seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feature: Use image digest in csv (#274) 

* Use image digest in the released csvs. Use correct image for e2e tests. Use correct operator image for olm tests.

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
pull/329/head
Oleksandr Andriienko 2020-07-08 10:43:35 +03:00 committed by GitHub
parent 68bce46909
commit adfe698031
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 2396 additions and 154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
.ci/cico_olm_prcheck.sh Normal file → Executable file
View File

@ -36,16 +36,26 @@ install_Dependencies() {
}
run_olm_tests() {
for platform in 'openshift' 'kubernetes'
for platform in 'kubernetes'
do
# set up ImagePullPolicy for che-operator image
packageName=eclipse-che-preview-${platform}
packageFolderPath="${OPERATOR_REPO}/olm/eclipse-che-preview-${platform}/deploy/olm-catalog/${packageName}"
packageFilePath="${packageFolderPath}/${packageName}.package.yaml"
CSV=$(yq -r ".channels[] | select(.name == \"${CHANNEL}\") | .currentCSV" "${packageFilePath}")
PackageVersion=$(echo "${CSV}" | sed -e "s/${packageName}.v//")
CSVBundle="${packageFolderPath}/${PackageVersion}/${packageName}.v${PackageVersion}.clusterserviceversion.yaml"
yq -rY '.spec.install.spec.deployments[0].spec.template.spec.containers[0].imagePullPolicy |= "IfNotPresent"' "${CSVBundle}" >> "${CSVBundle}"
if [[ ${platform} == 'kubernetes' ]]; then
buildCheOperatorImage "minikube"
printInfo "Starting minikube VM to test kubernetes olm files..."
source ${OPERATOR_REPO}/.ci/start-minikube.sh
sh "${OPERATOR_REPO}"/olm/testCatalogSource.sh ${platform} ${CHANNEL} ${NAMESPACE}
printInfo "Successfully verified olm files on kubernetes platform."
rm -rf ~/.kube && yes | minikube delete
fi
# todo implement check on the openshift 4(crc). To delivery che-operator image we can try to use imageStream feature: https://medium.com/@adilsonbna/importing-an-external-docker-image-into-red-hat-openshift-repository-c25894cd3199
done
}

4
.ci/cico_operator_prcheck.sh
View File

@ -53,8 +53,8 @@ run_tests() {
sh -c "OOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o /operator/run-tests /opt/app-root/src/go/src/github.com/eclipse/che-operator/e2e/*.go"
printInfo "Build operator docker image and load in to minishift VM..."
cd "$OPERATOR_REPO" && docker build -t che/operator -f Dockerfile . && docker save che/operator > operator.tar
eval $(minishift docker-env) && docker load -i operator.tar && rm operator.tar
buildCheOperatorImage "minishift"
printInfo "Runing e2e tests..."
${OPERATOR_REPO}/tmp/run-tests

10
.ci/util/ci_common.sh
View File

@ -82,6 +82,16 @@ github_token_set() {
fi
}
buildCheOperatorImage() {
if [ -z "${1}" ]; then
printError "Platform is required to build che operator image."
fi
PLATFORM="${1}"
OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly"
cd "$OPERATOR_REPO" && docker build -t "${OPERATOR_IMAGE}" -f Dockerfile . && docker save "${OPERATOR_IMAGE}" > operator.tar
eval $(${PLATFORM} docker-env) && docker load -i operator.tar && rm operator.tar
}
minishift_installation() {
MSFT_RELEASE="1.34.2"
printInfo "Downloading Minishift binaries"

1
.gitignore vendored
View File

@ -109,5 +109,6 @@ tags
build/
bin/
olm/generated
# End of https://www.gitignore.io/api/go,vim,emacs,visualstudiocode

17
.vscode/launch.json vendored
View File

@ -1,7 +1,22 @@
{
"version": "0.2.0",
"configurations": [
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (release-olm-files.sh)",
"cwd": "${workspaceFolder}",
"program": "${workspaceFolder}/olm/release-olm-files.sh",
"args": [
"7.13.2"
]
},
{
"type": "bashdb",
"request": "launch",
"name": "Bash-Debug (simplest configuration)",
"program": "${file}"
},
{
"name": "Launch Current File",
"type": "go",

2
deploy/crds/org_v1_che_cr.yaml
View File

@ -70,7 +70,7 @@ spec:
chePostgresPassword: ''
# Postgres database name that Che server uses to connect to. Defaults to dbche
chePostgresDb: ''
# Postgres deployment in format image:tag. Default in https://github.com/eclipse/che-operator/blob/master/deploy/operator.yaml#L57-L58 or operator metadata CSV environment variable IMAGE_default_postgres)
# Postgres deployment in format image:tag. Default in https://github.com/eclipse/che-operator/blob/master/deploy/operator.yaml#L57-L58 or operator metadata CSV environment variable RELATED_IMAGE_postgres)
postgresImage: ''
storage:
# persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume),

20
deploy/operator-local.yaml
View File

@ -45,25 +45,25 @@ spec:
value: che-operator
- name: CHE_VERSION
value: nightly
- name: IMAGE_default_che_server
- name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:nightly
- name: IMAGE_default_plugin_registry
- name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:nightly
- name: IMAGE_default_devfile_registry
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- name: IMAGE_default_che_tls_secrets_creation_job
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
- name: IMAGE_default_pvc_jobs
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-301.1592810506
- name: IMAGE_default_postgres
- name: RELATED_IMAGE_postgres
value: centos/postgresql-96-centos7:9.6
- name: IMAGE_default_keycloak
- name: RELATED_IMAGE_keycloak
value: quay.io/eclipse/che-keycloak:nightly
- name: IMAGE_default_che_workspace_plugin_broker_metadata
- name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
value: quay.io/eclipse/che-plugin-metadata-broker:v3.2.0
- name: IMAGE_default_che_workspace_plugin_broker_artifacts
- name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
value: quay.io/eclipse/che-plugin-artifacts-broker:v3.2.0
- name: IMAGE_default_che_server_secure_exposer_jwt_proxy_image
- name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
value: quay.io/eclipse/che-jwtproxy:fd94e60
- name: CHE_FLAVOR
value: che

