seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: seg_yinzy:7.79.0
Branches Tags
seg_yinzy:main
seg_yinzy:gh-pages
seg_yinzy:CRW-6352
seg_yinzy:7.86.x
seg_yinzy:dependabot/go_modules/golang.org/x/net-0.23.0
seg_yinzy:CRW-3185
seg_yinzy:7.85.x
seg_yinzy:pr-update-base-images-1713549801
seg_yinzy:7.84.x
seg_yinzy:7.83.x
seg_yinzy:7.82.x
seg_yinzy:7.81.x
seg_yinzy:7.80.x
seg_yinzy:7.79.x
seg_yinzy:7.78.x
seg_yinzy:7.77.x
seg_yinzy:pr-update-base-images-1700177463
seg_yinzy:pr-update-base-images-1700177788
seg_yinzy:pr-update-base-images-1700176597
seg_yinzy:7.74.x
seg_yinzy:7.76.x
seg_yinzy:pr-update-base-images-1698337505
seg_yinzy:pr-update-base-images-1697848323
seg_yinzy:7.75.x
seg_yinzy:7.73.x
seg_yinzy:7.72.x
seg_yinzy:7.71.x
seg_yinzy:7.67.x
seg_yinzy:7.70.x
seg_yinzy:7.69.x
seg_yinzy:7.68.x
seg_yinzy:7.66.x
seg_yinzy:7.65.x
seg_yinzy:7.64.x
seg_yinzy:7.63.x
seg_yinzy:7.62.x
seg_yinzy:7.60.x
seg_yinzy:7.61.x
seg_yinzy:7.58.x
seg_yinzy:7.59.x
seg_yinzy:7.52.x
seg_yinzy:7.57.x
seg_yinzy:7.56.x
seg_yinzy:7.55.x
seg_yinzy:7.54.x
seg_yinzy:7.53.x
seg_yinzy:7.50.x
seg_yinzy:7.46.x
seg_yinzy:7.48.x
seg_yinzy:7.51.x
seg_yinzy:7.50
seg_yinzy:7.49.x
seg_yinzy:7.47.x
seg_yinzy:7.44.x
seg_yinzy:7.42.x
seg_yinzy:7.45.x
seg_yinzy:7.43.x
seg_yinzy:7.41
seg_yinzy:7.41.x
seg_yinzy:7.40.x
seg_yinzy:7.39.x
seg_yinzy:7.38.x
seg_yinzy:7.36.x
seg_yinzy:7.37.x
seg_yinzy:7.35.x
seg_yinzy:7.34.x
seg_yinzy:7.33.x
seg_yinzy:7.32.x
seg_yinzy:7.30.x
seg_yinzy:7.31.x
seg_yinzy:7.29.x
seg_yinzy:7.28.x
seg_yinzy:7.27.x
seg_yinzy:7.26.x
seg_yinzy:7.25.x
seg_yinzy:7.24.x
seg_yinzy:7.23.x
seg_yinzy:7.22.x
seg_yinzy:7.20.x
seg_yinzy:7.21.x
seg_yinzy:7.19.x
seg_yinzy:7.18.x
seg_yinzy:7.17.x
seg_yinzy:7.16.x
seg_yinzy:7.15.x
seg_yinzy:7.14.x
seg_yinzy:7.13.x
seg_yinzy:7.13.1
seg_yinzy:7.9.x
seg_yinzy:7.13.0
seg_yinzy:7.12.x
seg_yinzy:7.12.2
seg_yinzy:7.12.1
seg_yinzy:7.12.0
seg_yinzy:7.9.3
seg_yinzy:7.9.2
seg_yinzy:7.10.0
seg_yinzy:7.9.1
seg_yinzy:7.8.0
seg_yinzy:7.7.0
seg_yinzy:7.6.0
seg_yinzy:7.3.2
seg_yinzy:7.4.0
seg_yinzy:7.3.1
seg_yinzy:7.3.0
seg_yinzy:1.x
seg_yinzy:6.18.x
seg_yinzy:7.86.0
seg_yinzy:7.85.0
seg_yinzy:7.84.0
seg_yinzy:7.83.0
seg_yinzy:7.82.0
seg_yinzy:7.81.0
seg_yinzy:7.80.0
seg_yinzy:7.79.0
seg_yinzy:7.78.0
seg_yinzy:7.77.0
seg_yinzy:7.76.0
seg_yinzy:7.75.0
seg_yinzy:7.74.0
seg_yinzy:7.73.0
seg_yinzy:7.72.0
seg_yinzy:7.71.0
seg_yinzy:7.70.0
seg_yinzy:7.69.0
seg_yinzy:7.68.0
seg_yinzy:7.67.0
seg_yinzy:7.66.0
seg_yinzy:7.65.0
seg_yinzy:7.64.0
