From 84ac62cbd3d78521b494b1365ea554d57995f543 Mon Sep 17 00:00:00 2001 From: Oleksandr Andriienko Date: Thu, 10 Sep 2020 03:33:24 -0400 Subject: [PATCH] Use new opm bundle format. (#423) * Use new opm bundle format. Signed-off-by: Oleksandr Andriienko * Fix csv file. Check works :) Signed-off-by: Oleksandr Andriienko * Add old files to pass check... Signed-off-by: Oleksandr Andriienko * Improve code. Signed-off-by: Oleksandr Andriienko * Code clean up. Remove separated code for crc in the TestCatalogSource.sh. Test works for Crc in the same way like Openshift ci. Fix build opm bundle script. Signed-off-by: Oleksandr Andriienko * Make bigger timeout for minishift ci test. Signed-off-by: Oleksandr Andriienko * Remove not used script testCSV.sh. Update contribution README.md. Worked on fix minishift CI test. Signed-off-by: Oleksandr Andriienko * Use eclipse image registry to push images. Signed-off-by: Oleksandr Andriienko * Fix and simplify testUpdate.sh for openshift nightly channel. Signed-off-by: Oleksandr Andriienko * Improve docs. Provide buildFirstBundle.sh script for dev purpose. Signed-off-by: Oleksandr Andriienko * Add more info to the docs. Signed-off-by: Oleksandr Andriienko * Improve docs about private registry Signed-off-by: Oleksandr Andriienko * Use only nightly in the nightly bundles. Signed-off-by: Oleksandr Andriienko * Fix README.md typos. Signed-off-by: Oleksandr Andriienko * Handle requested code review changes. Signed-off-by: Oleksandr Andriienko * Pr code check works notified me one time :) . So update nightly bundle and fix some docs. Signed-off-by: Oleksandr Andriienko * Fix testCatalogSource.sh Signed-off-by: Oleksandr Andriienko * Remove accidentally commited generated file. Signed-off-by: Oleksandr Andriienko * Update gitignore. Signed-off-by: Oleksandr Andriienko --- .ci/cico_olm_minikube.sh | 20 + .ci/cico_olm_openshift.sh | 5 +- .ci/cico_operator_prcheck.sh | 2 +- .ci/cico_updates_minishift.sh | 35 +- .ci/operator_code_check.sh | 2 + .ci/start-minikube.sh | 19 +- .ci/util/ci_common.sh | 2 +- .../action_scripts/build_olm_bundle_images.sh | 44 ++ .github/action_scripts/operator_code_check.sh | 121 ++++ .github/workflows/build.yml | 6 +- .github/workflows/checkNightlyOpmBundle.yaml | 26 + .github/workflows/pushCatalogImages.yaml | 35 ++ .gitignore | 2 + .vscode/launch.json | 121 ++++ README.md | 42 +- .../build-roles.sh | 27 + .../bundle.Dockerfile | 11 + .../csv-config.yaml | 3 + .../che-operator.clusterserviceversion.yaml | 356 +++++++++++ .../manifests/org_v1_che_crd.yaml | 567 ++++++++++++++++++ .../metadata/annotations.yaml | 9 + .../build-roles.sh | 13 +- .../bundle.Dockerfile | 11 + .../csv-config.yaml | 3 + .../che-operator.clusterserviceversion.yaml | 403 +++++++++++++ .../manifests/org_v1_che_crd.yaml | 567 ++++++++++++++++++ .../metadata/annotations.yaml | 9 + olm/README.md | 213 +++++-- olm/buildAndPushInitialBundle.sh | 65 ++ .../deploy/olm-catalog/csv-config.yaml | 4 +- .../eclipse-che-preview-kubernetes.crd.yaml | 567 ++++++++++++++++++ ...lipse-che-preview-kubernetes.crd.yaml.diff | 0 ...htly.1598898635.clusterserviceversion.yaml | 0 ...1598898635.clusterserviceversion.yaml.diff | 405 +++++++++++++ ...clipse-che-preview-kubernetes.package.yaml | 2 +- .../eclipse-che-preview-openshift.crd.yaml | 567 ++++++++++++++++++ ...clipse-che-preview-openshift.crd.yaml.diff | 0 ...htly.1598898636.clusterserviceversion.yaml | 435 ++++++++++++++ ...1598898636.clusterserviceversion.yaml.diff | 26 + ...eclipse-che-preview-openshift.package.yaml | 2 +- olm/force-pulling-olm-images-job.yaml | 63 ++ olm/incrementNightlyBundles.sh | 58 ++ olm/minikube-registry-addon.sh | 33 + olm/olm.sh | 293 +++++++-- olm/testCatalogSource.sh | 244 ++++++-- olm/testUpdate.sh | 78 ++- olm/update-nightly-bundle.sh | 109 ++++ olm/update-nightly-olm-files.sh | 2 + 48 files changed, 5408 insertions(+), 219 deletions(-) mode change 100644 => 100755 .ci/cico_updates_minishift.sh mode change 100644 => 100755 .ci/start-minikube.sh create mode 100755 .github/action_scripts/build_olm_bundle_images.sh create mode 100755 .github/action_scripts/operator_code_check.sh create mode 100644 .github/workflows/checkNightlyOpmBundle.yaml create mode 100644 .github/workflows/pushCatalogImages.yaml create mode 100755 deploy/olm-catalog/eclipse-che-preview-kubernetes/build-roles.sh create mode 100644 deploy/olm-catalog/eclipse-che-preview-kubernetes/bundle.Dockerfile create mode 100644 deploy/olm-catalog/eclipse-che-preview-kubernetes/csv-config.yaml create mode 100644 deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml create mode 100644 deploy/olm-catalog/eclipse-che-preview-kubernetes/metadata/annotations.yaml rename olm/testCSV.sh => deploy/olm-catalog/eclipse-che-preview-openshift/build-roles.sh (55%) create mode 100644 deploy/olm-catalog/eclipse-che-preview-openshift/bundle.Dockerfile create mode 100644 deploy/olm-catalog/eclipse-che-preview-openshift/csv-config.yaml create mode 100644 deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml create mode 100644 deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml create mode 100644 deploy/olm-catalog/eclipse-che-preview-openshift/metadata/annotations.yaml create mode 100755 olm/buildAndPushInitialBundle.sh create mode 100644 olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml create mode 100644 olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml.diff create mode 100644 olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml create mode 100644 olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml.diff create mode 100644 olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml create mode 100644 olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml.diff create mode 100644 olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml create mode 100644 olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml.diff create mode 100644 olm/force-pulling-olm-images-job.yaml create mode 100755 olm/incrementNightlyBundles.sh create mode 100755 olm/minikube-registry-addon.sh create mode 100755 olm/update-nightly-bundle.sh diff --git a/.ci/cico_olm_minikube.sh b/.ci/cico_olm_minikube.sh index 32d4a453e..05934314f 100755 --- a/.ci/cico_olm_minikube.sh +++ b/.ci/cico_olm_minikube.sh @@ -40,6 +40,9 @@ export NAMESPACE OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly" export OPERATOR_IMAGE +IMAGE_REGISTRY_HOST="0.0.0.0:5000" +export IMAGE_REGISTRY_HOST + # run function run the tests in ci of custom catalog source. function run() { # Execute test catalog source script @@ -56,11 +59,28 @@ function run() { waitWorkspaceStart } +function setPrivateRegistryForDocker { + dockerDaemonConfig="/etc/docker/daemon.json" + mkdir -p "/etc/docker" + touch "${dockerDaemonConfig}" + + config="{\"insecure-registries\" : [\"${IMAGE_REGISTRY_HOST}\"]}" + echo "${config}" | sudo tee "${dockerDaemonConfig}" + + if [ -x "$(command -v docker)" ]; then + echo "[INFO] Restart docker daemon to set up private registry info." + systemctl restart docker + fi +} + source "${OPERATOR_REPO}"/.ci/util/ci_common.sh installYQ installJQ install_VirtPackages +# Docker should trust minikube private registry provided by "registry" addon +setPrivateRegistryForDocker installStartDocker + source ${OPERATOR_REPO}/.ci/start-minikube.sh installChectl run diff --git a/.ci/cico_olm_openshift.sh b/.ci/cico_olm_openshift.sh index 5e459ca27..2b4601879 100755 --- a/.ci/cico_olm_openshift.sh +++ b/.ci/cico_olm_openshift.sh @@ -25,9 +25,12 @@ export ARTIFACTS_DIR CI_COMPONENT="che-operator-catalog" export CI_COMPONENT +CATALOG_SOURCE_IMAGE_NAME=${CI_COMPONENT}:stable +export CATALOG_SOURCE_IMAGE_NAME + # This image is builded by Openshift CI and exposed to be consumed for olm tests. #OPENSHIFT_BUILD_NAMESPACE env var exposed by Openshift CI. More info about how images are builded in Openshift CI: https://github.com/openshift/ci-tools/blob/master/TEMPLATES.md#parameters-available-to-templates -CATALOG_SOURCE_IMAGE=registry.svc.ci.openshift.org/${OPENSHIFT_BUILD_NAMESPACE}/stable:${CI_COMPONENT} +CATALOG_SOURCE_IMAGE=registry.svc.ci.openshift.org/${OPENSHIFT_BUILD_NAMESPACE}/${CATALOG_SOURCE_IMAGE_NAME} export CATALOG_SOURCE_IMAGE # Choose if install Eclipse Che using an operatorsource or Custom Catalog Source diff --git a/.ci/cico_operator_prcheck.sh b/.ci/cico_operator_prcheck.sh index 6f21665ec..53bb70900 100644 --- a/.ci/cico_operator_prcheck.sh +++ b/.ci/cico_operator_prcheck.sh @@ -45,7 +45,7 @@ run_tests() { oc apply -f ${OPERATOR_REPO}/deploy/crds/org_v1_che_crd.yaml oc_tls_mode - + printInfo "Starting to compile e2e tests binary" docker run -t \ -v ${OPERATOR_REPO}/tmp:/operator \ diff --git a/.ci/cico_updates_minishift.sh b/.ci/cico_updates_minishift.sh old mode 100644 new mode 100755 index 416b38b5c..f35ef3cc3 --- a/.ci/cico_updates_minishift.sh +++ b/.ci/cico_updates_minishift.sh @@ -33,9 +33,9 @@ init() { OPERATOR_REPO=$(dirname "$SCRIPT_DIR"); fi - # Create tmp folder and add che operator templates used by server:update command. - mkdir -p "$OPERATOR_REPO/tmp" && chmod 777 "$OPERATOR_REPO/tmp" - cp -r deploy "$OPERATOR_REPO/tmp/che-operator" + # Create tmp folder to save "operator" installer templates + mkdir -p "${OPERATOR_REPO}/tmp" && chmod 777 "${OPERATOR_REPO}/tmp" + cp -rf "${OPERATOR_REPO}/deploy" "${OPERATOR_REPO}/tmp/che-operator" } installDependencies() { @@ -65,27 +65,28 @@ installLatestCheStable() { # Add stable Che images and tag to CR sed -i "s/cheImage: ''/cheImage: quay.io\/eclipse\/che-server/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml sed -i "s/cheImageTag: ''/cheImageTag: ${previousPackageVersion}/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml - sed -i "s/devfileRegistryImage: ''/devfileRegistryImage: quay.io\/eclipse\/che-devfile-registry:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml - sed -i "s/pluginRegistryImage: ''/pluginRegistryImage: quay.io\/eclipse\/che-plugin-registry:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml - sed -i "s/identityProviderImage: ''/identityProviderImage: quay.io\/eclipse\/che-keycloak:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml - # set 'openShiftoAuth: false' sed -i "s/openShiftoAuth: .*/openShiftoAuth: false/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml + # Change operator images defaults in the deployment + sed -i -e "s|nightly|${previousPackageVersion}|" "${OPERATOR_REPO}/tmp/che-operator/operator.yaml" + # Start last stable version of che - chectl server:start --platform=minishift --skip-kubernetes-health-check --che-operator-cr-yaml=${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml \ - --che-operator-image=quay.io/eclipse/che-operator:${previousPackageVersion} --installer=operator + chectl server:start --platform=minishift --skip-kubernetes-health-check \ + --che-operator-cr-yaml="${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml" --templates="${OPERATOR_REPO}/tmp" \ + --installer=operator } # Utility to wait for new release to be up waitForNewCheVersion() { export n=0 - while [ $n -le 360 ] + while [ $n -le 500 ] do - cheVersion=$(oc get checluster/eclipse-che -n "${NAMESPACE}" -o jsonpath={.status.cheVersion}) + cheVersion=$(oc get checluster/eclipse-che -n "${NAMESPACE}" -o "jsonpath={.status.cheVersion}") + cheIsRunning=$(oc get checluster/eclipse-che -n "${NAMESPACE}" -o "jsonpath={.status.cheClusterRunning}" ) oc get pods -n ${NAMESPACE} - if [ "${cheVersion}" == $lastPackageVersion ] + if [ "${cheVersion}" == "${lastPackageVersion}" ] && [ "${cheIsRunning}" == "Available" ] then echo -e "\u001b[32m Installed latest version che-operator: ${lastCSV} \u001b[0m" break @@ -129,15 +130,13 @@ testUpdates() { # Create an workspace getCheAcessToken # Function from ./util/ci_common.sh - chectl workspace:create --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml + chectl workspace:create --devfile=${OPERATOR_REPO}/.ci/util/devfile-test.yaml + # Change operator images defaults in the deployment + sed -i -e "s|${previousPackageVersion}|${lastPackageVersion}|" "${OPERATOR_REPO}/tmp/che-operator/operator.yaml" # Update the operator to the new release - chectl server:update --skip-version-check --installer=operator --platform=minishift --che-operator-image=quay.io/eclipse/che-operator:${lastPackageVersion} --templates="tmp" + chectl server:update --skip-version-check --installer=operator --platform=minishift --templates="${OPERATOR_REPO}/tmp" -# Patch images and tag the latest release - oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/auth/identityProviderImage", "value":"quay.io/eclipse/che-keycloak:'${lastPackageVersion}'"}]' -n ${NAMESPACE} - oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/server/devfileRegistryImage", "value":"quay.io/eclipse/che-devfile-registry:'${lastPackageVersion}'"}]' -n ${NAMESPACE} - oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/server/pluginRegistryImage", "value":"quay.io/eclipse/che-plugin-registry:'${lastPackageVersion}'"}]' -n ${NAMESPACE} oc patch checluster eclipse-che --type='json' -p='[{"op": "replace", "path": "/spec/server/cheImageTag", "value":"'${lastPackageVersion}'"}]' -n ${NAMESPACE} waitForNewCheVersion diff --git a/.ci/operator_code_check.sh b/.ci/operator_code_check.sh index 34aef47fb..15e0ab94e 100644 --- a/.ci/operator_code_check.sh +++ b/.ci/operator_code_check.sh @@ -10,6 +10,8 @@ # Contributors: # Red Hat, Inc. - initial API and implementation +# Deprecated. Use .github/action_scripts/operator_code_check.sh instead of it. + set -e # Perform git installation before execute. diff --git a/.ci/start-minikube.sh b/.ci/start-minikube.sh old mode 100644 new mode 100755 index ebd02b1a9..b3b3e6974 --- a/.ci/start-minikube.sh +++ b/.ci/start-minikube.sh @@ -52,9 +52,6 @@ minikube version # minikube start minikube start --kubernetes-version=$KUBERNETES_VERSION --extra-config=apiserver.authorization-mode=RBAC -# Add minikube ingress -minikube addons enable ingress - # waiting for node(s) to be ready JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}'; until kubectl get nodes -o jsonpath="$JSONPATH" 2>&1 | grep -q "Ready=True"; do sleep 1; done @@ -72,3 +69,19 @@ rules: verbs: ["*"] EOF + +echo "[INFO] Enable ingress addon." +minikube addons enable ingress + +echo "[INFO] Enable registry addon." +minikube addons enable registry + +echo "[INFO] Minikube Addon list" +minikube addons list + +echo "[INFO] Trying to get pod name of the registry proxy..." +REGISTRY_PROXY_POD=$(kubectl get pods -n kube-system -o yaml | grep "name: registry-proxy-" | sed -e 's;.*name: \(\);\1;') || true +echo "[INFO] Proxy pod name is ${REGISTRY_PROXY_POD}" +kubectl wait --for=condition=ready "pods/${REGISTRY_PROXY_POD}" --timeout=120s -n "kube-system" || true + +echo "[INFO] Minikube started!" diff --git a/.ci/util/ci_common.sh b/.ci/util/ci_common.sh index dd755f481..77a8f1d26 100644 --- a/.ci/util/ci_common.sh +++ b/.ci/util/ci_common.sh @@ -171,7 +171,7 @@ waitWorkspaceStart() { if [ "${workspaceStatus:-NOT_RUNNING}" == "RUNNING" ] then - printInfo "Workspace started started successfully" + printInfo "Workspace started successfully" break fi sleep 10 diff --git a/.github/action_scripts/build_olm_bundle_images.sh b/.github/action_scripts/build_olm_bundle_images.sh new file mode 100755 index 000000000..b2fee78c1 --- /dev/null +++ b/.github/action_scripts/build_olm_bundle_images.sh @@ -0,0 +1,44 @@ +#!/bin/bash + +# Todo: set eclipse value +IMAGE_REGISTRY_USERNAME=eclipse +IMAGE_REGISTRY=quay.io +ROOT_PROJECT_DIR="${GITHUB_WORKSPACE}" +export BASE_DIR="${ROOT_PROJECT_DIR}/olm" + +# install yq +pip3 install wheel +pip3 install --upgrade setuptools +pip3 install yq +# Make python3 installed modules "visible" +export PATH=$HOME/.local/bin:$PATH + +for platform in 'kubernetes' 'openshift' +do + OPM_BUNDLE_DIR="${ROOT_PROJECT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}" + OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests" + CSV="${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml" + + nightlyVersion=$(yq -r ".spec.version" "${CSV}") + CATALOG_BUNDLE_IMAGE_NAME_LOCAL="${IMAGE_REGISTRY}/${IMAGE_REGISTRY_USERNAME}/eclipse-che-${platform}-opm-bundles:${nightlyVersion}" + CATALOG_IMAGENAME="${IMAGE_REGISTRY}/${IMAGE_REGISTRY_USERNAME}/eclipse-che-${platform}-opm-catalog:preview" + + source "${ROOT_PROJECT_DIR}/olm/olm.sh" "${platform}" "${nightlyVersion}" "che" + source "${ROOT_PROJECT_DIR}/olm/incrementNightlyBundles.sh" + + installOPM + + ${OPM_BINARY} version + + incrementPart=$(getNightlyVersionIncrementPart "${nightlyVersion}") + echo "Nightly increment version ${incrementPart}" + + buildBundleImage "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" + + if [ "${incrementPart}" == 0 ]; then + echo "Build very first bundle." + buildCatalogImage "${CATALOG_IMAGENAME}" "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" + else + buildCatalogImage "${CATALOG_IMAGENAME}" "${CATALOG_BUNDLE_IMAGE_NAME_LOCAL}" "${CATALOG_IMAGENAME}" + fi +done diff --git a/.github/action_scripts/operator_code_check.sh b/.github/action_scripts/operator_code_check.sh new file mode 100755 index 000000000..198aa8ad0 --- /dev/null +++ b/.github/action_scripts/operator_code_check.sh @@ -0,0 +1,121 @@ +#!