImage=$(sed -n 's|^ *image: *\([^ ]*/che-operator:[^ ]*\) *|\1|p' ${NEW_CSV})
echo "[INFO] Updating new package version fields:"
echo "[INFO] - containerImage => ${containerImage}"
sed -e "s|containerImage:.*$|containerImage: ${containerImage}|" "${NEW_CSV}" > "${NEW_CSV}.new"
mv "${NEW_CSV}.new" "${NEW_CSV}"
if [ -z "${NO_DATE_UPDATE}" ]; then
createdAt=$(date -u +%FT%TZ)
echo "[INFO] - createdAt => ${createdAt}"
sed -e "s/createdAt:.*$/createdAt: \"${createdAt}\"/" "${NEW_CSV}" > "${NEW_CSV}.new"
mv "${NEW_CSV}.new" "${NEW_CSV}"
fi
cp -rf "${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_crd.yaml" "${bundleFolder}/manifests"
echo "Done for ${platform}"
if [[ -n "$TAG" ]]; then
echo "[INFO] Set tags in nightly OLM files"
sed -i 's/'$RELEASE'/'$TAG'/g' ${NEW_CSV}
fi
if [[ $platform == "openshift" ]]; then
# Removes che-tls-secret-creator
index=0
while [[ $index -le 30 ]]
do
if [[ $(cat ${NEW_CSV} | yq -r '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'].name') == "RELATED_IMAGE_che_tls_secrets_creation_job" ]]; then
yq -rYSi 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'])' ${NEW_CSV}
break
fi
index=$((index+1))
done
fi
# Format code.
yq -rY "." "${NEW_CSV}" > "${NEW_CSV}.old"
mv "${NEW_CSV}.old" "${NEW_CSV}"
popd || true
done

2
olm/update-nightly-olm-files.sh
View File

@ -10,6 +10,8 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
# Deprecated. Use olm/update-nightly-bundle.sh instead of it.
set -e
CURRENT_DIR=$(pwd)