20
deploy/operator.yaml
View File

@ -44,25 +44,25 @@ spec:
value: che-operator
- name: CHE_VERSION
value: nightly
- name: IMAGE_default_che_server
- name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:nightly
- name: IMAGE_default_plugin_registry
- name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:nightly
- name: IMAGE_default_devfile_registry
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- name: IMAGE_default_che_tls_secrets_creation_job
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
- name: IMAGE_default_pvc_jobs
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-301.1592810506
- name: IMAGE_default_postgres
- name: RELATED_IMAGE_postgres
value: centos/postgresql-96-centos7:9.6
- name: IMAGE_default_keycloak
- name: RELATED_IMAGE_keycloak
value: quay.io/eclipse/che-keycloak:nightly
- name: IMAGE_default_che_workspace_plugin_broker_metadata
- name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
value: quay.io/eclipse/che-plugin-metadata-broker:v3.2.0
- name: IMAGE_default_che_workspace_plugin_broker_artifacts
- name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
value: quay.io/eclipse/che-plugin-artifacts-broker:v3.2.0
- name: IMAGE_default_che_server_secure_exposer_jwt_proxy_image
- name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
value: quay.io/eclipse/che-jwtproxy:fd94e60
- name: CHE_FLAVOR
value: che

2
make-release.sh
View File

@ -119,7 +119,7 @@ checkImageReferences() {
echo "[ERROR] Unable to find che-keycloak image with version ${RELEASE} in the $filename"; exit 1
fi
if ! grep -q "value: $IMAGE_default_pvc_jobs" $filename; then
if ! grep -q "value: $RELATED_IMAGE_pvc_jobs" $filename; then
echo "[ERROR] Unable to find ubi8_minimal image in the $filename"; exit 1
fi