/bin/bash +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation + +set -e + +# PR_FILES_CHANGED store all Modified/Created files in Pull Request. +export PR_FILES_CHANGED=$(git --no-pager diff --name-only HEAD "$(git merge-base HEAD origin/master)") +echo "=========================" +echo "${PR_FILES_CHANGED}" +echo "=========================" + +# transform_files function transform PR_FILES_CHANGED into a new array => FILES_CHANGED_ARRAY. +function transform_files() { + for files in ${PR_FILES_CHANGED} + do + FILES_CHANGED_ARRAY+=("${files}") + done +} + +# check_che_types function check first if pkg/apis/org/v1/che_types.go file suffer modifications and +# in case of modification should exist also modifications in deploy/crds/* folder. +function check_che_types() { + # CHE_TYPES_FILE make reference to generated code by operator-sdk. + local CHE_TYPES_FILE='pkg/apis/org/v1/che_types.go' + # Export variables for cr/crds files. + local CR_CRD_FOLDER="deploy/crds/" + local CR_CRD_REGEX="\S*org_v1_che_crd.yaml" + + if [[ " ${FILES_CHANGED_ARRAY[*]} " =~ ${CHE_TYPES_FILE} ]]; then + echo "[INFO] File ${CHE_TYPES_FILE} suffer modifications in PR. Checking if exist modifications for cr/crd files." + # The script should fail if deploy/crds folder didn't suffer any modification. + if [[ " ${FILES_CHANGED_ARRAY[*]} " =~ $CR_CRD_REGEX ]]; then + echo "[INFO] CR/CRD file modified: ${BASH_REMATCH}" + else + echo "[ERROR] Detected modification in ${CHE_TYPES_FILE} file, but cr/crd files didn't suffer any modification." + exit 1 + fi + else + echo "[INFO] ${CHE_TYPES_FILE} don't have any modification." + fi +} + +set -e +go version +ROOT_PROJECT_DIR="${GITHUB_WORKSPACE}" +if [ -z "${ROOT_PROJECT_DIR}" ]; then + BASE_DIR=$(cd "$(dirname "$0")"; pwd) + ROOT_PROJECT_DIR=$(dirname "$(dirname "${BASE_DIR}")") +fi + +# Unfortunately ${GOPATH} is required for an old operator-sdk +if [ -z "${GOPATH}" ]; then + export GOPATH="/home/runner/work/che-operator/go" + echo "[INFO] GOPATH: ${GOPATH}" +fi + +installYq() { + YQ=$(command -v yq) || true + if [[ ! -x "${YQ}" ]]; then + pip3 install wheel + pip3 install yq + # Make python3 installed modules "visible" + export PATH=$HOME/.local/bin:$PATH + ls "${HOME}/.local/bin" + fi + echo "[INFO] $(yq --version)" + echo "[INFO] $(jq --version)" +} + +installOperatorSDK() { + YQ=$(command -v operator-sdk) || true + if [[ ! -x "${YQ}" ]]; then + OPERATOR_SDK_TEMP_DIR="$(mktemp -q -d -t "OPERATOR_SDK_XXXXXX" 2>/dev/null || mktemp -q -d)" + pushd "${OPERATOR_SDK_TEMP_DIR}" || exit + echo "[INFO] Downloading 'operator-sdk' cli tool..." + curl -sLo operator-sdk "$(curl -sL https://api.github.com/repos/operator-framework/operator-sdk/releases/19175509 | jq -r '[.assets[] | select(.name == "operator-sdk-v0.10.0-x86_64-linux-gnu")] | first | .browser_download_url')" + export OPERATOR_SDK_BINARY="${OPERATOR_SDK_TEMP_DIR}/operator-sdk" + chmod +x "${OPERATOR_SDK_BINARY}" + echo "[INFO] Downloading completed!" + echo "[INFO] $(${OPERATOR_SDK_BINARY} version)" + popd || exit + fi +} + +isActualNightlyOlmBundleCSVFiles() { + cd "${ROOT_PROJECT_DIR}" + export BASE_DIR="${ROOT_PROJECT_DIR}/olm" + export NO_DATE_UPDATE="true" + export NO_INCREMENT="true" + source "${ROOT_PROJECT_DIR}/olm/update-nightly-bundle.sh" + + CSV_FILE_KUBERNETES="deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml" + CSV_FILE_OPENSHIFT="deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml" + + IFS=$'\n' read -d '' -r -a changedFiles < <( git ls-files -m ) || true + for file in "${changedFiles[@]}" + do + if [ "${CSV_FILE_KUBERNETES}" == "${file}" ] || [ "${CSV_FILE_OPENSHIFT}" == "${file}" ]; then + echo "[ERROR] Nightly bundle file ${file} should be updated in your pr, please. Use script 'che-operator/olm/update-nightly-bundle.sh' for this purpose." + exit 1 + fi + done + echo "[INFO] Nightly Olm bundle is in actual state." +} + +transform_files +check_che_types +installYq +installOperatorSDK +isActualNightlyOlmBundleCSVFiles + +echo "[INFO] Done." diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42fc7f955..ee7e80fc1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,5 +1,5 @@ # -# Copyright (c) 2012-2019 Red Hat, Inc. +# Copyright (c) 2012-2020 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ @@ -8,7 +8,8 @@ # # Contributors: # Red Hat, Inc. - initial API and implementation -name: Docker +# +name: Che operator image build check. on: [pull_request, push] jobs: @@ -17,5 +18,6 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v1 + - name: Build the Docker image run: docker build . diff --git a/.github/workflows/checkNightlyOpmBundle.yaml b/.github/workflows/checkNightlyOpmBundle.yaml new file mode 100644 index 000000000..6724279fa --- /dev/null +++ b/.github/workflows/checkNightlyOpmBundle.yaml @@ -0,0 +1,26 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +name: Check nightly "opm" bundle +on: [pull_request, push] +jobs: + + build: + name: Check nightly "opm" bundle + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v1 + with: + path: go/src/github.com/${{ github.repository }} + + - name: + run: "${GITHUB_WORKSPACE}/.github/action_scripts/operator_code_check.sh" diff --git a/.github/workflows/pushCatalogImages.yaml b/.github/workflows/pushCatalogImages.yaml new file mode 100644 index 000000000..6392ffdf1 --- /dev/null +++ b/.github/workflows/pushCatalogImages.yaml @@ -0,0 +1,35 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# +name: Push catalog and bundle images. +on: + schedule: + - cron: '0 21 * * *' + branches: + - master +jobs: + + build: + name: Build + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v1 + + - name: Docker login + uses: azure/docker-login@v1 + with: + login-server: quay.io + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Build catalog source and opm bundle images + run: "${GITHUB_WORKSPACE}/.github/action_scripts/build_olm_bundle_images.sh" diff --git a/.gitignore b/.gitignore index 6804cff51..83b989f69 100644 --- a/.gitignore +++ b/.gitignore @@ -110,5 +110,7 @@ tags build/ bin/ olm/generated +deploy/olm-catalog/eclipse-che-preview-kubernetes/generated +deploy/olm-catalog/eclipse-che-preview-openshift/generated # End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode diff --git a/.vscode/launch.json b/.vscode/launch.json index e2198c536..c0d233d8e 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -11,6 +11,127 @@ "7.13.2" ] }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testCatalogSource.sh) minikube stable", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/testCatalogSource.sh", + "args": [ + "kubernetes", + "stable", + "che", + "Marketplace" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testCatalogSource.sh) minikube nightly", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/testCatalogSource.sh", + "args": [ + "kubernetes", + "nightly", + "che", + "catalog", + "my_catalog" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testCatalogSource.sh) openshift nightly", + "cwd": "${workspaceFolder}", + "program": "${workspaceFolder}/olm/testCatalogSource.sh", + "args": [ + "openshift", + "nightly", + "che", + "catalog" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testCatalogSource.sh) openshift stable", + "cwd": "${workspaceFolder}", + "program": "${workspaceFolder}/olm/testCatalogSource.sh", + "args": [ + "openshift", + "stable", + "che", + "Marketplace" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testUpdate.sh) minikube stable", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/testUpdate.sh", + "args": [ + "kubernetes", + "stable", + "che" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testUpdate.sh) minikube nightly", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/testUpdate.sh", + "args": [ + "kubernetes", + "nightly", + "che" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testUpdate.sh) openshift stable", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/testUpdate.sh", + "args": [ + "openshift", + "stable", + "che" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (testUpdate.sh) openshift nightly", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/testUpdate.sh", + "args": [ + "openshift", + "nightly", + "che" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (buildAndPushInitialBundle.sh) kubernetes", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/buildAndPushInitialBundle.sh", + "args": [ + "kubernetes" + ] + }, + { + "type": "bashdb", + "request": "launch", + "name": "Bash-Debug (buildAndPushInitialBundle.sh) openshift", + "cwd": "${workspaceFolder}/olm", + "program": "${workspaceFolder}/olm/buildAndPushInitialBundle.sh", + "args": [ + "openshift" + ] + }, { "type": "bashdb", "request": "launch", diff --git a/README.md b/README.md index 89a70535b..3df35e32c 100644 --- a/README.md +++ b/README.md @@ -40,42 +40,45 @@ When on pure k8s, make sure you provide a global ingress domain in `deploy/crds/ ### How to test operator via OLM The following instructions show how to test Che operator under development using OLM installer. -Steps below are applicable to Openshift infrastructure only. -1. Build your custom operator image -```sh -docker build -t user/che-operator . +1. Build your custom operator image and use it in the operator deployment: [How to Build Operator Image](#how-to-build-operator-image)). +Push operator image to an image registry. + +2. Create newer OLM files by executing: `olm/update-nightly-bundle.sh` + +3. Build catalog source and bundle images. +Use `olm/buildAndPushInitialBundle.sh` script with `platform` argument('openshift' or 'kubernetes'): + +```bash +$ export IMAGE_REGISTRY_USER_NAME=${userName} && \ + export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \ + olm/buildAndPushInitialBundle.sh ${platform} ``` -and push it to a docker registry. -2. Specify your operator image. -Open deploy/operator.yaml, replace default operator image `quay.io/eclipse/che-operator:nightly` with yours (say, `docker.io/user/che-operator:latest`). +Where are: + - `IMAGE_REGISTRY_USER_NAME` - your user account name in the image registry. + - `IMAGE_REGISTRY_HOST` - host of the image registry, for example: "docker.io", "quay.io". Host could be with non default port: localhost:5000, 127.0.0.1:3000 and etc. -3. Create newer OLM files by executing: `olm/update-nightly-olm-files.sh` +4. Create custom catalog source yaml(update strategy is workaround for https://github.com/operator-framework/operator-lifecycle-manager/issues/903): -4. Build catalog source image. -Go to `olm/eclipse-che-preview-openshift` folder and build the image: `docker build -t user/custom-catalog-source:latest .` -Push it into your docker registry. - -5. Create custom catalog source yaml(update strategy is workaround for https://github.com/operator-framework/operator-lifecycle-manager/issues/903): ```yaml apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: - name: eclipse-che-preview-openshift + name: eclipse-che-preview-custom namespace: che-namespace spec: - image: docker.io/user/custom-catalog-source:latest + image: ${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-catalog:preview sourceType: grpc updateStrategy: registryPoll: interval: 5m ``` -Replace value of `image` field with your catalog source image. +Replace value of `image` field with your catalog source image. Don't forget to specify desired platform. -6. Deploy Che using chectl: +5. Deploy Che using chectl: ```sh -chectl server:start --installer=olm --multiuser --platform=openshift -n che-namespace --catalog-source-yaml /home/user/path/to/custom-catalog-source.yaml --olm-channel=nightly --package-manifest-name=eclipse-che-preview-openshift +$ chectl server:start --installer=olm --multiuser --platform=${platform} -n ${che-namespace} --catalog-source-yaml ${path_to_custom_catalog_source_yaml} --olm-channel=nightly --package-manifest-name=eclipse-che-preview-${platform} ``` ### OpenShift oAuth @@ -106,12 +109,13 @@ Since not all Che configuration properties are custom resource spec fields (ther which you can use for any environment variables not supported by CR field. The operator will not reconcile configMap custom. ## How to Build Operator Image +In the root of the che-operator project: ```bash docker build -t $registry/$repo:$tag . ``` -You can then use the resulting image in operator deployment (deploy/operator.yaml) +You can then use the resulting image in operator deployment (deploy/operator.yaml): replace default operator image `quay.io/eclipse/che-operator:nightly` with yours (say, `docker.io/user/che-operator:latest`) ## Build and Deploy to a local cluster: diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/build-roles.sh b/deploy/olm-catalog/eclipse-che-preview-kubernetes/build-roles.sh new file mode 100755 index 000000000..be2ef4b43 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/build-roles.sh @@ -0,0 +1,27 @@ +#!/bin/bash +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation + +BASE_DIR=$(cd "$(dirname "$0")" && pwd) +rm -Rf "${BASE_DIR}/generated/roles" +mkdir -p "${BASE_DIR}/generated/roles" +roleYaml="${BASE_DIR}/../../role.yaml" +index=0 +while [ $index -le 20 ] +do + if yq -r -e ".rules[${index}] | select(.apiGroups[0] == \"route.openshift.io\") | \"\"" "${roleYaml}" + then + yq -y "del(.rules[${index}])" "${roleYaml}" > "${BASE_DIR}/generated/roles/role.yaml" + exit $? + fi + ((index++)) +done +exit 1 diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/bundle.Dockerfile b/deploy/olm-catalog/eclipse-che-preview-kubernetes/bundle.Dockerfile new file mode 100644 index 000000000..137c8a3d6 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/bundle.Dockerfile @@ -0,0 +1,11 @@ +FROM scratch + +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=eclipse-che-preview-kubernetes +LABEL operators.operatorframework.io.bundle.channels.v1=nightly +LABEL operators.operatorframework.io.bundle.channel.default.v1=nightly + +COPY manifests /manifests/ +COPY metadata /metadata/ diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/csv-config.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/csv-config.yaml new file mode 100644 index 000000000..ab7139f07 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/csv-config.yaml @@ -0,0 +1,3 @@ +role-paths: [ "deploy/olm-catalog/eclipse-che-preview-kubernetes/generated/roles/role.yaml" ] +operator-path: deploy/operator.yaml +crd-cr-paths: ["deploy/crds/org_v1_che_crd.yaml"] diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..49551f201 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml @@ -0,0 +1,356 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"org.eclipse.che/v1","kind":"CheCluster","metadata":{"name":"eclipse-che"},"spec":{"auth":{"externalIdentityProvider":false,"identityProviderAdminUserName":"","identityProviderClientId":"","identityProviderImage":"","identityProviderPassword":"","identityProviderRealm":"","identityProviderURL":"","oAuthClientName":"","oAuthSecret":"","openShiftoAuth":false},"database":{"chePostgresDb":"","chePostgresHostName":"","chePostgresPassword":"","chePostgresPort":"","chePostgresUser":"","externalDb":false,"postgresImage":""},"k8s":{"ingressClass":"","ingressDomain":"192.168.99.101.nip.io","ingressStrategy":"","securityContextFsGroup":"","securityContextRunAsUser":"","tlsSecretName":""},"metrics":{"enable":true},"server":{"allowUserDefinedWorkspaceNamespaces":false,"cheFlavor":"","cheImage":"","cheImageTag":"","cheWorkspaceClusterRole":"","devfileRegistryImage":"","gitSelfSignedCert":false,"nonProxyHosts":"","pluginRegistryImage":"","proxyPassword":"","proxyPort":"","proxyURL":"","proxyUser":"","serverMemoryLimit":"","serverMemoryRequest":"","serverTrustStoreConfigMapName":"","tlsSupport":true,"workspaceNamespaceDefault":""},"storage":{"postgresPVCStorageClassName":"","preCreateSubPaths":true,"pvcClaimSize":"1Gi","pvcJobsImage":"","pvcStrategy":"common","workspacePVCStorageClassName":""}}}]' + capabilities: Seamless Upgrades + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly + createdAt: "2020-09-09T06:56:23Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + operatorframework.io/suggested-namespace: eclipse-che + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation + name: eclipse-che-preview-kubernetes.v7.18.0-0.nightly + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Eclipse Che cluster with DB and Auth Server + displayName: Eclipse Che Cluster + kind: CheCluster + name: checlusters.org.eclipse.che + specDescriptors: + - description: TLS routes + displayName: TLS Mode + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Ingress to access Eclipse Che + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Ingress to access Keycloak Admin Console + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Eclipse Che server version + displayName: Eclipse Che version + path: cheVersion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The current status of the application + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Reason of the current status + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: Message explaining the current status + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: Link providing help related to the current status + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers Kubernetes workspaces and in-browser IDE for rapid cloud application development. + This operator installs PostgreSQL, Keycloak, Registries and the Eclipse Che server, as well as configures all these services. + ## Prerequisites + - Operator Lifecycle Manager (OLM) needs to be installed. + - Kubernetes Platform. For OpenShift, the installation is directly made from OperatorHub UI in the admin console. + + OLM installation can be checked by running the command: + ``` + $ kubectl get pods --all-namespaces | grep olm + olm catalog-operator-7b8cd7f8bf-2v7zj 1/1 Running 0 10m + olm olm-operator-5c5c798cd5-s6ll5 1/1 Running 0 10m + olm olm-operators-fm5wc 1/1 Running 0 10m + olm operatorhubio-catalog-d78km 1/1 Running 0 10m + olm packageserver-5c5f64947b-trghp 1/1 Running 0 9m56s + olm packageserver-5c5f64947b-zqvxg 1/1 Running 0 9m56s + ``` + + ## How to Install + Install `Eclipse Che Operator` by following instructions in top right button `Install`. + + A new pod che-operator is created in `my-eclipse-che` namespace + + ``` + $ kubectl get pods --all-namespaces | grep my-eclipse-che + my-eclipse-che che-operator-554c564476-fl98z 1/1 Running 0 13s + ``` + + The operator is now providing new Custom Resources Definitions: `checluster.org.eclipse.che` + + Create a new Eclipse Che instance by creating a new CheCluster resource: + + On the bottom of this page, there is a section `Custom Resource Definitions` with `Eclipse Che Cluster` name. + + Click on `View YAML Example` *Link* and copy the content to a new file named `my-eclipse-che.yaml` + **Important!