seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Allow to customize cheHost (#380) 

* Allow to customize cheHost

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
pull/399/head
Anatolii Bazko 2020-08-12 11:21:01 +03:00 committed by GitHub
parent bd8679d5a5
commit bcf77d451b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
29 changed files with 2343 additions and 176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
.ci/cico_minishift_nightly.sh Normal file → Executable file
View File

@ -17,6 +17,7 @@ init() {
export SCRIPT_DIR=$(dirname "$SCRIPT")
export RAM_MEMORY=8192
export NAMESPACE="che"
export OPERATOR_IMAGE="quay.io/eclipse/che-operator:test"
export PLATFORM="openshift"
if [[ ${WORKSPACE} ]] && [[ -d ${WORKSPACE} ]]; then
@ -63,14 +64,24 @@ run() {
spec:
auth:
updateAdminPassword: false
openShiftoAuth: false
EOL
self_signed_minishift
# Build operator image
buildCheOperatorImage "minishift" ${OPERATOR_IMAGE}
# Use custom changes, don't pull image from quay.io
cat ${OPERATOR_REPO}/deploy/operator.yaml | \
sed 's|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|' | \
sed 's|quay.io/eclipse/che-operator:nightly|'${OPERATOR_IMAGE}'|' | \
oc apply -n ${NAMESPACE} -f -
echo "======= Che cr patch ======="
cat /tmp/che-cr-patch.yaml
chectl server:start --platform=minishift --skip-kubernetes-health-check --installer=operator --chenamespace=${NAMESPACE} --che-operator-cr-patch-yaml=/tmp/che-cr-patch.yaml
cat /tmp/che-cr-patch.yaml
chectl server:start --platform=minishift --skip-kubernetes-health-check --installer=operator --chenamespace=${NAMESPACE} --che-operator-cr-patch-yaml=/tmp/che-cr-patch.yaml --che-operator-image ${OPERATOR_IMAGE}
# Create and start a workspace
getCheAcessToken # Function from ./util/ci_common.sh
chectl workspace:create --start --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml

8
.ci/cico_olm_minikube.sh
View File

@ -36,6 +36,10 @@ export CHANNEL
NAMESPACE="che"
export NAMESPACE
# Operator image
OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly"
export OPERATOR_IMAGE
# run function run the tests in ci of custom catalog source.
function run() {
# Execute test catalog source script
@ -45,8 +49,8 @@ function run() {
# Create and start a workspace
getCheAcessToken
chectl workspace:create --start --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml
chectl workspace:create --start --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml
getCheAcessToken
chectl workspace:list
waitWorkspaceStart

6
.ci/cico_olm_openshift.sh
View File

@ -53,11 +53,11 @@ function run() {
source "${OPERATOR_REPO}"/.ci/util/ci_common.sh
oc project ${NAMESPACE}
# Create and start a workspace
getCheAcessToken
chectl workspace:create --start --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml
chectl workspace:create --start --devfile=$OPERATOR_REPO/.ci/util/devfile-test.yaml
getCheAcessToken
chectl workspace:list
waitWorkspaceStart

3
.ci/cico_updates_minishift.sh
View File

@ -69,6 +69,9 @@ installLatestCheStable() {
sed -i "s/pluginRegistryImage: ''/pluginRegistryImage: quay.io\/eclipse\/che-plugin-registry:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
sed -i "s/identityProviderImage: ''/identityProviderImage: quay.io\/eclipse\/che-keycloak:"${previousPackageVersion}"/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
# set 'openShiftoAuth: false'
sed -i "s/openShiftoAuth: .*/openShiftoAuth: false/" ${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml
# Start last stable version of che
chectl server:start --platform=minishift --skip-kubernetes-health-check --che-operator-cr-yaml=${OPERATOR_REPO}/tmp/che-operator/crds/org_v1_che_cr.yaml \
--che-operator-image=quay.io/eclipse/che-operator:${previousPackageVersion} --installer=operator

12
.ci/util/ci_common.sh
View File

@ -36,7 +36,7 @@ installStartDocker() {
printInfo "Installing docker..."
yum install --assumeyes -d1 yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
printInfo "Starting docker service..."
yum install --assumeyes -d1 docker-ce
systemctl start docker
@ -86,8 +86,8 @@ buildCheOperatorImage() {
if [ -z "${1}" ]; then
printError "Platform is required to build che operator image."
fi
PLATFORM="${1}"
OPERATOR_IMAGE="quay.io/eclipse/che-operator:nightly"
local PLATFORM="${1}"
local OPERATOR_IMAGE=${2:-"quay.io/eclipse/che-operator:nightly"}
cd "$OPERATOR_REPO" && docker build -t "${OPERATOR_IMAGE}" -f Dockerfile . && docker save "${OPERATOR_IMAGE}" > operator.tar
eval $(${PLATFORM} docker-env) && docker load -i operator.tar && rm operator.tar
}
@ -98,7 +98,7 @@ minishift_installation() {
if [ ! -d "$OPERATOR_REPO/tmp" ]; then mkdir -p "$OPERATOR_REPO/tmp" && chmod 777 "$OPERATOR_REPO/tmp"; fi
curl -L https://github.com/minishift/minishift/releases/download/v$MSFT_RELEASE/minishift-$MSFT_RELEASE-linux-amd64.tgz \
-o ${OPERATOR_REPO}/tmp/minishift-$MSFT_RELEASE-linux-amd64.tar && tar -xvf ${OPERATOR_REPO}/tmp/minishift-$MSFT_RELEASE-linux-amd64.tar -C /usr/local/bin --strip-components=1
printInfo "Setting github token and start a new minishift VM."
github_token_set
minishift start --memory=8192 && eval $(minishift oc-env)
@ -115,14 +115,14 @@ generate_self_signed_certs() {
-out cert.pem \
-days 365 \
-subj "/CN=*.${IP_ADDRESS}.nip.io" \
-nodes && cat cert.pem key.pem > ca.crt
-nodes && cat cert.pem key.pem > ca.crt
}
installEpelRelease() {
if yum repolist | grep epel; then
printWarn "Epel already installed, skipping instalation."
else
#excluding mirror1.ci.centos.org
#excluding mirror1.ci.centos.org
printInfo "Installing epel..."
yum install -d1 --assumeyes epel-release
yum update --assumeyes -d1

