diff --git a/.github/workflows/build-catalog-and-bundle-images.yaml b/.github/workflows/build-catalog-and-bundle-images.yaml index 02de67d20..03c771f72 100644 --- a/.github/workflows/build-catalog-and-bundle-images.yaml +++ b/.github/workflows/build-catalog-and-bundle-images.yaml @@ -38,6 +38,7 @@ jobs: - name: Build and push images to quay.io run: > ${GITHUB_WORKSPACE}/olm/buildAndPushBundleImages.sh -c 'next' -p 'openshift' && + ${GITHUB_WORKSPACE}/olm/buildAndPushBundleImages.sh -c 'next-all-namespaces' -p 'openshift' && ${GITHUB_WORKSPACE}/olm/buildAndPushBundleImages.sh -c 'next' -p 'kubernetes' env: IMAGE_REGISTRY_HOST: quay.io diff --git a/Makefile b/Makefile index d7207c983..0214ea274 100644 --- a/Makefile +++ b/Makefile @@ -476,7 +476,7 @@ bundle: generate manifests kustomize ## Generate bundle manifests and metadata, echo "[INFO] Updating OperatorHub bundle for platform '$${platform}'" - NEXT_BUNDLE_PATH=$$($(MAKE) getBundlePath platform="$${platform}" channel="next" -s) + NEXT_BUNDLE_PATH=$$($(MAKE) getBundlePath platform="$${platform}" channel="$${channel}" -s) NEW_CSV=$${NEXT_BUNDLE_PATH}/manifests/che-operator.clusterserviceversion.yaml newNextBundleVersion=$$(yq -r ".spec.version" "$${NEW_CSV}") echo "[INFO] Creation new next bundle version: $${newNextBundleVersion}" @@ -484,7 +484,7 @@ bundle: generate manifests kustomize ## Generate bundle manifests and metadata, createdAtOld=$$(yq -r ".metadata.annotations.createdAt" "$${NEW_CSV}") BUNDLE_PACKAGE="eclipse-che-preview-$(platform)" - BUNDLE_DIR="bundle/$(DEFAULT_CHANNEL)/$${BUNDLE_PACKAGE}" + BUNDLE_DIR="bundle/"$${channel}"/$${BUNDLE_PACKAGE}" GENERATED_CSV_NAME=$${BUNDLE_PACKAGE}.clusterserviceversion.yaml DESIRED_CSV_NAME=che-operator.clusterserviceversion.yaml GENERATED_CRD_NAME=org.eclipse.che_checlusters.yaml @@ -655,6 +655,31 @@ bundle: generate manifests kustomize ## Generate bundle manifests and metadata, yq -riSY '(.spec.install.spec.deployments[0].spec.template.spec.containers[0].securityContext."runAsNonRoot") = true' "$${NEW_CSV}" fi + # set InstallMode for next-all-namespaces + if [[ $${channel} == 'next-all-namespaces' ]];then + yq -Yi '.spec.installModes[] |= if .type=="OwnNamespace" then .supported |= false else . end' "$${NEW_CSV}" + yq -Yi '.spec.installModes[] |= if .type=="SingleNamespace" then .supported |= false else . end' "$${NEW_CSV}" + yq -Yi '.spec.installModes[] |= if .type=="MultiNamespace" then .supported |= false else . end' "$${NEW_CSV}" + yq -Yi '.spec.installModes[] |= if .type=="AllNamespaces" then .supported |= true else . end' "$${NEW_CSV}" + sed -ri 's|operatorframework.io/suggested-namespace: eclipse-che|operatorframework.io/suggested-namespace: openshift-operators|' "$${NEW_CSV}" + + # Enable by default devWorkspace engine in `next-all-namespaces` channel + CSV_CR_SAMPLES=$$(yq -r ".metadata.annotations[\"alm-examples\"] | \ + fromjson | \ + ( .[] | select(.kind == \"CheCluster\") | .spec.devWorkspace.enable) |= true" $${NEW_CSV} | sed -r 's/"/\\"/g') + yq -riY ".metadata.annotations[\"alm-examples\"] = \"$${CSV_CR_SAMPLES}\"" $${NEW_CSV} + + # Set next-all-namespaces channel name + ANNOTATION_METADATA_YAML="$${NEXT_BUNDLE_PATH}/metadata/annotations.yaml" + sed \ + -e 's/operators.operatorframework.io.bundle.channels.v1: *next/operators.operatorframework.io.bundle.channels.v1: 'next-all-namespaces'/' \ + -e 's/operators.operatorframework.io.bundle.channel.default.v1: *next/operators.operatorframework.io.bundle.channel.default.v1: 'next-all-namespaces'/' \ + -i "$${ANNOTATION_METADATA_YAML}" + + # Set specific OpenShift version + echo -e "\n com.redhat.openshift.versions: \"v4.8\"" >> "$${ANNOTATION_METADATA_YAML}" + fi + # Base cluster service version file has got correctly sorted CRDs. # They are sorted with help of annotation markers in the api type files ("api/v1" folder). # Example such annotation: +operator-sdk:csv:customresourcedefinitions:order=0 @@ -695,7 +720,7 @@ increment-next-version: exit 1 fi - NEXT_BUNDLE_PATH=$$($(MAKE) getBundlePath platform="$(platform)" channel="next" -s) + NEXT_BUNDLE_PATH=$$($(MAKE) getBundlePath platform="$(platform)" channel="$(channel)" -s) OPM_BUNDLE_MANIFESTS_DIR="$${NEXT_BUNDLE_PATH}/manifests" CSV="$${OPM_BUNDLE_MANIFESTS_DIR}/che-operator.clusterserviceversion.yaml" @@ -753,9 +778,16 @@ get-next-version-increment: update-resources: SHELL := /bin/bash update-resources: check-requirements update-resource-images update-roles - for platform in 'kubernetes' 'openshift' + for platform in 'openshift' 'kubernetes' do - $(MAKE) bundle "platform=$${platform}" + for channel in 'next-all-namespaces' 'next' + do + # Skip next-all-namespaces in kubernetes platform, is not supported + if [[ $${channel} == "next-all-namespaces" && $${platform} == "kubernetes" ]];then + continue + fi + $(MAKE) bundle "platform=$${platform}" "channel=$${channel}" + done done check-requirements: diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/bundle.Dockerfile b/bundle/next-all-namespaces/eclipse-che-preview-openshift/bundle.Dockerfile new file mode 100644 index 000000000..6e53c0d03 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/bundle.Dockerfile @@ -0,0 +1,23 @@ +FROM scratch + +# Core bundle labels. +LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 +LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ +LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ +LABEL operators.operatorframework.io.bundle.package.v1=eclipse-che-preview-openshift +LABEL operators.operatorframework.io.bundle.channels.v1=next-all-namespaces +LABEL operators.operatorframework.io.bundle.channel.default.v1=next-all-namespaces +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.7.1+git +LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 +LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 + +# Labels for testing. +LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 +LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ + +# Copy files to locations specified by labels. +COPY manifests /manifests/ +COPY metadata /metadata/ +COPY tests/scorecard /tests/scorecard/ + +LABEL com.redhat.openshift.versions="v4.8" diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml new file mode 100644 index 000000000..e012cf0c3 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml @@ -0,0 +1,1201 @@ +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "org.eclipse.che/v1", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che" + }, + "spec": { + "auth": { + "externalIdentityProvider": false, + "identityProviderAdminUserName": "", + "identityProviderClientId": "", + "identityProviderPassword": "", + "identityProviderRealm": "", + "identityProviderURL": "", + "initialOpenShiftOAuthUser": true, + "oAuthClientName": "", + "oAuthSecret": "" + }, + "database": { + "chePostgresDb": "", + "chePostgresHostName": "", + "chePostgresPassword": "", + "chePostgresPort": "", + "chePostgresUser": "", + "externalDb": false + }, + "devWorkspace": { + "enable": true + }, + "metrics": { + "enable": true + }, + "server": { + "allowUserDefinedWorkspaceNamespaces": false, + "cheClusterRoles": "", + "cheFlavor": "", + "cheWorkspaceClusterRole": "", + "gitSelfSignedCert": false, + "nonProxyHosts": "", + "proxyPassword": "", + "proxyPort": "", + "proxyURL": "", + "proxyUser": "", + "serverExposureStrategy": "", + "serverTrustStoreConfigMapName": "", + "tlsSupport": true, + "workspaceNamespaceDefault": "-che" + }, + "storage": { + "postgresPVCStorageClassName": "", + "preCreateSubPaths": true, + "pvcClaimSize": "10Gi", + "pvcStrategy": "common", + "workspacePVCStorageClassName": "" + } + } + } + ] + capabilities: Seamless Upgrades + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator:next + createdAt: "2021-05-11T18:38:31Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + operatorframework.io/suggested-namespace: openshift-operators + operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware", + "fips"]' + operators.operatorframework.io/builder: operator-sdk-v1.6.1+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/eclipse-che/che-operator + support: Eclipse Foundation + name: eclipse-che-preview-openshift.v7.37.0-348.next + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: The `CheCluster` custom resource allows defining and managing + a Che server installation + displayName: Eclipse Che instance Specification + kind: CheCluster + name: checlusters.org.eclipse.che + specDescriptors: + - description: Deploys the DevWorkspace Operator in the cluster. Does nothing + when a matching version of the Operator is already installed. Fails + when a non-matching version of the Operator is already installed. + displayName: Enable DevWorkspace operator (Technology Preview) + path: devWorkspace.enable + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + statusDescriptors: + - description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Public URL to the Che server. + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Current installed Che version. + displayName: 'displayName: Eclipse Che version' + path: cheVersion + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Public URL to the devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A URL that points to some URL where to find help related + to the current Operator status. + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Public URL to the Identity Provider server, Keycloak or RH-SSO,. + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A human readable message indicating details about why the + Pod is in this condition. + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: OpenShift OAuth secret in `openshift-config` namespace that + contains user credentials for HTPasswd identity provider. + displayName: OpenShift OAuth secret in `openshift-config` namespace that + contains user credentials for HTPasswd identity provider. + path: openShiftOAuthUserCredentialsSecret + x-descriptors: + - urn:alm:descriptor:text + - description: Public URL to the plugin registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A brief CamelCase message indicating details about why the + Pod is in this state. + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + version: v1 + - description: The `CheBackupServerConfiguration` custom resource allows defining + and managing Eclipse Che Backup Server Configurations + displayName: Eclipse Che Backup Server + kind: CheBackupServerConfiguration + name: chebackupserverconfigurations.org.eclipse.che + version: v1 + - description: The `CheClusterBackup` custom resource allows defining and managing + Eclipse Che backup + displayName: Eclipse Che instance Backup Specification + kind: CheClusterBackup + name: checlusterbackups.org.eclipse.che + version: v1 + - description: The `CheClusterRestore` custom resource allows defining and managing + Eclipse Che restore + displayName: Eclipse Che instance Restore Specification + kind: CheClusterRestore + name: checlusterrestores.org.eclipse.che + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers OpenShift workspaces and in-browser IDE for rapid cloud application development. + This operator installs PostgreSQL, Keycloak, Plugin registry, Devfile registry and the Eclipse Che server, as well as configures all three services. + + ## How to Install + Press the **Install** button, choose the channel and the upgrade strategy, and wait for the **Installed** Operator status. + When the operator is installed, create a new CR of Kind CheCluster (click the **Create New** button). + The CR spec contains all defaults (see below). + You can start using Eclipse Che when the CR status is set to **Available**, and you see a URL to Eclipse Che. + + ## Defaults + By default, the operator deploys Eclipse Che with: + * Bundled PostgreSQL and Keycloak + * Common PVC strategy + * Auto-generated passwords + * TLS mode (secure routes) + * Communicate between components using internal cluster SVC names + * Regular login extended with OpenShift OAuth authentication + + ## Installation Options + Eclipse Che operator installation options include: + * Connection to external database and Keycloak + * Configuration of default passwords and object names + * PVC strategy (once shared PVC for all workspaces, PVC per workspace, or PVC per volume) + * Authentication options + + Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che configuration. + See more configuration options in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/). + + ### External Database and Keycloak + Follow the guides to configure external [Keycloak](https://www.eclipse.org/che/docs/che-7/administration-guide/configuring-authorization/#configuring-che-to-use-external-keycloak_che) + and [Database](https://www.eclipse.org/che/docs/che-7/administration-guide/external-database-setup/) setup. + + ### Certificates + Operator uses a default router certificate to secure Eclipse Che routes. + Follow the [guide](https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/) + to import certificates into Eclipse Che. + + ## Devworkspace engine + To enable [Devworkspace engine](https://github.com/devfile/devworkspace-operator) deploy Eclipse Che from `tech-preview-stable-all-namespaces` channel. + Eclipse Che will be installed in `AllNamespaces` mode and Devworkspace engine will be enabled by default. + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - oauths + verbs: + - get + - list + - watch + - patch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - list + - delete + - apiGroups: + - user.openshift.io + resources: + - identities + verbs: + - delete + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + verbs: + - list + - create + - watch + - update + - get + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - delete + - apiGroups: + - authorization.openshift.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - delete + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + - checlusters/status + - checlusterbackups + - checlusterbackups/status + - checlusterbackups/finalizers + - checlusterrestores + - checlusterrestores/status + - backupserverconfigurations + - backupserverconfigurations/status + - chebackupserverconfigurations + verbs: + - '*' + - apiGroups: + - project.openshift.io + resources: + - projectrequests + verbs: + - create + - update + - apiGroups: + - project.openshift.io + resources: + - projects + verbs: + - get + - list + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - update + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - apps + resources: + - secrets + verbs: + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - watch + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - create + - watch + - delete + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - list + - get + - patch + - delete + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - create + - watch + - get + - delete + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - create + - update + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + verbs: + - get + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - list + - get + - watch + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resourceNames: + - che-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - update + - watch + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - che.eclipse.org + resources: + - kubernetesimagepullers + verbs: + - '*' + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - get + - list + - watch + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - components + verbs: + - get + - list + - watch + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - components + verbs: + - create + - delete + - deletecollection + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + verbs: + - '*' + - apiGroups: + - "" + resources: + - events + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resourceNames: + - workspace-credentials-secret + resources: + - secrets + verbs: + - create + - delete + - get + - apiGroups: + - "" + resources: + - services + verbs: + - '*' + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - apps + resourceNames: + - devworkspace-controller + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - apps + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - apps + - extensions + resources: + - replicasets + verbs: + - get + - list + - watch + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controller.devfile.