From 957038515aabdfa0a577423f5ecf8105d114ac63 Mon Sep 17 00:00:00 2001 From: Oleksandr Andriienko Date: Wed, 1 Dec 2021 17:25:34 +0200 Subject: [PATCH] feat: Add stable helm chart and gh action to release it. (#1203) * feat: Add stable helm chart and gh action to release it. Signed-off-by: Oleksandr Andriienko Co-authored-by: Anatolii Bazko --- .github/workflows/release-helm-charts.yaml | 63 + Makefile | 23 +- helmcharts/{ => next}/Chart.yaml | 0 helmcharts/{ => next}/README.md | 7 +- ...che_chebackupserverconfigurations_crd.yaml | 0 ...org.eclipse.che_checlusterbackups_crd.yaml | 0 ...rg.eclipse.che_checlusterrestores_crd.yaml | 0 .../{ => next}/crds/org_v1_che_crd.yaml | 0 .../{ => next}/templates/cluster_role.yaml | 0 .../templates/cluster_rolebinding.yaml | 2 +- helmcharts/{ => next}/templates/manager.yaml | 2 +- helmcharts/next/templates/namespace.yaml | 16 + .../org.eclipse.che_v1_checluster.yaml | 2 +- helmcharts/{ => next}/templates/role.yaml | 2 +- .../{ => next}/templates/role_binding.yaml | 2 +- .../{ => next}/templates/service_account.yaml | 2 +- helmcharts/{ => next}/values.yaml | 0 helmcharts/stable/Chart.yaml | 37 + helmcharts/stable/README.md | 45 + ...che_chebackupserverconfigurations_crd.yaml | 162 +++ ...org.eclipse.che_checlusterbackups_crd.yaml | 92 ++ ...rg.eclipse.che_checlusterrestores_crd.yaml | 83 ++ helmcharts/stable/crds/org_v1_che_crd.yaml | 1126 +++++++++++++++++ helmcharts/stable/templates/cluster_role.yaml | 668 ++++++++++ .../stable/templates/cluster_rolebinding.yaml | 29 + helmcharts/stable/templates/manager.yaml | 276 ++++ helmcharts/stable/templates/namespace.yaml | 16 + .../org.eclipse.che_v1_checluster.yaml | 68 + helmcharts/stable/templates/role.yaml | 193 +++ helmcharts/stable/templates/role_binding.yaml | 29 + .../stable/templates/service_account.yaml | 22 + helmcharts/stable/values.yaml | 14 + make-release.sh | 7 + 33 files changed, 2969 insertions(+), 19 deletions(-) create mode 100644 .github/workflows/release-helm-charts.yaml rename helmcharts/{ => next}/Chart.yaml (100%) rename helmcharts/{ => next}/README.md (63%) rename helmcharts/{ => next}/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml (100%) rename helmcharts/{ => next}/crds/org.eclipse.che_checlusterbackups_crd.yaml (100%) rename helmcharts/{ => next}/crds/org.eclipse.che_checlusterrestores_crd.yaml (100%) rename helmcharts/{ => next}/crds/org_v1_che_crd.yaml (100%) rename helmcharts/{ => next}/templates/cluster_role.yaml (100%) rename helmcharts/{ => next}/templates/cluster_rolebinding.yaml (94%) rename helmcharts/{ => next}/templates/manager.yaml (99%) create mode 100644 helmcharts/next/templates/namespace.yaml rename helmcharts/{ => next}/templates/org.eclipse.che_v1_checluster.yaml (97%) rename helmcharts/{ => next}/templates/role.yaml (98%) rename helmcharts/{ => next}/templates/role_binding.yaml (94%) rename helmcharts/{ => next}/templates/service_account.yaml (93%) rename helmcharts/{ => next}/values.yaml (100%) create mode 100644 helmcharts/stable/Chart.yaml create mode 100644 helmcharts/stable/README.md create mode 100644 helmcharts/stable/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml create mode 100644 helmcharts/stable/crds/org.eclipse.che_checlusterbackups_crd.yaml create mode 100644 helmcharts/stable/crds/org.eclipse.che_checlusterrestores_crd.yaml create mode 100644 helmcharts/stable/crds/org_v1_che_crd.yaml create mode 100644 helmcharts/stable/templates/cluster_role.yaml create mode 100644 helmcharts/stable/templates/cluster_rolebinding.yaml create mode 100644 helmcharts/stable/templates/manager.yaml create mode 100644 helmcharts/stable/templates/namespace.yaml create mode 100644 helmcharts/stable/templates/org.eclipse.che_v1_checluster.yaml create mode 100644 helmcharts/stable/templates/role.yaml create mode 100644 helmcharts/stable/templates/role_binding.yaml create mode 100644 helmcharts/stable/templates/service_account.yaml create mode 100644 helmcharts/stable/values.yaml diff --git a/.github/workflows/release-helm-charts.yaml b/.github/workflows/release-helm-charts.yaml new file mode 100644 index 000000000..02a188cbe --- /dev/null +++ b/.github/workflows/release-helm-charts.yaml @@ -0,0 +1,63 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +name: Release helm charts + +on: + # manual trigger if required + workflow_dispatch: + inputs: + reason: + description: 'Reason to trigger a release helm charts' + required: false + # trigger on commit to main branch after release + push: + branches: + - main + paths: + - 'version/version.go' + +jobs: + build: + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Install Helm + uses: azure/setup-helm@v1 + with: + version: v3.4.0 + + - name: Release + run: | + helm version + cp -rf "${GITHUB_WORKSPACE}"/helmcharts/stable /tmp/charts + git checkout gh-pages + cp -rf /tmp/charts "${GITHUB_WORKSPACE}"/charts/new + helm package ./charts/new + mkdir -p charts/stable + mv *.tgz charts/stable + rm -rf ./charts/new + + # Generate index.yaml with list Helm packages + helm repo index --url https://eclipse-che.github.io/che-operator/charts charts + + git config --global user.name "Mykhailo Kuznietsov" + git config --global user.email "mkuznets@redhat.com" + export GITHUB_TOKEN=${{ secrets.CHE_BOT_GITHUB_TOKEN }} + + git add . + git commit -am "Add new chart package." --signoff + + git push origin gh-pages diff --git a/Makefile b/Makefile index 96cb21707..bbfa14d12 100644 --- a/Makefile +++ b/Makefile @@ -792,10 +792,16 @@ update-resources: check-requirements update-resource-images update-roles update- done done +update-helmcharts: SHELL := /bin/bash update-helmcharts: add-license-download check-requirements update-resource-images update-roles - HELMCHARTS_TEMPLATES="helmcharts/templates" - HELMCHARTS_CRDS="helmcharts/crds" + helmFolder=$(HELM_FOLDER) + if [ -z "$${helmFolder}" ]; then + helmFolder="next" + fi + HELMCHARTS_TEMPLATES="helmcharts/$${helmFolder}/templates" + HELMCHARTS_CRDS="helmcharts/$${helmFolder}/crds" + echo "[INFO] Update Helm templates $${HELMCHARTS_TEMPLATES}" cp config/manager/manager.yaml $${HELMCHARTS_TEMPLATES} cp config/rbac/cluster_role.yaml $${HELMCHARTS_TEMPLATES} cp config/rbac/cluster_rolebinding.yaml $${HELMCHARTS_TEMPLATES} @@ -804,6 +810,7 @@ update-helmcharts: add-license-download check-requirements update-resource-image cp config/rbac/role_binding.yaml $${HELMCHARTS_TEMPLATES} cp config/samples/org.eclipse.che_v1_checluster.yaml $${HELMCHARTS_TEMPLATES} + echo "[INFO] Update helm CRDs $${HELMCHARTS_CRDS}" cp config/crd/bases/org_v1_che_crd.yaml $${HELMCHARTS_CRDS} cp config/crd/bases/org.eclipse.che_chebackupserverconfigurations_crd.yaml $${HELMCHARTS_CRDS} cp config/crd/bases/org.eclipse.che_checlusterbackups_crd.yaml $${HELMCHARTS_CRDS} @@ -812,12 +819,12 @@ update-helmcharts: add-license-download check-requirements update-resource-image ## Set references to values yq -riY ".spec.k8s.ingressDomain |= \"{{ .Values.k8s.ingressDomain }}\"" $${HELMCHARTS_TEMPLATES}/org.eclipse.che_v1_checluster.yaml - yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/manager.yaml - yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/service_account.yaml - yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/role.yaml - yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/role_binding.yaml - yq -riY '.metadata.namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/org.eclipse.che_v1_checluster.yaml - yq -riY '.subjects[0].namespace = "{{ .Release.Namespace }}"' $${HELMCHARTS_TEMPLATES}/cluster_rolebinding.yaml + yq -riY ".metadata.namespace = \"$(ECLIPSE_CHE_NAMESPACE)\"" $${HELMCHARTS_TEMPLATES}/manager.yaml + yq -riY ".metadata.namespace = \"$(ECLIPSE_CHE_NAMESPACE)\"" $${HELMCHARTS_TEMPLATES}/service_account.yaml + yq -riY ".metadata.namespace = \"$(ECLIPSE_CHE_NAMESPACE)\"" $${HELMCHARTS_TEMPLATES}/role.yaml + yq -riY ".metadata.namespace = \"$(ECLIPSE_CHE_NAMESPACE)\"" $${HELMCHARTS_TEMPLATES}/role_binding.yaml + yq -riY ".metadata.namespace = \"$(ECLIPSE_CHE_NAMESPACE)\"" $${HELMCHARTS_TEMPLATES}/org.eclipse.che_v1_checluster.yaml + yq -riY ".subjects[0].namespace = \"$(ECLIPSE_CHE_NAMESPACE)\"" $${HELMCHARTS_TEMPLATES}/cluster_rolebinding.yaml $(MAKE) add-license $$(find ./helmcharts -name "*.yaml") check-requirements: diff --git a/helmcharts/Chart.yaml b/helmcharts/next/Chart.yaml similarity index 100% rename from helmcharts/Chart.yaml rename to helmcharts/next/Chart.yaml diff --git a/helmcharts/README.md b/helmcharts/next/README.md similarity index 63% rename from helmcharts/README.md rename to helmcharts/next/README.md index e8ca7ff71..e276f66cc 100644 --- a/helmcharts/README.md +++ b/helmcharts/next/README.md @@ -16,14 +16,11 @@ Helm charts to deploy [Eclipse Che](https://www.eclipse.org/che/) ### Installation -Create a Namespace and install the Helm Charts for Eclipse Che Operator. +Install the Helm Charts for Eclipse Che Operator. ``` -NAMESPACE=eclipse-che DOMAIN= -kubectl create namespace $NAMESPACE - # Install charts -helm install che --set k8s.ingressDomain=$DOMAIN --namespace $NAMESPACE . +helm install che --set k8s.ingressDomain=$DOMAIN . ``` diff --git a/helmcharts/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml b/helmcharts/next/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml similarity index 100% rename from helmcharts/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml rename to helmcharts/next/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml diff --git a/helmcharts/crds/org.eclipse.che_checlusterbackups_crd.yaml b/helmcharts/next/crds/org.eclipse.che_checlusterbackups_crd.yaml similarity index 100% rename from helmcharts/crds/org.eclipse.che_checlusterbackups_crd.yaml rename to helmcharts/next/crds/org.eclipse.che_checlusterbackups_crd.yaml diff --git a/helmcharts/crds/org.eclipse.che_checlusterrestores_crd.yaml b/helmcharts/next/crds/org.eclipse.che_checlusterrestores_crd.yaml similarity index 100% rename from helmcharts/crds/org.eclipse.che_checlusterrestores_crd.yaml rename to helmcharts/next/crds/org.eclipse.che_checlusterrestores_crd.yaml diff --git a/helmcharts/crds/org_v1_che_crd.yaml b/helmcharts/next/crds/org_v1_che_crd.yaml similarity index 100% rename from helmcharts/crds/org_v1_che_crd.yaml rename to helmcharts/next/crds/org_v1_che_crd.yaml diff --git a/helmcharts/templates/cluster_role.yaml b/helmcharts/next/templates/cluster_role.yaml similarity index 100% rename from helmcharts/templates/cluster_role.yaml rename to helmcharts/next/templates/cluster_role.yaml diff --git a/helmcharts/templates/cluster_rolebinding.yaml b/helmcharts/next/templates/cluster_rolebinding.yaml similarity index 94% rename from helmcharts/templates/cluster_rolebinding.yaml rename to helmcharts/next/templates/cluster_rolebinding.yaml index 7e3c55889..0741789a6 100644 --- a/helmcharts/templates/cluster_rolebinding.yaml +++ b/helmcharts/next/templates/cluster_rolebinding.yaml @@ -22,7 +22,7 @@ metadata: subjects: - kind: ServiceAccount name: che-operator - namespace: '{{ .Release.Namespace }}' + namespace: eclipse-che roleRef: kind: ClusterRole name: che-operator diff --git a/helmcharts/templates/manager.yaml b/helmcharts/next/templates/manager.yaml similarity index 99% rename from helmcharts/templates/manager.yaml rename to helmcharts/next/templates/manager.yaml index b2e0a790e..e06e4e74a 100644 --- a/helmcharts/templates/manager.yaml +++ b/helmcharts/next/templates/manager.yaml @@ -14,7 +14,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: che-operator - namespace: '{{ .Release.Namespace }}' + namespace: eclipse-che labels: app: che-operator app.kubernetes.io/name: che diff --git a/helmcharts/next/templates/namespace.yaml b/helmcharts/next/templates/namespace.yaml new file mode 100644 index 000000000..9d6210af9 --- /dev/null +++ b/helmcharts/next/templates/namespace.