13
deploy/crds/org_v1_che_crd.yaml
View File

@ -284,12 +284,17 @@ spec:
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overriden.
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. This will
be automatically set by the operator. In most cases the default
value set by the operator should not be overriden.
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.

2
deploy/operator-local.yaml
View File

@ -52,7 +52,7 @@ spec:
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-345
- name: RELATED_IMAGE_postgres

2
deploy/operator.yaml
View File

@ -51,7 +51,7 @@ spec:
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-345
- name: RELATED_IMAGE_postgres

1
deploy/role.yaml
View File

@ -30,6 +30,7 @@ rules:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:

567
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1597060381/eclipse-che-preview-kubernetes.crd.yaml Normal file
View File

@ -0,0 +1,567 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional configuration
is required, but defining `nonProxyHosts` in a custom resource
leads to merging non proxy hosts lists from the cluster proxy
configuration and ones defined in the custom resources. (see the
doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyURL` fields).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyURL`, `proxyUser` and `proxySecret`
fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. (see also the `proxyURL` and `nonProxyHosts`
fields).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required. Operator respects OpenShift
cluster wide proxy configuration and no additional configuration
is required, but defining `proxyUrl` in a custom resource leads
to overrides the cluster proxy configuration with fields `proxyUrl`,
`proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
(see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyPort` and `nonProxyHosts` fields).
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL`, `proxyPassword`
and `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

24
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1597060381/eclipse-che-preview-kubernetes.crd.yaml.diff Normal file
View File

@ -0,0 +1,24 @@
--- /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1596725014/eclipse-che-preview-kubernetes.crd.yaml 2020-08-10 14:11:43.425472338 +0300
+++ /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1597060381/eclipse-che-preview-kubernetes.crd.yaml 2020-08-10 14:53:02.242181280 +0300
@@ -284,12 +284,17 @@
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
- installation. In most cases the default value should not be overriden.
+ installation. In most cases the default value should not be overridden.
type: string
cheHost:
- description: Public hostname of the installed Che server. This will
- be automatically set by the operator. In most cases the default
- value set by the operator should not be overriden.
+ description: Public hostname of the installed Che server. If value
+ is omitted then it will be automatically set by the operator.
+ (see the `cheHostTLSSecret` field).
+ type: string
+ cheHostTLSSecret:
+ description: Name of a secret containing certificates to secure
+ ingress/route for the custom hostname of the installed Che server.
+ (see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.

402
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1597060381/eclipse-che-preview-kubernetes.v9.9.9-nightly.1597060381.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

35
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1597060381/eclipse-che-preview-kubernetes.v9.9.9-nightly.1597060381.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,35 @@
--- /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1596725014/eclipse-che-preview-kubernetes.v9.9.9-nightly.1596725014.clusterserviceversion.yaml 2020-08-10 14:11:43.425472338 +0300
+++ /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1597060381/eclipse-che-preview-kubernetes.v9.9.9-nightly.1597060381.clusterserviceversion.yaml 2020-08-10 14:53:02.238181268 +0300
@@ -52,13 +52,13 @@
categories: Developer Tools
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-08-06T14:43:35Z"
+ createdAt: "2020-08-10T11:53:02Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1596725014
+ name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1597060381
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -258,7 +258,7 @@
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- name: RELATED_IMAGE_che_tls_secrets_creation_job
- value: quay.io/eclipse/che-tls-secret-creator:alpine-3029769
+ value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.2-345
- name: RELATED_IMAGE_postgres
@@ -398,5 +398,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1596626683
- version: 9.9.9-nightly.1596725014
+ replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1596725014
+ version: 9.9.9-nightly.1597060381

2
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1596725014
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1597060381
name: nightly
- currentCSV: eclipse-che-preview-kubernetes.v7.17.0
name: stable

567
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1597060382/eclipse-che-preview-openshift.crd.yaml Normal file
View File