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - get + - list + - update + - watch + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - workspace.devfile.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - get + - list + - watch + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - components + verbs: + - get + - list + - watch + serviceAccountName: che-operator + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: che-operator + app.kubernetes.io/component: che-operator + app.kubernetes.io/instance: che + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: che + spec: + containers: + - args: + - --leader-elect + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: next + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server:next + - name: RELATED_IMAGE_dashboard + value: quay.io/eclipse/che-dashboard:next + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry:next + - name: RELATED_IMAGE_devfile_registry + value: quay.io/eclipse/che-devfile-registry:next + - name: RELATED_IMAGE_pvc_jobs + value: registry.access.redhat.com/ubi8-minimal:8.4-208 + - name: RELATED_IMAGE_postgres + value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392 + - name: RELATED_IMAGE_keycloak + value: quay.io/eclipse/che-keycloak:next + - name: RELATED_IMAGE_che_workspace_plugin_broker_metadata + value: quay.io/eclipse/che-plugin-metadata-broker:v3.4.0 + - name: RELATED_IMAGE_che_workspace_plugin_broker_artifacts + value: quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0 + - name: RELATED_IMAGE_che_server_secure_exposer_jwt_proxy_image + value: quay.io/eclipse/che-jwtproxy:0.10.0 + - name: RELATED_IMAGE_single_host_gateway + value: quay.io/eclipse/che--traefik:v2.5.0-eb30f9f09a65cee1fab5ef9c64cb4ec91b800dc3fdd738d62a9d4334f0114683 + - name: RELATED_IMAGE_single_host_gateway_config_sidecar + value: quay.io/che-incubator/configbump:0.1.4 + - name: RELATED_IMAGE_devworkspace_controller + value: quay.io/devfile/devworkspace-controller:next + - name: RELATED_IMAGE_internal_rest_backup_server + value: quay.io/eclipse/che-backup-server-rest:eeacd92 + - name: RELATED_IMAGE_gateway_authentication_sidecar + value: quay.io/openshift/origin-oauth-proxy:4.7 + - name: RELATED_IMAGE_gateway_authorization_sidecar + value: quay.io/openshift/origin-kube-rbac-proxy:4.7 + - name: RELATED_IMAGE_gateway_header_sidecar + value: quay.io/che-incubator/header-rewrite-proxy:latest + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: CHE_IDENTITY_SECRET + value: che-identity-secret + - name: CHE_IDENTITY_POSTGRES_SECRET + value: che-identity-postgres-secret + - name: CHE_POSTGRES_SECRET + value: che-postgres-secret + - name: CHE_SERVER_TRUST_STORE_CONFIGMAP_NAME + value: ca-certs + - name: MAX_CONCURRENT_RECONCILES + value: "1" + - name: ALLOW_DEVWORKSPACE_ENGINE + value: "true" + image: quay.io/eclipse/che-operator:next + imagePullPolicy: Always + livenessProbe: + failureThreshold: 10 + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: che-operator + ports: + - containerPort: 60000 + name: metrics + readinessProbe: + failureThreshold: 10 + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: true + hostIPC: false + hostNetwork: false + hostPID: false + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 20 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + - checlusterbackups + - checlusterbackups/status + - checlusterbackups/finalizers + - checlusterrestores + - checlusterrestores/status + - backupserverconfigurations + - backupserverconfigurations/status + - chebackupserverconfigurations + verbs: + - '*' + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + - clusterserviceversions + - operatorgroups + verbs: + - '*' + - apiGroups: + - packages.operators.coreos.com + resources: + - packagemanifests + verbs: + - get + - list + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - apps + resourceNames: + - che-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - eclipse che + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse-che/che-operator + maintainers: + - email: dfestal@redhat.com + name: David Festal + maturity: stable + provider: + name: Eclipse Foundation + version: 7.37.0-348.next diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator_v1_serviceaccount.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator_v1_serviceaccount.yaml new file mode 100644 index 000000000..5ff74009f --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/che-operator_v1_serviceaccount.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: che-operator + app.kubernetes.io/instance: che + app.kubernetes.io/name: che + name: che-operator diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/default_v1_serviceaccount.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/default_v1_serviceaccount.yaml new file mode 100644 index 000000000..fc97a697f --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/default_v1_serviceaccount.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + creationTimestamp: null + labels: + app.kubernetes.io/component: che-operator + app.kubernetes.io/instance: che + app.kubernetes.io/name: che + name: default diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/manager-config_v1_configmap.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/manager-config_v1_configmap.yaml new file mode 100644 index 000000000..90c428ac5 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/manager-config_v1_configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :6789 + metrics: + bindAddress: 127.0.0.1:60000 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: e79b08a4.org.eclipse.che +kind: ConfigMap +metadata: + name: manager-config diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_chebackupserverconfigurations.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_chebackupserverconfigurations.yaml new file mode 100644 index 000000000..b34e86de4 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_chebackupserverconfigurations.yaml @@ -0,0 +1,126 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: chebackupserverconfigurations.