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: v1 +kind: Namespace +metadata: + name: eclipse-che diff --git a/helmcharts/templates/org.eclipse.che_v1_checluster.yaml b/helmcharts/next/templates/org.eclipse.che_v1_checluster.yaml similarity index 97% rename from helmcharts/templates/org.eclipse.che_v1_checluster.yaml rename to helmcharts/next/templates/org.eclipse.che_v1_checluster.yaml index cffb3d039..15da5b17d 100644 --- a/helmcharts/templates/org.eclipse.che_v1_checluster.yaml +++ b/helmcharts/next/templates/org.eclipse.che_v1_checluster.yaml @@ -14,7 +14,7 @@ apiVersion: org.eclipse.che/v1 kind: CheCluster metadata: name: eclipse-che - namespace: '{{ .Release.Namespace }}' + namespace: eclipse-che spec: server: cheFlavor: '' diff --git a/helmcharts/templates/role.yaml b/helmcharts/next/templates/role.yaml similarity index 98% rename from helmcharts/templates/role.yaml rename to helmcharts/next/templates/role.yaml index a560976b5..26ae682a1 100644 --- a/helmcharts/templates/role.yaml +++ b/helmcharts/next/templates/role.yaml @@ -19,7 +19,7 @@ metadata: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/name: che name: che-operator - namespace: '{{ .Release.Namespace }}' + namespace: eclipse-che rules: - apiGroups: - extensions diff --git a/helmcharts/templates/role_binding.yaml b/helmcharts/next/templates/role_binding.yaml similarity index 94% rename from helmcharts/templates/role_binding.yaml rename to helmcharts/next/templates/role_binding.yaml index 43833da8e..332455c95 100644 --- a/helmcharts/templates/role_binding.yaml +++ b/helmcharts/next/templates/role_binding.yaml @@ -19,7 +19,7 @@ metadata: app.kubernetes.io/instance: che app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: che-operator - namespace: '{{ .Release.Namespace }}' + namespace: eclipse-che roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/helmcharts/templates/service_account.yaml b/helmcharts/next/templates/service_account.yaml similarity index 93% rename from helmcharts/templates/service_account.yaml rename to helmcharts/next/templates/service_account.yaml index 6ed62d366..434722d78 100644 --- a/helmcharts/templates/service_account.yaml +++ b/helmcharts/next/templates/service_account.yaml @@ -19,4 +19,4 @@ metadata: app.kubernetes.io/instance: che app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: che-operator - namespace: '{{ .Release.Namespace }}' + namespace: eclipse-che diff --git a/helmcharts/values.yaml b/helmcharts/next/values.yaml similarity index 100% rename from helmcharts/values.yaml rename to helmcharts/next/values.yaml diff --git a/helmcharts/stable/Chart.yaml b/helmcharts/stable/Chart.yaml new file mode 100644 index 000000000..e8fdfb3a3 --- /dev/null +++ b/helmcharts/stable/Chart.yaml @@ -0,0 +1,37 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: v1 +description: A Helm chart for deploying Eclipse Che on a Kubernetes +name: eclipse-che +version: 7.39.0 +annotations: + artifacthub.io/license: EPL-2.0 + artifacthub.io/links: | + - name: repository + url: https://github.com/eclipse-che/che-operator + - name: web-site + url: https://www.eclipse.org/che/ + - name: docs + url: https://www.eclipse.org/che/docs + - name: support + url: https://github.com/eclipse/che + artifacthub.io/provider: Eclipse Foundation + artifacthub.io/maintainers: | + - name: Anatolii Bazko + email: abazko@redhat.com + - name: Mykola Morhun + email: mmorhun@redhat.com + - name: Oleksandr Andriienko + email: oandriie@redhat.com + artifacthub.io/operator: "true" + artifacthub.io/operatorCapabilities: Seamless Upgrades diff --git a/helmcharts/stable/README.md b/helmcharts/stable/README.md new file mode 100644 index 000000000..19bebc013 --- /dev/null +++ b/helmcharts/stable/README.md @@ -0,0 +1,45 @@ +# Eclipse Che Helm Charts + +A collaborative Kubernetes-native development solution that delivers Kubernetes workspaces and in-browser IDE for rapid cloud application development. This operator installs PostgreSQL, Keycloak, Plugin registry, Devfile registry and the Eclipse Che server, as well as configures all these services. + +- [Charts](#charts) + - [Prerequisites](#prerequisites) + - [Installation](#installation) + +## Charts + +Helm charts to deploy [Eclipse Che](https://www.eclipse.org/che/) + +### Prerequisites + +* Minimal Kubernetes version is 1.19 +* Minimal Helm version is 3.2.2 + +### Installation + +Install `Eclipse Che Operator` by following instructions in top right button `Install`. + +A new pod che-operator is created in `eclipse-che` namespace + +```bash +$ kubectl get pods -n eclipse-che +eclipse-che che-operator-554c564476-fl98z 1/1 Running 0 13s +``` + +Use `kubectl edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che configuration. +See more configuration options in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/). + +The deployment process can be tracked by looking at the Operator logs by using the command: + +```bash +$ kubectl logs che-operator-554c564476-fl98z -n eclipse-che -f +important: pod name is different on each installation +``` + +When all Eclipse Che containers are running, the Eclipse Che URL is printed in the logs: + +```bash +time="2019-08-01T13:31:05Z" level=info msg="Eclipse Che is now available at: http://che-eclipse-che.gcp.my-ide.cloud" +``` + +By opening this URL in a web browser, Eclipse Che is ready to use. diff --git a/helmcharts/stable/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml b/helmcharts/stable/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml new file mode 100644 index 000000000..7679ba5ac --- /dev/null +++ b/helmcharts/stable/crds/org.eclipse.che_chebackupserverconfigurations_crd.yaml @@ -0,0 +1,162 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: chebackupserverconfigurations.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheBackupServerConfiguration + listKind: CheBackupServerConfigurationList + plural: chebackupserverconfigurations + singular: chebackupserverconfiguration + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheBackupServerConfiguration` custom resource allows defining + and managing Eclipse Che Backup Server Configurations + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheBackupServerConfigurationSpec defines the desired state + of CheBackupServerConfiguration Only one type of backup server is + allowed to be configured per CR. + properties: + awss3: + description: Amazon S3 or compatible alternatives. + properties: + awsAccessKeySecretRef: + description: Reference to secret that contains awsAccessKeyId + and awsSecretAccessKey keys. + type: string + hostname: + description: Server hostname, defaults to 's3.amazonaws.com'. + Might be customized in case of alternative server. + type: string + port: + description: Backup server port. Usually default value is used. + Might be customized in case of alternative server. + type: integer + protocol: + description: Protocol to use when connection to the server. + Might be customized in case of alternative server. + type: string + repositoryPasswordSecretRef: + description: Holds reference to a secret with restic repository + password under 'repo-password' field to encrypt / decrypt + its content. + type: string + repositoryPath: + description: Bucket name and repository, e.g. bucket/repo + type: string + required: + - awsAccessKeySecretRef + - repositoryPasswordSecretRef + - repositoryPath + type: object + rest: + description: Rest backup server configuration. + properties: + credentialsSecretRef: + description: Secret that contains username and password fields + to login into restic server. Note, each repository is encrypted + with own password. See ResticRepoPasswordSecretRef field. + type: string + hostname: + description: Backup server host + type: string + port: + description: Backup server port + type: integer + protocol: + description: Protocol to use when connection to the server Defaults + to https. + type: string + repositoryPasswordSecretRef: + description: Holds reference to a secret with restic repository + password under 'repo-password' field to encrypt / decrypt + its content. + type: string + repositoryPath: + description: Restic repository path + type: string + required: + - hostname + - repositoryPasswordSecretRef + type: object + sftp: + description: Sftp backup server configuration. + properties: + hostname: + description: Backup server host + type: string + port: + description: Backup server port + type: integer + repositoryPasswordSecretRef: + description: Holds reference to a secret with restic repository + password under 'repo-password' field to encrypt / decrypt + its content. + type: string + repositoryPath: + description: Restic repository path, relative or absolute, e.g. + /srv/repo + type: string + sshKeySecretRef: + description: Private ssh key under 'ssh-privatekey' field for + passwordless login + type: string + username: + description: User login on the remote server + type: string + required: + - hostname + - repositoryPasswordSecretRef + - repositoryPath + - sshKeySecretRef + - username + type: object + type: object + status: + description: CheBackupServerConfigurationStatus defines the observed + state of CheBackupServerConfiguration + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helmcharts/stable/crds/org.eclipse.che_checlusterbackups_crd.yaml b/helmcharts/stable/crds/org.eclipse.che_checlusterbackups_crd.yaml new file mode 100644 index 000000000..6cb073224 --- /dev/null +++ b/helmcharts/stable/crds/org.eclipse.che_checlusterbackups_crd.yaml @@ -0,0 +1,92 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: checlusterbackups.