seg_yinzy:7.63.0
seg_yinzy:7.62.0
seg_yinzy:7.61.0
seg_yinzy:7.60.1
seg_yinzy:7.60.0
seg_yinzy:7.59.0
seg_yinzy:7.58.0
seg_yinzy:7.57.0
seg_yinzy:7.56.0
seg_yinzy:7.55.0
seg_yinzy:7.54.0
seg_yinzy:7.53.0
seg_yinzy:7.52.0
seg_yinzy:7.51.0
seg_yinzy:7.50.0
seg_yinzy:7.49.0
seg_yinzy:7.48.1
seg_yinzy:7.47.0
seg_yinzy:7.46.0
seg_yinzy:7.45.0
seg_yinzy:7.44.0
seg_yinzy:7.43.0
seg_yinzy:7.42.0
seg_yinzy:7.41.2
seg_yinzy:7.41.1
seg_yinzy:7.41.0
seg_yinzy:7.40.2
seg_yinzy:7.40.1
seg_yinzy:7.40.0
seg_yinzy:7.39.2
seg_yinzy:7.39.1
seg_yinzy:7.39.0
seg_yinzy:7.38.2
seg_yinzy:7.38.1
seg_yinzy:7.38.0
seg_yinzy:7.37.2
seg_yinzy:7.37.1
seg_yinzy:7.37.0
seg_yinzy:7.36.2
seg_yinzy:7.36.1
seg_yinzy:7.36.0
seg_yinzy:7.35.2
seg_yinzy:7.35.1
seg_yinzy:7.35.0
seg_yinzy:7.34.2
seg_yinzy:7.34.1
seg_yinzy:7.34.0
seg_yinzy:7.33.2
seg_yinzy:7.33.1
seg_yinzy:7.33.0
seg_yinzy:7.32.2
seg_yinzy:7.32.1
seg_yinzy:7.32.0
seg_yinzy:7.31.2
seg_yinzy:7.31.1
seg_yinzy:7.31.0
seg_yinzy:7.30.2
seg_yinzy:7.30.1
seg_yinzy:7.30.0
seg_yinzy:7.29.2
seg_yinzy:7.29.1
seg_yinzy:7.29.0
seg_yinzy:7.28.2
seg_yinzy:7.28.1
seg_yinzy:7.28.0
seg_yinzy:7.27.2
seg_yinzy:7.27.1
seg_yinzy:7.27.0
seg_yinzy:7.26.2
seg_yinzy:7.26.1
seg_yinzy:7.26.0
seg_yinzy:7.25.2
seg_yinzy:7.25.1
seg_yinzy:7.25.0
seg_yinzy:7.24.2
seg_yinzy:7.24.1
seg_yinzy:7.24.0
seg_yinzy:7.23.2
seg_yinzy:7.23.1
seg_yinzy:7.23.0
seg_yinzy:7.22.2
seg_yinzy:7.22.1
seg_yinzy:7.22.0
seg_yinzy:7.21.2
seg_yinzy:7.21.1
seg_yinzy:7.21.0
seg_yinzy:7.20.1
seg_yinzy:7.20.0
seg_yinzy:7.19.2
seg_yinzy:7.19.1
seg_yinzy:7.19.0
seg_yinzy:v7.18.2
seg_yinzy:v7.18.1
seg_yinzy:v7.18.0
seg_yinzy:v7.17.2
seg_yinzy:v7.17.1
seg_yinzy:v7.17.0
seg_yinzy:2.3.0.GA
seg_yinzy:v7.16.2
seg_yinzy:v7.16.1
seg_yinzy:v7.16.0
seg_yinzy:v7.15.2
seg_yinzy:v7.15.1
seg_yinzy:v7.15.0
seg_yinzy:2.2.0.GA
seg_yinzy:v7.14.3
seg_yinzy:v7.14.2
seg_yinzy:v7.14.1
seg_yinzy:v7.13.2
seg_yinzy:v7.13.1
seg_yinzy:v7.13.0
seg_yinzy:v7.12.2
seg_yinzy:tags/7.12.1
seg_yinzy:tags/7.12.0
seg_yinzy:2.1.1.GA
seg_yinzy:tags/7.9.3
seg_yinzy:7.11.0
seg_yinzy:2.1.0.GA
seg_yinzy:tags/7.9.2
seg_yinzy:tags/7.10.0
seg_yinzy:tags/7.9.1
seg_yinzy:7.9.0
seg_yinzy:tags/7.8.0
seg_yinzy:7.7.1
seg_yinzy:tags/7.7.0
seg_yinzy:tags/7.6.0
seg_yinzy:2.0.0.GA
seg_yinzy:tags/7.3.2
seg_yinzy:tags/7.4.0
seg_yinzy:tags/7.3.1
seg_yinzy:tags/7.3.0
seg_yinzy:7.2.0
seg_yinzy:1.2.2.GA
seg_yinzy:7.1.0
seg_yinzy:7.0.0
seg_yinzy:7.0.0-rc-4.0
seg_yinzy:7.0.0-RC-2.0
seg_yinzy:1.2.0.GA
seg_yinzy:1.1.0.GA
seg_yinzy:1.0.2.GA
seg_yinzy:6.19.2