@ -0,0 +1,567 @@
#
# Copyright (c) 2012-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderPostgresSecret:
description: 'The secret that contains `password` for The Identity
Provider (Keycloak / RH SSO) to connect to the database. If the
secret is defined then `identityProviderPostgresPassword` will
be ignored. If the value is omitted or left blank then there are
two scenarios: 1. `identityProviderPostgresPassword` is defined,
then it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.'
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderSecret:
description: 'The secret that contains `user` and `password` for
Identity Provider. If the secret is defined then `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. If the value is omitted
or left blank then there are two scenarios: 1. `identityProviderAdminUserName`
and `identityProviderPassword` are defined, then they will be
used. 2. `identityProviderAdminUserName` or `identityProviderPassword`
are not defined, then a new secret with the name `che-identity-secret`
will be created with default value `admin` for `user` and with
an auto-generated value for `password`.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by default on OpenShift.
This will allow users to directly login with their Openshift user
through the Openshift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresSecret:
description: 'The secret that contains Postgres `user` and `password`
that the Che server should use to connect to the DB. If the secret
is defined then `chePostgresUser` and `chePostgresPassword` are
ignored. If the value is omitted or left blank then there are
two scenarios: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2. `chePostgresUser`
or `chePostgresPassword` are not defined, then a new secret with
the name `che-postgres-secret` will be created with default value
of `pgche` for `user` and with an auto-generated value for `password`.'
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overridden.
type: string
cheHost:
description: Public hostname of the installed Che server. If value
is omitted then it will be automatically set by the operator.
(see the `cheHostTLSSecret` field).
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress/route for the custom hostname of the installed Che server.
(see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional configuration
is required, but defining `nonProxyHosts` in a custom resource
leads to merging non proxy hosts lists from the cluster proxy
configuration and ones defined in the custom resources. (see the
doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyURL` fields).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyURL`, `proxyUser` and `proxySecret`
fields).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. (see also the `proxyURL` and `nonProxyHosts`
fields).
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. If the secret is defined then `proxyUser` and
`proxyPassword` are ignored
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required. Operator respects OpenShift
cluster wide proxy configuration and no additional configuration
is required, but defining `proxyUrl` in a custom resource leads
to overrides the cluster proxy configuration with fields `proxyUrl`,
`proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
(see the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html)
(see also the `proxyPort` and `nonProxyHosts` fields).
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL`, `proxyPassword`
and `proxySecret` fields).
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. Che
operator will automatically detect if router certificate is self-signed.
If so it will be propagated to Che server and some other components.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the config-map with public certificates to
add to Java trust store of the Che server. This is usually required
when adding the OpenShift OAuth provider which has https endpoint
signed with self-signed cert. So, Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
type: string
tlsSupport:
description: Deprecated. Instructs the operator to deploy Che in
TLS mode. This is enabled by default. Disabling TLS may cause
malfunction of some Che components.
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

24
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1597060382/eclipse-che-preview-openshift.crd.yaml.diff Normal file
View File

@ -0,0 +1,24 @@
--- /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1596725015/eclipse-che-preview-openshift.crd.yaml 2020-08-10 14:11:43.433472354 +0300
+++ /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1597060382/eclipse-che-preview-openshift.crd.yaml 2020-08-10 14:53:02.390181694 +0300
@@ -284,12 +284,17 @@
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
- installation. In most cases the default value should not be overriden.
+ installation. In most cases the default value should not be overridden.
type: string
cheHost:
- description: Public hostname of the installed Che server. This will
- be automatically set by the operator. In most cases the default
- value set by the operator should not be overriden.
+ description: Public hostname of the installed Che server. If value
+ is omitted then it will be automatically set by the operator.
+ (see the `cheHostTLSSecret` field).
+ type: string
+ cheHostTLSSecret:
+ description: Name of a secret containing certificates to secure
+ ingress/route for the custom hostname of the installed Che server.
+ (see the `cheHost` field).
type: string
cheImage:
description: Overrides the container image used in Che deployment.

435
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1597060382/eclipse-che-preview-openshift.v9.9.9-nightly.1597060382.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

34
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1597060382/eclipse-che-preview-openshift.v9.9.9-nightly.1597060382.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,34 @@
--- /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1596725015/eclipse-che-preview-openshift.v9.9.9-nightly.1596725015.clusterserviceversion.yaml 2020-08-10 14:11:43.437472360 +0300
+++ /home/tolusha/gocode/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1597060382/eclipse-che-preview-openshift.v9.9.9-nightly.1597060382.clusterserviceversion.yaml 2020-08-10 14:53:03.322184301 +0300
@@ -49,13 +49,13 @@
categories: Developer Tools, OpenShift Optional
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-08-06T14:43:35Z"
+ createdAt: "2020-08-10T11:53:02Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces in OpenShift.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-openshift.v9.9.9-nightly.1596725015
+ name: eclipse-che-preview-openshift.v9.9.9-nightly.1597060382
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -344,6 +344,7 @@
- route.openshift.io
resources:
- routes
+ - routes/custom-host
verbs:
- '*'
- apiGroups:
@@ -430,5 +431,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1596626684
- version: 9.9.9-nightly.1596725015
+ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1596725015
+ version: 9.9.9-nightly.1597060382

2
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1596725015
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1597060382
name: nightly
- currentCSV: eclipse-che-preview-openshift.v7.17.0
name: stable