127
olm/addDigests.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright (c) 2019 Red Hat, Inc.
# Copyright (c) 2019-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -10,6 +10,9 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
set +x
set -e
SCRIPTS_DIR=$(cd "$(dirname "$0")"; pwd)
BASE_DIR="$(pwd)"
QUIET=""
@ -25,9 +28,8 @@ fi
command -v yq >/dev/null 2>&1 || { echo "yq is not installed. Aborting."; exit 1; }
usage () {
echo "Usage: $0 [-w WORKDIR] -s [SOURCE_PATH] -n [csv name] -v [VERSION] "
echo "Example: $0 -w $(pwd) -s eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift -n eclipse-che-preview-openshift -v 7.9.0"
echo "Example: $0 -w $(pwd) -s controller-manifests -n codeready-workspaces -v 2.1.0"
echo "Usage: $0 [-w WORKDIR] [-s SOURCE_PATH] -r [CSV_FILE_PATH_REGEXP] -t [IMAGE_TAG] "
echo "Example: $0 -w $(pwd) -r \"eclipse-che-preview-.*/eclipse-che-preview-.*\.v7.15.0.*yaml\" -t 7.15.0"
}
if [[ $# -lt 1 ]]; then usage; exit; fi
@ -36,53 +38,98 @@ while [[ "$#" -gt 0 ]]; do
case $1 in
'-w') BASE_DIR="$2"; shift 1;;
'-s') SRC_DIR="$2"; shift 1;;
'-n') CSV_NAME="$2"; shift 1;;
'-v') VERSION="$2"; shift 1;;
'-t') IMAGE_TAG="$2"; shift 1;;
'-r') CSV_FILE_PATH_REGEXP="$2"; shift 1;;
'-q') QUIET="-q"; shift 0;;
'--help'|'-h') usage; exit;;
esac
shift 1
done
if [[ ! $SRC_DIR ]] || [[ ! $CSV_NAME ]] || [[ ! $VERSION ]]; then usage; exit 1; fi
if [[ ! ${CSV_FILE_PATH_REGEXP} ]] || [[ ! $IMAGE_TAG ]]; then usage; exit 1; fi
rm -Rf ${BASE_DIR}/generated/${CSV_NAME}/
mkdir -p ${BASE_DIR}/generated/${CSV_NAME}/
cp -R ${BASE_DIR}/${SRC_DIR}/* ${BASE_DIR}/generated/${CSV_NAME}/
CSV_FILES_DIR=${BASE_DIR}
if [ -n "${SRC_DIR}" ]; then
CSV_FILES_DIR="${BASE_DIR}/${SRC_DIR}"
fi
echo "Resolved CSV files dir: ${CSV_FILES_DIR}"
CSV_FILE="$(find ${BASE_DIR}/generated/${CSV_NAME}/*${VERSION}/ -name "${CSV_NAME}.*${VERSION}.clusterserviceversion.yaml" | tail -1)"; # echo "[INFO] CSV = ${CSV_FILE}"
${SCRIPTS_DIR}/buildDigestMap.sh -w ${BASE_DIR} -c ${CSV_FILE} -v ${VERSION} ${QUIET}
echo "find ${CSV_FILES_DIR} -regextype posix-egrep -regex \"${CSV_FILES_DIR}/?${CSV_FILE_PATH_REGEXP}\""
CSV_FILES=( $(find ${CSV_FILES_DIR} -regextype posix-egrep -regex "${CSV_FILES_DIR}/?${CSV_FILE_PATH_REGEXP}") )
RELATED_IMAGE_PREFIX="RELATED_IMAGE_"
# inject relatedImages block
names=" "
count=1
RELATED_IMAGES='. * { spec : { relatedImages: [ '
if [[ ! "${QUIET}" ]]; then cat ${BASE_DIR}/generated/digests-mapping.txt; fi
for mapping in $(cat ${BASE_DIR}/generated/digests-mapping.txt)
rm -Rf "${BASE_DIR}/generated/csv"
mkdir -p "${BASE_DIR}/generated/csv"
# Copy original csv files
for CSV_FILE in "${CSV_FILES[@]}"
do
source=$(echo "${mapping}" | sed -e 's/\(.*\)=.*/\1/')
dest=$(echo "${mapping}" | sed -e 's/.*=\(.*\)/\1/')
sed -i -e "s;${source};${dest};" ${CSV_FILE}
name=$(echo "${dest}" | sed -e 's;.*/\([^\/][^\/]*\)@.*;\1;')
nameWithSpaces=" ${name} "
if [[ "${names}" != *${nameWithSpaces}* ]]; then
if [ "${names}" != " " ]; then
RELATED_IMAGES="${RELATED_IMAGES},"
fi
RELATED_IMAGES="${RELATED_IMAGES} { name: \"${name}\", image: \"${dest}\", tag: \"${source}\"}"
names="${names} ${name} "
fi
echo "CSV file: ${CSV_FILE}"
cp -pR "${CSV_FILE}" "${BASE_DIR}/generated/csv"
csvs_args="${csvs_args} -c ${CSV_FILE}"
done
RELATED_IMAGES="${RELATED_IMAGES} ] } }"
mv ${CSV_FILE} ${CSV_FILE}.old
yq -Y "$RELATED_IMAGES" ${CSV_FILE}.old > ${CSV_FILE}
sed -i ${CSV_FILE} -r -e "s|tag: |# tag: |"
rm -f ${CSV_FILE}.old
# update original file with generated changes
CSV_FILE_ORIG=$(find ${BASE_DIR} -name "${CSV_FILE##*/}" | grep -v generated | tail -1)
mv "${CSV_FILE}" "${CSV_FILE_ORIG}"
echo "[INFO] CSV updated: ${CSV_FILE_ORIG}"
# shellcheck source=buildDigestMap.sh
eval "${SCRIPTS_DIR}/buildDigestMap.sh" -w "${BASE_DIR}" -t "${IMAGE_TAG}" "${csvs_args}" ${QUIET}
if [[ ! "${QUIET}" ]]; then cat "${BASE_DIR}"/generated/digests-mapping.txt; fi
for CSV_FILE in "${CSV_FILES[@]}"
do
CSV_FILE_COPY=${BASE_DIR}/generated/csv/$(basename ${CSV_FILE})
echo "[INFO] Generate digest update for CSV file ${CSV_FILE}"
RELATED_IMAGES=""
RELATED_IMAGES_ENV=""
for mapping in $(cat "${BASE_DIR}/generated/digests-mapping.txt")
do
source=$(echo "${mapping}" | sed -e 's;\(.*\)=.*=.*;\1;')
# Image with digest.
dest=$(echo "${mapping}" | sed -e 's;.*=.*=\(.*\);\1;')
# Image label to set image target. For example: 'devfile-registry-image'
imageLabel=$(echo "${mapping}" | sed -e 's;.*=\(.*\)=.*;\1;')
name=$(echo "${dest}" | sed -e 's;.*/\([^\/][^\/]*\)@.*;\1;')
tagOrDigest=""
if [[ ${source} == *"@"* ]]; then
tagOrDigest="@${source#*@}"
elif [[ ${source} == *":"* ]]; then
tagOrDigest="${source#*:}"
fi
if [[ ${imageLabel} == "plugin-registry-image" ]] || [[ ${imageLabel} == "devfile-registry-image" ]]; then
# Image tag could contains invalid for Env variable name characters, so let's encode it using base32.
# But alphabet of base32 uses one invalid for env variable name character '=' at the end of the line, so let's replace it by '_'.
# To recovery original tag should be done opposite actions: replace '_' to '=', and decode string using 'base32 -d'.
encodedTag=$(echo "${tagOrDigest}" | base32 -w 0 | tr "=" "_")
relatedImageEnvName=$(echo "${RELATED_IMAGE_PREFIX}${name}_${imageLabel}_${encodedTag}" | sed -r 's/[-.]/_/g')
ENV="{ name: \"${relatedImageEnvName}\", value: \"${dest}\"}"
if [[ -z ${RELATED_IMAGES_ENV} ]]; then
RELATED_IMAGES_ENV="${ENV}"
else
RELATED_IMAGES_ENV="${RELATED_IMAGES_ENV}, ${ENV}"
fi
fi
RELATED_IMAGE="{ name: \"${name}-${tagOrDigest}\", image: \"${dest}\", tag: \"${source}\"}"
if [[ -z ${RELATED_IMAGES} ]]; then
RELATED_IMAGES="${RELATED_IMAGE}"
else
RELATED_IMAGES="${RELATED_IMAGES}, ${RELATED_IMAGE}"
fi
sed -i -e "s;${source};${dest};" "${CSV_FILE_COPY}"
done
mv "${CSV_FILE_COPY}" "${CSV_FILE_COPY}.old"
yq -ryY "
( .spec.relatedImages ) += [${RELATED_IMAGES}] |
( .spec.install.spec.deployments[0].spec.template.spec.containers[0].env ) += [${RELATED_IMAGES_ENV}]
" "${CSV_FILE_COPY}.old" > "${CSV_FILE_COPY}"
sed -i "${CSV_FILE_COPY}" -r -e "s|tag: |# tag: |"
rm -f "${CSV_FILE_COPY}.old"
# update original file with generated changes
mv "${CSV_FILE_COPY}" "${CSV_FILE}"
echo "[INFO] CSV updated: ${CSV_FILE}"
done
# cleanup
rm -fr ${BASE_DIR}/generated
rm -fr "${BASE_DIR}/generated"