seg_yinzy:1.0.1.GA
...
compare: seg_yinzy:main
Branches Tags
seg_yinzy:main
seg_yinzy:gh-pages
seg_yinzy:CRW-6352
seg_yinzy:7.86.x
seg_yinzy:dependabot/go_modules/golang.org/x/net-0.23.0
seg_yinzy:CRW-3185
seg_yinzy:7.85.x
seg_yinzy:pr-update-base-images-1713549801
seg_yinzy:7.84.x
seg_yinzy:7.83.x
seg_yinzy:7.82.x
seg_yinzy:7.81.x
seg_yinzy:7.80.x
seg_yinzy:7.79.x
seg_yinzy:7.78.x
seg_yinzy:7.77.x
seg_yinzy:pr-update-base-images-1700177463
seg_yinzy:pr-update-base-images-1700177788
seg_yinzy:pr-update-base-images-1700176597
seg_yinzy:7.74.x
seg_yinzy:7.76.x
seg_yinzy:pr-update-base-images-1698337505
seg_yinzy:pr-update-base-images-1697848323
seg_yinzy:7.75.x
seg_yinzy:7.73.x
seg_yinzy:7.72.x
seg_yinzy:7.71.x
seg_yinzy:7.67.x
seg_yinzy:7.70.x
seg_yinzy:7.69.x
seg_yinzy:7.68.x
seg_yinzy:7.66.x
seg_yinzy:7.65.x
seg_yinzy:7.64.x
seg_yinzy:7.63.x
seg_yinzy:7.62.x
seg_yinzy:7.60.x
seg_yinzy:7.61.x
seg_yinzy:7.58.x
seg_yinzy:7.59.x
seg_yinzy:7.52.x
seg_yinzy:7.57.x
seg_yinzy:7.56.x
seg_yinzy:7.55.x
seg_yinzy:7.54.x
seg_yinzy:7.53.x
seg_yinzy:7.50.x
seg_yinzy:7.46.x
seg_yinzy:7.48.x
seg_yinzy:7.51.x
seg_yinzy:7.50
seg_yinzy:7.49.x
seg_yinzy:7.47.x
seg_yinzy:7.44.x
seg_yinzy:7.42.x
seg_yinzy:7.45.x
seg_yinzy:7.43.x
seg_yinzy:7.41
seg_yinzy:7.41.x
seg_yinzy:7.40.x
seg_yinzy:7.39.x
seg_yinzy:7.38.x
seg_yinzy:7.36.x
seg_yinzy:7.37.x
seg_yinzy:7.35.x
seg_yinzy:7.34.x
seg_yinzy:7.33.x
seg_yinzy:7.32.x
seg_yinzy:7.30.x
seg_yinzy:7.31.x
seg_yinzy:7.29.x
seg_yinzy:7.28.x
seg_yinzy:7.27.x
seg_yinzy:7.26.x
seg_yinzy:7.25.x
seg_yinzy:7.24.x
seg_yinzy:7.23.x
seg_yinzy:7.22.x
seg_yinzy:7.20.x
seg_yinzy:7.21.x
seg_yinzy:7.19.x
seg_yinzy:7.18.x
seg_yinzy:7.17.x
seg_yinzy:7.16.x
seg_yinzy:7.15.x
seg_yinzy:7.14.x
seg_yinzy:7.13.x
seg_yinzy:7.13.1
seg_yinzy:7.9.x
seg_yinzy:7.13.0
seg_yinzy:7.12.x
seg_yinzy:7.12.2
seg_yinzy:7.12.1
seg_yinzy:7.12.0
seg_yinzy:7.9.3
seg_yinzy:7.9.2
seg_yinzy:7.10.0
seg_yinzy:7.9.1
seg_yinzy:7.8.0
seg_yinzy:7.7.0
seg_yinzy:7.6.0
seg_yinzy:7.3.2
seg_yinzy:7.4.0
seg_yinzy:7.3.1
seg_yinzy:7.3.0
seg_yinzy:1.x
seg_yinzy:6.18.x
seg_yinzy:7.86.0
seg_yinzy:7.85.0
seg_yinzy:7.84.0
seg_yinzy:7.83.0
seg_yinzy:7.82.0
seg_yinzy:7.81.0
seg_yinzy:7.80.0
seg_yinzy:7.79.0
seg_yinzy:7.78.0
seg_yinzy:7.77.0
seg_yinzy:7.76.0
seg_yinzy:7.75.0
seg_yinzy:7.74.0
seg_yinzy:7.73.0
seg_yinzy:7.72.0
seg_yinzy:7.71.0
seg_yinzy:7.70.0
seg_yinzy:7.69.0
seg_yinzy:7.68.0
seg_yinzy:7.67.0
seg_yinzy:7.66.0
seg_yinzy:7.65.0
seg_yinzy:7.64.0
seg_yinzy:7.63.0
seg_yinzy:7.62.0