** Make sure you provide **K8s.ingressDomain** which is a global ingress domain of your k8s cluster, for example, `gcp.my-ide.cloud` + Create the new CheCluster by creating the resource in the `my-eclipse-che` namespace : + ``` + $ kubectl create -f my-eclipse-che.yaml -n my-eclipse-che + ``` + ***important:*** The operator is only tracking resources in its own namespace. If CheCluster is not created in this namespace it's ignored. + The operator will now create pods for Eclipse Che. The deployment status can be tracked by looking at the Operator logs by using the command: + ``` + $ kubectl logs -n my-eclipse-che che-operator-554c564476-fl98z + ``` + ***important:*** pod name is different on each installation + + When all Eclipse Che containers are running, the Eclipse Che URL is printed + + + Eclipse Che URL can be tracked by searching for available trace: + ``` + $ kubectl logs -f -n my-eclipse-che che-operator-7b6b4bcb9c-m4m2m | grep "Eclipse Che is now available" + time="2019-08-01T13:31:05Z" level=info msg="Eclipse Che is now available at: http://che-my-eclipse-che.gcp.my-ide.cloud" + ``` + When Eclipse Che is ready, the Eclipse Che URL is displayed in CheCluster resource in `status` section + ``` + $ kubectl describe checluster/eclipse-che -n my-eclipse-che + ``` + + ``` + Status: + Che Cluster Running: Available + Che URL: http://che-my-eclipse-che.gcp.my-ide.cloud + Che Version: 7.0.0 + ... + ``` + + By opening this URL in a web browser, Eclipse Che is ready to use. + ## Defaults + By default, the operator deploys Eclipse Che with: + * Bundled PostgreSQL and Keycloak + * Per-Workspace PVC strategy + * Auto-generated passwords + * TLS mode (secure routes) + ## Installation Options + Eclipse Che operator installation options include: + * Connection to external database and Keycloak + * Configuration of default passwords and object names + * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) + * Authentication options + ### External Database and Keycloak + To instruct the operator to skip deploying PostgreSQL and Keycloak and connect to an existing DB and Keycloak instead: + * set respective fields to `true` in a custom resource spec + * provide the operator with connection and authentication details: + ``` + externalDb: true + chePostgresHostname: 'yourPostgresHost' + chePostgresPort: '5432' + chePostgresUser: 'myuser' + chePostgresPassword: 'mypass' + chePostgresDb: 'mydb' + externalIdentityProvider: true + identityProviderURL: 'https://my-keycloak.com' + identityProviderRealm: 'myrealm' + identityProviderClientId: 'myClient' + ``` + #### Self-signed Certificates and TLS Secrets + + Eclipse Che uses self-signed certificates by default, as TLS mode is on by default. + + To provide the name of the tls secret that will be used for Eclipse Che and workspaces ingresses: + ``` + tlsSecretName: 'my-ingress-tls-secret' + ``` + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: {} + template: + metadata: + labels: + app: che-operator + spec: + containers: + - command: + - /usr/local/bin/che-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: nightly + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server:nightly + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry:nightly + - name: RELATED_IMAGE_devfile_registry + value: quay.io/eclipse/che-devfile-registry:nightly + - name: RELATED_IMAGE_che_tls_secrets_creation_job + value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad + - name: RELATED_IMAGE_pvc_jobs + value: registry.access.redhat.com/ubi8-minimal:8.2-345 + - name: RELATED_IMAGE_postgres + value: centos/postgresql-96-centos7:9.6 + - name: RELATED_IMAGE_keycloak + value: quay.io/eclipse/che-keycloak:nightly + - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata + value: quay.io/eclipse/che-plugin-metadata-broker:v3.4.0 + - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts + value: quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0 + - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image + value: quay.io/eclipse/che-jwtproxy:0.10.0 + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: CHE_IDENTITY_SECRET + value: che-identity-secret + - name: CHE_IDENTITY_POSTGRES_SECRET + value: che-identity-postgres-secret + - name: CHE_POSTGRES_SECRET + value: che-postgres-secret + - name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME + value: ca-certs + image: quay.io/eclipse/che-operator:nightly + imagePullPolicy: Always + name: che-operator + ports: + - containerPort: 60000 + name: metrics + resources: {} + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 5 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - '*' + verbs: + - '*' + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - eclipse che + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse/che-operator + maintainers: + - email: dfestal@redhat.com + name: David Festal + maturity: stable + provider: + name: Eclipse Foundation + version: 7.18.0-0.nightly diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml new file mode 100644 index 000000000..1bed05144 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml @@ -0,0 +1,567 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on these + settings, the operator automatically creates and maintains several config + maps that will contain the appropriate environment variables the various + components of the Che installation. These generated config maps should + NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderPostgresSecret: + description: 'The secret that contains `password` for The Identity + Provider (Keycloak / RH SSO) to connect to the database. If the + secret is defined then `identityProviderPostgresPassword` will + be ignored. If the value is omitted or left blank then there are + two scenarios: 1. `identityProviderPostgresPassword` is defined, + then it will be used to connect to the database. 2. `identityProviderPostgresPassword` + is not defined, then a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`.' + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderSecret: + description: 'The secret that contains `user` and `password` for + Identity Provider. If the secret is defined then `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. If the value is omitted + or left blank then there are two scenarios: 1. `identityProviderAdminUserName` + and `identityProviderPassword` are defined, then they will be + used. 2. `identityProviderAdminUserName` or `identityProviderPassword` + are not defined, then a new secret with the name `che-identity-secret` + will be created with default value `admin` for `user` and with + an auto-generated value for `password`.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. + This will allow users to directly login with their Openshift user + through the Openshift login, and have their workspaces created + under personal OpenShift namespaces. WARNING: the `kubeadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresSecret: + description: 'The secret that contains Postgres `user` and `password` + that the Che server should use to connect to the DB. If the secret + is defined then `chePostgresUser` and `chePostgresPassword` are + ignored. If the value is omitted or left blank then there are + two scenarios: 1. `chePostgresUser` and `chePostgresPassword` + are defined, then they will be used to connect to the DB. 2. `chePostgresUser` + or `chePostgresPassword` are not defined, then a new secret with + the name `che-postgres-secret` will be created with default value + of `pgche` for `user` and with an auto-generated value for `password`.' + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` Che server endpoint. Default to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + allowUserDefinedWorkspaceNamespaces: + description: Defines if a user is able to specify Kubernetes namespace + (or OpenShift project) different from the default. It's NOT RECOMMENDED + to configured true without OAuth configured. This property is + also used by the OpenShift infra. + type: boolean + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overridden. + type: string + cheHost: + description: Public hostname of the installed Che server. If value + is omitted then it will be automatically set by the operator. + (see the `cheHostTLSSecret` field). + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress/route for the custom hostname of the installed Che server. + (see the `cheHost` field). + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: If enabled, then the certificate from `che-git-self-signed-cert` + config map will be propagated to the Che components and provide + particular configuration for Git. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional configuration + is required, but defining `nonProxyHosts` in a custom resource + leads to merging non proxy hosts lists from the cluster proxy + configuration and ones defined in the custom resources. (see the + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyURL` fields). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyURL`, `proxyUser` and `proxySecret` + fields). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. (see also the `proxyURL` and `nonProxyHosts` + fields). + type: string + proxySecret: + description: The secret that contains `user` and `password` for + a proxy server. If the secret is defined then `proxyUser` and + `proxyPassword` are ignored + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. Operator respects OpenShift + cluster wide proxy configuration and no additional configuration + is required, but defining `proxyUrl` in a custom resource leads + to overrides the cluster proxy configuration with fields `proxyUrl`, + `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + (see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyPort` and `nonProxyHosts` fields). + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL`, `proxyPassword` + and `proxySecret` fields). + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. Che + operator will automatically detect if router certificate is self-signed. + If so it will be propagated to Che server and some other components. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the config-map with public certificates to + add to Java trust store of the Che server. This is usually required + when adding the OpenShift OAuth provider which has https endpoint + signed with self-signed cert. So, Che server must be aware of + its CA cert to be able to request it. This is disabled by default. + type: string + tlsSupport: + description: Deprecated. Instructs the operator to deploy Che in + TLS mode. This is enabled by default. Disabling TLS may cause + malfunction of some Che components. + type: boolean + workspaceNamespaceDefault: + description: 'Defines Kubernetes default namespace in which user''s + workspaces are created if user does not override it. It''s possible + to use , and placeholders (e.g.: + che-workspace-). In that case, new namespace will be + created for each user (or workspace). Is used by OpenShift infra + as well to specify Project' + type: string + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/metadata/annotations.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/metadata/annotations.yaml new file mode 100644 index 000000000..5218587c6 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/metadata/annotations.yaml @@ -0,0 +1,9 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: nightly + operators.operatorframework.io.bundle.channels.v1: nightly + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: eclipse-che-preview-kubernetes + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/olm/testCSV.sh b/deploy/olm-catalog/eclipse-che-preview-openshift/build-roles.sh similarity index 55% rename from olm/testCSV.sh rename to deploy/olm-catalog/eclipse-che-preview-openshift/build-roles.sh index 13dc11392..fade216f5 100755 --- a/olm/testCSV.sh +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/build-roles.sh @@ -10,11 +10,8 @@ # Contributors: # Red Hat, Inc. - initial API and implementation -source olm.sh - -installOperatorMarketPlace -installPackage -applyCRCheCluster -waitCheServerDeploy - -echo -e "\u001b[32m Installation of the che-operator version: ${CSV} succesfully completed \u001b[0m" +BASE_DIR=$(cd "$(dirname "$0")" && pwd) +rm -Rf "${BASE_DIR}/generated/roles" +mkdir -p "${BASE_DIR}/generated/roles" +cp "${BASE_DIR}/../../role.yaml" "${BASE_DIR}/generated/roles/role.yaml" +cp "${BASE_DIR}/../../cluster_role.yaml" "${BASE_DIR}/generated/roles/cluster_role.yaml" diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/bundle.Dockerfile b/deploy/olm-catalog/eclipse-che-preview-openshift/bundle.Dockerfile new file mode 100644 index 000000000..9279765f4 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/bundle.Dockerfile @@ -0,0 +1,11 @@ +FROM scratch + +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=eclipse-che-preview-openshift +LABEL operators.operatorframework.io.bundle.channels.v1=nightly +LABEL operators.operatorframework.io.bundle.channel.default.v1=nightly + +COPY manifests /manifests/ +COPY metadata /metadata/ diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/csv-config.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/csv-config.yaml new file mode 100644 index 000000000..54db594b3 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/csv-config.yaml @@ -0,0 +1,3 @@ +operator-path: deploy/operator.yaml +role-paths: [ "deploy/olm-catalog/eclipse-che-preview-openshift/generated/roles/role.yaml", "deploy/olm-catalog/eclipse-che-preview-openshift/generated/roles/cluster_role.yaml"] +crd-cr-paths: ["deploy/crds/org_v1_che_crd.yaml"] diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..d59d9a118 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml @@ -0,0 +1,403 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: '[{"apiVersion":"org.eclipse.che/v1","kind":"CheCluster","metadata":{"name":"eclipse-che"},"spec":{"auth":{"externalIdentityProvider":false,"identityProviderAdminUserName":"","identityProviderClientId":"","identityProviderImage":"","identityProviderPassword":"","identityProviderRealm":"","identityProviderURL":"","oAuthClientName":"","oAuthSecret":"","openShiftoAuth":false},"database":{"chePostgresDb":"","chePostgresHostName":"","chePostgresPassword":"","chePostgresPort":"","chePostgresUser":"","externalDb":false,"postgresImage":""},"k8s":{"ingressClass":"","ingressDomain":"192.168.99.101.nip.io","ingressStrategy":"","securityContextFsGroup":"","securityContextRunAsUser":"","tlsSecretName":""},"metrics":{"enable":true},"server":{"allowUserDefinedWorkspaceNamespaces":false,"cheFlavor":"","cheImage":"","cheImageTag":"","cheWorkspaceClusterRole":"","devfileRegistryImage":"","gitSelfSignedCert":false,"nonProxyHosts":"","pluginRegistryImage":"","proxyPassword":"","proxyPort":"","proxyURL":"","proxyUser":"","serverMemoryLimit":"","serverMemoryRequest":"","serverTrustStoreConfigMapName":"","tlsSupport":true,"workspaceNamespaceDefault":""},"storage":{"postgresPVCStorageClassName":"","preCreateSubPaths":true,"pvcClaimSize":"1Gi","pvcJobsImage":"","pvcStrategy":"common","workspacePVCStorageClassName":""}}}]' + capabilities: Seamless Upgrades + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly + createdAt: "2020-09-09T06:56:23Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + operatorframework.io/suggested-namespace: eclipse-che + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation + name: eclipse-che-preview-openshift.v7.18.0-0.nightly + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Eclipse Che cluster with DB and Auth Server + displayName: Eclipse Che Cluster + kind: CheCluster + name: checlusters.org.eclipse.che + specDescriptors: + - description: TLS routes + displayName: TLS Mode + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Ingress to access Eclipse Che + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Ingress to access Keycloak Admin Console + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Eclipse Che server version + displayName: Eclipse Che version + path: cheVersion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The current status of the application + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Reason of the current status + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: Message explaining the current status + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: Link providing help related to the current status + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers Kubernetes workspaces and in-browser IDE for rapid cloud application development. + This operator installs PostgreSQL, Keycloak, Registries and the Eclipse Che server, as well as configures all these services. + ## Prerequisites + - Operator Lifecycle Manager (OLM) needs to be installed. + - Kubernetes Platform. For OpenShift, the installation is directly made from OperatorHub UI in the admin console. + + OLM installation can be checked by running the command: + ``` + $ kubectl get pods --all-namespaces | grep olm + olm catalog-operator-7b8cd7f8bf-2v7zj 1/1 Running 0 10m + olm olm-operator-5c5c798cd5-s6ll5 1/1 Running 0 10m + olm olm-operators-fm5wc 1/1 Running 0 10m + olm operatorhubio-catalog-d78km 1/1 Running 0 10m + olm packageserver-5c5f64947b-trghp 1/1 Running 0 9m56s + olm packageserver-5c5f64947b-zqvxg 1/1 Running 0 9m56s + ``` + + ## How to Install + Install `Eclipse Che Operator` by following instructions in top right button `Install`. + + A new pod che-operator is created in `my-eclipse-che` namespace + + ``` + $ kubectl get pods --all-namespaces | grep my-eclipse-che + my-eclipse-che che-operator-554c564476-fl98z 1/1 Running 0 13s + ``` + + The operator is now providing new Custom Resources Definitions: `checluster.org.eclipse.che` + + Create a new Eclipse Che instance by creating a new CheCluster resource: + + On the bottom of this page, there is a section `Custom Resource Definitions` with `Eclipse Che Cluster` name. + + Click on `View YAML Example` *Link* and copy the content to a new file named `my-eclipse-che.yaml` + **Important!