98
olm/buildDigestMap.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# Copyright (c) 2019 Red Hat, Inc.
# Copyright (c) 2019-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -10,7 +10,7 @@
# Contributors:
# Red Hat, Inc. - initial API and implementation
SCRIPTS_DIR=$(cd "$(dirname "$0")"; pwd)
SCRIPTS_DIR=$(cd "$(dirname "$0")" || exit 1; pwd)
BASE_DIR="$1"
QUIET=""
@ -23,10 +23,11 @@ if [[ ! -x $PODMAN ]]; then
fi
fi
command -v yq >/dev/null 2>&1 || { echo "yq is not installed. Aborting."; exit 1; }
command -v skopeo > /dev/null 2>&1 || { echo "skopeo is not installed. Aborting."; exit 1; }
usage () {
echo "Usage: $0 [-w WORKDIR] -c [/path/to/csv.yaml] "
echo "Example: $0 -w $(pwd) -c $(pwd)/generated/eclipse-che-preview-openshift/7.9.0/eclipse-che-preview-openshift.v7.9.0.clusterserviceversion.yaml"
echo "Usage: $0 [-w WORKDIR] -c [/path/to/csv.yaml] -t [IMAGE_TAG]"
echo "Example: $0 -w $(pwd) -c $(pwd)/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/7.9.0/eclipse-che-preview-kubernetes.v7.9.0.clusterserviceversion.yaml -t 7.9.0"
}
if [[ $# -lt 1 ]]; then usage; exit; fi
@ -34,56 +35,65 @@ if [[ $# -lt 1 ]]; then usage; exit; fi
while [[ "$#" -gt 0 ]]; do
case $1 in
'-w') BASE_DIR="$2"; shift 1;;
'-c') CSV="$2"; shift 1;;
'-v') VERSION="$2"; shift 1;;
'-c') CSV="$2"; CSVS+=("${CSV}");shift 1;;
'-t') IMAGE_TAG="$2"; shift 1;;
'-q') QUIET="-q"; shift 0;;
'--help'|'-h') usage; exit;;
esac
shift 1
done
if [[ ! $CSV ]] || [[ ! $VERSION ]]; then usage; exit 1; fi
if [[ ! $CSV ]] || [[ ! $IMAGE_TAG ]]; then usage; exit 1; fi
mkdir -p ${BASE_DIR}/generated
mkdir -p "${BASE_DIR}/generated"
echo "[INFO] Get images from CSV ${CSV}"
IMAGE_LIST=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name | test("IMAGE_default_.*"; "g")) | .value' "${CSV}")
OPERATOR_IMAGE=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].image' "${CSV}")
# shellcheck source=images.sh
. "${SCRIPTS_DIR}"/images.sh
REGISTRY_LIST=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name | test("IMAGE_default_.*_registry"; "g")) | .value' "${CSV}")
REGISTRY_IMAGES_ALL=""
for registry in ${REGISTRY_LIST}; do
registry="${registry/\@sha256:*/:${VERSION}}" # remove possible existing @sha256:... and use current version instead
# echo -n "[INFO] Pull container ${registry} ..."
${PODMAN} pull ${registry} ${QUIET}
# todo create init method
setImagesFromDeploymentEnv
REGISTRY_IMAGES="$(${PODMAN} run --rm --entrypoint /bin/sh ${registry} -c "cat /var/www/html/*/external_images.txt")"
echo "[INFO] Found $(echo "${REGISTRY_IMAGES}" | wc -l) images in registry"
REGISTRY_IMAGES_ALL="${REGISTRY_IMAGES_ALL} ${REGISTRY_IMAGES}"
done
setOperatorImage
echo "${OPERATOR_IMAGE}"
rm -Rf ${BASE_DIR}/generated/digests-mapping.txt
touch ${BASE_DIR}/generated/digests-mapping.txt
for image in ${OPERATOR_IMAGE} ${IMAGE_LIST} ${REGISTRY_IMAGES_ALL}; do
setPluginRegistryList
echo "${PLUGIN_REGISTRY_LIST}"
setDevfileRegistryList
echo "${DEVFILE_REGISTRY_LIST}"
writeDigest() {
image=$1
imageType=$2
case ${image} in
*@sha256:*)
withDigest="${image}";;
withDigest=${image};;
*@)
continue;;
return;;
*)
digest="$(skopeo inspect --tls-verify=false docker://${image} 2>/dev/null | jq -r '.Digest')"
# for other build methods or for falling back to other registries when not found, can apply transforms here
orig_image=${image}
if [[ -x ${SCRIPTS_DIR}/buildDigestMapAlternateURLs.sh ]]; then
# shellcheck source=buildDigestMapAlternateURLs.sh
. ${SCRIPTS_DIR}/buildDigestMapAlternateURLs.sh
fi
if [[ ${digest} ]]; then
if [[ ! "${QUIET}" ]]; then echo -n "[INFO] Got digest"; fi
echo " $digest # ${image}"
echo " $digest \# ${image}"
else
# for other build methods or for falling back to other registries when not found, can apply transforms here
if [[ -x ${SCRIPTS_DIR}/buildDigestMapAlternateURLs.sh ]]; then
. ${SCRIPTS_DIR}/buildDigestMapAlternateURLs.sh
fi
image="${orig_image}"
digest="$(skopeo inspect --tls-verify=false docker://${image} 2>/dev/null | jq -r '.Digest')"
fi
if [[ -z ${digest} ]]; then
echo "==================== Failed to get digest for image: ${image}======================"
withoutTag=""
withDigest=""
else
withoutTag="$(echo "${image}" | sed -e 's/^\(.*\):[^:]*$/\1/')"
withDigest="${withoutTag}@${digest}";
fi
withoutTag="$(echo "${image}" | sed -e 's/^\(.*\):[^:]*$/\1/')"
withDigest="${withoutTag}@${digest}";;
esac
dots="${withDigest//[^\.]}"
separators="${withDigest//[^\/]}"
@ -92,5 +102,25 @@ for image in ${OPERATOR_IMAGE} ${IMAGE_LIST} ${REGISTRY_IMAGES_ALL}; do
withDigest="docker.io/${withDigest}"
fi
echo "${image}=${withDigest}" >> ${BASE_DIR}/generated/digests-mapping.txt
if [[ -n ${withDigest} ]]; then
echo "${image}=${imageType}=${withDigest}" >> ${DIGEST_FILE}
fi
}
DIGEST_FILE=${BASE_DIR}/generated/digests-mapping.txt
rm -Rf "${DIGEST_FILE}"
touch "${DIGEST_FILE}"
writeDigest "${OPERATOR_IMAGE}" "operator-image"
for image in ${REQUIRED_IMAGES}; do
writeDigest "${image}" "required-image"
done
for image in ${PLUGIN_REGISTRY_LIST}; do
writeDigest "${image}" "plugin-registry-image"
done
for image in ${DEVFILE_REGISTRY_LIST}; do
writeDigest "${image}" "devfile-registry-image"
done