seg_yinzy:7.61.0
seg_yinzy:7.60.1
seg_yinzy:7.60.0
seg_yinzy:7.59.0
seg_yinzy:7.58.0
seg_yinzy:7.57.0
seg_yinzy:7.56.0
seg_yinzy:7.55.0
seg_yinzy:7.54.0
seg_yinzy:7.53.0
seg_yinzy:7.52.0
seg_yinzy:7.51.0
seg_yinzy:7.50.0
seg_yinzy:7.49.0
seg_yinzy:7.48.1
seg_yinzy:7.47.0
seg_yinzy:7.46.0
seg_yinzy:7.45.0
seg_yinzy:7.44.0
seg_yinzy:7.43.0
seg_yinzy:7.42.0
seg_yinzy:7.41.2
seg_yinzy:7.41.1
seg_yinzy:7.41.0
seg_yinzy:7.40.2
seg_yinzy:7.40.1
seg_yinzy:7.40.0
seg_yinzy:7.39.2
seg_yinzy:7.39.1
seg_yinzy:7.39.0
seg_yinzy:7.38.2
seg_yinzy:7.38.1
seg_yinzy:7.38.0
seg_yinzy:7.37.2
seg_yinzy:7.37.1
seg_yinzy:7.37.0
seg_yinzy:7.36.2
seg_yinzy:7.36.1
seg_yinzy:7.36.0
seg_yinzy:7.35.2
seg_yinzy:7.35.1
seg_yinzy:7.35.0
seg_yinzy:7.34.2
seg_yinzy:7.34.1
seg_yinzy:7.34.0
seg_yinzy:7.33.2
seg_yinzy:7.33.1
seg_yinzy:7.33.0
seg_yinzy:7.32.2
seg_yinzy:7.32.1
seg_yinzy:7.32.0
seg_yinzy:7.31.2
seg_yinzy:7.31.1
seg_yinzy:7.31.0
seg_yinzy:7.30.2
seg_yinzy:7.30.1
seg_yinzy:7.30.0
seg_yinzy:7.29.2
seg_yinzy:7.29.1
seg_yinzy:7.29.0
seg_yinzy:7.28.2
seg_yinzy:7.28.1
seg_yinzy:7.28.0
seg_yinzy:7.27.2
seg_yinzy:7.27.1
seg_yinzy:7.27.0
seg_yinzy:7.26.2
seg_yinzy:7.26.1
seg_yinzy:7.26.0
seg_yinzy:7.25.2
seg_yinzy:7.25.1
seg_yinzy:7.25.0
seg_yinzy:7.24.2
seg_yinzy:7.24.1
seg_yinzy:7.24.0
seg_yinzy:7.23.2
seg_yinzy:7.23.1
seg_yinzy:7.23.0
seg_yinzy:7.22.2
seg_yinzy:7.22.1
seg_yinzy:7.22.0
seg_yinzy:7.21.2
seg_yinzy:7.21.1
seg_yinzy:7.21.0
seg_yinzy:7.20.1
seg_yinzy:7.20.0
seg_yinzy:7.19.2
seg_yinzy:7.19.1
seg_yinzy:7.19.0
seg_yinzy:v7.18.2
seg_yinzy:v7.18.1
seg_yinzy:v7.18.0
seg_yinzy:v7.17.2
seg_yinzy:v7.17.1
seg_yinzy:v7.17.0
seg_yinzy:2.3.0.GA
seg_yinzy:v7.16.2
seg_yinzy:v7.16.1
seg_yinzy:v7.16.0
seg_yinzy:v7.15.2
seg_yinzy:v7.15.1
seg_yinzy:v7.15.0
seg_yinzy:2.2.0.GA
seg_yinzy:v7.14.3
seg_yinzy:v7.14.2
seg_yinzy:v7.14.1
seg_yinzy:v7.13.2
seg_yinzy:v7.13.1
seg_yinzy:v7.13.0
seg_yinzy:v7.12.2
seg_yinzy:tags/7.12.1
seg_yinzy:tags/7.12.0
seg_yinzy:2.1.1.GA
seg_yinzy:tags/7.9.3
seg_yinzy:7.11.0
seg_yinzy:2.1.0.GA
seg_yinzy:tags/7.9.2
seg_yinzy:tags/7.10.0
seg_yinzy:tags/7.9.1
seg_yinzy:7.9.0
seg_yinzy:tags/7.8.0
seg_yinzy:7.7.1
seg_yinzy:tags/7.7.0
seg_yinzy:tags/7.6.0
seg_yinzy:2.0.0.GA
seg_yinzy:tags/7.3.2
seg_yinzy:tags/7.4.0
seg_yinzy:tags/7.3.1
seg_yinzy:tags/7.3.0
seg_yinzy:7.2.0
seg_yinzy:1.2.2.GA
seg_yinzy:7.1.0
seg_yinzy:7.0.0
seg_yinzy:7.0.0-rc-4.0
seg_yinzy:7.0.0-RC-2.0
seg_yinzy:1.2.0.GA
seg_yinzy:1.1.0.GA
seg_yinzy:1.0.2.GA
seg_yinzy:6.19.2
seg_yinzy:1.0.1.GA