13
olm/testCatalogSource.sh
View File

@ -101,8 +101,17 @@ init() {
# 3.CRC: To run in our Code Ready Container Cluster we need have installed podman and running crc cluster...
if [[ "${PLATFORM}" == "kubernetes" ]]
then
echo "[INFO]: Kubernetes platform detected. Starting to build catalog source image..."
eval "$(minikube -p minikube docker-env)"
echo "[INFO]: Kubernetes platform detected"
eval "$(minikube docker-env)"
# Build operator image
echo "[INFO]: Build operator image...${OPERATOR_IMAGE}"
cd "$OPERATOR_REPO" && docker build -t "${OPERATOR_IMAGE}" -f Dockerfile .
# Use operator image in the latest CSV
sed -i 's|imagePullPolicy: Always|imagePullPolicy: IfNotPresent|' "${PACKAGE_FOLDER_PATH}/${PACKAGE_VERSION}/${PACKAGE_NAME}.v${PACKAGE_VERSION}.clusterserviceversion.yaml"
echo "[INFO]: Starting to build catalog source image..."
docker build -t ${CATALOG_SOURCE_IMAGE} -f "${ROOT_DIR}"/eclipse-che-preview-"${PLATFORM}"/Dockerfile \
"${ROOT_DIR}"/eclipse-che-preview-"${PLATFORM}"

11
pkg/apis/org/v1/che_types.go
View File

@ -81,13 +81,18 @@ type CheClusterSpecServer struct {
// +optional
CheImagePullPolicy corev1.PullPolicy `json:"cheImagePullPolicy,omitempty"`
// Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation.
// In most cases the default value should not be overriden.
// In most cases the default value should not be overridden.
// +optional
CheFlavor string `json:"cheFlavor,omitempty"`
// Public hostname of the installed Che server. This will be automatically set by the operator.
// In most cases the default value set by the operator should not be overriden.
// Public hostname of the installed Che server.
// If value is omitted then it will be automatically set by the operator.
// (see the `cheHostTLSSecret` field).
// +optional
CheHost string `json:"cheHost,omitempty"`
// Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed Che server.
// (see the `cheHost` field).
// +optional
CheHostTLSSecret string `json:"cheHostTLSSecret,omitempty"`
// Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`.
// +optional
CheLogLevel string `json:"cheLogLevel,omitempty"`

11
pkg/apis/org/v1/zz_generated.openapi.go
View File

@ -408,14 +408,21 @@ func schema_pkg_apis_org_v1_CheClusterSpecServer(ref common.ReferenceCallback) c
},
"cheFlavor": {
SchemaProps: spec.SchemaProps{
Description: "Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overriden.",
Description: "Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden.",
Type: []string{"string"},
Format: "",
},
},
"cheHost": {
SchemaProps: spec.SchemaProps{
Description: "Public hostname of the installed Che server. This will be automatically set by the operator. In most cases the default value set by the operator should not be overriden.",
Description: "Public hostname of the installed Che server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field).",
Type: []string{"string"},
Format: "",
},
},
"cheHostTLSSecret": {
SchemaProps: spec.SchemaProps{
Description: "Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed Che server. (see the `cheHost` field).",
Type: []string{"string"},
Format: "",
},

