seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: Remove Che opertor memory limit workaround (#1190) 

Remove Che opertor memory limit workaround

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
pull/1194/head
Mykola Morhun 2021-11-22 17:34:37 +02:00 committed by GitHub
parent 211bb199a3
commit ad498890bb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 112 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/v1/checluster_types.go
View File

@ -104,6 +104,7 @@ type CheClusterSpecServer struct {
// +optional
CheHost string `json:"cheHost,omitempty"`
// Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server.
// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// See the `cheHost` field.
// +optional
CheHostTLSSecret string `json:"cheHostTLSSecret,omitempty"`
@ -114,10 +115,12 @@ type CheClusterSpecServer struct {
// +optional
CheDebug string `json:"cheDebug,omitempty"`
// A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount.
// Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them.
// +optional
CheClusterRoles string `json:"cheClusterRoles,omitempty"`
// Custom cluster role bound to the user for the Che workspaces.
// The role must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// The default roles are used when omitted or left blank.
// +optional
CheWorkspaceClusterRole string `json:"cheWorkspaceClusterRole,omitempty"`
@ -140,9 +143,11 @@ type CheClusterSpecServer struct {
// Name of the ConfigMap with public certificates to add to Java trust store of the Che server.
// This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert.
// The Che server must be aware of its CA cert to be able to request it. This is disabled by default.
// The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// +optional
ServerTrustStoreConfigMapName string `json:"serverTrustStoreConfigMapName,omitempty"`
// When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git.
// Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// +optional
GitSelfSignedCert bool `json:"gitSelfSignedCert"`
// Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components.
@ -296,6 +301,7 @@ type CheClusterSpecServer struct {
// +optional
ProxyPassword string `json:"proxyPassword,omitempty"`
// The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored.
// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// +optional
ProxySecret string `json:"proxySecret,omitempty"`
// Overrides the memory request used in the Che server deployment. Defaults to 512Mi.
@ -369,6 +375,7 @@ type CheClusterSpecDB struct {
// 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB.
// 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret`
// will be created with default value of `pgche` for `user` and with an auto-generated value for `password`.
// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// +optional
ChePostgresSecret string `json:"chePostgresSecret,omitempty"`
// Overrides the container image used in the PostgreSQL database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator.
@ -422,6 +429,7 @@ type CheClusterSpecAuth struct {
// 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used.
// 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name
// `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`.
// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// +optional
IdentityProviderSecret string `json:"identityProviderSecret,omitempty"`
// Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che.
@ -443,6 +451,7 @@ type CheClusterSpecAuth struct {
// When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies:
// 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database.
// 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`.
// The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
// +optional
IdentityProviderPostgresSecret string `json:"identityProviderPostgresSecret,omitempty"`
// Forces the default `admin` Che user to update password on first login. Defaults to `false`.

6
bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
View File

@ -126,7 +126,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-openshift.v7.40.0-373.next
name: eclipse-che-preview-openshift.v7.40.0-374.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -1175,7 +1175,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 5Gi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
@ -1427,4 +1427,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.40.0-373.next
version: 7.40.0-374.next

33
bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml
View File

@ -174,7 +174,9 @@ spec:
is defined, then it will be used to connect to the database.
2. `identityProviderPostgresPassword` is not defined, then
a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
will be created with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderRealm:
description: Name of a Identity provider, Keycloak or RH-SSO,
@ -215,7 +217,8 @@ spec:
or `identityProviderPassword` are not defined, then a new
secret with the name `che-identity-secret` will be created
with default value `admin` for `user` and with an auto-generated
value for `password`.'
value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
@ -328,7 +331,8 @@ spec:
to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword`
are not defined, then a new secret with the name `che-postgres-secret`
will be created with default value of `pgche` for `user` and
with an auto-generated value for `password`.'
with an auto-generated value for `password`. The secret must
have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
@ -513,9 +517,9 @@ spec:
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will
be assigned to Che ServiceAccount. Be aware that the Che Operator
has to already have all permissions in these ClusterRoles
to grant them.
be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. Be aware that the Che Operator has to already have
all permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults
@ -536,7 +540,8 @@ spec:
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress or route for the custom host name of the installed
Che server. See the `cheHost` field.
Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
@ -598,8 +603,8 @@ spec:
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che
workspaces. The default roles are used when omitted or left
blank.
workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
@ -783,7 +788,9 @@ spec:
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert`
ConfigMap will be propagated to the Che components and provide
particular configuration for Git.
particular configuration for Git. Note, the `che-git-self-signed-cert`
ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing
@ -882,7 +889,8 @@ spec:
proxySecret:
description: The secret that contains `user` and `password`
for a proxy server. When the secret is defined, the `proxyUser`
and `proxyPassword` are ignored.
and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This
@ -942,7 +950,8 @@ spec:
required when adding the OpenShift OAuth provider, which has
HTTPS endpoint signed with self-signed cert. The Che server
must be aware of its CA cert to be able to request it. This
is disabled by default.
is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:

6
bundle/next/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml
View File

@ -133,7 +133,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-kubernetes.v7.40.0-334.next
name: eclipse-che-preview-kubernetes.v7.40.0-335.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -1164,7 +1164,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 5Gi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
@ -1394,4 +1394,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.40.0-334.next
version: 7.40.0-335.next

18
bundle/next/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml
View File

@ -115,7 +115,7 @@ spec:
description: Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`.'
description: 'The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
identityProviderRealm:
description: Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field.
@ -136,7 +136,7 @@ spec:
type: string
type: object
identityProviderSecret:
description: 'The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`.'
description: 'The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator.
@ -200,7 +200,7 @@ spec:
description: PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator.
type: string
chePostgresSecret:
description: 'The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`.'
description: 'The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`.
@ -314,7 +314,7 @@ spec:
description: Deprecated. The value of this flag is ignored. Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property.
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them.
description: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults to `false`.
@ -326,7 +326,7 @@ spec:
description: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field.
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. See the `cheHost` field.
description: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator.
@ -368,7 +368,7 @@ spec:
type: string
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces. The default roles are used when omitted or left blank.
description: Custom cluster role bound to the user for the Che workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
@ -488,7 +488,7 @@ spec:
description: Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git.
description: When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.<DOMAIN>` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.'
@ -548,7 +548,7 @@ spec:
description: Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields.
type: string
proxySecret:
description: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored.
description: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields.
@ -575,7 +575,7 @@ spec:
description: Overrides the memory request used in the Che server deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default.
description: Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:

6
bundle/next/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
View File

@ -126,7 +126,7 @@ metadata:
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-openshift.v7.40.0-341.next
name: eclipse-che-preview-openshift.v7.40.0-342.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -1175,7 +1175,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 5Gi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi
@ -1427,4 +1427,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.40.0-341.next
version: 7.40.0-342.next

33
bundle/next/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml
View File

@ -174,7 +174,9 @@ spec:
is defined, then it will be used to connect to the database.
2. `identityProviderPostgresPassword` is not defined, then
a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
will be created with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderRealm:
description: Name of a Identity provider, Keycloak or RH-SSO,
@ -215,7 +217,8 @@ spec:
or `identityProviderPassword` are not defined, then a new
secret with the name `che-identity-secret` will be created
with default value `admin` for `user` and with an auto-generated
value for `password`.'
value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
@ -328,7 +331,8 @@ spec:
to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword`
are not defined, then a new secret with the name `che-postgres-secret`
will be created with default value of `pgche` for `user` and
with an auto-generated value for `password`.'
with an auto-generated value for `password`. The secret must
have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
@ -513,9 +517,9 @@ spec:
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will
be assigned to Che ServiceAccount. Be aware that the Che Operator
has to already have all permissions in these ClusterRoles
to grant them.
be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. Be aware that the Che Operator has to already have
all permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults
@ -536,7 +540,8 @@ spec:
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress or route for the custom host name of the installed
Che server. See the `cheHost` field.
Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
@ -598,8 +603,8 @@ spec:
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che
workspaces. The default roles are used when omitted or left
blank.
workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
@ -783,7 +788,9 @@ spec:
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert`
ConfigMap will be propagated to the Che components and provide
particular configuration for Git.
particular configuration for Git. Note, the `che-git-self-signed-cert`
ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing
@ -882,7 +889,8 @@ spec:
proxySecret:
description: The secret that contains `user` and `password`
for a proxy server. When the secret is defined, the `proxyUser`
and `proxyPassword` are ignored.
and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This
@ -942,7 +950,8 @@ spec:
required when adding the OpenShift OAuth provider, which has
HTTPS endpoint signed with self-signed cert. The Che server
must be aware of its CA cert to be able to request it. This
is disabled by default.
is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:

31
config/crd/bases/org_v1_che_crd-v1beta1.yaml
View File

@ -168,7 +168,8 @@ spec:
is defined, then it will be used to connect to the database. 2.
`identityProviderPostgresPassword` is not defined, then a new
secret with the name `che-identity-postgres-secret` will be created
with an auto-generated value for `password`.'
with an auto-generated value for `password`. The secret must have
`app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
identityProviderRealm:
description: Name of a Identity provider, Keycloak or RH-SSO, realm
@ -208,7 +209,8 @@ spec:
or `identityProviderPassword` are not defined, then a new secret
with the name `che-identity-secret` will be created with default
value `admin` for `user` and with an auto-generated value for
`password`.'
`password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
@ -320,7 +322,9 @@ spec:
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
of `pgche` for `user` and with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
@ -496,9 +500,9 @@ spec:
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will be
assigned to Che ServiceAccount. Be aware that the Che Operator
has to already have all permissions in these ClusterRoles to grant
them.
assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. Be aware that the Che Operator has to already have all
permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults to
@ -518,7 +522,8 @@ spec:
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress or route for the custom host name of the installed Che
server. See the `cheHost` field.
server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
@ -577,7 +582,8 @@ spec:
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used when omitted or left blank.
The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
@ -754,7 +760,9 @@ spec:
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert`
ConfigMap will be propagated to the Che components and provide
particular configuration for Git.
particular configuration for Git. Note, the `che-git-self-signed-cert`
ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing
@ -849,7 +857,8 @@ spec:
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. When the secret is defined, the `proxyUser` and
`proxyPassword` are ignored.
`proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This
@ -908,6 +917,8 @@ spec:
when adding the OpenShift OAuth provider, which has HTTPS endpoint
signed with self-signed cert. The Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:

33
config/crd/bases/org_v1_che_crd.yaml
View File

@ -174,7 +174,9 @@ spec:
is defined, then it will be used to connect to the database.
2. `identityProviderPostgresPassword` is not defined, then
a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
will be created with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderRealm:
description: Name of a Identity provider, Keycloak or RH-SSO,
@ -215,7 +217,8 @@ spec:
or `identityProviderPassword` are not defined, then a new
secret with the name `che-identity-secret` will be created
with default value `admin` for `user` and with an auto-generated
value for `password`.'
value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
@ -328,7 +331,8 @@ spec:
to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword`
are not defined, then a new secret with the name `che-postgres-secret`
will be created with default value of `pgche` for `user` and
with an auto-generated value for `password`.'
with an auto-generated value for `password`. The secret must
have `app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
@ -513,9 +517,9 @@ spec:
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will
be assigned to Che ServiceAccount. Be aware that the Che Operator
has to already have all permissions in these ClusterRoles
to grant them.
be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. Be aware that the Che Operator has to already have
all permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults
@ -536,7 +540,8 @@ spec:
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress or route for the custom host name of the installed
Che server. See the `cheHost` field.
Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
@ -598,8 +603,8 @@ spec:
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che
workspaces. The default roles are used when omitted or left
blank.
workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
@ -783,7 +788,9 @@ spec:
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert`
ConfigMap will be propagated to the Che components and provide
particular configuration for Git.
particular configuration for Git. Note, the `che-git-self-signed-cert`
ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing
@ -882,7 +889,8 @@ spec:
proxySecret:
description: The secret that contains `user` and `password`
for a proxy server. When the secret is defined, the `proxyUser`
and `proxyPassword` are ignored.
and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This
@ -942,7 +950,8 @@ spec:
required when adding the OpenShift OAuth provider, which has
HTTPS endpoint signed with self-signed cert. The Che server
must be aware of its CA cert to be able to request it. This
is disabled by default.
is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:

2
config/manager/manager.yaml
View File

@ -150,7 +150,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 5Gi
memory: 256Mi
requests:
cpu: 100m
memory: 64Mi

1
pkg/deploy/migration/on-reconcile-one-time-migration.go
View File

@ -87,7 +87,6 @@ func (m *Migrator) migrate(ctx *deploy.DeployContext) (bool, error) {
// - spec.database.chePostgresSecret
// - spec.auth.identityProviderSecret
// - spec.auth.identityProviderPostgresSecret
// - spec.auth.oAuthSecret
// - spec.k8s.tlsSecretName
// Note, most of the objects above are autogenerated and do not require any migration,
// but to handle the case when some were created manually or operator updated, the check is done here.