39 Commits
7.79.0 ... main

Author SHA1 Message Date
dkwon17 c361102939 Add a fallback traefik router when there are no path matches 
Signed-off-by: dkwon17 <dakwon@redhat.com>
 2024-06-05 15:47:42 +02:00
Anatolii Bazko 36750ae52d
chore: Update controller-gen tool version to 0.14.0 (#1847) 
* chore: Update controller-gen tool version to 0.14.0

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-06-04 16:09:29 +02:00
Anatolii Bazko 618ad1f1a9
feat: Disable plugin registry if openVSX registry is configured (#1843) 
* feat: Disable plugin registry if openVSX registry is configured

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-06-04 10:42:53 +02:00
Anatolii Bazko 84673c8514
Use iconData and iconMediatype attributes for icon (#1845) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-05-28 15:59:14 +02:00
che-bot 9954335646
chore: Update from ubi8/go-toolset:1.20.12-5 to ubi8/go-toolset:1.21.9-3 (#1844) 
* chore: Update from ubi8/go-toolset:1.20.12-5 to ubi8/go-toolset:1.21.9-3

Signed-off-by: Nick Boldt <nboldt@redhat.com>

* chore: Update from ubi8-minimal:8.9-1161 to ubi8-minimal:8.10-896

Signed-off-by: Nick Boldt <nboldt@redhat.com>

---------

Signed-off-by: Nick Boldt <nboldt@redhat.com>
Co-authored-by: Nick Boldt <nboldt@redhat.com>
 2024-05-27 08:36:55 +02:00
Anatolii Bazko 634c6228bb
feat: Create editors definitions configmaps (#1838) 
* feat: Create editors definitions configmaps

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-05-20 14:20:59 +02:00
che-bot 5ad8b51f42
ci: Copy 7.86.0 csv to main (#1842) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-05-20 11:13:00 +02:00
Anatolii Bazko 726dc03a5d
chore(go.mod): Update operator dependencies (#1840) 
* chore(go.mod) Update operator dependencies

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-05-17 09:34:40 +02:00
Anatolii Bazko a5433b0678
fix: Documentation links (#1839) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-05-15 16:49:12 +02:00
Anatolii Bazko 1462520896
fix: dev resources (#1837) 
* fix: dev resources

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

* fix: test scripts

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

---------

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-05-14 17:24:18 +02:00
Greg Guydo 192216bf44
Check for Kubernetes secret name in oAuthSecret, fallback to plain text (#1836) 
* Check for Kubernetes secret name in oAuthSecret, fallback to plain text

* Removed logging, added test cases

* Update documentation

* cleaning up formatting

* update-dev-resources
 2024-05-14 16:54:20 +02:00
Anatolii Bazko e007fce1a4
fix: Add new line into annotation.yaml at the end of file (#1833) 
* fix: Add new line into annotation.yaml at the end of file

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

* Update dev resources

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

---------

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-04-25 12:52:48 +02:00
Anatolii Bazko 30be8cae93
fix: OpenShift doc link to cluster wide proxy (#1832) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-04-25 10:23:54 +02:00
che-bot af8d85a9e0
ci: Copy 7.85.0 csv to main (#1831) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-04-25 09:04:13 +02:00
che-bot f7e449764f
chore: Update from ubi8/go-toolset:1.20.10-10 to ubi8/go-toolset:1.20.12-5 (#1829) 
* chore: Update from ubi8/go-toolset:1.20.10-10 to ubi8/go-toolset:1.20.12-5

Signed-off-by: Nick Boldt <nboldt@redhat.com>

* chore: Update from ubi8-minimal:8.9-1108 to ubi8-minimal:8.9-1161

Signed-off-by: Nick Boldt <nboldt@redhat.com>

---------

Signed-off-by: Nick Boldt <nboldt@redhat.com>
Co-authored-by: Nick Boldt <nboldt@redhat.com>
 2024-04-22 09:14:33 +02:00
Anatolii Bazko 32974f029e
feat: Configure probes for che-gateway containers (#1825) 
* feat: Configure probes for che-gateway containers

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-04-17 15:22:41 +02:00
Anatolii Bazko 5ec5bc0d75
ci: replacing chectl installation scripts (#1826) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-04-17 14:00:24 +02:00
che-bot 31e39c87c9
ci: Copy 7.84.0 csv to main (#1824) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-04-04 15:37:03 +02:00
Anatolii Bazko a8249260c8
feat: Automation of the expected images to be used by ImagePuller (#1822) 
* feat: Retrieve default images from plugin & devfile registries

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-03-29 11:49:58 +01:00
Ilya Buziuk 822bda086a chore: Increase memory limit to 2Gi 
Signed-off-by: Ilya Buziuk <ibuziuk@redhat.com>
 2024-03-25 12:20:09 +01:00
che-bot 903ad387e0
ci: Copy 7.83.0 csv to main (#1820) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-03-18 09:31:49 +01:00
Samantha Dawley 9db78ac977
CRW-4824 Updating annotations for operators to meet new OpenShift requirements (#1816) 
* Updating annotations for operators to meet new OpenShift requirements