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheBackupServerConfiguration + listKind: CheBackupServerConfigurationList + plural: chebackupserverconfigurations + singular: chebackupserverconfiguration + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheBackupServerConfiguration` custom resource allows defining and managing Eclipse Che Backup Server Configurations + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheBackupServerConfigurationSpec defines the desired state of CheBackupServerConfiguration Only one type of backup server is allowed to be configured per CR. + properties: + awss3: + description: Amazon S3 or compatible alternatives. + properties: + awsAccessKeySecretRef: + description: Reference to secret that contains awsAccessKeyId and awsSecretAccessKey keys. + type: string + hostname: + description: Server hostname, defaults to 's3.amazonaws.com'. Might be customized in case of alternative server. + type: string + port: + description: Backup server port. Usually default value is used. Might be customized in case of alternative server. + type: integer + protocol: + description: Protocol to use when connection to the server. Might be customized in case of alternative server. + type: string + repositoryPasswordSecretRef: + description: Holds reference to a secret with restic repository password under 'repo-password' field to encrypt / decrypt its content. + type: string + repositoryPath: + description: Bucket name and repository, e.g. bucket/repo + type: string + required: + - awsAccessKeySecretRef + - repositoryPasswordSecretRef + - repositoryPath + type: object + rest: + description: Rest backup server configuration. + properties: + credentialsSecretRef: + description: Secret that contains username and password fields to login into restic server. Note, each repository is encrypted with own password. See ResticRepoPasswordSecretRef field. + type: string + hostname: + description: Backup server host + type: string + port: + description: Backup server port + type: integer + protocol: + description: Protocol to use when connection to the server Defaults to https. + type: string + repositoryPasswordSecretRef: + description: Holds reference to a secret with restic repository password under 'repo-password' field to encrypt / decrypt its content. + type: string + repositoryPath: + description: Restic repository path + type: string + required: + - hostname + - repositoryPasswordSecretRef + type: object + sftp: + description: Sftp backup server configuration. + properties: + hostname: + description: Backup server host + type: string + port: + description: Backup server port + type: integer + repositoryPasswordSecretRef: + description: Holds reference to a secret with restic repository password under 'repo-password' field to encrypt / decrypt its content. + type: string + repositoryPath: + description: Restic repository path, relative or absolute, e.g. /srv/repo + type: string + sshKeySecretRef: + description: Private ssh key under 'ssh-privatekey' field for passwordless login + type: string + username: + description: User login on the remote server + type: string + required: + - hostname + - repositoryPasswordSecretRef + - repositoryPath + - sshKeySecretRef + - username + type: object + type: object + status: + description: CheBackupServerConfigurationStatus defines the observed state of CheBackupServerConfiguration + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterbackups.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterbackups.yaml new file mode 100644 index 000000000..0d44fc3bf --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterbackups.yaml @@ -0,0 +1,69 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: checlusterbackups.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheClusterBackup + listKind: CheClusterBackupList + plural: checlusterbackups + singular: checlusterbackup + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheClusterBackup` custom resource allows defining and managing Eclipse Che backup + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheClusterBackupSpec defines the desired state of CheClusterBackup + properties: + backupServerConfigRef: + description: Name of custom resource with a backup server configuration to use for this backup. Note, UseInternalBackupServer field can configure internal backup server automatically. + type: string + useInternalBackupServer: + description: Automatically setup pod with REST backup server and use the server in this configuration. Note, this flag takes precedence and will overwrite existing backup server configuration. + type: boolean + type: object + status: + description: CheClusterBackupStatus defines the observed state of CheClusterBackup + properties: + cheVersion: + description: Version that was backed up + type: string + message: + description: Message explaining the state of the backup or an error message + type: string + snapshotId: + description: Last backup snapshot ID + type: string + stage: + description: Describes backup progress + type: string + state: + description: 'Backup progress state: InProgress, Failed, Succeeded' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterrestores.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterrestores.yaml new file mode 100644 index 000000000..1adfcbf53 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org.eclipse.che_checlusterrestores.yaml @@ -0,0 +1,63 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: checlusterrestores.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheClusterRestore + listKind: CheClusterRestoreList + plural: checlusterrestores + singular: checlusterrestore + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheClusterRestore` custom resource allows defining and managing Eclipse Che restore + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CheClusterRestoreSpec defines the desired state of CheClusterRestore + properties: + backupServerConfigRef: + description: Name of custom resource with a backup server configuration to use for this restore. Can be omitted if only one server configuration object exists within the namespace. + type: string + snapshotId: + description: If omitted, latest snapshot will be used. + type: string + type: object + status: + description: CheClusterRestoreStatus defines the observed state of CheClusterRestore + properties: + message: + description: Restore result or error message + type: string + stage: + description: Describes phase of restore progress + type: string + state: + description: 'Restore progress state: InProgress, Failed, Succeeded' + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml new file mode 100644 index 000000000..5038a55e4 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml @@ -0,0 +1,1107 @@ +# +# Copyright (c) 2019-2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: checlusters.org.eclipse.che +spec: + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: The `CheCluster` custom resource allows defining and managing + a Che server installation + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on + these settings, the Operator automatically creates and maintains + several ConfigMaps that will contain the appropriate environment variables + the various components of the Che installation. These generated ConfigMaps + must NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication + used by the Che installation. + properties: + debug: + description: Debug internal identity provider. + type: boolean + externalIdentityProvider: + description: 'Instructs the Operator on whether or not to deploy + a dedicated Identity Provider (Keycloak or RH SSO instance). + Instructs the Operator on whether to deploy a dedicated Identity + Provider (Keycloak or RH-SSO instance). By default, a dedicated + Identity Provider server is deployed as part of the Che installation. + When `externalIdentityProvider` is `true`, no dedicated identity + provider will be deployed by the Operator and you will need + to provide details about the external identity provider you + are about to use. See also all the other fields starting with: + `identityProvider`.' + type: boolean + gatewayAuthenticationSidecarImage: + description: Gateway sidecar responsible for authentication + when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] + or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. + type: string + gatewayAuthorizationSidecarImage: + description: Gateway sidecar responsible for authorization when + NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] + or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] + type: string + gatewayHeaderRewriteSidecarImage: + description: Deprecated. The value of this flag is ignored. + Sidecar functionality is now implemented in Traefik plugin. + type: string + identityProviderAdminUserName: + description: Overrides the name of the Identity Provider administrator + user. Defaults to `admin`. + type: string + identityProviderClientId: + description: Name of a Identity provider, Keycloak or RH-SSO, + `client-id` that is used for Che. Override this when an external + Identity Provider is in use. See the `externalIdentityProvider` + field. When omitted or left blank, it is set to the value + of the `flavour` field suffixed with `-public`. + type: string + identityProviderContainerResources: + description: Identity provider container custom settings. + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + identityProviderImage: + description: Overrides the container image used in the Identity + Provider, Keycloak or RH-SSO, deployment. This includes the + image tag. Omit it or leave it empty to use the default container + image provided by the Operator. + type: string + identityProviderImagePullPolicy: + description: Overrides the image pull policy used in the Identity + Provider, Keycloak or RH-SSO, deployment. Default value is + `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + type: string + identityProviderIngress: + description: Ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderPassword: + description: Overrides the password of Keycloak administrator + user. Override this when an external Identity Provider is + in use. See the `externalIdentityProvider` field. When omitted + or left blank, it is set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Password for a Identity Provider, Keycloak or RH-SSO, + to connect to the database. Override this when an external + Identity Provider is in use. See the `externalIdentityProvider` + field. When omitted or left blank, it is set to an auto-generated + password. + type: string + identityProviderPostgresSecret: + description: 'The secret that contains `password` for the Identity + Provider, Keycloak or RH-SSO, to connect to the database. + When the secret is defined, the `identityProviderPostgresPassword` + is ignored. When the value is omitted or left blank, the one + of following scenarios applies: 1. `identityProviderPostgresPassword` + is defined, then it will be used to connect to the database. + 2. `identityProviderPostgresPassword` is not defined, then + a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`.' + type: string + identityProviderRealm: + description: Name of a Identity provider, Keycloak or RH-SSO, + realm that is used for Che. Override this when an external + Identity Provider is in use. See the `externalIdentityProvider` + field. When omitted or left blank, it is set to the value + of the `flavour` field. + type: string + identityProviderRoute: + description: Route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderSecret: + description: 'The secret that contains `user` and `password` + for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. When the value + is omitted or left blank, the one of following scenarios applies: + 1. `identityProviderAdminUserName` and `identityProviderPassword` + are defined, then they will be used. 2. `identityProviderAdminUserName` + or `identityProviderPassword` are not defined, then a new + secret with the name `che-identity-secret` will be created + with default value `admin` for `user` and with an auto-generated + value for `password`.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH-SSO server). Set this ONLY when a use of an external + Identity Provider is needed. See the `externalIdentityProvider` + field. By default, this will be automatically calculated and + set by the Operator. + type: string + initialOpenShiftOAuthUser: + description: For operating with the OpenShift OAuth authentication, + create a new user account since the kubeadmin can not be used. + If the value is true, then a new OpenShift OAuth user will + be created for the HTPasswd identity provider. If the value + is false and the user has already been created, then it will + be removed. If value is an empty, then do nothing. The user's + credentials are stored in the `openshift-oauth-user-credentials` + secret in 'openshift-config' namespace by Operator. Note that + this solution is Openshift 4 platform-specific. + type: boolean + nativeUserMode: + description: Enables native user mode. Currently works only + on OpenShift and DevWorkspace engine. Native User mode uses + OpenShift OAuth directly as identity provider, without Keycloak. + type: boolean + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used + to setup identity federation on the OpenShift side. Auto-generated + when left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift + side. Auto-generated when left blank. See also the `OAuthClientName` + field. + type: string + openShiftoAuth: + description: 'Enables the integration of the identity provider + (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift + by default. This will allow users to directly login with their + OpenShift user through the OpenShift login, and have their + workspaces created under personal OpenShift namespaces. WARNING: + the `kubeadmin` user is NOT supported, and logging through + it will NOT allow accessing the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Forces the default `admin` Che user to update password + on first login. Defaults to `false`. + type: boolean + type: object + database: + description: Configuration settings related to the database used + by the Che installation. + properties: + chePostgresContainerResources: + description: PostgreSQL container custom settings + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + chePostgresDb: + description: PostgreSQL database name that the Che server uses + to connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: PostgreSQL Database host name that the Che server + uses to connect to. Defaults is `postgres`. Override this + value ONLY when using an external database. See field `externalDb`. + In the default case it will be automatically set by the Operator. + type: string + chePostgresPassword: + description: PostgreSQL password that the Che server uses to + connect to the DB. When omitted or left blank, it will be + set to an automatically generated value. + type: string + chePostgresPort: + description: PostgreSQL Database port that the Che server uses + to connect to. Defaults to 5432. Override this value ONLY + when using an external database. See field `externalDb`. In + the default case it will be automatically set by the Operator. + type: string + chePostgresSecret: + description: 'The secret that contains PostgreSQL`user` and + `password` that the Che server uses to connect to the DB. + When the secret is defined, the `chePostgresUser` and `chePostgresPassword` + are ignored. When the value is omitted or left blank, the + one of following scenarios applies: 1. `chePostgresUser` and + `chePostgresPassword` are defined, then they will be used + to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` + are not defined, then a new secret with the name `che-postgres-secret` + will be created with default value of `pgche` for `user` and + with an auto-generated value for `password`.' + type: string + chePostgresUser: + description: PostgreSQL user that the Che server uses to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the Operator on whether to deploy a + dedicated