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheClusterBackup + listKind: CheClusterBackupList + plural: checlusterbackups + singular: checlusterbackup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheClusterBackup` custom resource allows defining and + managing Eclipse Che backup + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheClusterBackupSpec defines the desired state of CheClusterBackup + properties: + backupServerConfigRef: + description: Name of custom resource with a backup server configuration + to use for this backup. Note, UseInternalBackupServer field can + configure internal backup server automatically. + type: string + useInternalBackupServer: + description: Automatically setup pod with REST backup server and + use the server in this configuration. Note, this flag takes precedence + and will overwrite existing backup server configuration. + type: boolean + type: object + status: + description: CheClusterBackupStatus defines the observed state of CheClusterBackup + properties: + cheVersion: + description: Version that was backed up + type: string + message: + description: Message explaining the state of the backup or an error + message + type: string + snapshotId: + description: Last backup snapshot ID + type: string + stage: + description: Describes backup progress + type: string + state: + description: 'Backup progress state: InProgress, Failed, Succeeded' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helmcharts/stable/crds/org.eclipse.che_checlusterrestores_crd.yaml b/helmcharts/stable/crds/org.eclipse.che_checlusterrestores_crd.yaml new file mode 100644 index 000000000..be567b8c9 --- /dev/null +++ b/helmcharts/stable/crds/org.eclipse.che_checlusterrestores_crd.yaml @@ -0,0 +1,83 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: checlusterrestores.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheClusterRestore + listKind: CheClusterRestoreList + plural: checlusterrestores + singular: checlusterrestore + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheClusterRestore` custom resource allows defining and + managing Eclipse Che restore + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheClusterRestoreSpec defines the desired state of CheClusterRestore + properties: + backupServerConfigRef: + description: Name of custom resource with a backup server configuration + to use for this restore. Can be omitted if only one server configuration + object exists within the namespace. + type: string + snapshotId: + description: If omitted, latest snapshot will be used. + type: string + type: object + status: + description: CheClusterRestoreStatus defines the observed state of CheClusterRestore + properties: + message: + description: Restore result or error message + type: string + stage: + description: Describes phase of restore progress + type: string + state: + description: 'Restore progress state: InProgress, Failed, Succeeded' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helmcharts/stable/crds/org_v1_che_crd.yaml b/helmcharts/stable/crds/org_v1_che_crd.yaml new file mode 100644 index 000000000..4342ce58e --- /dev/null +++ b/helmcharts/stable/crds/org_v1_che_crd.yaml @@ -0,0 +1,1126 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheCluster` custom resource allows defining and managing + a Che server installation + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on + these settings, the Operator automatically creates and maintains + several ConfigMaps that will contain the appropriate environment variables + the various components of the Che installation. These generated ConfigMaps + must NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication + used by the Che installation. + properties: + debug: + description: Debug internal identity provider. + type: boolean + externalIdentityProvider: + description: 'Instructs the Operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). + Instructs the Operator on whether to deploy a dedicated Identity + Provider (Keycloak or RH-SSO instance). By default, a dedicated + Identity Provider server is deployed as part of the Che installation. + When `externalIdentityProvider` is `true`, no dedicated identity + provider will be deployed by the Operator and you will need + to provide details about the external identity provider you + are about to use. See also all the other fields starting with: + `identityProvider`.' + type: boolean + gatewayAuthenticationSidecarImage: + description: Gateway sidecar responsible for authentication + when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] + or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. + type: string + gatewayAuthorizationSidecarImage: + description: Gateway sidecar responsible for authorization when + NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] + or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] + type: string + gatewayHeaderRewriteSidecarImage: + description: Deprecated. The value of this flag is ignored. + Sidecar functionality is now implemented in Traefik plugin. + type: string + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider administrator + user. Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider, Keycloak or RH-SSO, + `client-id` that is used for Che. Override this when an external + Identity Provider is in use. See the `externalIdentityProvider` + field. When omitted or left blank, it is set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderContainerResources: + description: Identity provider container custom settings. + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + identityProviderImage: + description: Overrides the container image used in the Identity + Provider, Keycloak or RH-SSO, deployment. This includes the + image tag. Omit it or leave it empty to use the default container + image provided by the Operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider, Keycloak or RH-SSO, deployment. Default value is + `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + type: string + identityProviderIngress: + description: Ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderPassword: + description: Overrides the password of Keycloak administrator + user. Override this when an external Identity Provider is + in use. See the `externalIdentityProvider` field. When omitted + or left blank, it is set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for a Identity Provider, Keycloak or RH-SSO, + to connect to the database. Override this when an external + Identity Provider is in use. See the `externalIdentityProvider` + field. When omitted or left blank, it is set to an auto-generated + password. + type: string + identityProviderPostgresSecret: + description: 'The secret that contains `password` for the Identity + Provider, Keycloak or RH-SSO, to connect to the database. + When the secret is defined, the `identityProviderPostgresPassword` + is ignored. When the value is omitted or left blank, the one + of following scenarios applies: 1. `identityProviderPostgresPassword` + is defined, then it will be used to connect to the database. + 2. `identityProviderPostgresPassword` is not defined, then + a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label.' + type: string + identityProviderRealm: + description: Name of a Identity provider, Keycloak or RH-SSO, + realm that is used for Che. Override this when an external + Identity Provider is in use. See the `externalIdentityProvider` + field. When omitted or left blank, it is set to the value + of the `flavour` field. + type: string + identityProviderRoute: + description: Route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderSecret: + description: 'The secret that contains `user` and `password` + for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. When the value + is omitted or left blank, the one of following scenarios applies: + 1. `identityProviderAdminUserName` and `identityProviderPassword` + are defined, then they will be used. 2. `identityProviderAdminUserName` + or `identityProviderPassword` are not defined, then a new + secret with the name `che-identity-secret` will be created + with default value `admin` for `user` and with an auto-generated + value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH-SSO server). Set this ONLY when a use of an external + Identity Provider is needed. See the `externalIdentityProvider` + field. By default, this will be automatically calculated and + set by the Operator. + type: string + initialOpenShiftOAuthUser: + description: For operating with the OpenShift OAuth authentication, + create a new user account since the kubeadmin can not be used. + If the value is true, then a new OpenShift OAuth user will + be created for the HTPasswd identity provider. If the value + is false and the user has already been created, then it will + be removed. If value is an empty, then do nothing. The user's + credentials are stored in the `openshift-oauth-user-credentials` + secret in 'openshift-config' namespace by Operator. Note that + this solution is Openshift 4 platform-specific. + type: boolean + nativeUserMode: + description: Enables native user mode. Currently works only + on OpenShift and DevWorkspace engine. Native User mode uses + OpenShift OAuth directly as identity provider, without Keycloak. + type: boolean + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used + to setup identity federation on the OpenShift side. Auto-generated + when left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift + side. Auto-generated when left blank. See also the `OAuthClientName` + field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider + (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift + by default. This will allow users to directly login with their + OpenShift user through the OpenShift login, and have their + workspaces created under personal OpenShift namespaces. WARNING: + the `kubeadmin` user is NOT supported, and logging through + it will NOT allow accessing the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used + by the Che installation. + properties: + chePostgresContainerResources: + description: PostgreSQL container custom settings + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + chePostgresDb: + description: PostgreSQL database name that the Che server uses + to connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: PostgreSQL Database host name that the Che server + uses to connect to. Defaults is `postgres`. Override this + value ONLY when using an external database. See field `externalDb`. + In the default case it will be automatically set by the Operator. + type: string + chePostgresPassword: + description: PostgreSQL password that the Che server uses to + connect to the DB. When omitted or left blank, it will be + set to an automatically generated value. + type: string + chePostgresPort: + description: PostgreSQL Database port that the Che server uses + to connect to. Defaults to 5432. Override this value ONLY + when using an external database. See field `externalDb`. In + the default case it will be automatically set by the Operator. + type: string + chePostgresSecret: + description: 'The secret that contains PostgreSQL`user` and + `password` that the Che server uses to connect to the DB. + When the secret is defined, the `chePostgresUser` and `chePostgresPassword` + are ignored. When the value is omitted or left blank, the + one of following scenarios applies: 1. `chePostgresUser` and + `chePostgresPassword` are defined, then they will be used + to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` + are not defined, then a new secret with the name `che-postgres-secret` + will be created with default value of `pgche` for `user` and + with an auto-generated value for `password`. The secret must + have `app.kubernetes.io/part-of=che.eclipse.org` label.' + type: string + chePostgresUser: + description: PostgreSQL user that the Che server uses to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the Operator on whether to deploy a + dedicated database. By default, a dedicated PostgreSQL database + is deployed as part of the Che installation. When `externalDb` + is `true`, no dedicated database will be deployed by the Operator + and you will need to provide connection details to the external + DB you are about to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the PostgreSQL + database deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the PostgreSQL + database deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + postgresVersion: + description: 'Indicates a PostgreSQL version image to use. Allowed + values are: `9.6` and `13.3`. Migrate your PostgreSQL database + to switch from one version to another.' + type: string + type: object + devWorkspace: + description: DevWorkspace operator configuration + properties: + controllerImage: + description: Overrides the container image used in the DevWorkspace + controller deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + enable: + description: Deploys the DevWorkspace Operator in the cluster. + Does nothing when a matching version of the Operator is already + installed. Fails when a non-matching version of the Operator + is already installed. + type: boolean + required: + - enable + type: object + imagePuller: + description: Kubernetes Image Puller configuration + properties: + enable: + description: Install and configure the Community Supported Kubernetes + Image Puller Operator. When set to `true` and no spec is provided, + it will create a default KubernetesImagePuller object to be + managed by the Operator. When set to `false`, the KubernetesImagePuller + object will be deleted, and the Operator will be uninstalled, + regardless of whether a spec is provided. If the `spec.images` + field is empty, a set of recommended workspace-related images + will be automatically detected and pre-pulled after installation. + Note that while this Operator and its behavior is community-supported, + its payload may be commercially-supported for pulling commercially-supported + images. + type: boolean + spec: + description: A KubernetesImagePullerSpec to configure the image + puller in the CheCluster + properties: + affinity: + type: string + cachingCPULimit: + type: string + cachingCPURequest: + type: string + cachingIntervalHours: + type: string + cachingMemoryLimit: + type: string + cachingMemoryRequest: + type: string + configMapName: + type: string + daemonsetName: + type: string + deploymentName: + type: string + imagePullSecrets: + type: string + imagePullerImage: + type: string + images: + type: string + nodeSelector: + type: string + type: object + required: + - enable + type: object + k8s: + description: Configuration settings specific to Che installations + made on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controller + will manage ingresses. Defaults to `nginx`. NB: This drives + the `kubernetes.io/ingress.class` annotation on Che-related + ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a Kubernetes cluster. + This MUST be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: 'Strategy for ingress creation. Options are: `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host` (no host + is provided, path-based rules). Defaults to `multi-host` Deprecated + in favor of `serverExposureStrategy` in the `server` section, + which defines this regardless of the cluster type. When both + are defined, the `serverExposureStrategy` option takes precedence.' + type: string + securityContextFsGroup: + description: The FSGroup in which the Che Pod and workspace + Pods containers runs in. Default value is `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che Pod and workspace Pods containers + run as. Default value is `1724`. + type: string + singleHostExposureType: + description: When the serverExposureStrategy is set to `single-host`, + the way the server, registries and workspaces are exposed + is further configured by this property. The possible values + are `native`, which means that the server and workspaces are + exposed using ingresses on K8s or `gateway` where the server + and workspaces are exposed using a custom gateway based on + link:https://doc.traefik.io/traefik/[Traefik]. All the endpoints + whether backed by the ingress or gateway `route` always point + to the subpaths on the same domain. Defaults to `native`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination when TLS is enabled. When the field is empty + string, the default cluster certificate will be used. See + also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` the Che server endpoint. Default + to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server, + the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional host name, or URL, to an alternate container + registry to pull images from. This value overrides the container + registry host name defined in all the default container images + involved in a Che deployment. This is particularly useful + to install Che in a restricted environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container + images involved in a Che deployment. This is particularly + useful to install Eclipse Che in a restricted environment. + type: string + allowUserDefinedWorkspaceNamespaces: + description: Deprecated. The value of this flag is ignored. + Defines that a user is allowed to specify a Kubernetes namespace, + or an OpenShift project, which differs from the default. It's + NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. + The OpenShift infrastructure also uses this property. + type: boolean + cheClusterRoles: + description: A comma-separated list of ClusterRoles that will + be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org` + label. Be aware that the Che Operator has to already have + all permissions in these ClusterRoles to grant them. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults + to `false`. + type: string + cheFlavor: + description: Specifies a variation of the installation. The + options are `che` for upstream Che installations, or `codeready` + for link:https://developers.redhat.com/products/codeready-workspaces/overview[CodeReady + Workspaces] installation. Override the default value only + on necessary occasions. + type: string + cheHost: + description: Public host name of the installed Che server. When + value is omitted, the value it will be automatically set by + the Operator. See the `cheHostTLSSecret` field. + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress or route for the custom host name of the installed + Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label. See the `cheHost` field. + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or + leave it empty to use the default container image provided + by the Operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in + Che deployment. Omit it or leave it empty to use the default + image tag provided by the Operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. + Defaults to `INFO`.' + type: string + cheServerIngress: + description: The Che server ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheServerRoute: + description: The Che server route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che + workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org` + label. The default roles are used when omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will + be applied in the generated `che` ConfigMap to be used by + the Che server, in addition to the values already generated + from other fields of the `CheCluster` custom resource (CR). + When `customCheProperties` contains a property that would + be normally generated in `che` ConfigMap from other CR fields, + the value defined in the `customCheProperties` is used instead. + type: object + dashboardCpuLimit: + description: Overrides the CPU limit used in the dashboard deployment. + In cores. (500m = .5 cores). Default to 500m. + type: string + dashboardCpuRequest: + description: Overrides the CPU request used in the dashboard + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + dashboardImage: + description: Overrides the container image used in the dashboard + deployment. This includes the image tag. Omit it or leave + it empty to use the default container image provided by the + Operator. + type: string + dashboardImagePullPolicy: + description: Overrides the image pull policy used in the dashboard + deployment. Default value is `Always` for `nightly`, `next` + or `latest` images, and `IfNotPresent` in other cases. + type: string + dashboardIngress: + description: Dashboard ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + dashboardMemoryLimit: + description: Overrides the memory limit used in the dashboard + deployment. Defaults to 256Mi. + type: string + dashboardMemoryRequest: + description: Overrides the memory request used in the dashboard + deployment. Defaults to 16Mi. + type: string + dashboardRoute: + description: Dashboard route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryCpuLimit: + description: Overrides the CPU limit used in the devfile registry + deployment. In cores. (500m = .5 cores). Default to 500m. + type: string + devfileRegistryCpuRequest: + description: Overrides the CPU request used in the devfile registry + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + devfileRegistryImage: + description: Overrides the container image used in the devfile + registry deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + devfileRegistryIngress: + description: The devfile registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the devfile + registry deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the devfile + registry deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the devfile + registry deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryRoute: + description: The devfile registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryUrl: + description: Deprecated in favor of `externalDevfileRegistries` + fields. + type: string + disableInternalClusterSVCNames: + description: Disable internal cluster SVC names usage to communicate + between components to speed up the traffic and avoid proxy + issues. + type: boolean + externalDevfileRegistries: + description: External devfile registries, that serves sample, + ready-to-use devfiles. Configure this in addition to a dedicated + devfile registry (when `externalDevfileRegistry` is `false`) + or instead of it (when `externalDevfileRegistry` is `true`) + items: + description: Settings for a configuration of the external + devfile registries. + properties: + url: + description: Public URL of the devfile registry. + type: string + type: object + type: array + externalDevfileRegistry: + description: Instructs the Operator on whether to deploy a dedicated + devfile registry server. By default, a dedicated devfile registry + server is started. When `externalDevfileRegistry` is `true`, + no such dedicated server will be started by the Operator and + configure at least one devfile registry with `externalDevfileRegistries` + field. + type: boolean + externalPluginRegistry: + description: Instructs the Operator on whether to deploy a dedicated + plugin registry server. By default, a dedicated plugin registry + server is started. When `externalPluginRegistry` is `true`, + no such dedicated server will be started by the Operator and + you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: When enabled, the certificate from `che-git-self-signed-cert` + ConfigMap will be propagated to the Che components and provide + particular configuration for Git. Note, the `che-git-self-signed-cert` + ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: boolean + nonProxyHosts: + description: 'List of hosts that will be reached directly, bypassing + the proxy. Specify wild card domain use the following form + `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional + configuration is required, but defining `nonProxyHosts` in + a custom resource leads to merging non proxy hosts lists from + the cluster proxy configuration and ones defined in the custom + resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. + See also the `proxyURL` fields.' + type: string + pluginRegistryCpuLimit: + description: Overrides the CPU limit used in the plugin registry + deployment. In cores. (500m = .5 cores). Default to 500m. + type: string + pluginRegistryCpuRequest: + description: Overrides the CPU request used in the plugin registry + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + pluginRegistryImage: + description: Overrides the container image used in the plugin + registry deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + pluginRegistryIngress: + description: Plugin registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the plugin + registry deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the plugin + registry deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryRoute: + description: Plugin registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryUrl: + description: Public URL of the plugin registry that serves sample + ready-to-use devfiles. Set this ONLY when a use of an external + devfile registry is needed. See the `externalPluginRegistry` + field. By default, this will be automatically calculated by + the Operator. + type: string + proxyPassword: + description: Password of the proxy server. Only use when proxy + configuration is required. See the `proxyURL`, `proxyUser` + and `proxySecret` fields. + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL` and `nonProxyHosts` + fields. + type: string + proxySecret: + description: The secret that contains `user` and `password` + for a proxy server. When the secret is defined, the `proxyUser` + and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: string + proxyURL: + description: URL (protocol+host name) of the proxy server. This + drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only + use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional + configuration is required, but defining `proxyUrl` in a custom + resource leads to overrides the cluster proxy configuration + with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` + from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. + See also the `proxyPort` and `nonProxyHosts` fields. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL`, `proxyPassword` + and `proxySecret` fields. + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. + The Che Operator will automatically detect whether the router + certificate is self-signed and propagate it to other components, + such as the Che server. + type: boolean + serverCpuLimit: + description: Overrides the CPU limit used in the Che server + deployment In cores. (500m = .5 cores). Default to 1. + type: string + serverCpuRequest: + description: Overrides the CPU request used in the Che server + deployment In cores. (500m = .5 cores). Default to 100m. + type: string + serverExposureStrategy: + description: Sets the server and workspaces exposure type. Possible + values are `multi-host`, `single-host`, `default-host`. Defaults + to `multi-host`, which creates a separate ingress, or OpenShift + routes, for every required endpoint. `single-host` makes Che + exposed on a single host name with workspaces exposed on subpaths. + Read the docs to learn about the limitations of this approach. + Also consult the `singleHostExposureType` property to further + configure how the Operator and the Che server make that happen + on Kubernetes. `default-host` exposes the Che server on the + host of the cluster. Read the docs to learn about the limitations + of this approach. + type: string + serverMemoryLimit: + description: Overrides the memory limit used in the Che server + deployment. Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the ConfigMap with public certificates + to add to Java trust store of the Che server. This is often + required when adding the OpenShift OAuth provider, which has + HTTPS endpoint signed with self-signed cert. The Che server + must be aware of its CA cert to be able to request it. This + is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: string + singleHostGatewayConfigMapLabels: + additionalProperties: + type: string + description: The labels that need to be present in the ConfigMaps + representing the gateway configuration. + type: object + singleHostGatewayConfigSidecarImage: + description: The image used for the gateway sidecar that provides + configuration to the gateway. Omit it or leave it empty to + use the default container image provided by the Operator. + type: string + singleHostGatewayImage: + description: The image used for the gateway in the single host + mode. Omit it or leave it empty to use the default container + image provided by the Operator. + type: string + tlsSupport: + description: Deprecated. Instructs the Operator to deploy Che + in TLS mode. This is enabled by default. Disabling TLS sometimes + cause malfunction of some Che components. + type: boolean + useInternalClusterSVCNames: + description: Deprecated in favor of `disableInternalClusterSVCNames`. + type: boolean + workspaceNamespaceDefault: + description: Defines Kubernetes default namespace in which user's + workspaces are created for a case when a user does not override + it. It's possible to use ``, `` and `` + placeholders, such as che-workspace-. In that case, + a new namespace will be created for each user or workspace. + type: string + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the PostgreSQL database. When omitted or left blank, a + default storage class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to start a special Pod + to pre-create a sub-path in the Persistent Volumes. Defaults + to `false`, however it will need to enable it according to + the configuration of your Kubernetes cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `10Gi`. + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit + it or leave it empty to use the default container image provided + by the Operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), + `per-workspace` (one PVC per workspace for all declared volumes) + and `unique` (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims + dedicated to the Che workspaces. When omitted or left blank, + a default storage class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + type: string + cheURL: + description: Public URL to the Che server. + type: string + cheVersion: + description: Current installed Che version. + type: string + dbProvisioned: + description: Indicates that a PostgreSQL instance has been correctly + provisioned or not. + type: boolean + devfileRegistryURL: + description: Public URL to the devfile registry. + type: string + devworkspaceStatus: + description: The status of the Devworkspace subsystem + properties: + gatewayHost: + description: GatewayHost is the resolved host of the ingress/route. + This is equal to the Host in the spec on Kubernetes but contains + the actual host name of the route if Host is unspecified on + OpenShift. + type: string + gatewayPhase: + description: GatewayPhase specifies the phase in which the gateway + deployment currently is. If the gateway is disabled, the phase + is "Inactive". + type: string + message: + description: Message contains further human-readable info for + why the Che cluster is in the phase it currently is. + type: string + phase: + description: Phase is the phase in which the Che cluster as + a whole finds itself in. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Che cluster is in this state. + type: string + workspaceBaseDomain: + description: The resolved workspace base domain. This is either + the copy of the explicitly defined property of the same name + in the spec or, if it is undefined in the spec and we're running + on OpenShift, the automatically resolved basedomain for routes. + type: string + type: object + gitHubOAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the GitHub OAuth. + type: boolean + helpLink: + description: A URL that points to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been provisioned with realm, client and user. + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server, Keycloak + or RH-SSO,. + type: string + message: + description: A human readable message indicating details about why + the Pod is in this condition. + type: string + openShiftOAuthUserCredentialsSecret: + description: OpenShift OAuth secret in `openshift-config` namespace + that contains user credentials for HTPasswd identity provider. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the OpenShift + OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the plugin registry. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Pod is in this state. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/helmcharts/stable/templates/cluster_role.yaml b/helmcharts/stable/templates/cluster_role.yaml new file mode 100644 index 000000000..9caa4678d --- /dev/null +++ b/helmcharts/stable/templates/cluster_role.yaml @@ -0,0 +1,668 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: che-operator + labels: + app.kubernetes.io/name: che + app.kubernetes.io/instance: che + app.kubernetes.io/part-of: che.eclipse.org + app.kubernetes.io/component: che-operator +rules: + ### CHE-OPERATOR ROLES ONLY: BEGIN + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - oauths + verbs: + - get + - list + - watch + - patch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - list + - delete + - apiGroups: + - user.openshift.io + resources: + - identities + verbs: + - delete + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - list + - create + - watch + - update + - get + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - delete + - apiGroups: + - authorization.openshift.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - delete + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + - checlusters/status + - checlusterbackups + - checlusterbackups/status + - checlusterbackups/finalizers + - checlusterrestores + - checlusterrestores/status + - backupserverconfigurations + - backupserverconfigurations/status + - chebackupserverconfigurations + verbs: + - '*' + - apiGroups: + - project.openshift.io + resources: + - projectrequests + verbs: + - create + - update + - apiGroups: + - project.openshift.io + resources: + - projects + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - update + - watch + - apiGroups: + - '' + resources: + - pods/exec + verbs: + - create + - apiGroups: + - apps + resources: + - secrets + verbs: + - list + - apiGroups: + - '' + resources: + - secrets + verbs: + - list + - get + - create + - update + - patch + - delete + - apiGroups: + - '' + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - watch + - delete + - apiGroups: + - '' + resources: + - pods + verbs: + - get + - list + - create + - watch + - delete + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - '' + resources: + - events + verbs: + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - list + - get + - patch + - delete + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - create + - watch + - get + - delete + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - create + - update + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + verbs: + - get + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - list + - get + - watch + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + - certificates + verbs: + - create + - get + - list + - update + - apiGroups: + - '' + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resourceNames: + - che-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - update + - watch + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - che.eclipse.org + resources: + - kubernetesimagepullers + verbs: + - '*' + - apiGroups: + - config.openshift.io + resources: + - consoles + resourceNames: + - cluster + verbs: + - get + ### CHE-OPERATOR ROLES ONLY: END + # devworkspace-controller-view-workspaces.ClusterRole.yaml + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - get + - list + - watch + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - components + verbs: + - get + - list + - watch + # devworkspace-controller-edit-workspaces.ClusterRole.yaml + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - components + verbs: + - create + - delete + - deletecollection + - patch + - update + # devworkspace-controller-leader-election-role.Role.yaml + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + # devworkspace-controller-proxy-role.ClusterRole.yaml + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + # devworkspace-controller-role.ClusterRole.yaml + - apiGroups: + - "" + resourceNames: + - workspace-preferences-configmap + resources: + - configmaps + verbs: + - create + - delete + - get + - patch + - apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + verbs: + - '*' + - apiGroups: + - "" + resources: + - events + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resourceNames: + - workspace-credentials-secret + resources: + - secrets + verbs: + - create + - delete + - get + - patch + - apiGroups: + - "" + resources: + - services + verbs: + - '*' + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resourceNames: + - devworkspace-controller + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - apps + - extensions + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controller.devfile.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - workspace.devfile.io + resources: + - '*' + verbs: + - '*' + # devworkspace-controller-view-workspaces.ClusterRole.yaml + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - get + - list + - watch + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - components + verbs: + - get + - list + - watch diff --git a/helmcharts/stable/templates/cluster_rolebinding.yaml b/helmcharts/stable/templates/cluster_rolebinding.yaml new file mode 100644 index 000000000..0741789a6 --- /dev/null +++ b/helmcharts/stable/templates/cluster_rolebinding.yaml @@ -0,0 +1,29 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: che-operator + labels: + app.kubernetes.io/name: che + app.kubernetes.io/instance: che + app.kubernetes.io/part-of: che.eclipse.org + app.kubernetes.io/component: che-operator +subjects: + - kind: ServiceAccount + name: che-operator + namespace: eclipse-che +roleRef: + kind: ClusterRole + name: che-operator + apiGroup: rbac.authorization.k8s.io diff --git a/helmcharts/stable/templates/manager.yaml b/helmcharts/stable/templates/manager.yaml new file mode 100644 index 000000000..682834f29 --- /dev/null +++ b/helmcharts/stable/templates/manager.yaml @@ -0,0 +1,276 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: che-operator + namespace: eclipse-che + labels: + app: che-operator + app.kubernetes.io/name: che + app.kubernetes.io/instance: che + app.kubernetes.io/component: che-operator +spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: che-operator + app.kubernetes.io/name: che + app.kubernetes.io/instance: che + app.kubernetes.io/component: che-operator + spec: + containers: + - name: che-operator + image: quay.io/eclipse/che-operator:7.39.2 + command: + - /manager + args: + - --leader-elect + imagePullPolicy: Always + ports: + - containerPort: 60000 + name: metrics + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: 7.39.2 + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server:7.39.2 + - name: RELATED_IMAGE_dashboard + value: quay.io/eclipse/che-dashboard:7.39.2 + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry:7.39.2 + - name: RELATED_IMAGE_devfile_registry + value: quay.io/eclipse/che-devfile-registry:7.39.2 + - name: RELATED_IMAGE_che_tls_secrets_creation_job + value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad + - name: RELATED_IMAGE_pvc_jobs + value: registry.access.redhat.com/ubi8-minimal:8.5-204 + - name: RELATED_IMAGE_postgres + value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392 + - name: RELATED_IMAGE_postgres_13_3 + value: quay.io/eclipse/che--centos--postgresql-13-centos7:1-71b24684d64da46f960682cc4216222a7e4ed8b1a31dd5a865b3e71afdea20d2 + - name: RELATED_IMAGE_keycloak + value: quay.io/eclipse/che-keycloak:7.39.2 + - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata + value: quay.io/eclipse/che-plugin-metadata-broker:v3.4.0 + - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts + value: quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0 + - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image + value: quay.io/eclipse/che-jwtproxy:0.10.0 + - name: RELATED_IMAGE_single_host_gateway + value: quay.io/eclipse/che--traefik:v2.5.0-eb30f9f09a65cee1fab5ef9c64cb4ec91b800dc3fdd738d62a9d4334f0114683 + - name: RELATED_IMAGE_single_host_gateway_config_sidecar + value: quay.io/che-incubator/configbump:0.1.4 + - name: RELATED_IMAGE_devworkspace_controller + value: quay.io/devfile/devworkspace-controller:v0.9.0 + - name: RELATED_IMAGE_internal_rest_backup_server + value: quay.io/eclipse/che-backup-server-rest:eeacd92 + - name: RELATED_IMAGE_gateway_authentication_sidecar + value: quay.io/openshift/origin-oauth-proxy:4.7 + - name: RELATED_IMAGE_gateway_authorization_sidecar + value: quay.io/openshift/origin-kube-rbac-proxy:4.7 + - name: RELATED_IMAGE_gateway_header_sidecar + value: quay.io/che-incubator/header-rewrite-proxy:latest + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: CHE_IDENTITY_SECRET + value: che-identity-secret + - name: CHE_IDENTITY_POSTGRES_SECRET + value: che-identity-postgres-secret + - name: CHE_POSTGRES_SECRET + value: che-postgres-secret + - name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME + value: ca-certs + - name: MAX_CONCURRENT_RECONCILES + value: '1' + - name: ALLOW_DEVWORKSPACE_ENGINE + value: 'true' + - name: ADD_COMPONENT_READINESS_INIT_CONTAINERS + value: 'false' + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNDCMNSTEZJTHFTGKZJWMI4WKNDBHBRDIZJYGY4DCMZYGBRWKMRUGYZDMNZUGU4TOYJUHBRDQMLDGEZTCY3CMJTDANJVMRSDKZBQMMZQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:4bce2e39fee6b9e4a8b4e8681380ce2462674597a48b81c131cbbf055dd5d0c3 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUN3DMY3GMMBQMQZWMMTEMFTDANBWG42TMMJYMM2DAODFGA4GMMBRHFTDENLCHEYWKYZQHBSDENZZGA4TIZTEMRRDAMLGGU2TSNJQGJRA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:7cf6f00d3f2daf04675618c408e08f019f25b91ec08d279094fddb01f559502b + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUMTFGJRDGNLGMIZTGYZXHA3TGOBTGY4DIMRXMIYGEMJUME2DMNJZMI3GEMBTGEYTGZBYHA3TINZSMM2DINLBMU3DCNLEHE3TMMLEGM4Q____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:2e2b35fb33c78738368427b0b14a4659b6b03113d887472c445ae615d9761d39 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUYLFGUYTENDFGMYTSODBMM3DSNZXMNQTSNZTMFQWMNBYHA2WCMJUMU4DAMDEGY2DOYZZGZQTEM3EGE2WCMTCGZRGCYTCMU4GMZLGGJQQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:ae5124e3198ac6977ca973aaf4885a14e800d647c96a23d15a2b6babbe8fef2a + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUMTFGQ4WMYLGMI4WCYJWGUYTSZTDGYZTAMJZME3TEYJUGUZDMMRSGJRDMOJQGVSWIMBRMRRTIOBUMMZWKOLGGUYTGMLBMUYDAYRVGQ3A____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:2e49fafb9aa6519fc63019a72a4526222b6905ed01dc484c3e9f5131ae00b546 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUMRXGY3TMNLDMYZWKNTGGU2GCZJTMJSDOMBTGI2TCMZSMVTDAYRXHEYDCOJXHE4GCZTDGA4DCYZVMZTDMNZVGA3TMNZZHE2WIZRQMMZQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:276765cf3e6f54ae3bd70325132ef0b79019798afc081c5ff6750767995df0c3 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUZBVGY2WEOJYMYYTCMDFMZSTIMRUGZTGKMLGGI2WKZJWGJSDONDEG4YGMNDGHE4TSZJUGY3TSZJYMY3TAOBVMYYTQYRRG4YTCZRXGZSA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:d565b98f110efe4246fe1f25ee62d74d70f4f999e4679e8f7085f18b1711f76d + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUOBUHFRTKODFHBQTGNZRMEZGEZRZMVSDONRQGBRWEZRYMM4DINRTMJRGMNLGMZRDINBSG5RWEMLGGJRWINDGGNSDGMRXGQ3TMNRQMU3A____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:849c58e8a371a2bf9ed7600cbf8c8463bbf5ffb4427cb1f2cd4f3d32747660e6 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNJVG4YDGYLFGVTGCZLCMVSGKZJVGZTGIY3FGM4DOOLGMEZDEOBRMNRTENRQGQ4DQZBYME2DQODGMY3TOZLEGNSDIMDGG43TQZDEMY3Q____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:55703ae5faebedee56fdce3879fa2281cc260488d8a488ff77ed3d40f778ddf7 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUZDGMMZTSYLBMQ4TMZRUGU4GGNZZGZSTOMTBGJSDAYRWGI4GMZDGMQ4DCNZWMU2TMOLEGQ4TCYLDGMZTOMBSGI4TSZLEHBSTQYZXGFRQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:dfc39aad96f458c796e72a2d0b628fdfd8176e569d491ac33702299ed8e8c71c + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUOJXGRSGIMDBGVQWEN3FGA3TKZBXMQZTINDBMYZGKODFGJQTEZRYGBQTANRZMU4GCNLBGRRTSZTGMMZGCNJXMU2DEMLCGYZGCYJRG5QQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:974dd0a5ab7e075d7d344af2e8e2a2f80a069e8a5a4c9ffc2a57e421b62aa17a + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUOBSHE3WMYRRG4ZTEZBYG5SDKNTBGBQWCNDDGY4TCMBVMU3WEY3GGRRDKMBQMU2DAYTCGE3DINBWMQ3DEOBWMMYDOYRYHA2GKYRXGNSA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:8297fb1732d87d56a0aa4c69105e7bcf4b500e40bb16446d6286c07b884eb73d + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUMBZGVRTENBQGU2TAMZTMUZDCOLEGVQTSZRWMZSTSOBTGVRDOOLDGVSDGNBRGZTDAZDGMJRDEMRYMQZDSNJXGEZWKOBRMQZDOYZWGYYQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:095c24055033e219d5a9f6fe9835b79c5d3416f0dfbb228d295713e81d27c661 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNJWMU3TSNRQHA2TOOBYGZQTANLGMM2DKOLFMQ3GKNZTMEYGCMZYGZTDCNBVMEZDINZUMMZDEODDGJRDOY3DMI4TOYJRMQYTQYRUMRTA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:56e7960857886a05fc459ed6e73a0a386f145a2474c228c2b7ccb97a1d18b4df + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUZDCHA3GGOJSGQYTQYRZMY2DAYRSGY2TIYRYMZRTINZTGA3TGNJWHFSTAZDDHBQTAMLEG5QWIYZTGFRTSOJSGVSTKNBWHFSDEYRRGE2A____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:db86c92418b9f40b2654b8fc473073569e0dc8a01d7adc31c9925e5469d2b114 + - name: RELATED_IMAGE_mta_vscode_extension_plugin_registry_image_IBZWQYJSGU3DUOBQGY3TMNJRG4YDQMBSGQYTSODGGUYDKMZSMEYGGNBSGNRDSMJQME4TENDDGFSGIMLFMU2WMMBTGJQTIZDCMIYDKMJYMI4TEMBVHA2A____ + value: quay.io/windupeng/mta-vscode-extension@sha256:8067651708024198f50532a0c423b910a924c1dd1ee5f032a4dbb0518b920584 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNJQGJQWEY3GGY2TSOLGMRQWIYLCMVTDEOBZMRRWCZDDGVRTGMTDME3DEMTGMEYDEYRXGNQTOMTCGEYTGY3BGFSTKZJVMIYTOOJTG42Q____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:502abcf6599fdadabef289dcadc5c32ca622fa02b73a72b113ca1e5e5b179375 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUZRTHE4GKM3GMZSDKMRQGBRTKNTCMY2TMYJWMY3WMOLFHBSGENDBMEZWMNRTHFQTMMJSGU4DKMDGGE3DSNBRGQ2TEOBSGYYGIY3FHBQQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:f398e3ffd5200c56bf56a6f7f9e8db4aa3f639a6125850f169414528260dce8a + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUZJTG42GKYZTGY3TINBXMFTGKYJZMIYTEZRVME4GMNRWHEYGCNTGHE4TGNJSGY2DAODBGM3TGMLGGUZDEYJVGNSTKZBQMJTGGMRYG5TA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:e374ec367447afea9b12f5a8f6690a6f993526408a3731f522a53e5d0bfc287f + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUMTDMI2GMNZQMVSGEY3EMFRDGYRSG44WIYLFGUZWENTBG42TGZBWGNTGKZJQGNRGGYLFGNSDEYJTHA2WKMRUMYZDKZJWHE2WGMBTMRTA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:2cb4f70edbcdab3b279dae53b6a753d63fee03bcae3d2a385e24f25e695c03df + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNDGMRRDANBQGI3GGYTFMRSGEZTFGUZTCOBUMFTGGZBWMZRTKY3CGYYTGMTBGIZGEZJVHAYTAYRRGNSDGODBGEZDKYLGMQYDQMZSGIYQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:4fdb04026cbeddbfe53184afcd6fc5cb6132a22be5810b13d38a125afd083221 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNBZGFRTMMTBGNQWGNZXGVSDKNBSGZSDOMTBGU4WCYZRHBRGIZBVGBTDKZRVMQ3DCZBQG5TGEZTCGM2GKMDDMQ3WMZLEGNSDIZDBGIYQ____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:491c62a3ac775d5426d72a59ac18bdd50f5f5d61d07fbfb34e0cd7fed3d4da21 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNJZG5QTGMDDHFRTGZTDG5SGEYTGMI4WKMBYMIYWEYRSGE3TSZBYMVRDANRSMFSDCNBYGQ4DAZTGGMZDIOBZMI2GMMBRMVRTMNZVMY2A____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:597a30c9c3fc7dbbfb9e08b1bb2179d8eb062ad148480ff32489b4f01ec675f4 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNTEGBRTINBQME3WIYZWGQ4DQMJWMZRWINBYHA2WEOLDMM4DKZRQMVRDAZRTHEYTMNJZMJRDSZTDHBQTSMJSGMYDONLCMVQTONJRGY2Q____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:6d0c440a7dc648816fcd4885b9cc85f0eb0f391659bb9fc8a9123075bea75165 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUMTCME4GMZTGMU3GMMTEGY2GMOBSHA4TMMZWG5QTGNDGMRRDMNJXGY3TEOJYGQ2TIODDG44TANDGHEYDMMJXHBSTQZJQHAZDSNBSG43Q____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:2ba8fffe6f2d64f82896367a34fdb657672984548c7904f906178e8e08294277 + - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUYTCGQYDIZTGMFQTCMRVGY2WEZLCGEZGENDDMQ4DCNRQMNTGCM3GMYZWKZRTMJSTIMRQGQZTAYJWGU3DEZRRMZSTIOBWGM4WGYTGGFTA____ + value: quay.io/eclipse/che-plugin-sidecar@sha256:bb404ffaa12565beb12b4cd8160cfa3ff3ef3be420430a6562f1fe48639cbf1f + - name: RELATED_IMAGE_che_theia_plugin_registry_image_IBZWQYJSGU3DUM3BGFSWGNTBMFTDAZTCGMYWGNJZMJRTANRYG43TEYRZMY2DEMBWMZTGGZBXG5SDQMJYHFQTGZBRME2TQY3FGAYTSZLFGFQWCYZVMRSQ____ + value: quay.io/eclipse/che-theia@sha256:3a1ec6aaf0fb31c59bc068772b9f4206ffcd77d8189a3d1a58ce019ee1aac5de + - name: RELATED_IMAGE_che_machine_exec_plugin_registry_image_IBZWQYJSGU3DUNTGMZSGMNLGMU2DQZBXMEZTANTBGAYGINRRGM2TSNJSMFTDSN3EMM3WMZJWMNTDQZRYMQYGEZBXME4GCNBQMRTGGMJVMNRTONZSG4YQ____ + value: quay.io/eclipse/che-machine-exec@sha256:6ffdf5fe48d7a306a00d6135952af97dc7fe6cf8f8d0bd7a8a40dfc15cc77271 + - name: RELATED_IMAGE_che_theia_endpoint_runtime_binary_plugin_registry_image_IBZWQYJSGU3DUNRWMVTDEM3EGVTGMMZXGE4WGNZSGMYDOYRRGNTDOZBRGVTDAZBQGFSGEZJZMRRWIZRYMRRGKNLDHE4TKODEGYYWCZTDGNQWEMRSMFSQ____ + value: quay.io/eclipse/che-theia-endpoint-runtime-binary@sha256:66ef23d5ff3719c72307b13f7d15f0d01dbe9dcdf8dbe5c9958d61afc3ab22ae + - name: RELATED_IMAGE_che_editor_jupyter_plugin_registry_image_IBZWQYJSGU3DUOBTGQZTSYLFHFSWIY3BMEZWCOJXGUZTMNZUGIZTCNLBG44TCMTGHEZWKNBZHFTDIOJYGQ3WIYJQHE2GGNBYGAYDGMLFMFSTIYTBGQ3Q____ + value: index.docker.io/ksmster/che-editor-jupyter@sha256:83439ae9edcaa3a97536742315a7912f93e499f49847da094c480031eae4ba47 + - name: RELATED_IMAGE_dirigible_openshift_plugin_registry_image_IBZWQYJSGU3DUMZTGY2TMMZVMQYWKMBUGAZTMOJXMRSWCMBWG42GEYTCMRRTONBZMM2GEZJSMRRDEOJYGE4GCOJTMI4GKMLFGUZWGM3DGUYTINBRGEZQ____ + value: index.docker.io/dirigiblelabs/dirigible-openshift@sha256:3365635d1e0403697dea0674bbbdc749c4be2db29818a93b8e1e53c3c5144113 + - name: RELATED_IMAGE_che_idea_plugin_registry_image_IBZWQYJSGU3DUYRQGI3DMM3CGJQWKYJVGIYWEY3CMNQWMZDCMVRTOZLCMEZDOYRWMQ4DANDFGM4DQNLEMM2TIYTCG5SDKYZXG4YWKZBXG5SDIYJZG5TA____ + value: quay.io/che-incubator/che-idea@sha256:b02663b2aea521bcbcafdbec7eba27b6d804e3885dc54bb7d5c771ed77d4a97f + - name: RELATED_IMAGE_che_pycharm_plugin_registry_image_IBZWQYJSGU3DUOJUGI4DGMBUMJQWIZJXGVSTMYRWHEYGENDGGQ4DANLFGE2TONZYMQ2WKZRXMMZGGZLDGMYTSMJQMUZWEZBXGRRTENZTMMYTEYRWGJTA____ + value: quay.io/che-incubator/che-pycharm@sha256:9428304bade75e6b690b4f4805e15778d5ef7c2cec31910e3bd74c273c12b62f + - name: RELATED_IMAGE_eclipse_broadway_plugin_registry_image_IBZWQYJSGU3DUNJXMM4DEY3EHAYDMYJVGZTDMOLBME4DMNRTMY3DQNBQGVSDANZXHBRDMMRYMEZDSYJWGRTGEMJWHA4DCYRRGFRWKOLGGQ4DIZDEME3Q____ + value: index.docker.io/wsskeleton/eclipse-broadway@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7 + - name: RELATED_IMAGE_code_server_plugin_registry_image_IBZWQYJSGU3DUZLGGA3TEOBRGAYDIOJQHFRGEMTDGIZDQNBSGJSGMMTFHE4WCNLCME2WKNBVGBTGGZJXGU2DMYRYMZQTCOBWHA2TEZRSGNRGMNRXGUYQ____ + value: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751 + - name: RELATED_IMAGE_che_buildah_base_plugin_registry_image_IBZWQYJSGU3DUNBRG4ZDAM3EHA3DEOLFMRSDSMTGGE4DOYLGMQZWKYTCGNSDQZDDGI4DGMZYMQZTIOBQHFSWENZVMZTGGMTFGA4GCNBQGBTDQZBVGZRA____ + value: quay.io/eclipse/che-buildah-base@sha256:417203d8629edd92f187afd3ebb3d8dc28338d34809eb75ffc2e08a400f8d56b + - name: RELATED_IMAGE_che_sidecar_workspace_data_sync_plugin_registry_image_IBZWQYJSGU3DUOBYMQYDCMRVHAZTOZBVME2TOY3CGI2GEYRTMVSDQMLFGZQTQZRUGEYTSYJVGA2DGYRXHEZDMYTEGJRGIMBRG4YTAOBVGRRTINDGGEYA____ + value: quay.io/eclipse/che-sidecar-workspace-data-sync@sha256:88d0125837d5a57cb24bb3ed81e6a8f4119a5043b7926bd2bd01710854c44f10 + - name: RELATED_IMAGE_che_buildkit_base_plugin_registry_image_IBZWQYJSGU3DUZLGMZQTSODEMQZGGZLEGMYGENJSGBRDENLBMZTGMMLBHA4DAZBRGIYWGZRWMIZWMODBMI2DEYJVGE2DSZLBMRQTINTCME3TSM3DMU4Q____ + value: quay.io/eclipse/che-buildkit-base@sha256:effa98dd2ced30b520b25afff1a880d121cf6b3f8ab42a5149eada46ba793ce9 + - name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWCOJRGVSGEN3CMVRWCOBXGE4TQZTDMQ3TQNRQGA4DMOJYHFTGKODBGMZDOYJRME2GMNRVGA4DAMRVMI3DIYLCGI4GMY3DG42DEM3CGI______ + value: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2 + - name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWMZTEMYZDIMZRMJRGGNTEHFQTSZBSMEYDGZJZGVRGEYTFHBQWIYRUHFQWEOLFMFRTGMBRMYZDMODBGM2TAMZYMM4DIMRYHAZDKOLDGE______ + value: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:ffdf2431bbc6d9a9d2a03e95bbbe8adb49ab9eac301f268a35038c84288259c1 + - name: RELATED_IMAGE_che__centos__mysql_57_centos7_devfile_registry_image_NRQXIZLTOQWWKMBYMVSTIZBUGNRDOMZVGY3DANZWHA2WENRZMJSGKNRTGM2WKMRXMNTDEMDDGAZDAZRTGQ2WENTDGZRTKOJUGAYDCOBTHA4DENZWGQ______ + value: quay.io/eclipse/che--centos--mysql-57-centos7@sha256:e08ee4d43b7356607685b69bde6335e27cf20c020f345b6c6c59400183882764 + - name: RELATED_IMAGE_che_cpp_rhel7_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-cpp-rhel7@sha256:aaf8cb7ff6d0559867fd14c59ddb87e7e642ab2dcb99807f407e95f2c45e1f84 + - name: RELATED_IMAGE_che_dotnet_2_2_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-dotnet-2.2@sha256:4463170271629f235ddcd53fddfe8ce19ac70d918fd008613b6983b4e5782139 + - name: RELATED_IMAGE_che_dotnet_3_1_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-dotnet-3.1@sha256:58ac9fd8aeff6a1d0ceb8d6b4eb64d439cb55b0a8b42fbbd2ebb8e876cff140c + - name: RELATED_IMAGE_che_golang_1_17_devfile_registry_image_GE2DGZRSG42A____ + value: quay.io/eclipse/che-golang-1.17@sha256:4386b101e197768ce569dddb53e96e647e9cc5184eb28ede61e8f782f5516004 + - name: RELATED_IMAGE_che_java11_gradle_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-java11-gradle@sha256:2a3079baf4556b3a81d54def3d293ecd54109130155b36a968ccdfe0e4ebb4cf + - name: RELATED_IMAGE_che_java11_maven_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-java11-maven@sha256:cc9e3cb0b00357ed118c130ce9f8e8e4724c718f8e2a1bd294f81696116d7b32 + - name: RELATED_IMAGE_che_java8_maven_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-java8-maven@sha256:efff1c6b997cc14099173b3a7e94e700afcde3b246822888955f9e637aefcbdb + - name: RELATED_IMAGE_che_nodejs10_community_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-nodejs10-community@sha256:6ce1df02636cb02b4c07947a99cb75538b7a04a7a578d3941878d46f496c57c4 + - name: RELATED_IMAGE_che_nodejs10_ubi_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-nodejs10-ubi@sha256:87cb1ba4929c367eac010ab2b65ee04a67b0b0ecd0070b204204a7ed27308953 + - name: RELATED_IMAGE_che_nodejs12_community_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-nodejs12-community@sha256:66fd9710610641572b99479cfc13282b60c55a0cbe87042cfc7ea536a3ea4122 + - name: RELATED_IMAGE_che_nodejs8_centos_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-nodejs8-centos@sha256:b796be7ea39f9b7a1a43fad69a6093fe4d30fde0dbc4aa2b5fb4d44e9e0b3cbb + - name: RELATED_IMAGE_che_php_7_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-php-7@sha256:9e75e4202a53defd59a3901a569cfcee7269dbe31a9a6866e8c6d98aaa799b17 + - name: RELATED_IMAGE_che_python_3_8_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-python-3.8@sha256:d6e3bc3336514080d706cc399b479bc278cfdfe2aa8e254df108b194c04980eb + - name: RELATED_IMAGE_che_quarkus_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-quarkus@sha256:5a08ef7ecd394c78b1002be3ece6afb1fd084f28b0d48319443e01e805057928 + - name: RELATED_IMAGE_che_rust_1_39_devfile_registry_image_MNSTANJSGZTA____ + value: quay.io/eclipse/che-rust-1.39@sha256:4b9f381ca0cb1f6efe1f56572a2698aa4e9b62e7c0f92da9b60bcf0c5e85733d + - name: RELATED_IMAGE_ubi8_minimal_devfile_registry_image_HAXDG___ + value: registry.access.redhat.com/ubi8-minimal@sha256:2f6b88c037c0503da7704bccd3fc73cb76324101af39ad28f16460e7bce98324 + - name: RELATED_IMAGE_ubi_minimal_devfile_registry_image_ + value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:16da4d4c5cb289433305050a06834b7328769f8a5257ad5b4a5006465a0379ff + livenessProbe: + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 10 + failureThreshold: 10 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 10 + successThreshold: 1 + timeoutSeconds: 5 + securityContext: + privileged: false + readOnlyRootFilesystem: false + capabilities: + drop: + - ALL + resources: + limits: + cpu: 500m + memory: 5Gi + requests: + cpu: 100m + memory: 64Mi + hostIPC: false + hostNetwork: false + hostPID: false + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 20 \ No newline at end of file diff --git a/helmcharts/stable/templates/namespace.yaml b/helmcharts/stable/templates/namespace.yaml new file mode 100644 index 000000000..9d6210af9 --- /dev/null +++ b/helmcharts/stable/templates/namespace.yaml @@ -0,0 +1,16 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: v1 +kind: Namespace +metadata: + name: eclipse-che diff --git a/helmcharts/stable/templates/org.eclipse.che_v1_checluster.yaml b/helmcharts/stable/templates/org.eclipse.che_v1_checluster.yaml new file mode 100644 index 000000000..15da5b17d --- /dev/null +++ b/helmcharts/stable/templates/org.eclipse.che_v1_checluster.yaml @@ -0,0 +1,68 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: org.eclipse.che/v1 +kind: CheCluster +metadata: + name: eclipse-che + namespace: eclipse-che +spec: + server: + cheFlavor: '' + cheClusterRoles: '' + cheWorkspaceClusterRole: '' + serverTrustStoreConfigMapName: '' + gitSelfSignedCert: false + tlsSupport: true + proxyURL: '' + proxyPort: '' + proxyUser: '' + proxyPassword: '' + nonProxyHosts: '' + workspaceNamespaceDefault: "-che" + allowUserDefinedWorkspaceNamespaces: false + serverExposureStrategy: '' + database: + externalDb: false + chePostgresHostName: '' + chePostgresPort: '' + chePostgresUser: '' + chePostgresPassword: '' + chePostgresDb: '' + storage: + pvcStrategy: 'common' + pvcClaimSize: '10Gi' + preCreateSubPaths: true + postgresPVCStorageClassName: '' + workspacePVCStorageClassName: '' + auth: + initialOpenShiftOAuthUser: true + externalIdentityProvider: false + identityProviderURL: '' + identityProviderAdminUserName: '' + identityProviderPassword: '' + identityProviderRealm: '' + identityProviderClientId: '' + oAuthClientName: '' + oAuthSecret: '' + k8s: + ingressDomain: '{{ .Values.k8s.ingressDomain }}' + ingressClass: '' + ingressStrategy: '' + tlsSecretName: 'che-tls' + securityContextFsGroup: '' + securityContextRunAsUser: '' + singleHostExposureType: '' + metrics: + enable: true + devWorkspace: + enable: false diff --git a/helmcharts/stable/templates/role.yaml b/helmcharts/stable/templates/role.yaml new file mode 100644 index 000000000..26ae682a1 --- /dev/null +++ b/helmcharts/stable/templates/role.yaml @@ -0,0 +1,193 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/component: che-operator + app.kubernetes.io/instance: che + app.kubernetes.io/part-of: che.eclipse.org + app.kubernetes.io/name: che + name: che-operator + namespace: eclipse-che +rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + - checlusterbackups + - checlusterbackups/status + - checlusterbackups/finalizers + - checlusterrestores + - checlusterrestores/status + - backupserverconfigurations + - backupserverconfigurations/status + - chebackupserverconfigurations + verbs: + - '*' + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + - clusterserviceversions + - operatorgroups + verbs: + - '*' + - apiGroups: + - packages.operators.coreos.com + resources: + - packagemanifests + verbs: + - get + - list + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - apps + resourceNames: + - che-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch diff --git a/helmcharts/stable/templates/role_binding.yaml b/helmcharts/stable/templates/role_binding.yaml new file mode 100644 index 000000000..332455c95 --- /dev/null +++ b/helmcharts/stable/templates/role_binding.yaml @@ -0,0 +1,29 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: che-operator + labels: + app.kubernetes.io/name: che + app.kubernetes.io/instance: che + app.kubernetes.io/part-of: che.eclipse.org + app.kubernetes.io/component: che-operator + namespace: eclipse-che +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: che-operator +subjects: + - kind: ServiceAccount + name: che-operator diff --git a/helmcharts/stable/templates/service_account.yaml b/helmcharts/stable/templates/service_account.yaml new file mode 100644 index 000000000..434722d78 --- /dev/null +++ b/helmcharts/stable/templates/service_account.yaml @@ -0,0 +1,22 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: che-operator + labels: + app.kubernetes.io/name: che + app.kubernetes.io/instance: che + app.kubernetes.io/part-of: che.eclipse.org + app.kubernetes.io/component: che-operator + namespace: eclipse-che diff --git a/helmcharts/stable/values.yaml b/helmcharts/stable/values.yaml new file mode 100644 index 000000000..57fdf0889 --- /dev/null +++ b/helmcharts/stable/values.yaml @@ -0,0 +1,14 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +k8s: + ingressDomain: "192.168.99.101.nip.io" diff --git a/make-release.sh b/make-release.sh index 082c1ee83..5ff237ed8 100755 --- a/make-release.sh +++ b/make-release.sh @@ -210,6 +210,12 @@ updateVersionFile() { git commit -m "ci: Update VERSION to $RELEASE" --signoff } +releaseHelmPackage() { + echo "[INFO] releaseHelmPackage :: release Helm package" + yq -rYi ".version=\"${RELEASE}\"" "$RELEASE_DIR/helmcharts/stable/Chart.yaml" + make update-helmcharts HELM_FOLDER="stable" +} + releaseOlmFiles() { echo "[INFO] releaseOlmFiles :: Release OLM files" echo "[INFO] releaseOlmFiles :: Launch 'olm/release-olm-files.sh' script" @@ -305,6 +311,7 @@ run() { checkoutToReleaseBranch updateVersionFile releaseOperatorCode + releaseHelmPackage if [[ $RELEASE_OLM_FILES == "true" ]]; then releaseOlmFiles fi