111
pkg/controller/che/che_controller.go
View File

@ -99,6 +99,9 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
if err := configv1.AddToScheme(mgr.GetScheme()); err != nil {
logrus.Errorf("Failed to add OpenShift Config to scheme: %s", err)
}
if err := corev1.AddToScheme(mgr.GetScheme()); err != nil {
logrus.Errorf("Failed to add OpenShift Core to scheme: %s", err)
}
if hasConsolelinkObject() {
if err := consolev1.AddToScheme(mgr.GetScheme()); err != nil {
logrus.Errorf("Failed to add OpenShift ConsoleLink to scheme: %s", err)
@ -233,6 +236,7 @@ const (
// and what is in the CheCluster.Spec. The Controller will requeue the Request to be processed again if the returned error is non-nil or
// Result.Requeue is true, otherwise upon completion it will remove the work from the queue.
func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, error) {
deployContext := deploy.Context{}
clusterAPI := deploy.ClusterAPI{
Client: r.client,
Scheme: r.scheme,
@ -264,6 +268,17 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
return reconcile.Result{}, nil
}
if !util.IsTestMode() {
if isOpenShift && deployContext.DefaultCheHost == "" {
host, err := getDefaultCheHost(instance, clusterAPI)
if host == "" {
return reconcile.Result{RequeueAfter: 1 * time.Second}, err
} else {
deployContext.DefaultCheHost = host
}
}
}
if isOpenShift && instance.Spec.Auth.OpenShiftoAuth {
if isOpenShift4 {
oauthv1 := &oauthv1.OAuth{}
@ -694,51 +709,50 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
}
}
cheHost := ""
if !isOpenShift {
ingressStatus := deploy.SyncIngressToCluster(instance, cheFlavor, deploy.CheIngressName, 8080, clusterAPI)
ingress, err := deploy.SyncIngressToCluster(instance, cheFlavor, instance.Spec.Server.CheHost, deploy.CheServiceHame, 8080, clusterAPI)
if !tests {
if !ingressStatus.Continue {
logrus.Infof("Waiting on ingress '%s' to be ready", deploy.CheIngressName)
if ingressStatus.Err != nil {
logrus.Error(ingressStatus.Err)
if ingress == nil {
logrus.Infof("Waiting on ingress '%s' to be ready", cheFlavor)
if err != nil {
logrus.Error(err)
}
return reconcile.Result{Requeue: ingressStatus.Requeue}, ingressStatus.Err
}
}
cheHost := ingressDomain
if ingressStrategy == "multi-host" {
cheHost = cheFlavor + "-" + instance.Namespace + "." + ingressDomain
}
if instance.Spec.Server.CheHost != cheHost {
instance.Spec.Server.CheHost = cheHost
if err := r.UpdateCheCRSpec(instance, "CheHost URL", cheHost); err != nil {
instance, _ = r.GetCR(request)
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
return reconcile.Result{RequeueAfter: time.Second * 1}, err
}
cheHost = ingress.Spec.Rules[0].Host
}
} else {
routeStatus := deploy.SyncRouteToCluster(instance, cheFlavor, deploy.CheRouteName, 8080, clusterAPI)
customHost := instance.Spec.Server.CheHost
if deployContext.DefaultCheHost == customHost {
// let OpenShift set a hostname by itself since it requires a routes/custom-host permissions
customHost = ""
}
route, err := deploy.SyncRouteToCluster(instance, cheFlavor, customHost, deploy.CheServiceHame, 8080, clusterAPI)
if !tests {
if !routeStatus.Continue {
logrus.Infof("Waiting on route '%s' to be ready", deploy.CheRouteName)
if routeStatus.Err != nil {
logrus.Error(routeStatus.Err)
if route == nil {
logrus.Infof("Waiting on route '%s' to be ready", cheFlavor)
if err != nil {
logrus.Error(err)
}
return reconcile.Result{Requeue: routeStatus.Requeue}, routeStatus.Err
return reconcile.Result{RequeueAfter: time.Second * 1}, err
}
if instance.Spec.Server.CheHost != routeStatus.Route.Spec.Host {
instance.Spec.Server.CheHost = routeStatus.Route.Spec.Host
if err := r.UpdateCheCRSpec(instance, "CheHost URL", instance.Spec.Server.CheHost); err != nil {
instance, _ = r.GetCR(request)
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
}
cheHost = route.Spec.Host
if customHost == "" {
deployContext.DefaultCheHost = cheHost
}
}
}
if instance.Spec.Server.CheHost != cheHost {
instance.Spec.Server.CheHost = cheHost
if err := r.UpdateCheCRSpec(instance, "CheHost URL", cheHost); err != nil {
instance, _ = r.GetCR(request)
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
}
}
// create and provision Keycloak related objects
ExternalKeycloak := instance.Spec.Auth.ExternalIdentityProvider
@ -765,15 +779,15 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
// create Keycloak ingresses when on k8s
if !isOpenShift {
ingressStatus := deploy.SyncIngressToCluster(instance, "keycloak", "keycloak", 8080, clusterAPI)
ingress, err := deploy.SyncIngressToCluster(instance, "keycloak", "", "keycloak", 8080, clusterAPI)
if !tests {
if !ingressStatus.Continue {
if ingress == nil {
logrus.Info("Waiting on ingress 'keycloak' to be ready")
if ingressStatus.Err != nil {
logrus.Error(ingressStatus.Err)
if err != nil {
logrus.Error(err)
}
return reconcile.Result{Requeue: ingressStatus.Requeue}, ingressStatus.Err
return reconcile.Result{RequeueAfter: time.Second * 1}, err
}
}
@ -790,18 +804,18 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
}
} else {
// create Keycloak route
routeStatus := deploy.SyncRouteToCluster(instance, "keycloak", "keycloak", 8080, clusterAPI)
route, err := deploy.SyncRouteToCluster(instance, "keycloak", "", "keycloak", 8080, clusterAPI)
if !tests {
if !routeStatus.Continue {
if route == nil {
logrus.Info("Waiting on route 'keycloak' to be ready")
if routeStatus.Err != nil {
logrus.Error(routeStatus.Err)
if err != nil {
logrus.Error(err)
}
return reconcile.Result{Requeue: routeStatus.Requeue}, routeStatus.Err
return reconcile.Result{RequeueAfter: time.Second * 1}, err
}
keycloakURL := protocol + "://" + routeStatus.Route.Spec.Host
keycloakURL := protocol + "://" + route.Spec.Host
if instance.Spec.Auth.IdentityProviderURL != keycloakURL {
instance.Spec.Auth.IdentityProviderURL = keycloakURL
if err := r.UpdateCheCRSpec(instance, "Keycloak URL", keycloakURL); err != nil {
@ -1070,3 +1084,16 @@ func hasConsolelinkObject() bool {
func EvaluateCheServerVersion(cr *orgv1.CheCluster) string {
return util.GetValue(cr.Spec.Server.CheImageTag, deploy.DefaultCheVersion())
}
func getDefaultCheHost(checluster *orgv1.CheCluster, clusterAPI deploy.ClusterAPI) (string, error) {
routeName := deploy.DefaultCheFlavor(checluster)
route, err := deploy.SyncRouteToCluster(checluster, routeName, "", deploy.CheServiceHame, 8080, clusterAPI)
if route == nil {
logrus.Infof("Waiting on route '%s' to be ready", routeName)
if err != nil {
logrus.Error(err)
}
return "", err
}
return route.Spec.Host, nil
}

4
pkg/deploy/data_types.go
View File

@ -23,6 +23,10 @@ type ProvisioningStatus struct {
Err error
}
type Context struct {
DefaultCheHost string
}
type ClusterAPI struct {
Client client.Client
Scheme *runtime.Scheme