Signed-off-by: sdawley <sdawley@redhat.com>

* update version

* Switching tls-profiles to false

* Revert changes to bundle/stable

---------

Signed-off-by: sdawley <sdawley@redhat.com>
 2024-03-12 17:22:11 +01:00
Anatolii Bazko e2a42e4877
chore: Add storage size to devfile to make tests passed on minikube (#1815) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-03-07 15:26:11 +01:00
Anatolii Bazko d4d21a2535
chore: operator roles sanitizing (#1814) 
* chore: che-operator roles sanitizing

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-03-07 11:01:30 +01:00
che-bot 09e4471079
ci: Copy 7.82.0 csv to main (#1813) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-02-22 13:56:50 +01:00
Anatolii Bazko 76b21ea632
feat: Use registry.devfile.io by default in Eclipse Che (#1811) 
* feat: Use  registry.devfile.io by default in Eclipse Che

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-02-20 13:23:09 +01:00
Anatolii Bazko 1ae01423c1
feat: Add pods/portforward permissions (#1809) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-02-05 17:21:49 +01:00
che-bot aaa157b54c
ci: Copy 7.81.0 csv to main (#1808) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-02-01 15:18:25 +01:00
Mykhailo Kuznietsov 3a57a2e1f1
fix: fix typo in release script (#1806) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-02-01 14:14:04 +02:00
Angel Misevski f1740f833a
Update DevWorkspace Operator dependency to v0.25.0 (#1805) 
* Update DevWorkspace Operator dependency to v0.25.0

Signed-off-by: Angel Misevski <amisevsk@redhat.com>

* Vendor changes from updating to DWO 0.25

Signed-off-by: Angel Misevski <amisevsk@redhat.com>

---------

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
 2024-02-01 09:07:39 +01:00
Anatolii Bazko 44c3582f4f
feat: Don't reset the number of replicas on deployment update (#1804) 
* feat: Support HorizontalPodAutoscaler

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-01-29 15:10:56 +01:00
Anatolii Bazko 2aed070a00
fix: use the latest configbump image (#1803) 
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-01-25 12:13:04 +01:00
Anatolii Bazko 504f01e2d0
feat: sync Secrets, ConfigMaps and PersistentVolumesClaims to users n… (#1799) 
* feat: sync Secrets, ConfigMaps and PersistentVolumesClaims to users namespaces

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
 2024-01-24 12:12:52 +01:00
Angel Misevski d295ee1492 Update how too-long endpoint hostnames are handled 
Update the hostname format used for endpoints whose hostnames are too
long from

  <workspace-id>-<order>.<base-domain>

to

  <workspace-id>-<endpoint-name>.<base-domain>

This is necessary as the iteration order through endpoints is random
(iterating through Go maps is random), resulting in inconsistent numbers
used for <order>.

Using a combination of workspace ID and endpoint name should always be
valid:

* Workspace IDs are 25 characters long
* Endpoint names are restricted to max 15 characters by the Devfile API
* Endpoint names and workspace IDs are required to be alphanumeric with
  dashes, starting and ending with an alphanumeric character
* Endpoint names are unique across all endpoints in the workspace

Signed-off-by: Angel Misevski <amisevsk@redhat.com>
 2024-01-23 15:51:34 -05:00
Nick Boldt 4de7be5489
chore: remove Nick and Mario as code owners; add Sam (#1802) 
Change-Id: I4132318c90086facfbd91090e7b9f0f07b6c0e4a

Signed-off-by: Nick Boldt <nboldt@redhat.com>
 2024-01-22 18:57:28 +01:00
Igor Vinokur 7c7bd4f796
Add Kubernetes host to the no proxy list (#1800) 
Add Kubernetes host to the no proxy list
 2024-01-18 20:06:16 +02:00
che-bot c738dc70fc
chore: Update from ubi8/go-toolset:1.20.10-3 to ubi8/go-toolset:1.20.10-10 (#1798) 
* chore: Update from ubi8/go-toolset:1.20.10-3 to ubi8/go-toolset:1.20.10-10

Signed-off-by: Nick Boldt <nboldt@redhat.com>

* chore: Update from ubi8-minimal:8.9-1029 to ubi8-minimal:8.9-1108

Signed-off-by: Nick Boldt <nboldt@redhat.com>

---------

Signed-off-by: Nick Boldt <nboldt@redhat.com>
Co-authored-by: Nick Boldt <nboldt@redhat.com>
 2024-01-15 17:18:46 +01:00
che-bot ccc74664bd
ci: Copy 7.80.0 csv to main (#1797) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2024-01-12 20:34:19 +01:00
che-bot b0a81b7b9b
ci: Copy 7.79.0 csv to main (#1795) 
Signed-off-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
Co-authored-by: Mykhailo Kuznietsov <mkuznets@redhat.com>
 2023-12-23 17:28:42 +01:00
993 changed files with 58517 additions and 41681 deletions
Show Stats Expand all files Collapse all files

2
.ci/openshift-ci/Dockerfile
View File

@ -24,4 +24,4 @@ RUN yum install --assumeyes -d1 python3-pip nodejs && \
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && \
chmod +x ./kubectl && \
mv ./kubectl /usr/local/bin && \
bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next
bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next