** Make sure you provide **K8s.ingressDomain** which is a global ingress domain of your k8s cluster, for example, `gcp.my-ide.cloud` + Create the new CheCluster by creating the resource in the `my-eclipse-che` namespace : + ``` + $ kubectl create -f my-eclipse-che.yaml -n my-eclipse-che + ``` + ***important:*** The operator is only tracking resources in its own namespace. If CheCluster is not created in this namespace it's ignored. + The operator will now create pods for Eclipse Che. The deployment status can be tracked by looking at the Operator logs by using the command: + ``` + $ kubectl logs -n my-eclipse-che che-operator-554c564476-fl98z + ``` + ***important:*** pod name is different on each installation + + When all Eclipse Che containers are running, the Eclipse Che URL is printed + + + Eclipse Che URL can be tracked by searching for available trace: + ``` + $ kubectl logs -f -n my-eclipse-che che-operator-7b6b4bcb9c-m4m2m | grep "Eclipse Che is now available" + time="2019-08-01T13:31:05Z" level=info msg="Eclipse Che is now available at: http://che-my-eclipse-che.gcp.my-ide.cloud" + ``` + When Eclipse Che is ready, the Eclipse Che URL is displayed in CheCluster resource in `status` section + ``` + $ kubectl describe checluster/eclipse-che -n my-eclipse-che + ``` + + ``` + Status: + Che Cluster Running: Available + Che URL: http://che-my-eclipse-che.gcp.my-ide.cloud + Che Version: 7.0.0 + ... + ``` + + By opening this URL in a web browser, Eclipse Che is ready to use. + ## Defaults + By default, the operator deploys Eclipse Che with: + * Bundled PostgreSQL and Keycloak + * Per-Workspace PVC strategy + * Auto-generated passwords + * TLS mode (secure routes) + ## Installation Options + Eclipse Che operator installation options include: + * Connection to external database and Keycloak + * Configuration of default passwords and object names + * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) + * Authentication options + ### External Database and Keycloak + To instruct the operator to skip deploying PostgreSQL and Keycloak and connect to an existing DB and Keycloak instead: + * set respective fields to `true` in a custom resource spec + * provide the operator with connection and authentication details: + ``` + externalDb: true + chePostgresHostname: 'yourPostgresHost' + chePostgresPort: '5432' + chePostgresUser: 'myuser' + chePostgresPassword: 'mypass' + chePostgresDb: 'mydb' + externalIdentityProvider: true + identityProviderURL: 'https://my-keycloak.com' + identityProviderRealm: 'myrealm' + identityProviderClientId: 'myClient' + ``` + #### Self-signed Certificates and TLS Secrets + + Eclipse Che uses self-signed certificates by default, as TLS mode is on by default. + + To provide the name of the tls secret that will be used for Eclipse Che and workspaces ingresses: + ``` + tlsSecretName: 'my-ingress-tls-secret' + ``` + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - get + - delete + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - oauths + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - list + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - get + - list + - create + - update + - patch + - delete + serviceAccountName: che-operator + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: {} + template: + metadata: + labels: + app: che-operator + spec: + containers: + - command: + - /usr/local/bin/che-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: nightly + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server:nightly + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry:nightly + - name: RELATED_IMAGE_devfile_registry + value: quay.io/eclipse/che-devfile-registry:nightly + - name: RELATED_IMAGE_pvc_jobs + value: registry.access.redhat.com/ubi8-minimal:8.2-345 + - name: RELATED_IMAGE_postgres + value: centos/postgresql-96-centos7:9.6 + - name: RELATED_IMAGE_keycloak + value: quay.io/eclipse/che-keycloak:nightly + - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata + value: quay.io/eclipse/che-plugin-metadata-broker:v3.4.0 + - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts + value: quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0 + - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image + value: quay.io/eclipse/che-jwtproxy:0.10.0 + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: CHE_IDENTITY_SECRET + value: che-identity-secret + - name: CHE_IDENTITY_POSTGRES_SECRET + value: che-identity-postgres-secret + - name: CHE_POSTGRES_SECRET + value: che-postgres-secret + - name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME + value: ca-certs + image: quay.io/eclipse/che-operator:nightly + imagePullPolicy: Always + name: che-operator + ports: + - containerPort: 60000 + name: metrics + resources: {} + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 5 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - '*' + verbs: + - '*' + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - eclipse che + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse/che-operator + maintainers: + - email: dfestal@redhat.com + name: David Festal + maturity: stable + provider: + name: Eclipse Foundation + version: 7.18.0-0.nightly diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml new file mode 100644 index 000000000..1bed05144 --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml @@ -0,0 +1,567 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on these + settings, the operator automatically creates and maintains several config + maps that will contain the appropriate environment variables the various + components of the Che installation. These generated config maps should + NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderPostgresSecret: + description: 'The secret that contains `password` for The Identity + Provider (Keycloak / RH SSO) to connect to the database. If the + secret is defined then `identityProviderPostgresPassword` will + be ignored. If the value is omitted or left blank then there are + two scenarios: 1. `identityProviderPostgresPassword` is defined, + then it will be used to connect to the database. 2. `identityProviderPostgresPassword` + is not defined, then a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`.' + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderSecret: + description: 'The secret that contains `user` and `password` for + Identity Provider. If the secret is defined then `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. If the value is omitted + or left blank then there are two scenarios: 1. `identityProviderAdminUserName` + and `identityProviderPassword` are defined, then they will be + used. 2. `identityProviderAdminUserName` or `identityProviderPassword` + are not defined, then a new secret with the name `che-identity-secret` + will be created with default value `admin` for `user` and with + an auto-generated value for `password`.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. + This will allow users to directly login with their Openshift user + through the Openshift login, and have their workspaces created + under personal OpenShift namespaces. WARNING: the `kubeadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresSecret: + description: 'The secret that contains Postgres `user` and `password` + that the Che server should use to connect to the DB. If the secret + is defined then `chePostgresUser` and `chePostgresPassword` are + ignored. If the value is omitted or left blank then there are + two scenarios: 1. `chePostgresUser` and `chePostgresPassword` + are defined, then they will be used to connect to the DB. 2. `chePostgresUser` + or `chePostgresPassword` are not defined, then a new secret with + the name `che-postgres-secret` will be created with default value + of `pgche` for `user` and with an auto-generated value for `password`.' + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` Che server endpoint. Default to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + allowUserDefinedWorkspaceNamespaces: + description: Defines if a user is able to specify Kubernetes namespace + (or OpenShift project) different from the default. It's NOT RECOMMENDED + to configured true without OAuth configured. This property is + also used by the OpenShift infra. + type: boolean + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overridden. + type: string + cheHost: + description: Public hostname of the installed Che server. If value + is omitted then it will be automatically set by the operator. + (see the `cheHostTLSSecret` field). + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress/route for the custom hostname of the installed Che server. + (see the `cheHost` field). + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: If enabled, then the certificate from `che-git-self-signed-cert` + config map will be propagated to the Che components and provide + particular configuration for Git. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional configuration + is required, but defining `nonProxyHosts` in a custom resource + leads to merging non proxy hosts lists from the cluster proxy + configuration and ones defined in the custom resources. (see the + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyURL` fields). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyURL`, `proxyUser` and `proxySecret` + fields). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. (see also the `proxyURL` and `nonProxyHosts` + fields). + type: string + proxySecret: + description: The secret that contains `user` and `password` for + a proxy server. If the secret is defined then `proxyUser` and + `proxyPassword` are ignored + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. Operator respects OpenShift + cluster wide proxy configuration and no additional configuration + is required, but defining `proxyUrl` in a custom resource leads + to overrides the cluster proxy configuration with fields `proxyUrl`, + `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + (see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyPort` and `nonProxyHosts` fields). + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL`, `proxyPassword` + and `proxySecret` fields). + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. Che + operator will automatically detect if router certificate is self-signed. + If so it will be propagated to Che server and some other components. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the config-map with public certificates to + add to Java trust store of the Che server. This is usually required + when adding the OpenShift OAuth provider which has https endpoint + signed with self-signed cert. So, Che server must be aware of + its CA cert to be able to request it. This is disabled by default. + type: string + tlsSupport: + description: Deprecated. Instructs the operator to deploy Che in + TLS mode. This is enabled by default. Disabling TLS may cause + malfunction of some Che components. + type: boolean + workspaceNamespaceDefault: + description: 'Defines Kubernetes default namespace in which user''s + workspaces are created if user does not override it. It''s possible + to use , and placeholders (e.g.: + che-workspace-). In that case, new namespace will be + created for each user (or workspace). Is used by OpenShift infra + as well to specify Project' + type: string + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/metadata/annotations.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/metadata/annotations.yaml new file mode 100644 index 000000000..07835550b --- /dev/null +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/metadata/annotations.yaml @@ -0,0 +1,9 @@ +annotations: + operators.operatorframework.io.bundle.channel.default.v1: nightly + operators.operatorframework.io.bundle.channels.v1: nightly + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: eclipse-che-preview-openshift + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go diff --git a/olm/README.md b/olm/README.md index cec838c4a..c5adddf26 100644 --- a/olm/README.md +++ b/olm/README.md @@ -1,4 +1,4 @@ -# Pre-Requisites +# 1. Pre-Requisites OLM packages scripts are using some required dependencies that need to be installed - [curl](https://curl.haxx.se/) @@ -9,73 +9,200 @@ WARNING: Please make sure to use the precise `v0.10.0` version of the `operator- If these dependencies are not installed, `docker-run.sh` can be used as a container bootstrap to run a given script with the appropriate dependencies. -Example : `$ docker-run.sh update-nightly-olm-files.sh` +Example : `$ docker-run.sh update-nightly-bundle.sh` +# 2. Eclipse Che Olm bundles -# Make new changes to OLM artifacts +There two "nightly" platform specific Olm bundles: -Every change needs to be done in a new OLM artifact as previous artifacts are frozen. +`deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests` +`deploy/olm-catalog/eclipse-che-preview-openshift/manifests` -A script is generating new folders/files that can be edited. +Each bundle consists of a cluster service version file(CSV) and a custom resource definition file(CRD). +CRD file describes "checluster" kubernetes api resource object(object fields name, format, description and so on). +Kubernetes api needs this information to correctly store a custom resource object "checluster". +Custom resource object users could modify to change Eclipse Che configuration. +Che operator watches "checluster" object and re-deploy Che with desired configuration. +The CSV file contains all "deploy" and "permission" specific information, which Olm needs to install The Eclipse Che operator. + +# 3. Make new changes to OLM bundle In `olm` folder - If all dependencies are installed on the system: -```shell -$ update-nightly-olm-files.sh +```bash +$ ./update-nightly-bundle.sh ``` - To use a docker environment -```shell -$ docker-run.sh update-nightly-olm-files.sh +```bash +$ ./docker-run.sh update-nightly-bundle.sh ``` -Then the changes can be applied in the newly created CSV files. +Every change will be included to the deploy/olm-catalog bundles and override all previous changes. -## Local testing che-operator development version using OLM +To update a bundle without version incrementation and time update you can use env variables `NO_DATE_UPDATE` and `NO_INCREMENT`. For example, during development you need to update bundle a lot of times with changed che-operator deployment or role, rolebinding and etc, but you want to increment the bundle version and time creation, when all desired changes were completed: -To test a che-operator with OLM you need to have an application registry. You can register on the quay.io and -use application registry from this service. -Build your custom che-operator image and push it to the image registry(you also can use quay.io). -Change in the `deploy/operator.yaml` operator image from official to development. - -Generate new nightly olm bundle packages: - -```shell -$ ./update-nightly-olm-files.sh +```bash +$ export NO_DATE_UPDATE="true" && export NO_INCREMENT="true" && ./update-nightly-bundle.sh ``` -Olm bundle packages will be generated in the folders `olm/eclipse-che-preview-${platform}`. +# 4. Test scripts pre-requisites +Start your kubernetes/openshift cluster. For openshift cluster make sure that you was logged in like +"system:admin" or "kube:admin". -Push che-operator bundles to your application registry: +# 5.Test installation "stable" Eclipse Che using Application registry(Deprecated) +To test stable versions che-operator you have to use Eclipse Che application registry. -```shell -$ export QUAY_ECLIPSE_CHE_USERNAME=${username} && \ -export QUAY_ECLIPSE_CHE_PASSWORD=${password} && \ -export APPLICATION_REGISTRY=${application_registry_namespace} && \ -./push-olm-files-to-quay.sh +To test the latest stable Che launch test script in the olm folder: + +```bash +$ ./testCatalogSource.sh ${platform} "stable" ${namespace} "Marketplace" ``` -Go to the quay.io and use ui(tab Settings) to make your application public. -Start minikube(or CRC) and after that launch test script in the olm folder: +To test migration from one stable version to another one: -```shell -$ export APPLICATION_REGISTRY=${application_registry_namespace} && ./testCSV.sh ${platform} ${package_version} ${optional-namespace} +```bash +$ ./testUpdate.sh ${platform} "stable" ${namespace} ``` -Where are: +See more information about test arguments in the chapter: [Test arguments](#test-script-arguments) + +## 6. Test installation "nightly" Eclipse Che using CatalogSource(index) image + +To test nightly che-operator you have to use Olm CatalogSource(index) image. +CatalogSource image stores in the internal database information about Olm bundles with different versions of the Eclipse Che. +For nightly channel (dependent on platform) Eclipse Che provides two CatalogSource images: + + - `quay.io/eclipse/eclipse-che-kubernetes-opm-catalog:preview` for kubernetes platform; + - `quay.io/eclipse/eclipse-che-openshift-opm-catalog:preview` for openshift platform; + +For each new nightly version Eclipse Che provides nightly bundle image with name pattern: + +`quay.io/eclipse/eclipse-che-${platform}-opm-bundles:${cheVersion}-${incrementVersion}.nightly` + +For example: + +``` +quay.io/eclipse/eclipse-che-kubernetes-opm-bundles:7.18.0-1.nightly +... +quay.io/eclipse/eclipse-che-kubernetes-opm-bundles:7.19.0-5.nightly +... +``` + +To test the latest "nightly" bundle use `olm/testCatalogSource.sh` script: + +```bash +$ ./testCatalogSource.sh ${platform} "nightly" ${namespace} "catalog" +``` + +To test migration Che from previous nightly version to the latest you can use `olm/testUpdate.sh` script: + +```bash +$ ./testUpdate.sh ${platform} "nightly" ${namespace} +``` + +See more information about test arguments in the chapter: [Test arguments](#test-script-arguments) + +### 7. Build custom nightly bundle images + +For test purpose you can build your own "nightly" CatalogSource and bundle images +with your latest development changes and use it in the test scripts. +To build these images you can use script `olm/buildAndPushInitialBundle.sh`: + +```bash +$ export IMAGE_REGISTRY_USER_NAME=${userName} && \ + export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \ + ./buildAndPushInitialBundle.sh ${platform} ${optional-from-index-image} +``` + +This script will build and push for you two images: CatalogSource(index) image and bundle image: + +``` +"${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-bundles:${cheVersion}-${incrementVersion}.nightly" +"${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-catalog:preview" +``` + +CatalogSource images are additive. It's mean that you can re-use bundles from another CatalogSource image and +include them to your custom CatalogSource image. For this purpose you can specify the argument `optional-from-index-image`. For example: + +```bash +$ export IMAGE_REGISTRY_USER_NAME=${userName} && \ + export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \ + ./buildAndPushInitialBundle.sh "openshift" "quay.io/eclipse/eclipse-che-openshift-opm-catalog:preview" +``` + +### 7.1 Testing custom CatalogSource and bundle images on the Openshift + +To test the latest custom "nightly" bundle use `olm/TestCatalogSource.sh`. For Openshift platform script build your test bundle: `deploy/olm-catalog/eclipse-che-preview-${platform}/manifests` using Openshift image stream: + +```bash +$ ./testCatalogSource.sh "openshift" "nightly" ${namespace} "catalog" +``` + +If your CatalogSource image contains few bundles, you can test migration from previous bundle to the latest: + +```bash +$ export IMAGE_REGISTRY_USER_NAME=${userName} && \ + export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \ + ./testUpdate.sh "openshift" "nightly" ${namespace} +``` + +### 7.2 Testing custom CatalogSource and bundle images on the Kubernetes +To test your custom CatalogSource and bundle images on the Kubernetes you need to use public image registry. + +For "docker.io" you don't need any extra steps with pre-creation image repositories. But for "quay.io" you should pre-create the bundle and and catalog image repositories manually and make them publicly visible. If you want to save repositories "private", then it is not necessary to pre-create them, but you need to provide an image pull secret to the cluster to prevent image pull 'unauthorized' error. + +You can test your custom bundle and CatalogSource images: + +```bash +$ export IMAGE_REGISTRY_USER_NAME=${userName} && \ + export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \ + ./testCatalogSource.sh "kubernetes" "nightly" ${namespace} "catalog" +``` + +If your CatalogSource image contains few bundles, you can test migration from previous bundle to the latest: + +```bash +$ export IMAGE_REGISTRY_USER_NAME=${userName} && \ + export IMAGE_REGISTRY_HOST=${imageRegistryHost} && \ + ./testUpdate.sh "kubernetes" "nightly" ${namespace} +``` + +Also you can test your changes without a public registry. You can use the minikube cluster and enable the minikube "registry" addon. For this purpose we have script +`olm/minikube-private-registry.sh`. This script creates port forward to minikube private registry thought `localhost:5000`: + +```bash +$ minikube-registry-addon.sh +``` + +This script should be launched before test execution in the separated terminal. To stop this script you can use `Ctrl+C`. You can check that private registry was forwarded to the localhost: + +```bash +$ curl -X GET localhost:5000/v2/_catalog +{"repositories":[]} +``` + +With this private registry you can test installation Che from development bundle: + +```bash +$ export IMAGE_REGISTRY_HOST="localhost:5000" && \ + export IMAGE_REGISTRY_USER_NAME="" && \ + ./testCatalogSource.sh kubernetes nightly che catalog +``` + +> Tips: If minikube was installed locally(driver 'none', local installation minikube), then registry is available on the host 0.0.0.0 without port forwarding. +But local installation minikube required 'sudo'. + +### 8. Test script arguments +There are some often used test script arguments: - `platform` - 'openshift' or 'kubernetes' - - `package_version` - your generated che-operator package version(for example: `7.8.0` or `9.9.9-nightly.1562083645`) - - `optional-namespace` - kubernetes namespace to deploy che-operator. Optional parameter, by default operator will be deployed to the namespace `eclipse-che-preview-test` + - `channel` - installation channel: 'nightly' or 'stable' + - `namespace` - kubernetes namespace to deploy che-operator, for example 'che' + - `optional-source-install` - installation method: 'Marketplace'(deprecated olm feature) or 'catalog'. By default will be used 'Marketplace'. -To test che-operator with OLM files without push to a related Quay.io application, we can build a required docker image of a dedicated catalog, -in order to install directly through a CatalogSource. To test this options start minikube and after that launch -test script in the olm folder: - -```shell -$ ./testCatalogSource.sh {platform} ${channel} ${namespace} -``` - -This scripts should install che-operator using OLM and check that the Che server was deployed. +### 9. Debug test scripts +To debug test scripts you can use the "Bash debug" VSCode extension. +For a lot of test scripts you can find different debug configurations in the `.vscode/launch.json`. diff --git a/olm/buildAndPushInitialBundle.sh b/olm/buildAndPushInitialBundle.sh new file mode 100755 index 000000000..61b3a9573 --- /dev/null +++ b/olm/buildAndPushInitialBundle.sh @@ -0,0 +1,65 @@ +#!/bin/bash +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation + +set -e + +printHelp() { + echo '' + echo 'Please consider to pass this values to the script to run script:' + echo ' PLATFORM - cluster platform: "kubernetes" or "openshift".' + echo ' FROM_INDEX_IMAGE - (Optional) Using this argument you can include Olm bundles from another index image to you index(CatalogSource) image' + echo '' + echo 'EXAMPLE of running: ${OPERATOR_REPO}/olm/buildAndPushInitialBundle.sh openshift' +} + +# Check if a 'from index image' was defined... +PLATFORM="${1}" +if [ "${PLATFORM}" == "" ]; then + echo -e "${RED}[ERROR]: Please specify a valid platform. The posible platforms are kubernetes or openshift.The script will exit with code 1.${NC}" + printHelp + exit 1 +else + echo "[INFO]: Successfully validated platform. Starting olm tests in platform: ${PLATFORM}." +fi + +FROM_INDEX_IMAGE="${2}" + +if [ -z "${IMAGE_REGISTRY_HOST}" ] || [ -z "${IMAGE_REGISTRY_USER_NAME}" ]; then + echo "[ERROR] Specify env variables with information about image registry 'IMAGE_REGISTRY_HOST' and 'IMAGE_REGISTRY_USER_NAME'." +fi + +SCRIPT=$(readlink -f "$0") +BASE_DIR=$(dirname "$SCRIPT") +ROOT_PROJECT_DIR=$(dirname "${BASE_DIR}") + +OPM_BUNDLE_DIR="${ROOT_PROJECT_DIR}/deploy/olm-catalog/eclipse-che-preview-${PLATFORM}" +OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests" +CSV="${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml" + +nightlyVersion=$(yq -r ".spec.version" "${CSV}") + +source ${BASE_DIR}/olm.sh "${PLATFORM}" "${nightlyVersion}" "che" + +CATALOG_BUNDLE_IMAGE="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-bundles:${nightlyVersion}" + +echo "${nightlyVersion}" + +installOPM + +echo "[INFO] Build bundle image: ${CATALOG_BUNDLE_IMAGE}" +buildBundleImage "${CATALOG_BUNDLE_IMAGE}" + +echo "[INFO] Build CatalogSource image: ${CATALOG_BUNDLE_IMAGE}" +CATALOG_IMAGENAME="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${PLATFORM}-opm-catalog:preview" +buildCatalogImage "${CATALOG_IMAGENAME}" "${CATALOG_BUNDLE_IMAGE}" "docker" "${FROM_INDEX_IMAGE}" + +echo "[INFO] Done. Images '${CATALOG_IMAGENAME}' and '${CATALOG_BUNDLE_IMAGE}' were build and pushed" diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/csv-config.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/csv-config.yaml index d3dd5cfd2..38fffaff7 100644 --- a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/csv-config.yaml +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/csv-config.yaml @@ -1,3 +1,3 @@ role-paths: [ "generated/roles/role.yaml" ] -operator-path: ../../deploy/operator.yaml -crd-cr-paths: ["../../deploy/crds/org_v1_che_crd.yaml"] +operator-path: ../../operator.yaml +crd-cr-paths: ["../../crds/org_v1_che_crd.yaml"] diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml new file mode 100644 index 000000000..1bed05144 --- /dev/null +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml @@ -0,0 +1,567 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on these + settings, the operator automatically creates and maintains several config + maps that will contain the appropriate environment variables the various + components of the Che installation. These generated config maps should + NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderPostgresSecret: + description: 'The secret that contains `password` for The Identity + Provider (Keycloak / RH SSO) to connect to the database. If the + secret is defined then `identityProviderPostgresPassword` will + be ignored. If the value is omitted or left blank then there are + two scenarios: 1. `identityProviderPostgresPassword` is defined, + then it will be used to connect to the database. 2. `identityProviderPostgresPassword` + is not defined, then a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`.' + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderSecret: + description: 'The secret that contains `user` and `password` for + Identity Provider. If the secret is defined then `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. If the value is omitted + or left blank then there are two scenarios: 1. `identityProviderAdminUserName` + and `identityProviderPassword` are defined, then they will be + used. 2. `identityProviderAdminUserName` or `identityProviderPassword` + are not defined, then a new secret with the name `che-identity-secret` + will be created with default value `admin` for `user` and with + an auto-generated value for `password`.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. + This will allow users to directly login with their Openshift user + through the Openshift login, and have their workspaces created + under personal OpenShift namespaces. WARNING: the `kubeadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresSecret: + description: 'The secret that contains Postgres `user` and `password` + that the Che server should use to connect to the DB. If the secret + is defined then `chePostgresUser` and `chePostgresPassword` are + ignored. If the value is omitted or left blank then there are + two scenarios: 1. `chePostgresUser` and `chePostgresPassword` + are defined, then they will be used to connect to the DB. 2. `chePostgresUser` + or `chePostgresPassword` are not defined, then a new secret with + the name `che-postgres-secret` will be created with default value + of `pgche` for `user` and with an auto-generated value for `password`.' + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` Che server endpoint. Default to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + allowUserDefinedWorkspaceNamespaces: + description: Defines if a user is able to specify Kubernetes namespace + (or OpenShift project) different from the default. It's NOT RECOMMENDED + to configured true without OAuth configured. This property is + also used by the OpenShift infra. + type: boolean + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overridden. + type: string + cheHost: + description: Public hostname of the installed Che server. If value + is omitted then it will be automatically set by the operator. + (see the `cheHostTLSSecret` field). + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress/route for the custom hostname of the installed Che server. + (see the `cheHost` field). + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: If enabled, then the certificate from `che-git-self-signed-cert` + config map will be propagated to the Che components and provide + particular configuration for Git. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional configuration + is required, but defining `nonProxyHosts` in a custom resource + leads to merging non proxy hosts lists from the cluster proxy + configuration and ones defined in the custom resources. (see the + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyURL` fields). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyURL`, `proxyUser` and `proxySecret` + fields). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. (see also the `proxyURL` and `nonProxyHosts` + fields). + type: string + proxySecret: + description: The secret that contains `user` and `password` for + a proxy server. If the secret is defined then `proxyUser` and + `proxyPassword` are ignored + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. Operator respects OpenShift + cluster wide proxy configuration and no additional configuration + is required, but defining `proxyUrl` in a custom resource leads + to overrides the cluster proxy configuration with fields `proxyUrl`, + `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + (see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyPort` and `nonProxyHosts` fields). + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL`, `proxyPassword` + and `proxySecret` fields). + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. Che + operator will automatically detect if router certificate is self-signed. + If so it will be propagated to Che server and some other components. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the config-map with public certificates to + add to Java trust store of the Che server. This is usually required + when adding the OpenShift OAuth provider which has https endpoint + signed with self-signed cert. So, Che server must be aware of + its CA cert to be able to request it. This is disabled by default. + type: string + tlsSupport: + description: Deprecated. Instructs the operator to deploy Che in + TLS mode. This is enabled by default. Disabling TLS may cause + malfunction of some Che components. + type: boolean + workspaceNamespaceDefault: + description: 'Defines Kubernetes default namespace in which user''s + workspaces are created if user does not override it. It''s possible + to use , and placeholders (e.g.: + che-workspace-). In that case, new namespace will be + created for each user (or workspace). Is used by OpenShift infra + as well to specify Project' + type: string + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml.diff b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.crd.yaml.diff new file mode 100644 index 000000000..e69de29bb diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml.diff b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml.diff new file mode 100644 index 000000000..b46d0b3da --- /dev/null +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml.diff @@ -0,0 +1,405 @@ +--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598450051/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598450051.clusterserviceversion.yaml 2020-08-31 14:26:26.883134685 +0300 ++++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1598898635/eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635.clusterserviceversion.yaml 2020-08-31 21:30:36.405966399 +0300 +@@ -1,402 +0,0 @@ +-apiVersion: operators.coreos.com/v1alpha1 +-kind: ClusterServiceVersion +-metadata: +- annotations: +- alm-examples: |- +- [ +- { +- "apiVersion": "org.eclipse.che/v1", +- "kind": "CheCluster", +- "metadata": { +- "name": "eclipse-che" +- }, +- "spec": { +- "k8s": { +- "ingressDomain": "", +- "tlsSecretName": "" +- }, +- "server": { +- "cheImageTag": "nightly", +- "devfileRegistryImage": "quay.io/eclipse/che-devfile-registry:nightly", +- "pluginRegistryImage": "quay.io/eclipse/che-plugin-registry:nightly", +- "tlsSupport": true, +- "selfSignedCert": false +- }, +- "database": { +- "externalDb": false, +- "chePostgresHostName": "", +- "chePostgresPort": "", +- "chePostgresUser": "", +- "chePostgresPassword": "", +- "chePostgresDb": "" +- }, +- "auth": { +- "identityProviderImage": "quay.io/eclipse/che-keycloak:nightly", +- "externalIdentityProvider": false, +- "identityProviderURL": "", +- "identityProviderRealm": "", +- "identityProviderClientId": "" +- }, +- "storage": { +- "pvcStrategy": "per-workspace", +- "pvcClaimSize": "1Gi", +- "preCreateSubPaths": true +- }, +- "metrics": { +- "enable": true +- } +- } +- } +- ] +- capabilities: Seamless Upgrades +- categories: Developer Tools +- certified: "false" +- containerImage: quay.io/eclipse/che-operator:nightly +- createdAt: "2020-08-26T13:54:12Z" +- description: A Kube-native development solution that delivers portable and collaborative +- developer workspaces. +- operatorframework.io/suggested-namespace: eclipse-che +- repository: https://github.com/eclipse/che-operator +- support: Eclipse Foundation +- name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1598450051 +- namespace: placeholder +-spec: +- apiservicedefinitions: {} +- customresourcedefinitions: +- owned: +- - description: Eclipse Che cluster with DB and Auth Server +- displayName: Eclipse Che Cluster +- kind: CheCluster +- name: checlusters.org.eclipse.che +- specDescriptors: +- - description: TLS routes +- displayName: TLS Mode +- path: server.tlsSupport +- x-descriptors: +- - urn:alm:descriptor:com.tectonic.ui:booleanSwitch +- statusDescriptors: +- - description: Ingress to access Eclipse Che +- displayName: Eclipse Che URL +- path: cheURL +- x-descriptors: +- - urn:alm:descriptor:org.w3:link +- - description: Ingress to access Keycloak Admin Console +- displayName: Keycloak Admin Console URL +- path: keycloakURL +- x-descriptors: +- - urn:alm:descriptor:org.w3:link +- - description: Eclipse Che server version +- displayName: Eclipse Che version +- path: cheVersion +- x-descriptors: +- - urn:alm:descriptor:com.tectonic.ui:label +- - description: The current status of the application +- displayName: Status +- path: cheClusterRunning +- x-descriptors: +- - urn:alm:descriptor:io.kubernetes.phase +- - description: Reason of the current status +- displayName: Reason +- path: reason +- x-descriptors: +- - urn:alm:descriptor:text +- - description: Message explaining the current status +- displayName: Message +- path: message +- x-descriptors: +- - urn:alm:descriptor:text +- - description: Link providing help related to the current status +- displayName: Help link +- path: helpLink +- x-descriptors: +- - urn:alm:descriptor:org.w3:link +- version: v1 +- description: | +- A collaborative Kubernetes-native development solution that delivers Kubernetes workspaces and in-browser IDE for rapid cloud application development. +- This operator installs PostgreSQL, Keycloak, Registries and the Eclipse Che server, as well as configures all these services. +- ## Prerequisites +- - Operator Lifecycle Manager (OLM) needs to be installed. +- - Kubernetes Platform. For OpenShift, the installation is directly made from OperatorHub UI in the admin console. +- +- OLM installation can be checked by running the command: +- ``` +- $ kubectl get pods --all-namespaces | grep olm +- olm catalog-operator-7b8cd7f8bf-2v7zj 1/1 Running 0 10m +- olm olm-operator-5c5c798cd5-s6ll5 1/1 Running 0 10m +- olm olm-operators-fm5wc 1/1 Running 0 10m +- olm operatorhubio-catalog-d78km 1/1 Running 0 10m +- olm packageserver-5c5f64947b-trghp 1/1 Running 0 9m56s +- olm packageserver-5c5f64947b-zqvxg 1/1 Running 0 9m56s +- ``` +- +- ## How to Install +- Install `Eclipse Che Operator` by following instructions in top right button `Install`. +- +- A new pod che-operator is created in `my-eclipse-che` namespace +- +- ``` +- $ kubectl get pods --all-namespaces | grep my-eclipse-che +- my-eclipse-che che-operator-554c564476-fl98z 1/1 Running 0 13s +- ``` +- +- The operator is now providing new Custom Resources Definitions: `checluster.org.eclipse.che` +- +- Create a new Eclipse Che instance by creating a new CheCluster resource: +- +- On the bottom of this page, there is a section `Custom Resource Definitions` with `Eclipse Che Cluster` name. +- +- Click on `View YAML Example` *Link* and copy the content to a new file named `my-eclipse-che.yaml` +- **Important!** Make sure you provide **K8s.ingressDomain** which is a global ingress domain of your k8s cluster, for example, `gcp.my-ide.cloud` +- Create the new CheCluster by creating the resource in the `my-eclipse-che` namespace : +- ``` +- $ kubectl create -f my-eclipse-che.yaml -n my-eclipse-che +- ``` +- ***important:*** The operator is only tracking resources in its own namespace. If CheCluster is not created in this namespace it's ignored. +- The operator will now create pods for Eclipse Che. The deployment status can be tracked by looking at the Operator logs by using the command: +- ``` +- $ kubectl logs -n my-eclipse-che che-operator-554c564476-fl98z +- ``` +- ***important:*** pod name is different on each installation +- +- When all Eclipse Che containers are running, the Eclipse Che URL is printed +- +- +- Eclipse Che URL can be tracked by searching for available trace: +- ``` +- $ kubectl logs -f -n my-eclipse-che che-operator-7b6b4bcb9c-m4m2m | grep "Eclipse Che is now available" +- time="2019-08-01T13:31:05Z" level=info msg="Eclipse Che is now available at: http://che-my-eclipse-che.gcp.my-ide.cloud" +- ``` +- When Eclipse Che is ready, the Eclipse Che URL is displayed in CheCluster resource in `status` section +- ``` +- $ kubectl describe checluster/eclipse-che -n my-eclipse-che +- ``` +- +- ``` +- Status: +- Che Cluster Running: Available +- Che URL: http://che-my-eclipse-che.gcp.my-ide.cloud +- Che Version: 7.0.0 +- ... +- ``` +- +- By opening this URL in a web browser, Eclipse Che is ready to use. +- ## Defaults +- By default, the operator deploys Eclipse Che with: +- * Bundled PostgreSQL and Keycloak +- * Per-Workspace PVC strategy +- * Auto-generated passwords +- * TLS mode (secure routes) +- ## Installation Options +- Eclipse Che operator installation options include: +- * Connection to external database and Keycloak +- * Configuration of default passwords and object names +- * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) +- * Authentication options +- ### External Database and Keycloak +- To instruct the operator to skip deploying PostgreSQL and Keycloak and connect to an existing DB and Keycloak instead: +- * set respective fields to `true` in a custom resource spec +- * provide the operator with connection and authentication details: +- ``` +- externalDb: true +- chePostgresHostname: 'yourPostgresHost' +- chePostgresPort: '5432' +- chePostgresUser: 'myuser' +- chePostgresPassword: 'mypass' +- chePostgresDb: 'mydb' +- externalIdentityProvider: true +- identityProviderURL: 'https://my-keycloak.com' +- identityProviderRealm: 'myrealm' +- identityProviderClientId: 'myClient' +- ``` +- #### Self-signed Certificates and TLS Secrets +- +- Eclipse Che uses self-signed certificates by default, as TLS mode is on by default. +- +- To provide the name of the tls secret that will be used for Eclipse Che and workspaces ingresses: +- ``` +- tlsSecretName: 'my-ingress-tls-secret' +- ``` +- displayName: Eclipse Che +- icon: +- - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== +- mediatype: image/png +- install: +- spec: +- deployments: +- - name: che-operator +- spec: +- replicas: 1 +- selector: +- matchLabels: +- app: che-operator +- strategy: {} +- template: +- metadata: +- labels: +- app: che-operator +- spec: +- containers: +- - command: +- - /usr/local/bin/che-operator +- env: +- - name: WATCH_NAMESPACE +- valueFrom: +- fieldRef: +- fieldPath: metadata.annotations['olm.targetNamespaces'] +- - name: POD_NAME +- valueFrom: +- fieldRef: +- fieldPath: metadata.name +- - name: OPERATOR_NAME +- value: che-operator +- - name: CHE_VERSION +- value: nightly +- - name: RELATED_IMAGE_che_server +- value: quay.io/eclipse/che-server:nightly +- - name: RELATED_IMAGE_plugin_registry +- value: quay.io/eclipse/che-plugin-registry:nightly +- - name: RELATED_IMAGE_devfile_registry +- value: quay.io/eclipse/che-devfile-registry:nightly +- - name: RELATED_IMAGE_che_tls_secrets_creation_job +- value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad +- - name: RELATED_IMAGE_pvc_jobs +- value: registry.access.redhat.com/ubi8-minimal:8.2-345 +- - name: RELATED_IMAGE_postgres +- value: centos/postgresql-96-centos7:9.6 +- - name: RELATED_IMAGE_keycloak +- value: quay.io/eclipse/che-keycloak:nightly +- - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata +- value: quay.io/eclipse/che-plugin-metadata-broker:v3.3.0 +- - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts +- value: quay.io/eclipse/che-plugin-artifacts-broker:v3.3.0 +- - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image +- value: quay.io/eclipse/che-jwtproxy:0.10.0 +- - name: CHE_FLAVOR +- value: che +- - name: CONSOLE_LINK_NAME +- value: che +- - name: CONSOLE_LINK_DISPLAY_NAME +- value: Eclipse Che +- - name: CONSOLE_LINK_SECTION +- value: Red Hat Applications +- - name: CONSOLE_LINK_IMAGE +- value: /dashboard/assets/branding/loader.svg +- - name: CHE_IDENTITY_SECRET +- value: che-identity-secret +- - name: CHE_IDENTITY_POSTGRES_SECRET +- value: che-identity-postgres-secret +- - name: CHE_POSTGRES_SECRET +- value: che-postgres-secret +- - name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME +- value: ca-certs +- image: quay.io/eclipse/che-operator:nightly +- imagePullPolicy: Always +- name: che-operator +- ports: +- - containerPort: 60000 +- name: metrics +- resources: {} +- restartPolicy: Always +- serviceAccountName: che-operator +- terminationGracePeriodSeconds: 5 +- permissions: +- - rules: +- - apiGroups: +- - extensions +- resources: +- - ingresses +- verbs: +- - '*' +- - apiGroups: +- - batch +- resources: +- - jobs +- verbs: +- - '*' +- - apiGroups: +- - rbac.authorization.k8s.io +- resources: +- - roles +- - rolebindings +- verbs: +- - '*' +- - apiGroups: +- - rbac.authorization.k8s.io +- resources: +- - clusterroles +- - clusterrolebindings +- verbs: +- - '*' +- - apiGroups: +- - "" +- resources: +- - pods +- - services +- - serviceaccounts +- - endpoints +- - persistentvolumeclaims +- - events +- - configmaps +- - secrets +- - pods/exec +- - pods/log +- verbs: +- - '*' +- - apiGroups: +- - "" +- resources: +- - namespaces +- verbs: +- - get +- - apiGroups: +- - apps +- resources: +- - deployments +- verbs: +- - '*' +- - apiGroups: +- - monitoring.coreos.com +- resources: +- - servicemonitors +- verbs: +- - get +- - create +- - apiGroups: +- - org.eclipse.che +- resources: +- - '*' +- verbs: +- - '*' +- serviceAccountName: che-operator +- strategy: deployment +- installModes: +- - supported: true +- type: OwnNamespace +- - supported: true +- type: SingleNamespace +- - supported: true +- type: MultiNamespace +- - supported: false +- type: AllNamespaces +- keywords: +- - eclipse che +- - workspaces +- - devtools +- - developer +- - ide +- - java +- links: +- - name: Product Page +- url: http://www.eclipse.org/che +- - name: Documentation +- url: https://www.eclipse.org/che/docs +- - name: Operator GitHub Repo +- url: https://github.com/eclipse/che-operator +- maintainers: +- - email: dfestal@redhat.com +- name: David Festal +- maturity: stable +- provider: +- name: Eclipse Foundation +- replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1597916268 +- version: 9.9.9-nightly.1598450051 diff --git a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml index 930a2e8c0..240ac021f 100644 --- a/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml +++ b/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml @@ -1,5 +1,5 @@ channels: -- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1599235271 +- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1598898635 name: nightly - currentCSV: eclipse-che-preview-kubernetes.v7.18.1 name: stable diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml new file mode 100644 index 000000000..1bed05144 --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml @@ -0,0 +1,567 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on these + settings, the operator automatically creates and maintains several config + maps that will contain the appropriate environment variables the various + components of the Che installation. These generated config maps should + NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication used + by the Che installation. + properties: + externalIdentityProvider: + description: 'Instructs the operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). By + default a dedicated Identity Provider server is deployed as part + of the Che installation. But if `externalIdentityProvider` is + `true`, then no dedicated identity provider will be deployed by + the operator and you might need to provide details about the external + identity provider you want to use. See also all the other fields + starting with: `identityProvider`.' + type: boolean + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider admin user. + Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider (Keycloak / RH SSO) `client-id` + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderImage: + description: Overrides the container image used in the Identity + Provider (Keycloak / RH SSO) deployment. This includes the image + tag. Omit it or leave it empty to use the defaut container image + provided by the operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider (Keycloak / RH SSO) deployment. Default value is `Always` + for `nightly` or `latest` images, and `IfNotPresent` in other + cases. + type: string + identityProviderPassword: + description: Overrides the password of Keycloak admin user. This + is useful to override it ONLY if you use an external Identity + Provider (see the `externalIdentityProvider` field). If omitted + or left blank, it will be set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for The Identity Provider (Keycloak / RH SSO) + to connect to the database. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to an auto-generated + password. + type: string + identityProviderPostgresSecret: + description: 'The secret that contains `password` for The Identity + Provider (Keycloak / RH SSO) to connect to the database. If the + secret is defined then `identityProviderPostgresPassword` will + be ignored. If the value is omitted or left blank then there are + two scenarios: 1. `identityProviderPostgresPassword` is defined, + then it will be used to connect to the database. 2. `identityProviderPostgresPassword` + is not defined, then a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`.' + type: string + identityProviderRealm: + description: Name of a Identity provider (Keycloak / RH SSO) realm + that should be used for Che. This is useful to override it ONLY + if you use an external Identity Provider (see the `externalIdentityProvider` + field). If omitted or left blank, it will be set to the value + of the `flavour` field. + type: string + identityProviderSecret: + description: 'The secret that contains `user` and `password` for + Identity Provider. If the secret is defined then `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. If the value is omitted + or left blank then there are two scenarios: 1. `identityProviderAdminUserName` + and `identityProviderPassword` are defined, then they will be + used. 2. `identityProviderAdminUserName` or `identityProviderPassword` + are not defined, then a new secret with the name `che-identity-secret` + will be created with default value `admin` for `user` and with + an auto-generated value for `password`.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH SSO server). You should set it ONLY if you use an external + Identity Provider (see the `externalIdentityProvider` field). + By default this will be automatically calculated and set by the + operator. + type: string + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used to + setup identity federation on the OpenShift side. Auto-generated + if left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift side. + Auto-generated if left blank. See also the `OAuthClientName` field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. + This will allow users to directly login with their Openshift user + through the Openshift login, and have their workspaces created + under personal OpenShift namespaces. WARNING: the `kubeadmin` + user is NOT supported, and logging through it will NOT allow accessing + the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used by + the Che installation. + properties: + chePostgresDb: + description: Postgres database name that the Che server uses to + connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: Postgres Database hostname that the Che server uses + to connect to. Defaults to postgres. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresPassword: + description: Postgres password that the Che server should use to + connect to the DB. If omitted or left blank, it will be set to + an auto-generated value. + type: string + chePostgresPort: + description: Postgres Database port that the Che server uses to + connect to. Defaults to 5432. This value should be overridden + ONLY when using an external database (see field `externalDb`). + In the default case it will be automatically set by the operator. + type: string + chePostgresSecret: + description: 'The secret that contains Postgres `user` and `password` + that the Che server should use to connect to the DB. If the secret + is defined then `chePostgresUser` and `chePostgresPassword` are + ignored. If the value is omitted or left blank then there are + two scenarios: 1. `chePostgresUser` and `chePostgresPassword` + are defined, then they will be used to connect to the DB. 2. `chePostgresUser` + or `chePostgresPassword` are not defined, then a new secret with + the name `che-postgres-secret` will be created with default value + of `pgche` for `user` and with an auto-generated value for `password`.' + type: string + chePostgresUser: + description: Postgres user that the Che server should use to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the operator on whether or not to deploy + a dedicated database. By default a dedicated Postgres database + is deployed as part of the Che installation. But if `externalDb` + is `true`, then no dedicated database will be deployed by the + operator and you might need to provide connection details to the + external DB you want to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the Postgres + database deployment. This includes the image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the Postgres + database deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + k8s: + description: Configuration settings specific to Che installations made + on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controler + will manage ingresses. Defaults to `nginx`. NB: This drives the + `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a K8S cluster. This MUST + be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: Strategy for ingress creation. This can be `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host.*`(no host is + provided, path-based rules). Defaults to `"multi-host` + type: string + securityContextFsGroup: + description: FSGroup the Che pod and Workspace pods containers should + run in. Defaults to `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che pod and Workspace pods containers + should run as. Default to `1724`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination if TLS is enabled. See also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` Che server endpoint. Default to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional hostname (or url) to an alternate container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container images + involved in a Che deployment. This is particularly useful to install + Che in an air-gapped environment. + type: string + allowUserDefinedWorkspaceNamespaces: + description: Defines if a user is able to specify Kubernetes namespace + (or OpenShift project) different from the default. It's NOT RECOMMENDED + to configured true without OAuth configured. This property is + also used by the OpenShift infra. + type: boolean + cheDebug: + description: Enables the debug mode for Che server. Defaults to + `false`. + type: string + cheFlavor: + description: Flavor of the installation. This is either `che` for + upstream Che installations, or `codeready` for CodeReady Workspaces + installation. In most cases the default value should not be overridden. + type: string + cheHost: + description: Public hostname of the installed Che server. If value + is omitted then it will be automatically set by the operator. + (see the `cheHostTLSSecret` field). + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress/route for the custom hostname of the installed Che server. + (see the `cheHost` field). + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or leave + it empty to use the defaut container image provided by the operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly` or `latest` images, and + `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in Che + deployment. Omit it or leave it empty to use the defaut image + tag provided by the operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults + to `INFO`.' + type: string + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che workspaces. + The default roles are used if this is omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will be + applied in the generated `che` config map to be used by the Che + server, in addition to the values already generated from other + fields of the `CheCluster` custom resource (CR). If `customCheProperties` + contains a property that would be normally generated in `che` + config map from other CR fields, then the value defined in the + `customCheProperties` will be used instead. + type: object + devfileRegistryImage: + description: Overrides the container image used in the Devfile registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the Devfile registry + deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the Devfile registry + deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the Devfile + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryUrl: + description: Public URL of the Devfile registry, that serves sample, + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalDevfileRegistry` field). By + default this will be automatically calculated by the operator. + type: string + externalDevfileRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Devfile registry server. By default a dedicated devfile + registry server is started. But if `externalDevfileRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `devfileRegistryUrl` field + type: boolean + externalPluginRegistry: + description: Instructs the operator on whether or not to deploy + a dedicated Plugin registry server. By default a dedicated plugin + registry server is started. But if `externalPluginRegistry` is + `true`, then no such dedicated server will be started by the operator + and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: If enabled, then the certificate from `che-git-self-signed-cert` + config map will be propagated to the Che components and provide + particular configuration for Git. + type: boolean + nonProxyHosts: + description: List of hosts that should not use the configured proxy. + Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional configuration + is required, but defining `nonProxyHosts` in a custom resource + leads to merging non proxy hosts lists from the cluster proxy + configuration and ones defined in the custom resources. (see the + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyURL` fields). + type: string + pluginRegistryImage: + description: Overrides the container image used in the Plugin registry + deployment. This includes the image tag. Omit it or leave it empty + to use the defaut container image provided by the operator. + type: string + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the Plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the Plugin registry + deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the Plugin + registry deployment. Default value is `Always` for `nightly` or + `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryUrl: + description: Public URL of the Plugin registry, that serves sample + ready-to-use devfiles. You should set it ONLY if you use an external + devfile registry (see the `externalPluginRegistry` field). By + default this will be automatically calculated by the operator. + type: string + proxyPassword: + description: Password of the proxy server Only use when proxy configuration + is required (see also the `proxyURL`, `proxyUser` and `proxySecret` + fields). + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. (see also the `proxyURL` and `nonProxyHosts` + fields). + type: string + proxySecret: + description: The secret that contains `user` and `password` for + a proxy server. If the secret is defined then `proxyUser` and + `proxyPassword` are ignored + type: string + proxyURL: + description: URL (protocol+hostname) of the proxy server. This drives + the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only use + when configuring a proxy is required. Operator respects OpenShift + cluster wide proxy configuration and no additional configuration + is required, but defining `proxyUrl` in a custom resource leads + to overrides the cluster proxy configuration with fields `proxyUrl`, + `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + (see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) + (see also the `proxyPort` and `nonProxyHosts` fields). + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required (see also the `proxyURL`, `proxyPassword` + and `proxySecret` fields). + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. Che + operator will automatically detect if router certificate is self-signed. + If so it will be propagated to Che server and some other components. + type: boolean + serverMemoryLimit: + description: Overrides the memory limit used in the Che server deployment. + Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the config-map with public certificates to + add to Java trust store of the Che server. This is usually required + when adding the OpenShift OAuth provider which has https endpoint + signed with self-signed cert. So, Che server must be aware of + its CA cert to be able to request it. This is disabled by default. + type: string + tlsSupport: + description: Deprecated. Instructs the operator to deploy Che in + TLS mode. This is enabled by default. Disabling TLS may cause + malfunction of some Che components. + type: boolean + workspaceNamespaceDefault: + description: 'Defines Kubernetes default namespace in which user''s + workspaces are created if user does not override it. It''s possible + to use , and placeholders (e.g.: + che-workspace-). In that case, new namespace will be + created for each user (or workspace). Is used by OpenShift infra + as well to specify Project' + type: string + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the Postgres database. If omitted or left blank, default storage + class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to launch a special pod to + pre-create a subpath in the Persistent Volumes. Defaults to `false`, + however it might need to enable it according to the configuration + of your K8S cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `1Gi` + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit it + or leave it empty to use the defaut container image provided by + the operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` + (one PVC per workspace for all declared volumes) and `unique` + (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims dedicated + to the Che workspaces. If omitted or left blank, default storage + class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress` + type: string + cheURL: + description: Public URL to the Che server + type: string + cheVersion: + description: Current installed Che version + type: string + dbProvisioned: + description: Indicates if or not a Postgres instance has been correctly + provisioned + type: boolean + devfileRegistryURL: + description: Public URL to the Devfile registry + type: string + helpLink: + description: A URL that can point to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been provisioned with realm, client and user + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server (Keycloak / + RH SSO). + type: string + message: + description: A human readable message indicating details about why the + pod is in this condition. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance (Keycloak + / RH SSO) has been configured to integrate with the OpenShift OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the Plugin registry + type: string + reason: + description: A brief CamelCase message indicating details about why + the pod is in this state. + type: string + type: object + version: v1 + versions: + - name: v1 + served: true + storage: true diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml.diff b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.crd.yaml.diff new file mode 100644 index 000000000..e69de29bb diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml new file mode 100644 index 000000000..4aa26b77e --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml @@ -0,0 +1,435 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "org.eclipse.che/v1", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che" + }, + "spec": { + "server": { + "cheImageTag": "nightly", + "devfileRegistryImage": "quay.io/eclipse/che-devfile-registry:nightly", + "pluginRegistryImage": "quay.io/eclipse/che-plugin-registry:nightly", + "tlsSupport": true, + "selfSignedCert": false + }, + "database": { + "externalDb": false, + "chePostgresHostName": "", + "chePostgresPort": "", + "chePostgresUser": "", + "chePostgresPassword": "", + "chePostgresDb": "" + }, + "auth": { + "openShiftoAuth": true, + "identityProviderImage": "quay.io/eclipse/che-keycloak:nightly", + "externalIdentityProvider": false, + "identityProviderURL": "", + "identityProviderRealm": "", + "identityProviderClientId": "" + }, + "storage": { + "pvcStrategy": "per-workspace", + "pvcClaimSize": "1Gi", + "preCreateSubPaths": true + }, + "metrics": { + "enable": true + } + } + } + ] + capabilities: Seamless Upgrades + categories: Developer Tools, OpenShift Optional + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly + createdAt: "2020-08-31T18:30:36Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces in OpenShift. + operatorframework.io/suggested-namespace: eclipse-che + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation + name: eclipse-che-preview-openshift.v9.9.9-nightly.1598898636 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: Eclipse Che cluster with DB and Auth Server + displayName: Eclipse Che Cluster + kind: CheCluster + name: checlusters.org.eclipse.che + specDescriptors: + - description: Log in to Eclipse Che with OpenShift credentials + displayName: OpenShift oAuth + path: auth.openShiftoAuth + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: TLS routes + displayName: TLS Mode + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Route to access Eclipse Che + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Route to access Keycloak Admin Console + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Eclipse Che server version + displayName: Eclipse Che version + path: cheVersion + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:label + - description: The current status of the application + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Reason of the current status + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: Message explaining the current status + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: Link providing help related to the current status + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers OpenShift workspaces and in-browser IDE for rapid cloud application development. + This operator installs PostgreSQL, Keycloak, and the Eclipse Che server, as well as configures all three services. + + ## How to Install + + Press the **Install** button, choose the upgrade strategy, and wait for the **Installed** Operator status. + + When the operator is installed, create a new CR of Kind CheCluster (click the **Create New** button). + The CR spec contains all defaults (see below). + + You can start using Eclipse Che when the CR status is set to **Available**, and you see a URL to Eclipse Che. + + ## Defaults + + By default, the operator deploys Eclipse Che with: + + * Bundled PostgreSQL and Keycloak + + * Per-Workspace PVC strategy + + * Auto-generated passwords + + * TLS mode (secure routes) + + * Regular login extended with OpenShift OAuth authentication + + ## Installation Options + + Eclipse Che operator installation options include: + + * Connection to external database and Keycloak + + * Configuration of default passwords and object names + + * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) + + * Authentication options + + ### External Database and Keycloak + + To instruct the operator to skip deploying PostgreSQL and Keycloak and connect to an existing DB and Keycloak instead: + + * set respective fields to `true` in a custom resource spec + + * provide the operator with connection and authentication details: + + + + `externalDb: true` + + + `chePostgresHostname: 'yourPostgresHost'` + + + `chePostgresPort: '5432'` + + + `chePostgresUser: 'myuser'` + + + `chePostgresPassword: 'mypass'` + + + `chePostgresDb: 'mydb'` + + + `externalIdentityProvider: true` + + + `identityProviderURL: 'https://my-keycloak.com'` + + + `identityProviderRealm: 'myrealm'` + + + `identityProviderClientId: 'myClient'` + + + #### Self-signed Certificates + + Eclipse Che uses self-signed certificates by default. + + You can also manually create a secret: + + + + ``` + oc create secret generic self-signed-certificate --from-file=/path/to/certificate/ca.crt -n=$codeReadyNamespace + ``` + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - get + - delete + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - oauths + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - list + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - get + - list + - create + - update + - patch + - delete + serviceAccountName: che-operator + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: {} + template: + metadata: + labels: + app: che-operator + spec: + containers: + - command: + - /usr/local/bin/che-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: nightly + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server:nightly + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry:nightly + - name: RELATED_IMAGE_devfile_registry + value: quay.io/eclipse/che-devfile-registry:nightly + - name: RELATED_IMAGE_pvc_jobs + value: registry.access.redhat.com/ubi8-minimal:8.2-345 + - name: RELATED_IMAGE_postgres + value: centos/postgresql-96-centos7:9.6 + - name: RELATED_IMAGE_keycloak + value: quay.io/eclipse/che-keycloak:nightly + - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata + value: quay.io/eclipse/che-plugin-metadata-broker:v3.3.0 + - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts + value: quay.io/eclipse/che-plugin-artifacts-broker:v3.3.0 + - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image + value: quay.io/eclipse/che-jwtproxy:0.10.0 + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: CHE_IDENTITY_SECRET + value: che-identity-secret + - name: CHE_IDENTITY_POSTGRES_SECRET + value: che-identity-postgres-secret + - name: CHE_POSTGRES_SECRET + value: che-postgres-secret + - name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME + value: ca-certs + image: quay.io/eclipse/che-operator:nightly + imagePullPolicy: Always + name: che-operator + ports: + - containerPort: 60000 + name: metrics + resources: {} + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 5 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - '*' + verbs: + - '*' + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: true + type: OwnNamespace + - supported: true + type: SingleNamespace + - supported: true + type: MultiNamespace + - supported: false + type: AllNamespaces + keywords: + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse/che-operator + maintainers: + - email: dfestal@redhat.com + name: David Festal + maturity: stable + provider: + name: Eclipse Foundation + replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1598450052 + version: 9.9.9-nightly.1598898636 diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml.diff b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml.diff new file mode 100644 index 000000000..787328ec1 --- /dev/null +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml.diff @@ -0,0 +1,26 @@ +--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598450052/eclipse-che-preview-openshift.v9.9.9-nightly.1598450052.clusterserviceversion.yaml 2020-08-31 14:26:26.899134663 +0300 ++++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1598898636/eclipse-che-preview-openshift.v9.9.9-nightly.1598898636.clusterserviceversion.yaml 2020-08-31 21:30:37.617952538 +0300 +@@ -49,13 +49,13 @@ + categories: Developer Tools, OpenShift Optional + certified: "false" + containerImage: quay.io/eclipse/che-operator:nightly +- createdAt: "2020-08-26T13:54:12Z" ++ createdAt: "2020-08-31T18:30:36Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces in OpenShift. + operatorframework.io/suggested-namespace: eclipse-che + repository: https://github.com/eclipse/che-operator + support: Eclipse Foundation +- name: eclipse-che-preview-openshift.v9.9.9-nightly.1598450052 ++ name: eclipse-che-preview-openshift.v9.9.9-nightly.1598898636 + namespace: placeholder + spec: + apiservicedefinitions: {} +@@ -431,5 +431,5 @@ + maturity: stable + provider: + name: Eclipse Foundation +- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1597916268 +- version: 9.9.9-nightly.1598450052 ++ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1598450052 ++ version: 9.9.9-nightly.1598898636 diff --git a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml index 10fcdc112..30bb087fc 100644 --- a/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml +++ b/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml @@ -1,5 +1,5 @@ channels: -- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1599235272 +- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1598898636 name: nightly - currentCSV: eclipse-che-preview-openshift.v7.18.1 name: stable diff --git a/olm/force-pulling-olm-images-job.yaml b/olm/force-pulling-olm-images-job.yaml new file mode 100644 index 000000000..686336165 --- /dev/null +++ b/olm/force-pulling-olm-images-job.yaml @@ -0,0 +1,63 @@ +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation + +kind: Job +apiVersion: batch/v1 +metadata: + name: force-pulling-olm-images-job +spec: + parallelism: 1 + completions: 1 + backoffLimit: 6 + template: + metadata: + name: force-pulling-olm-images-job + spec: + imagePullSecrets: + - name: 'myregistrykey' + volumes: + - name: util + emptyDir: {} + initContainers: + + - name: util + image: >- + busybox + command: + - /bin/cp + - '-Rv' + - /bin/echo + - /util/echo + volumeMounts: + - name: util + mountPath: /util + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: IfNotPresent + + containers: + + - name: pull-bundle-image + image: "${BUNDLE_IMAGE_NAME}" + command: + - /util/echo + - "Pull completed" + volumeMounts: + - name: util + mountPath: /util + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + imagePullPolicy: Always + + restartPolicy: OnFailure + terminationGracePeriodSeconds: 30 + dnsPolicy: ClusterFirst + schedulerName: default-scheduler diff --git a/olm/incrementNightlyBundles.sh b/olm/incrementNightlyBundles.sh new file mode 100755 index 000000000..d56a66964 --- /dev/null +++ b/olm/incrementNightlyBundles.sh @@ -0,0 +1,58 @@ +#!/bin/bash +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation + +set -e + +if [ -z "${BASE_DIR}" ]; then + BASE_DIR=$(cd "$(dirname "$0")" && pwd) +fi +ROOT_PROJECT_DIR=$(dirname "${BASE_DIR}") + +source ${BASE_DIR}/check-yq.sh + +incrementNightlyVersion() { + for platform in 'kubernetes' 'openshift' + do + OPM_BUNDLE_DIR="${ROOT_PROJECT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}" + OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests" + CSV="${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml" + + currentNightlyVersion=$(yq -r ".spec.version" "${CSV}") + echo "[INFO] current nightly ${platform} version: ${currentNightlyVersion}" + + getNightlyVersionIncrementPart "${currentNightlyVersion}" + + PACKAGE_NAME="eclipse-che-preview-${platform}" + PACKAGE_FOLDER_PATH="${ROOT_PROJECT_DIR}/olm/eclipse-che-preview-${platform}/deploy/olm-catalog/${PACKAGE_NAME}" + PACKAGE_FILE_PATH="${PACKAGE_FOLDER_PATH}/${PACKAGE_NAME}.package.yaml" + CLUSTER_SERVICE_VERSION=$(yq -r ".channels[] | select(.name == \"stable\") | .currentCSV" "${PACKAGE_FILE_PATH}") + STABLE_PACKAGE_VERSION=$(echo "${CLUSTER_SERVICE_VERSION}" | sed -e "s/${PACKAGE_NAME}.v//") + + newVersion="${STABLE_PACKAGE_VERSION}-$((incrementPart+1)).nightly" + + echo "[INFO] Set up nightly ${platform} version: ${newVersion}" + yq -rY "(.spec.version) = \"${newVersion}\" | (.metadata.name) = \"eclipse-che-preview-${platform}.v${newVersion}\"" "${CSV}" > "${CSV}.old" + mv "${CSV}.old" "${CSV}" + done +} + +getNightlyVersionIncrementPart() { + nightlyVersion="${1}" + + versionWithoutNightly="${nightlyVersion%.nightly}" + + version="${versionWithoutNightly%-*}" + + incrementPart="${versionWithoutNightly#*-}" + + echo "${incrementPart}" +} diff --git a/olm/minikube-registry-addon.sh b/olm/minikube-registry-addon.sh new file mode 100755 index 000000000..88130980c --- /dev/null +++ b/olm/minikube-registry-addon.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# +# Copyright (c) 2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# +# Scripts to prepare OLM(operator lifecycle manager) and install che-operator package +# with specific version using OLM. + +set -e + +if [ -z "${BASE_DIR}" ]; then + SCRIPT=$(readlink -f "$0") + export SCRIPT + + BASE_DIR=$(dirname "$(dirname "$SCRIPT")")/olm; + export BASE_DIR +fi + +ROOT_DIR=$(dirname "${BASE_DIR}") + +source ${ROOT_DIR}/olm/check-yq.sh + +minikube addons enable registry +registryPod=$(kubectl get pods -n kube-system -o yaml | yq -r ".items[] | select(.metadata.labels.\"actual-registry\") | .metadata.name") +kubectl wait --for=condition=ready "pods/${registryPod}" --timeout=120s -n "kube-system" +kubectl port-forward --namespace kube-system "pod/${registryPod}" 5000:5000 diff --git a/olm/olm.sh b/olm/olm.sh index a079fa5ee..ee956ec69 100755 --- a/olm/olm.sh +++ b/olm/olm.sh @@ -13,12 +13,17 @@ # Scripts to prepare OLM(operator lifecycle manager) and install che-operator package # with specific version using OLM. -SCRIPT=$(readlink -f "$0") -export SCRIPT -BASE_DIR=$(dirname "$(dirname "$SCRIPT")")/olm; -export BASE_DIR +if [ -z "${BASE_DIR}" ]; then + SCRIPT=$(readlink -f "$0") + export SCRIPT -source ${BASE_DIR}/check-yq.sh + BASE_DIR=$(dirname "$(dirname "$SCRIPT")")/olm; + export BASE_DIR +fi + +ROOT_DIR=$(dirname "${BASE_DIR}") + +source ${ROOT_DIR}/olm/check-yq.sh SOURCE_INSTALL=$4 @@ -46,21 +51,33 @@ fi channel="stable" if [[ "${PACKAGE_VERSION}" =~ "nightly" ]] then - channel="nightly" + channel="nightly" + OPM_BUNDLE_DIR="${ROOT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}" + OPM_BUNDLE_MANIFESTS_DIR="${OPM_BUNDLE_DIR}/manifests" fi packageName=eclipse-che-preview-${platform} -platformPath=${BASE_DIR}/${packageName} -packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}" -packageFilePath="${packageFolderPath}/${packageName}.package.yaml" -CSV="eclipse-che-preview-${platform}.v${PACKAGE_VERSION}" +if [ "${channel}" == 'nightly' ]; then + CSV_FILE="${ROOT_DIR}/deploy/olm-catalog/eclipse-che-preview-${platform}/manifests/che-operator.clusterserviceversion.yaml" +else + if [ ${SOURCE_INSTALL} == "catalog" ]; then + echo "[ERROR] Stable preview channel doesn't support installation using 'catalog'. Use 'Marketplace' instead of it." + exit 1 + fi + + platformPath="${BASE_DIR}/${packageName}" + packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}" + CSV_FILE="${packageFolderPath}/${PACKAGE_VERSION}/${packageName}.v${PACKAGE_VERSION}.clusterserviceversion.yaml" +fi + +CSV=$(yq -r ".metadata.name" "${CSV_FILE}") echo -e "\u001b[32m PACKAGE_VERSION=${PACKAGE_VERSION} \u001b[0m" echo -e "\u001b[32m CSV=${CSV} \u001b[0m" echo -e "\u001b[32m Channel=${channel} \u001b[0m" echo -e "\u001b[32m Namespace=${namespace} \u001b[0m" -# We don't need to delete ${namepsace} anymore since tls secret is precreated there. +# We don't need to delete ${namespace} anymore since tls secret is precreated there. # if kubectl get namespace "${namespace}" >/dev/null 2>&1 # then # echo "You should delete namespace '${namespace}' before running the update test first." @@ -68,8 +85,6 @@ echo -e "\u001b[32m Namespace=${namespace} \u001b[0m" # fi catalog_source() { - echo "--- Use default eclipse che application registry ---" - if [ ${SOURCE_INSTALL} == "catalog" ]; then marketplaceNamespace=${namespace}; kubectl apply -f - </dev/null || mktemp -q -d)" + pushd "${OPM_TEMP_DIR}" || exit + + echo "[INFO] Downloading 'opm' cli tool..." + curl -sLo opm "$(curl -sL https://api.github.com/repos/operator-framework/operator-registry/releases/30101377 | jq -r '[.assets[] | select(.name == "linux-amd64-opm")] | first | .browser_download_url')" + export OPM_BINARY="${OPM_TEMP_DIR}/opm" + chmod +x "${OPM_BINARY}" + echo "[INFO] Downloading completed!" + echo "[INFO] 'opm' binary path: ${OPM_BINARY}" + popd || exit + fi +} + +createNamespace() { kubectl apply -f - </dev/null || mktemp -q -d)" + HT_PASSWD_FILE="${PASSWD_TEMP_DIR}/users.htpasswd" + touch "${HT_PASSWD_FILE}" + + htpasswd -b "${HT_PASSWD_FILE}" "$name" "$pass" + echo "HTPASSWD content is:=======================" + cat "${HT_PASSWD_FILE}" + echo "===================================" + + kubectl create secret generic htpass-secret \ + --from-file=htpasswd="${HT_PASSWD_FILE}" \ + -n openshift-config + +cat < namespace -source ${BASE_DIR}/olm/olm.sh ${platform} ${previousPackageVersion} $3 +init() { + if [ "${channel}" == "stable" ]; then + packageName=eclipse-che-preview-${platform} + platformPath=${OPERATOR_REPO}/olm/${packageName} + packageFolderPath="${platformPath}/deploy/olm-catalog/${packageName}" + packageFilePath="${packageFolderPath}/${packageName}.package.yaml" -installOperatorMarketPlace -installPackage -applyCRCheCluster -waitCheServerDeploy + LATEST_CSV_NAME=$(yq -r ".channels[] | select(.name == \"${channel}\") | .currentCSV" "${packageFilePath}") + lastPackageVersion=$(echo "${LATEST_CSV_NAME}" | sed -e "s/${packageName}.v//") + PREVIOUS_CSV_NAME=$(sed -n 's|^ *replaces: *\([^ ]*\) *|\1|p' "${packageFolderPath}/${lastPackageVersion}/${packageName}.v${lastPackageVersion}.clusterserviceversion.yaml") + PACKAGE_VERSION=$(echo "${PREVIOUS_CSV_NAME}" | sed -e "s/${packageName}.v//") + INSTALLATION_TYPE="Marketplace" + else + packageFolderPath="${OPERATOR_REPO}/deploy/olm-catalog/eclipse-che-preview-${platform}" + PACKAGE_VERSION="nightly" + export CATALOG_IMAGENAME="${IMAGE_REGISTRY_HOST}/${IMAGE_REGISTRY_USER_NAME}/eclipse-che-${platform}-opm-catalog:preview" + INSTALLATION_TYPE="catalog" + fi +} -echo -e "\u001b[32m Installation of the previous che-operator version: ${previousCSV} succesfully completed \u001b[0m" +run() { + # $3 -> namespace + source "${OPERATOR_REPO}/olm/olm.sh" "${platform}" "${PACKAGE_VERSION}" "${namespace}" "${INSTALLATION_TYPE}" -installPackage + createNamespace + + installOperatorMarketPlace + + if [ "${channel}" == "nightly" ]; then + getBundleListFromCatalogSource + getPreviousCSVInfo + getLatestCSVInfo + + forcePullingOlmImages "${PREVIOUS_CSV_BUNDLE_IMAGE}" + forcePullingOlmImages "${LATEST_CSV_BUNDLE_IMAGE}" + fi + + subscribeToInstallation "${PREVIOUS_CSV_NAME}" + echo -e "\u001b[32m Installation of the previous che-operator version: ${PREVIOUS_CSV_NAME} successfully completed \u001b[0m" + installPackage + applyCRCheCluster + waitCheServerDeploy + + echo -e "\u001b[32m Installation of the latest che-operator version: ${LATEST_CSV_NAME} successfully completed \u001b[0m" + installPackage +} + +init +run +echo -e "\u001b[32m Done. \u001b[0m" diff --git a/olm/update-nightly-bundle.sh b/olm/update-nightly-bundle.sh new file mode 100755 index 000000000..e6d4a52db --- /dev/null +++ b/olm/update-nightly-bundle.sh @@ -0,0 +1,109 @@ +#!/bin/bash +# +# Copyright (c) 2012-2020 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation + +set -e + +if [ -z "${BASE_DIR}" ]; then + BASE_DIR=$(cd "$(dirname "$0")"; pwd) +fi + +if [ -z "${OPERATOR_SDK_BINARY}" ]; then + OPERATOR_SDK_BINARY=$(command -v operator-sdk) + if [[ ! -x "${OPERATOR_SDK_BINARY}" ]]; then + echo "[ERROR] operator-sdk is not installed." + exit 1 + fi +fi + +operatorVersion=$("${OPERATOR_SDK_BINARY}" version) +[[ $operatorVersion =~ .*v0.10.0.* ]] || { echo "operator-sdk v0.10.0 is required"; exit 1; } + +ROOT_PROJECT_DIR=$(dirname "${BASE_DIR}") +TAG=$1 +source ${BASE_DIR}/check-yq.sh + +if [ -z "${NO_INCREMENT}" ]; then + source "${BASE_DIR}/incrementNightlyBundles.sh" + incrementNightlyVersion +fi + +for platform in 'kubernetes' 'openshift' +do + echo "[INFO] Updating OperatorHub bundle for platform '${platform}' for platform '${platform}'" + + pushd "${ROOT_PROJECT_DIR}" || true + + olmCatalog=${ROOT_PROJECT_DIR}/deploy/olm-catalog + operatorFolder=${olmCatalog}/che-operator + bundleFolder=${olmCatalog}/eclipse-che-preview-${platform} + + bundleCSVName="che-operator.clusterserviceversion.yaml" + NEW_CSV=${bundleFolder}/manifests/${bundleCSVName} + newNightlyBundleVersion=$(yq -r ".spec.version" "${NEW_CSV}") + echo "[INFO] Will create new nightly bundle version: ${newNightlyBundleVersion}" + + "${bundleFolder}"/build-roles.sh + + packageManifestFolderPath=${ROOT_PROJECT_DIR}/deploy/olm-catalog/che-operator/${newNightlyBundleVersion} + packageManifestCSVPath=${packageManifestFolderPath}/che-operator.v${newNightlyBundleVersion}.clusterserviceversion.yaml + + mkdir -p "${packageManifestFolderPath}" + cp -rf "${NEW_CSV}" "${packageManifestCSVPath}" + cp -rf "${bundleFolder}/csv-config.yaml" "${olmCatalog}" + + echo "[INFO] Updating new package version..." + "${OPERATOR_SDK_BINARY}" olm-catalog gen-csv --csv-version "${newNightlyBundleVersion}" 2>&1 | sed -e 's/^/ /' + + cp -rf "${packageManifestCSVPath}" "${NEW_CSV}" + + rm -rf "${operatorFolder}" "${olmCatalog}/csv-config.yaml" + + containerImage=$(sed -n 's|^ *image: *\([^ ]*/che-operator:[^ ]*\) *|\1|p' ${NEW_CSV}) + echo "[INFO] Updating new package version fields:" + echo "[INFO] - containerImage => ${containerImage}" + sed -e "s|containerImage:.*$|containerImage: ${containerImage}|" "${NEW_CSV}" > "${NEW_CSV}.new" + mv "${NEW_CSV}.new" "${NEW_CSV}" + + if [ -z "${NO_DATE_UPDATE}" ]; then + createdAt=$(date -u +%FT%TZ) + echo "[INFO] - createdAt => ${createdAt}" + sed -e "s/createdAt:.*$/createdAt: \"${createdAt}\"/" "${NEW_CSV}" > "${NEW_CSV}.new" + mv "${NEW_CSV}.new" "${NEW_CSV}" + fi + + cp -rf "${ROOT_PROJECT_DIR}/deploy/crds/org_v1_che_crd.yaml" "${bundleFolder}/manifests" + echo "Done for ${platform}" + + if [[ -n "$TAG" ]]; then + echo "[INFO] Set tags in nightly OLM files" + sed -i 's/'$RELEASE'/'$TAG'/g' ${NEW_CSV} + fi + + if [[ $platform == "openshift" ]]; then + # Removes che-tls-secret-creator + index=0 + while [[ $index -le 30 ]] + do + if [[ $(cat ${NEW_CSV} | yq -r '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'].name') == "RELATED_IMAGE_che_tls_secrets_creation_job" ]]; then + yq -rYSi 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'])' ${NEW_CSV} + break + fi + index=$((index+1)) + done + fi + + # Format code. + yq -rY "." "${NEW_CSV}" > "${NEW_CSV}.old" + mv "${NEW_CSV}.old" "${NEW_CSV}" + + popd || true +done diff --git a/olm/update-nightly-olm-files.sh b/olm/update-nightly-olm-files.sh index a2e084487..01e5eff9f 100755 --- a/olm/update-nightly-olm-files.sh +++ b/olm/update-nightly-olm-files.sh @@ -10,6 +10,8 @@ # Contributors: # Red Hat, Inc. - initial API and implementation +# Deprecated. Use olm/update-nightly-bundle.sh instead of it. + set -e CURRENT_DIR=$(pwd)