22
pkg/deploy/devfile_registry.go
View File

@ -38,14 +38,14 @@ func SyncDevfileRegistryToCluster(checluster *orgv1.CheCluster, clusterAPI Clust
if !checluster.Spec.Server.ExternalDevfileRegistry {
var host string
if !util.IsOpenShift {
ingressStatus := SyncIngressToCluster(checluster, DevfileRegistry, DevfileRegistry, 8080, clusterAPI)
ingress, err := SyncIngressToCluster(checluster, DevfileRegistry, "", DevfileRegistry, 8080, clusterAPI)
if !util.IsTestMode() {
if !ingressStatus.Continue {
if ingress == nil {
logrus.Infof("Waiting on ingress '%s' to be ready", DevfileRegistry)
if ingressStatus.Err != nil {
logrus.Error(ingressStatus.Err)
if err != nil {
logrus.Error(err)
}
return false, ingressStatus.Err
return false, err
}
}
@ -56,20 +56,20 @@ func SyncDevfileRegistryToCluster(checluster *orgv1.CheCluster, clusterAPI Clust
host = checluster.Spec.K8s.IngressDomain + "/" + DevfileRegistry
}
} else {
routeStatus := SyncRouteToCluster(checluster, DevfileRegistry, DevfileRegistry, 8080, clusterAPI)
route, err := SyncRouteToCluster(checluster, DevfileRegistry, "", DevfileRegistry, 8080, clusterAPI)
if !util.IsTestMode() {
if !routeStatus.Continue {
if route == nil {
logrus.Infof("Waiting on route '%s' to be ready", DevfileRegistry)
if routeStatus.Err != nil {
logrus.Error(routeStatus.Err)
if err != nil {
logrus.Error(err)
}
return false, routeStatus.Err
return false, err
}
}
if !util.IsTestMode() {
host = routeStatus.Route.Spec.Host
host = route.Spec.Host
}
}

77
pkg/deploy/ingress.go
View File

@ -29,14 +29,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
)
type IngressProvisioningStatus struct {
ProvisioningStatus
}
const (
CheIngressName = "che-host"
)
var ingressDiffOpts = cmp.Options{
cmpopts.IgnoreFields(v1beta1.Ingress{}, "TypeMeta", "ObjectMeta", "Status"),
}
@ -44,30 +36,25 @@ var ingressDiffOpts = cmp.Options{
func SyncIngressToCluster(
checluster *orgv1.CheCluster,
name string,
host string,
serviceName string,
port int,
clusterAPI ClusterAPI) IngressProvisioningStatus {
servicePort int,
clusterAPI ClusterAPI) (*v1beta1.Ingress, error) {
specIngress, err := getSpecIngress(checluster, name, serviceName, port, clusterAPI)
specIngress, err := getSpecIngress(checluster, name, host, serviceName, servicePort, clusterAPI)
if err != nil {
return IngressProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Err: err},
}
return nil, err
}
clusterIngress, err := getClusterIngress(specIngress.Name, specIngress.Namespace, clusterAPI.Client)
if err != nil {
return IngressProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Err: err},
}
return nil, err
}
if clusterIngress == nil {
logrus.Infof("Creating a new object: %s, name %s", specIngress.Kind, specIngress.Name)
err := clusterAPI.Client.Create(context.TODO(), specIngress)
return IngressProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Requeue: true, Err: err},
}
return nil, err
}
diff := cmp.Diff(clusterIngress, specIngress, ingressDiffOpts)
@ -77,20 +64,14 @@ func SyncIngressToCluster(
err := clusterAPI.Client.Delete(context.TODO(), clusterIngress)
if err != nil {
return IngressProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Requeue: true, Err: err},
}
return nil, err
}
err = clusterAPI.Client.Create(context.TODO(), specIngress)
return IngressProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Requeue: true, Err: err},
}
return nil, err
}
return IngressProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Continue: true},
}
return clusterIngress, nil
}
func getClusterIngress(name string, namespace string, client runtimeClient.Client) (*v1beta1.Ingress, error) {
@ -109,23 +90,34 @@ func getClusterIngress(name string, namespace string, client runtimeClient.Clien
return ingress, nil
}
func getSpecIngress(checluster *orgv1.CheCluster, name string, serviceName string, port int, clusterAPI ClusterAPI) (*v1beta1.Ingress, error) {
func getSpecIngress(
checluster *orgv1.CheCluster,
name string,
host string,
serviceName string,
servicePort int,
clusterAPI ClusterAPI) (*v1beta1.Ingress, error) {
tlsSupport := checluster.Spec.Server.TlsSupport
ingressStrategy := util.GetValue(checluster.Spec.K8s.IngressStrategy,DefaultIngressStrategy)
if len(ingressStrategy) < 1 {
ingressStrategy = "multi-host"
}
ingressStrategy := util.GetValue(checluster.Spec.K8s.IngressStrategy, DefaultIngressStrategy)
ingressDomain := checluster.Spec.K8s.IngressDomain
ingressClass := util.GetValue(checluster.Spec.K8s.IngressClass, DefaultIngressClass)
labels := GetLabels(checluster, name)
tlsSecretName := checluster.Spec.K8s.TlsSecretName
if host == "" {
if ingressStrategy == "multi-host" {
host = name + "-" + checluster.Namespace + "." + ingressDomain
} else if ingressStrategy == "single-host" {
host = ingressDomain
}
}
tls := "false"
tlsSecretName := util.GetValue(checluster.Spec.K8s.TlsSecretName, "che-tls")
if tlsSupport {
tls = "true"
// If TLS is turned on but the secret name is not set, try to use Che default value as k8s cluster defaults will not work.
if tlsSecretName == "" {
tlsSecretName = "che-tls"
if name == DefaultCheFlavor(checluster) && checluster.Spec.Server.CheHostTLSSecret != "" {
tlsSecretName = checluster.Spec.Server.CheHostTLSSecret
}
}
@ -141,13 +133,6 @@ func getSpecIngress(checluster *orgv1.CheCluster, name string, serviceName strin
}
}
host := ""
if ingressStrategy == "multi-host" {
host = name + "-" + checluster.Namespace + "." + ingressDomain
} else if ingressStrategy == "single-host" {
host = ingressDomain
}
annotations := map[string]string{
"kubernetes.io/ingress.class": ingressClass,
"nginx.ingress.kubernetes.io/proxy-read-timeout": "3600",
@ -180,7 +165,7 @@ func getSpecIngress(checluster *orgv1.CheCluster, name string, serviceName strin
{
Backend: v1beta1.IngressBackend{
ServiceName: serviceName,
ServicePort: intstr.FromInt(port),
ServicePort: intstr.FromInt(servicePort),
},
Path: path,
},