2
.github/CODEOWNERS vendored
View File

@ -1,2 +1,2 @@
# Global Owners
* @nickboldt @tolusha @ibuziuk @l0rd
* @SDawley @tolusha @ibuziuk

4
.github/workflows/codecov.yml vendored
View File

@ -24,10 +24,10 @@ jobs:
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Go 1.19
- name: Set up Go 1.21.10
uses: actions/setup-go@v3
with:
go-version: 1.19.13
go-version: 1.21.10
- name: Run unit tests
run: make test
- name: Build Codecov report

4
.github/workflows/minikube-test-helm.yaml vendored
View File

@ -22,11 +22,11 @@ jobs:
id: run-minikube
uses: che-incubator/setup-minikube-action@next
with:
minikube-version: v1.23.2
minikube-version: v1.29.0
- name: Install yq
run: sudo pip install yq
- name: Install chectl
run: bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next
run: bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next
- name: Run tests
run: /bin/bash build/scripts/minikube-tests/test-helm.sh
- uses: actions/upload-artifact@v3

4
.github/workflows/minikube-test-operator.yaml vendored
View File

@ -22,11 +22,11 @@ jobs:
id: run-minikube
uses: che-incubator/setup-minikube-action@next
with:
minikube-version: v1.23.2
minikube-version: v1.29.0
- name: Install yq
run: sudo pip install yq
- name: Install chectl
run: bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next
run: bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next
- name: Run tests
run: /bin/bash build/scripts/minikube-tests/test-operator.sh
- uses: actions/upload-artifact@v3

4
.github/workflows/minikube-test-upgrade-stable-to-next.yaml vendored
View File

@ -25,11 +25,11 @@ jobs:
id: run-minikube
uses: che-incubator/setup-minikube-action@next
with:
minikube-version: v1.23.2
minikube-version: v1.29.0
- name: Install yq
run: sudo pip install yq
- name: Install chectl
run: bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next
run: bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next
- name: Run tests
run: /bin/bash build/scripts/minikube-tests/test-upgrade-from-stable-to-next.sh
env:

4
.github/workflows/minikube-test-upgrade-stable-to-stable.yaml vendored
View File

@ -25,11 +25,11 @@ jobs:
id: run-minikube
uses: che-incubator/setup-minikube-action@next
with:
minikube-version: v1.23.2
minikube-version: v1.29.0
- name: Install yq
run: sudo pip install yq
- name: Install chectl
run: bash <(curl -sL https://www.eclipse.org/che/chectl/) --channel=next
run: bash <(curl -sL https://che-incubator.github.io/chectl/install.sh) --channel=next
- name: Run tests
run: /bin/bash build/scripts/minikube-tests/test-upgrade-from-stable-to-stable.sh
env:

8
.github/workflows/pr-check.yml vendored
View File

@ -18,10 +18,10 @@ jobs:
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Set up Go 1.19
- name: Set up Go 1.21.10
uses: actions/setup-go@v3
with:
go-version: 1.19.13
go-version: 1.21.10
- name: Run unit tests
run: make test
image-build:
@ -51,10 +51,10 @@ jobs:
steps:
- name: Checkout source code
uses: actions/checkout@v3
- name: Set up Go 1.19
- name: Set up Go 1.21.10
uses: actions/setup-go@v3
with:
go-version: 1.19.13
go-version: 1.21.10
- name: Cache go modules
id: cache-mod
uses: actions/cache@v3

6
.github/workflows/release-next-catalog-and-operator-image.yaml vendored
View File

@ -78,8 +78,10 @@ jobs:
registry: quay.io
- name: Build catalog source
run: |
${GITHUB_WORKSPACE}/build/scripts/release/addDigests.sh -s $(make csv-path CHANNEL=next) -t next
${GITHUB_WORKSPACE}/build/scripts/olm/release-catalog.sh \
./build/scripts/release/editors-definitions.sh update-manager-yaml
make update-dev-resources
./build/scripts/release/addDigests.sh -s $(make csv-path CHANNEL=next) -t next
./build/scripts/olm/release-catalog.sh \
--channel next \
--catalog-image quay.io/eclipse/eclipse-che-olm-catalog:next-digest \
--bundle-image quay.io/eclipse/eclipse-che-olm-bundle:$(make bundle-version CHANNEL=next)-digest

4
.github/workflows/release.yml vendored
View File

@ -67,10 +67,10 @@ jobs:
sudo chmod +x /usr/local/bin/base32
#remove base32 from current directory to avoid it being commited during release
rm $(pwd)/base32
- name: Set up Go 1.19
- name: Set up Go 1.21.10
uses: actions/setup-go@v3
with:
go-version: 1.19.13
go-version: 1.21.10
- name: Release operator
env:
IMAGE_REGISTRY_HOST: quay.io