database. By default, a dedicated PostgreSQL database + is deployed as part of the Che installation. When `externalDb` + is `true`, no dedicated database will be deployed by the Operator + and you will need to provide connection details to the external + DB you are about to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresImage: + description: Overrides the container image used in the PostgreSQL + database deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the PostgreSQL + database deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + type: object + devWorkspace: + description: DevWorkspace operator configuration + properties: + controllerImage: + description: Overrides the container image used in the DevWorkspace + controller deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + enable: + description: Deploys the DevWorkspace Operator in the cluster. + Does nothing when a matching version of the Operator is already + installed. Fails when a non-matching version of the Operator + is already installed. + type: boolean + required: + - enable + type: object + imagePuller: + description: Kubernetes Image Puller configuration + properties: + enable: + description: Install and configure the Community Supported Kubernetes + Image Puller Operator. When set to `true` and no spec is provided, + it will create a default KubernetesImagePuller object to be + managed by the Operator. When set to `false`, the KubernetesImagePuller + object will be deleted, and the Operator will be uninstalled, + regardless of whether a spec is provided. If the `spec.images` + field is empty, a set of recommended workspace-related images + will be automatically detected and pre-pulled after installation. + Note that while this Operator and its behavior is community-supported, + its payload may be commercially-supported for pulling commercially-supported + images. + type: boolean + spec: + description: A KubernetesImagePullerSpec to configure the image + puller in the CheCluster + properties: + cachingCPULimit: + type: string + cachingCPURequest: + type: string + cachingIntervalHours: + type: string + cachingMemoryLimit: + type: string + cachingMemoryRequest: + type: string + configMapName: + type: string + daemonsetName: + type: string + deploymentName: + type: string + imagePullSecrets: + type: string + images: + type: string + nodeSelector: + type: string + type: object + required: + - enable + type: object + k8s: + description: Configuration settings specific to Che installations + made on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controller + will manage ingresses. Defaults to `nginx`. NB: This drives + the `kubernetes.io/ingress.class` annotation on Che-related + ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a Kubernetes cluster. + This MUST be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: 'Strategy for ingress creation. Options are: `multi-host` + (host is explicitly provided in ingress), `single-host` (host + is provided, path-based rules) and `default-host` (no host + is provided, path-based rules). Defaults to `multi-host` Deprecated + in favor of `serverExposureStrategy` in the `server` section, + which defines this regardless of the cluster type. When both + are defined, the `serverExposureStrategy` option takes precedence.' + type: string + securityContextFsGroup: + description: The FSGroup in which the Che Pod and workspace + Pods containers runs in. Default value is `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che Pod and workspace Pods containers + run as. Default value is `1724`. + type: string + singleHostExposureType: + description: When the serverExposureStrategy is set to `single-host`, + the way the server, registries and workspaces are exposed + is further configured by this property. The possible values + are `native`, which means that the server and workspaces are + exposed using ingresses on K8s or `gateway` where the server + and workspaces are exposed using a custom gateway based on + link:https://doc.traefik.io/traefik/[Traefik]. All the endpoints + whether backed by the ingress or gateway `route` always point + to the subpaths on the same domain. Defaults to `native`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination when TLS is enabled. When the field is empty + string, the default cluster certificate will be used. See + also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` the Che server endpoint. Default + to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server + and the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional host name, or URL, to an alternate container + registry to pull images from. This value overrides the container + registry host name defined in all the default container images + involved in a Che deployment. This is particularly useful + to install Che in a restricted environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container + images involved in a Che deployment. This is particularly + useful to install Eclipse Che in a restricted environment. + type: string + allowUserDefinedWorkspaceNamespaces: + description: Deprecated. The value of this flag is ignored. + Defines that a user is allowed to specify a Kubernetes namespace, + or an OpenShift project, which differs from the default. It's + NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. + The OpenShift infrastructure also uses this property. + type: boolean + cheClusterRoles: + description: A comma-separated list of ClusterRoles that will + be assigned to Che ServiceAccount. Be aware that the Che Operator + has to already have all permissions in these ClusterRoles + to grant them. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults + to `false`. + type: string + cheFlavor: + description: Specifies a variation of the installation. The + options are `che` for upstream Che installations, or `codeready` + for link:https://developers.redhat.com/products/codeready-workspaces/overview[CodeReady + Workspaces] installation. Override the default value only + on necessary occasions. + type: string + cheHost: + description: Public host name of the installed Che server. When + value is omitted, the value it will be automatically set by + the Operator. See the `cheHostTLSSecret` field. + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress or route for the custom host name of the installed + Che server. See the `cheHost` field. + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or + leave it empty to use the default container image provided + by the Operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in + Che deployment. Omit it or leave it empty to use the default + image tag provided by the Operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. + Defaults to `INFO`.' + type: string + cheServerIngress: + description: The Che server ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheServerRoute: + description: The Che server route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che + workspaces. The default roles are used when omitted or left + blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will + be applied in the generated `che` ConfigMap to be used by + the Che server, in addition to the values already generated + from other fields of the `CheCluster` custom resource (CR). + When `customCheProperties` contains a property that would + be normally generated in `che` ConfigMap from other CR fields, + the value defined in the `customCheProperties` is used instead. + type: object + dashboardCpuLimit: + description: Overrides the CPU limit used in the dashboard deployment. + In cores. (500m = .5 cores). Default to 500m. + type: string + dashboardCpuRequest: + description: Overrides the CPU request