22
pkg/deploy/plugin_registry.go
View File

@ -38,14 +38,14 @@ func SyncPluginRegistryToCluster(checluster *orgv1.CheCluster, clusterAPI Cluste
if !checluster.Spec.Server.ExternalPluginRegistry {
var host string
if !util.IsOpenShift {
ingressStatus := SyncIngressToCluster(checluster, PluginRegistry, PluginRegistry, 8080, clusterAPI)
ingress, err := SyncIngressToCluster(checluster, PluginRegistry, "", PluginRegistry, 8080, clusterAPI)
if !util.IsTestMode() {
if !ingressStatus.Continue {
if ingress == nil {
logrus.Infof("Waiting on ingress '%s' to be ready", PluginRegistry)
if ingressStatus.Err != nil {
logrus.Error(ingressStatus.Err)
if err != nil {
logrus.Error(err)
}
return false, ingressStatus.Err
return false, err
}
}
@ -56,20 +56,20 @@ func SyncPluginRegistryToCluster(checluster *orgv1.CheCluster, clusterAPI Cluste
host = checluster.Spec.K8s.IngressDomain + "/" + PluginRegistry
}
} else {
routeStatus := SyncRouteToCluster(checluster, PluginRegistry, PluginRegistry, 8080, clusterAPI)
route, err := SyncRouteToCluster(checluster, PluginRegistry, "", PluginRegistry, 8080, clusterAPI)
if !util.IsTestMode() {
if !routeStatus.Continue {
if route == nil {
logrus.Infof("Waiting on route '%s' to be ready", PluginRegistry)
if routeStatus.Err != nil {
logrus.Error(routeStatus.Err)
if err != nil {
logrus.Error(err)
}
return false, routeStatus.Err
return false, err
}
}
if !util.IsTestMode() {
host = routeStatus.Route.Spec.Host
host = route.Spec.Host
}
}