548
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1594133420/eclipse-che-preview-kubernetes.crd.yaml Normal file
View File

@ -0,0 +1,548 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overriden.
type: string
cheHost:
description: Public hostname of the installed Che server. This will
be automatically set by the operator. In most cases the default
value set by the operator should not be overriden.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required (see also the `proxyURL`
field).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyUser` and `proxySecret` fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` field).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

0
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1594133420/eclipse-che-preview-kubernetes.crd.yaml.diff Normal file
View File

401
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1594133420/eclipse-che-preview-kubernetes.v9.9.9-nightly.1594133420.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

61
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1594133420/eclipse-che-preview-kubernetes.v9.9.9-nightly.1594133420.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,61 @@
--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1594019197/eclipse-che-preview-kubernetes.v9.9.9-nightly.1594019197.clusterserviceversion.yaml 2020-07-07 17:50:07.814548652 +0300
+++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1594133420/eclipse-che-preview-kubernetes.v9.9.9-nightly.1594133420.clusterserviceversion.yaml 2020-07-07 17:50:21.588531901 +0300
@@ -52,12 +52,12 @@
categories: Developer Tools
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-07-06T07:06:38Z"
+ createdAt: "2020-07-07T14:50:21Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1594019197
+ name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1594133420
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -252,25 +252,25 @@
value: che-operator
- name: CHE_VERSION
value: nightly
- - name: IMAGE_default_che_server
+ - name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:nightly
- - name: IMAGE_default_plugin_registry
+ - name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:nightly
- - name: IMAGE_default_devfile_registry
+ - name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- - name: IMAGE_default_che_tls_secrets_creation_job
+ - name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
- - name: IMAGE_default_pvc_jobs
+ - name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-301.1592810506
- - name: IMAGE_default_postgres
+ - name: RELATED_IMAGE_postgres
value: centos/postgresql-96-centos7:9.6
- - name: IMAGE_default_keycloak
+ - name: RELATED_IMAGE_keycloak
value: quay.io/eclipse/che-keycloak:nightly
- - name: IMAGE_default_che_workspace_plugin_broker_metadata
+ - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
value: quay.io/eclipse/che-plugin-metadata-broker:v3.2.0
- - name: IMAGE_default_che_workspace_plugin_broker_artifacts
+ - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
value: quay.io/eclipse/che-plugin-artifacts-broker:v3.2.0
- - name: IMAGE_default_che_server_secure_exposer_jwt_proxy_image
+ - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
value: quay.io/eclipse/che-jwtproxy:fd94e60
- name: CHE_FLAVOR
value: che
@@ -397,5 +397,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1593691637
- version: 9.9.9-nightly.1594019197
+ replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1594019197
+ version: 9.9.9-nightly.1594133420

2
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1594019197
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1594133420
name: nightly
- currentCSV: eclipse-che-preview-kubernetes.v7.15.1
name: stable

548
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1594133421/eclipse-che-preview-openshift.crd.yaml Normal file
View File

@ -0,0 +1,548 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overriden.
type: string
cheHost:
description: Public hostname of the installed Che server. This will
be automatically set by the operator. In most cases the default
value set by the operator should not be overriden.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required (see also the `proxyURL`
field).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyUser` and `proxySecret` fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` field).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

0
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1594133421/eclipse-che-preview-openshift.crd.yaml.diff Normal file
View File

445
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1594133421/eclipse-che-preview-openshift.v9.9.9-nightly.1594133421.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

58
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1594133421/eclipse-che-preview-openshift.v9.9.9-nightly.1594133421.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,58 @@
--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1594019198/eclipse-che-preview-openshift.v9.9.9-nightly.1594019198.clusterserviceversion.yaml 2020-07-07 17:50:07.816548649 +0300
+++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1594133421/eclipse-che-preview-openshift.v9.9.9-nightly.1594133421.clusterserviceversion.yaml 2020-07-07 17:50:23.056530116 +0300
@@ -49,12 +49,12 @@
categories: Developer Tools, OpenShift Optional
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-07-06T07:06:38Z"
+ createdAt: "2020-07-07T14:50:21Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces in OpenShift.
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-openshift.v9.9.9-nightly.1594019198
+ name: eclipse-che-preview-openshift.v9.9.9-nightly.1594133421
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -293,23 +293,23 @@
value: che-operator
- name: CHE_VERSION
value: nightly
- - name: IMAGE_default_che_server
+ - name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:nightly
- - name: IMAGE_default_plugin_registry
+ - name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:nightly
- - name: IMAGE_default_devfile_registry
+ - name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- - name: IMAGE_default_pvc_jobs
+ - name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-301.1592810506
- - name: IMAGE_default_postgres
+ - name: RELATED_IMAGE_postgres
value: centos/postgresql-96-centos7:9.6
- - name: IMAGE_default_keycloak
+ - name: RELATED_IMAGE_keycloak
value: quay.io/eclipse/che-keycloak:nightly
- - name: IMAGE_default_che_workspace_plugin_broker_metadata
+ - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata
value: quay.io/eclipse/che-plugin-metadata-broker:v3.2.0
- - name: IMAGE_default_che_workspace_plugin_broker_artifacts
+ - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts
value: quay.io/eclipse/che-plugin-artifacts-broker:v3.2.0
- - name: IMAGE_default_che_server_secure_exposer_jwt_proxy_image
+ - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image
value: quay.io/eclipse/che-jwtproxy:fd94e60
- name: CHE_FLAVOR
value: che
@@ -441,5 +441,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1593691638
- version: 9.9.9-nightly.1594019198
+ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1594019198
+ version: 9.9.9-nightly.1594133421