used in the dashboard + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + dashboardImage: + description: Overrides the container image used in the dashboard + deployment. This includes the image tag. Omit it or leave + it empty to use the default container image provided by the + Operator. + type: string + dashboardImagePullPolicy: + description: Overrides the image pull policy used in the dashboard + deployment. Default value is `Always` for `nightly`, `next` + or `latest` images, and `IfNotPresent` in other cases. + type: string + dashboardIngress: + description: Dashboard ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + dashboardMemoryLimit: + description: Overrides the memory limit used in the dashboard + deployment. Defaults to 256Mi. + type: string + dashboardMemoryRequest: + description: Overrides the memory request used in the dashboard + deployment. Defaults to 16Mi. + type: string + dashboardRoute: + description: Dashboard route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryCpuLimit: + description: Overrides the CPU limit used in the devfile registry + deployment. In cores. (500m = .5 cores). Default to 500m. + type: string + devfileRegistryCpuRequest: + description: Overrides the CPU request used in the devfile registry + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + devfileRegistryImage: + description: Overrides the container image used in the devfile + registry deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + devfileRegistryIngress: + description: The devfile registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the devfile + registry deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the devfile + registry deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the devfile + registry deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryRoute: + description: The devfile registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryUrl: + description: Deprecated in favor of `externalDevfileRegistries` + fields. + type: string + disableInternalClusterSVCNames: + description: Disable internal cluster SVC names usage to communicate + between components to speed up the traffic and avoid proxy + issues. + type: boolean + externalDevfileRegistries: + description: External devfile registries, that serves sample, + ready-to-use devfiles. Configure this in addition to a dedicated + devfile registry (when `externalDevfileRegistry` is `false`) + or instead of it (when `externalDevfileRegistry` is `true`) + items: + description: Settings for a configuration of the external + devfile registries. + properties: + url: + description: Public URL of the devfile registry. + type: string + type: object + type: array + externalDevfileRegistry: + description: Instructs the Operator on whether to deploy a dedicated + devfile registry server. By default, a dedicated devfile registry + server is started. When `externalDevfileRegistry` is `true`, + no such dedicated server will be started by the Operator and + configure at least one devfile registry with `externalDevfileRegistries` + field. + type: boolean + externalPluginRegistry: + description: Instructs the Operator on whether to deploy a dedicated + plugin registry server. By default, a dedicated plugin registry + server is started. When `externalPluginRegistry` is `true`, + no such dedicated server will be started by the Operator and + you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: When enabled, the certificate from `che-git-self-signed-cert` + ConfigMap will be propagated to the Che components and provide + particular configuration for Git. + type: boolean + nonProxyHosts: + description: 'List of hosts that will be reached directly, bypassing + the proxy. Specify wild card domain use the following form + `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional + configuration is required, but defining `nonProxyHosts` in + a custom resource leads to merging non proxy hosts lists from + the cluster proxy configuration and ones defined in the custom + resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. + See also the `proxyURL` fields.' + type: string + pluginRegistryCpuLimit: + description: Overrides the CPU limit used in the plugin registry + deployment. In cores. (500m = .5 cores). Default to 500m. + type: string + pluginRegistryCpuRequest: + description: Overrides the CPU request used in the plugin registry + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + pluginRegistryImage: + description: Overrides the container image used in the plugin + registry deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + pluginRegistryIngress: + description: Plugin registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the plugin registry + deployment. Defaults to 256Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the plugin + registry deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the plugin + registry deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryRoute: + description: Plugin registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryUrl: + description: Public URL of the plugin registry that serves sample + ready-to-use devfiles. Set this ONLY when a use of an external + devfile registry is needed. See the `externalPluginRegistry` + field. By default, this will be automatically calculated by + the Operator. + type: string + proxyPassword: + description: Password of the proxy server. Only use when proxy + configuration is required. See the `proxyURL`, `proxyUser` + and `proxySecret` fields. + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL` and `nonProxyHosts` + fields. + type: string + proxySecret: + description: The secret that contains `user` and `password` + for a proxy server. When the secret is defined, the `proxyUser` + and `proxyPassword` are ignored. + type: string + proxyURL: + description: URL (protocol+host name) of the proxy server. This + drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only + use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional + configuration is required, but defining `proxyUrl` in a custom + resource leads to overrides the cluster proxy configuration + with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` + from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. + See also the `proxyPort` and `nonProxyHosts` fields. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL`, `proxyPassword` + and `proxySecret` fields. + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. + The Che Operator will automatically detect whether the router + certificate is self-signed and propagate it to other components, + such as the Che server. + type: boolean + serverCpuLimit: + description: Overrides the CPU limit used in the Che server + deployment In cores. (500m = .5 cores). Default to 1. + type: string + serverCpuRequest: + description: Overrides the CPU request used in the Che server + deployment In cores. (500m = .5 cores). Default to 100m. + type: string + serverExposureStrategy: + description: Sets the server and workspaces exposure type. Possible + values are `multi-host`, `single-host`, `default-host`. Defaults + to `multi-host`, which creates a separate ingress, or OpenShift + routes, for every required endpoint. `single-host` makes Che + exposed on a single host name with workspaces exposed on subpaths. + Read the docs to learn about the limitations of this approach. + Also consult the `singleHostExposureType` property to further + configure how the Operator and the Che server make that happen + on Kubernetes. `default-host` exposes the Che server on the + host of the cluster. Read the docs to learn about the limitations + of this approach. + type: string + serverMemoryLimit: + description: Overrides the memory limit used in the Che server + deployment. Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the ConfigMap with public certificates + to add to Java trust store of the Che server. This is often + required when adding the OpenShift OAuth provider, which has + HTTPS endpoint signed with self-signed cert. The Che server + must be aware of its CA cert to be able to request it. This + is disabled by default. + type: string + singleHostGatewayConfigMapLabels: + additionalProperties: + type: string + description: The labels that need to be present in the ConfigMaps + representing the gateway configuration. + type: object + singleHostGatewayConfigSidecarImage: + description: The image used for the gateway sidecar that provides + configuration to the gateway. Omit it or leave it empty to + use the default container image provided by the Operator. + type: string + singleHostGatewayImage: + description: The image used for the gateway in the single host + mode. Omit it or leave it empty to use the default container + image provided by the Operator. + type: string + tlsSupport: + description: Deprecated. Instructs the Operator to deploy Che + in TLS mode. This is enabled by default. Disabling TLS sometimes + cause malfunction of some Che components. + type: boolean + useInternalClusterSVCNames: + description: Deprecated in favor of `disableInternalClusterSVCNames`. + type: boolean + workspaceNamespaceDefault: + description: Defines Kubernetes default namespace in which user's + workspaces are created for a case when a user does not override + it. It's possible to use ``, `` and `` + placeholders, such as che-workspace-. In that case, + a new namespace will be created for each user or workspace. + type: string + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the PostgreSQL database. When omitted or left blank, a + default storage class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to start a special Pod + to pre-create a sub-path in the Persistent Volumes. Defaults + to `false`, however it will need to enable it according to + the configuration of your Kubernetes cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `10Gi`. + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit + it or leave it empty to use the default container image provided + by the Operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), + `per-workspace` (one PVC per workspace for all declared volumes) + and `unique` (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims + dedicated to the Che workspaces. When omitted or left blank, + a default storage class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + type: string + cheURL: + description: Public URL to the Che server. + type: string + cheVersion: + description: Current installed Che version. + type: string + dbProvisioned: + description: Indicates that a PostgreSQL instance has been correctly + provisioned or not. + type: boolean + devfileRegistryURL: + description: Public URL to the devfile registry. + type: string + devworkspaceStatus: + description: The status of the Devworkspace subsystem + properties: + gatewayHost: + description: GatewayHost is the resolved host of the ingress/route. + This is equal to the Host in the spec on Kubernetes but contains + the actual host name of the route if Host is unspecified on + OpenShift. + type: string + gatewayPhase: + description: GatewayPhase specifies the phase in which the gateway + deployment currently is. If the gateway is disabled, the phase + is "Inactive". + type: string + message: + description: Message contains further human-readable info for + why the Che cluster is in the phase it currently is. + type: string + phase: + description: Phase is the phase in which the Che cluster as + a whole finds itself in. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Che cluster is in this state. + type: string + workspaceBaseDomain: + description: The resolved workspace base domain. This is either + the copy of the explicitly defined property of the same name + in the spec or, if it is undefined in the spec and we're running + on OpenShift, the automatically resolved basedomain for routes. + type: string + type: object + gitHubOAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the GitHub OAuth. + type: boolean + helpLink: + description: A URL that points to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been provisioned with realm, client and user. + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server, Keycloak + or RH-SSO,. + type: string + message: + description: A human readable message indicating details about why + the Pod is in this condition. + type: string + openShiftOAuthUserCredentialsSecret: + description: OpenShift OAuth secret in `openshift-config` namespace + that contains user credentials for HTPasswd identity provider. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the OpenShift + OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the plugin registry. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Pod is in this state. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + preserveUnknownFields: false +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/metadata/annotations.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/metadata/annotations.yaml new file mode 100644 index 000000000..f8882e1be --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/metadata/annotations.yaml @@ -0,0 +1,17 @@ +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: eclipse-che-preview-openshift + operators.operatorframework.io.bundle.channels.v1: next-all-namespaces + operators.operatorframework.io.bundle.channel.default.v1: next-all-namespaces + operators.operatorframework.io.metrics.builder: operator-sdk-v1.6.1+git + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + operators.operatorframework.io.test.mediatype.v1: scorecard+v1 + operators.operatorframework.io.test.config.v1: tests/scorecard/ + + com.redhat.openshift.versions: "v4.8" diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/metadata/dependencies.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/metadata/dependencies.yaml new file mode 100644 index 000000000..a195e3716 --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/metadata/dependencies.yaml @@ -0,0 +1,5 @@ +dependencies: +- type: olm.package + value: + packageName: devworkspace-operator + version: ">=0.8.0" diff --git a/bundle/next-all-namespaces/eclipse-che-preview-openshift/tests/scorecard/config.yaml b/bundle/next-all-namespaces/eclipse-che-preview-openshift/tests/scorecard/config.yaml new file mode 100644 index 000000000..b12293c4f --- /dev/null +++ b/bundle/next-all-namespaces/eclipse-che-preview-openshift/tests/scorecard/config.yaml @@ -0,0 +1,49 @@ +apiVersion: scorecard.operatorframework.io/v1alpha3 +kind: Configuration +metadata: + name: config +stages: +- parallel: true + tests: + - entrypoint: + - scorecard-test + - basic-check-spec + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: basic + test: basic-check-spec-test + - entrypoint: + - scorecard-test + - olm-bundle-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-bundle-validation-test + - entrypoint: + - scorecard-test + - olm-crds-have-validation + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-validation-test + - entrypoint: + - scorecard-test + - olm-crds-have-resources + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-crds-have-resources-test + - entrypoint: + - scorecard-test + - olm-spec-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-spec-descriptors-test + - entrypoint: + - scorecard-test + - olm-status-descriptors + image: quay.io/operator-framework/scorecard-test:v1.7.1 + labels: + suite: olm + test: olm-status-descriptors-test