79
pkg/deploy/route.go
View File

@ -20,6 +20,7 @@ import (
"github.com/google/go-cmp/cmp/cmpopts"
routev1 "github.com/openshift/api/route/v1"
"github.com/sirupsen/logrus"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
@ -28,71 +29,61 @@ import (
"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
)
type RouteProvisioningStatus struct {
ProvisioningStatus
Route *routev1.Route
}
const (
CheRouteName = "che-host"
)
var routeDiffOpts = cmp.Options{
cmpopts.IgnoreFields(routev1.Route{}, "TypeMeta", "ObjectMeta", "Status"),
cmpopts.IgnoreFields(routev1.RouteSpec{}, "Host", "WildcardPolicy"),
}
var routeWithHostDiffOpts = cmp.Options{
cmpopts.IgnoreFields(routev1.Route{}, "TypeMeta", "ObjectMeta", "Status"),
cmpopts.IgnoreFields(routev1.RouteSpec{}, "WildcardPolicy"),
}
func SyncRouteToCluster(
checluster *orgv1.CheCluster,
name string,
host string,
serviceName string,
port int32,
clusterAPI ClusterAPI) RouteProvisioningStatus {
servicePort int32,
clusterAPI ClusterAPI) (*routev1.Route, error) {
specRoute, err := GetSpecRoute(checluster, name, serviceName, port, clusterAPI)
specRoute, err := GetSpecRoute(checluster, name, host, serviceName, servicePort, clusterAPI)
if err != nil {
return RouteProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Err: err},
}
return nil, err
}
clusterRoute, err := GetClusterRoute(specRoute.Name, specRoute.Namespace, clusterAPI.Client)
if err != nil {
return RouteProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Err: err},
}
return nil, err
}
if clusterRoute == nil {
logrus.Infof("Creating a new object: %s, name %s", specRoute.Kind, specRoute.Name)
err := clusterAPI.Client.Create(context.TODO(), specRoute)
return RouteProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Requeue: true, Err: err},
if !errors.IsAlreadyExists(err) {
return nil, err
}
return nil, nil
}
diff := cmp.Diff(clusterRoute, specRoute, routeDiffOpts)
diffOpts := routeDiffOpts
if host != "" {
diffOpts = routeWithHostDiffOpts
}
diff := cmp.Diff(clusterRoute, specRoute, diffOpts)
if len(diff) > 0 {
logrus.Infof("Updating existed object: %s, name: %s", clusterRoute.Kind, clusterRoute.Name)
fmt.Printf("Difference:\n%s", diff)
err := clusterAPI.Client.Delete(context.TODO(), clusterRoute)
if err != nil {
return RouteProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Requeue: true, Err: err},
}
return nil, err
}
err = clusterAPI.Client.Create(context.TODO(), specRoute)
return RouteProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Requeue: true, Err: err},
}
return nil, err
}
return RouteProvisioningStatus{
ProvisioningStatus: ProvisioningStatus{Continue: true},
Route: clusterRoute,
}
return clusterRoute, err
}
// GetClusterRoute returns existing route.
@ -113,7 +104,14 @@ func GetClusterRoute(name string, namespace string, client runtimeClient.Client)
}
// GetSpecRoute returns default configuration of a route in Che namespace.
func GetSpecRoute(checluster *orgv1.CheCluster, name string, serviceName string, port int32, clusterAPI ClusterAPI) (*routev1.Route, error) {
func GetSpecRoute(
checluster *orgv1.CheCluster,
name string,
host string,
serviceName string,
servicePort int32,
clusterAPI ClusterAPI) (*routev1.Route, error) {
tlsSupport := checluster.Spec.Server.TlsSupport
labels := GetLabels(checluster, DefaultCheFlavor(checluster))
weight := int32(100)
@ -123,7 +121,7 @@ func GetSpecRoute(checluster *orgv1.CheCluster, name string, serviceName string,
}
targetPort := intstr.IntOrString{
Type: intstr.Int,
IntVal: int32(port),
IntVal: int32(servicePort),
}
route := &routev1.Route{
TypeMeta: metav1.TypeMeta{
@ -138,6 +136,7 @@ func GetSpecRoute(checluster *orgv1.CheCluster, name string, serviceName string,
}
route.Spec = routev1.RouteSpec{
Host: host,
To: routev1.RouteTargetReference{
Kind: "Service",
Name: serviceName,
@ -153,6 +152,20 @@ func GetSpecRoute(checluster *orgv1.CheCluster, name string, serviceName string,
InsecureEdgeTerminationPolicy: routev1.InsecureEdgeTerminationPolicyRedirect,
Termination: routev1.TLSTerminationEdge,
}
if name == DefaultCheFlavor(checluster) && checluster.Spec.Server.CheHostTLSSecret != "" {
secret := &corev1.Secret{}
namespacedName := types.NamespacedName{
Namespace: checluster.Namespace,
Name: checluster.Spec.Server.CheHostTLSSecret,
}
if err := clusterAPI.Client.Get(context.TODO(), namespacedName, secret); err != nil {
return nil, err
}
route.Spec.TLS.Key = string(secret.Data["tls.key"])
route.Spec.TLS.Certificate = string(secret.Data["tls.crt"])
}
}
err := controllerutil.SetControllerReference(checluster, route, clusterAPI.Scheme)

11
pkg/deploy/tls.go
View File

@ -18,6 +18,7 @@ import (
"encoding/pem"
stderrors "errors"
"net/http"
"strings"
"time"
orgv1 "github.com/eclipse/che-operator/pkg/apis/org/v1"
@ -111,7 +112,7 @@ func GetEndpointTLSCrtChain(instance *orgv1.CheCluster, endpointURL string, prox
if len(endpointURL) < 1 {
// Create test route to get certificates chain.
// Note, it is not possible to use SyncRouteToCluster here as it may cause infinite reconcile loop.
routeSpec, err := GetSpecRoute(instance, "test", "test", 8080, clusterAPI)
routeSpec, err := GetSpecRoute(instance, "test", "", "test", 8080, clusterAPI)
if err != nil {
return nil, err
}
@ -245,9 +246,13 @@ func K8sHandleCheTLSSecrets(checluster *orgv1.CheCluster, clusterAPI ClusterAPI)
return reconcile.Result{RequeueAfter: time.Second}, err
}
domains := checluster.Spec.K8s.IngressDomain + ",*." + checluster.Spec.K8s.IngressDomain
if checluster.Spec.Server.CheHost != "" && strings.Index(checluster.Spec.Server.CheHost, checluster.Spec.K8s.IngressDomain) == -1 && checluster.Spec.Server.CheHostTLSSecret == "" {
domains += "," + checluster.Spec.Server.CheHost
}
cheTLSSecretsCreationJobImage := DefaultCheTLSSecretsCreationJobImage()
jobEnvVars := map[string]string{
"DOMAIN": checluster.Spec.K8s.IngressDomain,
"DOMAIN": domains,
"CHE_NAMESPACE": checluster.Namespace,
"CHE_SERVER_TLS_SECRET_NAME": cheTLSSecretName,
"CHE_CA_CERTIFICATE_SECRET_NAME": CheTLSSelfSignedCertificateSecretName,
@ -273,7 +278,7 @@ func K8sHandleCheTLSSecrets(checluster *orgv1.CheCluster, clusterAPI ClusterAPI)
if err == nil {
// The job object is present
if job.Status.Succeeded > 0 {
logrus.Infof("Import public part of Eclipse Che self-signed CA certificvate from \"%s\" secret into your browser.", CheTLSSelfSignedCertificateSecretName)
logrus.Infof("Import public part of Eclipse Che self-signed CA certificate from \"%s\" secret into your browser.", CheTLSSelfSignedCertificateSecretName)
deleteJob(job, checluster, clusterAPI)
} else if job.Status.Failed > 0 {
// The job failed, but the certificate is present, shouldn't happen