2
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1594019198
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1594133421
name: nightly
- currentCSV: eclipse-che-preview-openshift.v7.15.1
name: stable

44
olm/images.sh Normal file
View File

@ -0,0 +1,44 @@
#!/bin/bash
#
# Copyright (c) 2019-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
setImagesFromDeploymentEnv() {
REQUIRED_IMAGES=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.value) | select(.name | test("RELATED_IMAGE_.*"; "g")) | .value' "${CSVS[@]}" | sort | uniq)
}
setOperatorImage() {
OPERATOR_IMAGE=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].image' "${CSV}")
}
setPluginRegistryList() {
registry=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name | test("RELATED_IMAGE_.*plugin_registry"; "g")) | .value' "${CSV}")
setRegistryImages "${registry}"
PLUGIN_REGISTRY_LIST=${registryImages}
}
setDevfileRegistryList() {
registry=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name | test("RELATED_IMAGE_.*devfile_registry"; "g")) | .value' "${CSV}")
setRegistryImages "${registry}"
DEVFILE_REGISTRY_LIST=${registryImages}
}
setRegistryImages() {
registry="${1}"
registry="${registry/\@sha256:*/:${IMAGE_TAG}}" # remove possible existing @sha256:... and use current tag instead
echo -n "[INFO] Pull container ${registry} ..."
${PODMAN} pull ${registry} ${QUIET}
registryImages="$(${PODMAN} run --rm --entrypoint /bin/sh "${registry}" -c "cat /var/www/html/*/external_images.txt")"
echo "[INFO] Found $(echo "${registryImages}" | wc -l) images in registry"
}

4
olm/release-olm-files.sh
View File

@ -88,3 +88,7 @@ do
diff -u ${PRE_RELEASE_CRD} ${RELEASE_CRD} > ${RELEASE_CRD}".diff" || true
done
cd "${CURRENT_DIR}"
source ${BASE_DIR}/addDigests.sh -w ${BASE_DIR} \
-r "eclipse-che-preview-.*\.v${RELEASE}.*yaml" \
-t ${RELEASE}

2
olm/update-nightly-olm-files.sh
View File

@ -71,7 +71,7 @@ do
index=0
while [[ $index -le 30 ]]
do
if [[ $(cat ${NEW_CSV} | yq -r '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'].name') == "IMAGE_default_che_tls_secrets_creation_job" ]]; then
if [[ $(cat ${NEW_CSV} | yq -r '.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'].name') == "RELATED_IMAGE_che_tls_secrets_creation_job" ]]; then
yq -rYSi 'del(.spec.install.spec.deployments[0].spec.template.spec.containers[0].env['$index'])' ${NEW_CSV}
break
fi

40
pkg/deploy/defaults.go
View File

@ -98,23 +98,23 @@ func InitDefaults(defaultsPath string) {
func InitDefaultsFromEnv() {
defaultCheVersion = getDefaultFromEnv("CHE_VERSION")
defaultCheServerImage = getDefaultFromEnv("IMAGE_default_che_server")
defaultPluginRegistryImage = getDefaultFromEnv("IMAGE_default_plugin_registry")
defaultDevfileRegistryImage = getDefaultFromEnv("IMAGE_default_devfile_registry")
defaultPvcJobsImage = getDefaultFromEnv("IMAGE_default_pvc_jobs")
defaultPostgresImage = getDefaultFromEnv("IMAGE_default_postgres")
defaultKeycloakImage = getDefaultFromEnv("IMAGE_default_keycloak")
defaultCheServerImage = getDefaultFromEnv("RELATED_IMAGE_che_server")
defaultPluginRegistryImage = getDefaultFromEnv("RELATED_IMAGE_plugin_registry")
defaultDevfileRegistryImage = getDefaultFromEnv("RELATED_IMAGE_devfile_registry")
defaultPvcJobsImage = getDefaultFromEnv("RELATED_IMAGE_pvc_jobs")
defaultPostgresImage = getDefaultFromEnv("RELATED_IMAGE_postgres")
defaultKeycloakImage = getDefaultFromEnv("RELATED_IMAGE_keycloak")
// CRW images for that are mentioned in the Che server che.properties
// For CRW these should be synced by hand with images stored in RH registries
// instead of being synced by script with the content of the upstream `che.properties` file
defaultCheWorkspacePluginBrokerMetadataImage = getDefaultFromEnv("IMAGE_default_che_workspace_plugin_broker_metadata")
defaultCheWorkspacePluginBrokerArtifactsImage = getDefaultFromEnv("IMAGE_default_che_workspace_plugin_broker_artifacts")
defaultCheServerSecureExposerJwtProxyImage = getDefaultFromEnv("IMAGE_default_che_server_secure_exposer_jwt_proxy_image")
defaultCheWorkspacePluginBrokerMetadataImage = getDefaultFromEnv("RELATED_IMAGE_che_workspace_plugin_broker_metadata")
defaultCheWorkspacePluginBrokerArtifactsImage = getDefaultFromEnv("RELATED_IMAGE_che_workspace_plugin_broker_artifacts")
defaultCheServerSecureExposerJwtProxyImage = getDefaultFromEnv("RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image")
// Don't get some k8s specific env
if !util.IsOpenShift {
defaultCheTLSSecretsCreationJobImage = getDefaultFromEnv("IMAGE_default_che_tls_secrets_creation_job")
defaultCheTLSSecretsCreationJobImage = getDefaultFromEnv("RELATED_IMAGE_che_tls_secrets_creation_job")
}
}
@ -122,19 +122,19 @@ func InitDefaultsFromFile(defaultsPath string) {
operatorDeployment := getDefaultsFromFile(defaultsPath)
defaultCheVersion = util.GetDeploymentEnv(operatorDeployment, "CHE_VERSION")
defaultCheServerImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_che_server")
defaultPluginRegistryImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_plugin_registry")
defaultDevfileRegistryImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_devfile_registry")
defaultPvcJobsImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_pvc_jobs")
defaultPostgresImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_postgres")
defaultKeycloakImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_keycloak")
defaultCheWorkspacePluginBrokerMetadataImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_che_workspace_plugin_broker_metadata")
defaultCheWorkspacePluginBrokerArtifactsImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_che_workspace_plugin_broker_artifacts")
defaultCheServerSecureExposerJwtProxyImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_che_server_secure_exposer_jwt_proxy_image")
defaultCheServerImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_che_server")
defaultPluginRegistryImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_plugin_registry")
defaultDevfileRegistryImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_devfile_registry")
defaultPvcJobsImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_pvc_jobs")
defaultPostgresImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_postgres")
defaultKeycloakImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_keycloak")
defaultCheWorkspacePluginBrokerMetadataImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_che_workspace_plugin_broker_metadata")
defaultCheWorkspacePluginBrokerArtifactsImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_che_workspace_plugin_broker_artifacts")
defaultCheServerSecureExposerJwtProxyImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image")
// Don't get some k8s specific env
if !util.IsOpenShift {
defaultCheTLSSecretsCreationJobImage = util.GetDeploymentEnv(operatorDeployment, "IMAGE_default_che_tls_secrets_creation_job")
defaultCheTLSSecretsCreationJobImage = util.GetDeploymentEnv(operatorDeployment, "RELATED_IMAGE_che_tls_secrets_creation_job")
}
}

20
pkg/deploy/defaults_test.go
View File

@ -46,25 +46,25 @@ func init() {
switch env.Name {
case "CHE_VERSION":
cheVersionTest = env.Value
case "IMAGE_default_che_server":
case "RELATED_IMAGE_che_server":
cheServerImageTest = env.Value
case "IMAGE_default_plugin_registry":
case "RELATED_IMAGE_plugin_registry":
pluginRegistryImageTest = env.Value
case "IMAGE_default_devfile_registry":
case "RELATED_IMAGE_devfile_registry":
devfileRegistryImageTest = env.Value
case "IMAGE_default_che_tls_secrets_creation_job":
case "RELATED_IMAGE_che_tls_secrets_creation_job":
tlsJobImageTest = env.Value
case "IMAGE_default_pvc_jobs":
case "RELATED_IMAGE_pvc_jobs":
pvcJobsImageTest = env.Value
case "IMAGE_default_postgres":
case "RELATED_IMAGE_postgres":
postgresImageTest = env.Value
case "IMAGE_default_keycloak":
case "RELATED_IMAGE_keycloak":
keycloakImageTest = env.Value
case "IMAGE_default_che_workspace_plugin_broker_metadata":
case "RELATED_IMAGE_che_workspace_plugin_broker_metadata":
brokerMetadataTest = env.Value
case "IMAGE_default_che_workspace_plugin_broker_artifacts":
case "RELATED_IMAGE_che_workspace_plugin_broker_artifacts":
brokerArtifactsTest = env.Value
case "IMAGE_default_che_server_secure_exposer_jwt_proxy_image":
case "RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image":
jwtProxyTest = env.Value
}
}

6
pkg/deploy/deployment_registry.go
View File

@ -34,6 +34,7 @@ func SyncPluginRegistryDeploymentToCluster(checluster *orgv1.CheCluster, cluster
registryMemoryLimit := util.GetValue(string(checluster.Spec.Server.PluginRegistryMemoryLimit), DefaultPluginRegistryMemoryLimit)
registryMemoryRequest := util.GetValue(string(checluster.Spec.Server.PluginRegistryMemoryRequest), DefaultPluginRegistryMemoryRequest)
probePath := "/v3/plugins/"
pluginImagesEnv := util.GetEnvByRegExp("^.*plugin_registry_image.*$")
clusterDeployment, err := getClusterDeployment(PluginRegistryDeploymentName, checluster.Namespace, clusterAPI.Client)
if err != nil {
@ -46,6 +47,7 @@ func SyncPluginRegistryDeploymentToCluster(checluster *orgv1.CheCluster, cluster
checluster,
registryType,
registryImage,
pluginImagesEnv,
registryImagePullPolicy,
registryMemoryLimit,
registryMemoryRequest,
@ -68,6 +70,7 @@ func SyncDevfileRegistryDeploymentToCluster(checluster *orgv1.CheCluster, cluste
registryMemoryLimit := util.GetValue(string(checluster.Spec.Server.DevfileRegistryMemoryLimit), DefaultDevfileRegistryMemoryLimit)
registryMemoryRequest := util.GetValue(string(checluster.Spec.Server.DevfileRegistryMemoryRequest), DefaultDevfileRegistryMemoryRequest)
probePath := "/devfiles/"
devfileImagesEnv := util.GetEnvByRegExp("^.*devfile_registry_image.*$")
clusterDeployment, err := getClusterDeployment(DevfileRegistryDeploymentName, checluster.Namespace, clusterAPI.Client)
if err != nil {
@ -80,6 +83,7 @@ func SyncDevfileRegistryDeploymentToCluster(checluster *orgv1.CheCluster, cluste
checluster,
registryType,
registryImage,
devfileImagesEnv,
registryImagePullPolicy,
registryMemoryLimit,
registryMemoryRequest,
@ -99,6 +103,7 @@ func getSpecRegistryDeployment(
checluster *orgv1.CheCluster,
registryType string,
registryImage string,
env []corev1.EnvVar,
registryImagePullPolicy corev1.PullPolicy,
registryMemoryLimit string,
registryMemoryRequest string,
@ -150,6 +155,7 @@ func getSpecRegistryDeployment(
Protocol: "TCP",
},
},
Env: env,
EnvFrom: []corev1.EnvFromSource{
{
ConfigMapRef: &corev1.ConfigMapEnvSource{

14
pkg/util/util.go
View File

@ -21,6 +21,7 @@ import (
"math/rand"
"net/http"
"os"
"regexp"
"sort"
"strings"
"time"
@ -321,3 +322,16 @@ func GetDeploymentEnvVarSource(deployment *appsv1.Deployment, key string) (value
}
return valueFrom
}
func GetEnvByRegExp(regExp string) []corev1.EnvVar {
var env []corev1.EnvVar
for _, e := range os.Environ() {
pair := strings.SplitN(e, "=", 2)
envName := pair[0]
rxp := regexp.MustCompile(regExp)
if rxp.MatchString(envName) {
env = append(env, corev1.EnvVar{Name: envName, Value: pair[1]})
}
}
return env
}

40
replace-images-tags.sh
View File

@ -40,10 +40,10 @@ replaceImagesTags() {
OPERATOR_YAML="${BASE_DIR}"/deploy/operator.yaml
OPERATOR_LOCAL_YAML="${BASE_DIR}"/deploy/operator-local.yaml
lastDefaultCheServerImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"IMAGE_default_che_server\") | .value" "${OPERATOR_YAML}")
lastDefaultKeycloakImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"IMAGE_default_keycloak\") | .value" "${OPERATOR_YAML}")
lastDefaultPluginRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"IMAGE_default_plugin_registry\") | .value" "${OPERATOR_YAML}")
lastDefaultDevfileRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"IMAGE_default_devfile_registry\") | .value" "${OPERATOR_YAML}")
lastDefaultCheServerImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_che_server\") | .value" "${OPERATOR_YAML}")
lastDefaultKeycloakImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_keycloak\") | .value" "${OPERATOR_YAML}")
lastDefaultPluginRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value" "${OPERATOR_YAML}")
lastDefaultDevfileRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value" "${OPERATOR_YAML}")
wget https://raw.githubusercontent.com/eclipse/che/${CHE_RELEASE_BRANCH}/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties -q -O /tmp/che.properties
PLUGIN_BROKER_METADATA_IMAGE_RELEASE=$(cat /tmp/che.properties| grep "che.workspace.plugin_broker.metadata.image" | cut -d = -f2)
@ -64,28 +64,28 @@ replaceImagesTags() {
cat "${OPERATOR_YAML}" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\") | .image ) = \"quay.io/eclipse/che-operator:${RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"CHE_VERSION\") | .value ) = \"${RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_server\") | .value ) = \"${CHE_SERVER_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_keycloak\") | .value ) = \"${KEYCLOAK_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_pvc_jobs\") | .value ) = \"${UBI8_MINIMAL_IMAGE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_workspace_plugin_broker_metadata\") | .value ) = \"${PLUGIN_BROKER_METADATA_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_workspace_plugin_broker_artifacts\") | .value ) = \"${PLUGIN_BROKER_ARTIFACTS_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_server_secure_exposer_jwt_proxy_image\") | .value ) = \"${JWT_PROXY_IMAGE_RELEASE}\"" \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server\") | .value ) = \"${CHE_SERVER_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_keycloak\") | .value ) = \"${KEYCLOAK_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_pvc_jobs\") | .value ) = \"${UBI8_MINIMAL_IMAGE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_workspace_plugin_broker_metadata\") | .value ) = \"${PLUGIN_BROKER_METADATA_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_workspace_plugin_broker_artifacts\") | .value ) = \"${PLUGIN_BROKER_ARTIFACTS_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image\") | .value ) = \"${JWT_PROXY_IMAGE_RELEASE}\"" \
>> "${NEW_OPERATOR_YAML}"
mv "${NEW_OPERATOR_YAML}" "${OPERATOR_YAML}"
cat "${OPERATOR_LOCAL_YAML}" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\") | .image ) = \"quay.io/eclipse/che-operator:${RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"CHE_VERSION\") | .value ) = \"${RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_server\") | .value ) = \"${CHE_SERVER_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_keycloak\") | .value ) = \"${KEYCLOAK_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_pvc_jobs\") | .value ) = \"${UBI8_MINIMAL_IMAGE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_workspace_plugin_broker_metadata\") | .value ) = \"${PLUGIN_BROKER_METADATA_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_workspace_plugin_broker_artifacts\") | .value ) = \"${PLUGIN_BROKER_ARTIFACTS_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"IMAGE_default_che_server_secure_exposer_jwt_proxy_image\") | .value ) = \"${JWT_PROXY_IMAGE_RELEASE}\"" \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server\") | .value ) = \"${CHE_SERVER_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_keycloak\") | .value ) = \"${KEYCLOAK_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_pvc_jobs\") | .value ) = \"${UBI8_MINIMAL_IMAGE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_workspace_plugin_broker_metadata\") | .value ) = \"${PLUGIN_BROKER_METADATA_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_workspace_plugin_broker_artifacts\") | .value ) = \"${PLUGIN_BROKER_ARTIFACTS_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image\") | .value ) = \"${JWT_PROXY_IMAGE_RELEASE}\"" \
>> "${NEW_OPERATOR_LOCAL_YAML}"
mv "${NEW_OPERATOR_LOCAL_YAML}" "${OPERATOR_LOCAL_YAML}"