8
.github/workflows/resources-check-main.yml vendored
View File

@ -23,10 +23,10 @@ jobs:
uses: actions/checkout@v3
- name: Install yq
run: sudo pip install yq
- name: Set up Go 1.19
- name: Set up Go 1.21.10
uses: actions/setup-go@v3
with:
go-version: 1.19.13
go-version: 1.21.10
- name: Validate operator resources
run: |
go install golang.org/x/tools/cmd/goimports@latest
@ -38,9 +38,9 @@ jobs:
uses: actions/checkout@v3
- name: Install yq
run: sudo pip install yq
- name: Set up Go 1.19
- name: Set up Go 1.21.10
uses: actions/setup-go@v3
with:
go-version: 1.19.13
go-version: 1.21.10
- name: Validate OLM bundle version
run: ${GITHUB_WORKSPACE}/build/scripts/check-bundle-version.sh

1047
DEPENDENCIES.md
View File

File diff suppressed because it is too large Load Diff

7
Dockerfile
View File

@ -10,7 +10,7 @@
#
# https://registry.access.redhat.com/ubi8/go-toolset
FROM registry.access.redhat.com/ubi8/go-toolset:1.20.10-3 as builder
FROM registry.access.redhat.com/ubi8/go-toolset:1.21.9-3 as builder
ENV GOPATH=/go/ \
CGO_ENABLED=1
ARG DEV_HEADER_REWRITE_TRAEFIK_PLUGIN="main"
@ -37,11 +37,11 @@ COPY go.sum go.sum
# Copy the go source
COPY main.go main.go
COPY vendor/ vendor/
COPY mocks/ mocks/
COPY api/ api/
COPY config/ config/
COPY controllers/ controllers/
COPY pkg/ pkg/
COPY editors-definitions /tmp/editors-definitions
# build operator
# to test FIPS compliance, run https://github.com/openshift/check-payload#scan-a-container-or-operator-image against a built image
@ -50,9 +50,10 @@ RUN export ARCH="$(uname -m)" && if [[ ${ARCH} == "x86_64" ]]; then export ARCH=
GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build -mod=vendor -a -o che-operator main.go
# https://registry.access.redhat.com/ubi8-minimal
FROM registry.access.redhat.com/ubi8-minimal:8.9-1029
FROM registry.access.redhat.com/ubi8-minimal:8.10-896
COPY --from=builder /tmp/header-rewrite-traefik-plugin /tmp/header-rewrite-traefik-plugin
COPY --from=builder /tmp/editors-definitions /tmp/editors-definitions
COPY --from=builder /che-operator/che-operator /manager
ENTRYPOINT ["/manager"]

18
Makefile
View File

@ -336,7 +336,9 @@ genenerate-env:
| select(.name=="che-operator")
| .env[]
| select(has("value"))
| "export \(.name)=\"\(.value)\""' \
| "export \(.name)=\(.value)"' \
| sed 's|"|\\"|g' \
| sed -E 's|(.*)=(.*)|\1="\2"|g' \
> $(BASH_ENV_FILE)
echo "export WATCH_NAMESPACE=$(ECLIPSE_CHE_NAMESPACE)" >> $(BASH_ENV_FILE)
echo "[INFO] Created $(BASH_ENV_FILE)"
@ -348,6 +350,8 @@ genenerate-env:
| .env[]
| select(has("value"))
| "\(.name)=\"\(.value)\""' \
| sed 's|"|\\"|g' \
| sed -E 's|(.*)=(.*)|\1="\2"|g' \
> $(VSCODE_ENV_FILE)
echo "WATCH_NAMESPACE=$(ECLIPSE_CHE_NAMESPACE)" >> $(VSCODE_ENV_FILE)
echo "[INFO] Created $(VSCODE_ENV_FILE)"
@ -355,7 +359,7 @@ genenerate-env:
cat $(BASH_ENV_FILE)
install-che-operands: SHELL := /bin/bash
install-che-operands: generate manifests download-kustomize download-gateway-resources
install-che-operands: generate manifests download-kustomize download-gateway-resources copy-editors-definitions
echo "[INFO] Running on $(PLATFORM)"
if [[ ! "$$($(K8S_CLI) get checluster eclipse-che -n $(ECLIPSE_CHE_NAMESPACE) || false )" ]]; then
[[ $(PLATFORM) == "kubernetes" ]] && $(MAKE) install-certmgr
@ -374,6 +378,12 @@ install-che-operands: generate manifests download-kustomize download-gateway-res
$(MAKE) store_tls_cert
$(MAKE) create-checluster-cr
# Copy editors definitions to /tmp/editors-definitions
copy-editors-definitions:
mkdir -p /tmp/editors-definitions
cp -r $(PROJECT_DIR)/editors-definitions/* /tmp/editors-definitions
# Downloads Gateway resources
download-gateway-resources:
GATEWAY_RESOURCES=/tmp/header-rewrite-traefik-plugin
@ -435,7 +445,7 @@ bundle: generate manifests download-kustomize download-operator-sdk ## Generate
printf "\nLABEL com.redhat.openshift.versions=\"v4.8\"" >> $${BUNDLE_PATH}/bundle.Dockerfile
# Update annotations.yaml correspondingly to bundle.Dockerfile
printf "\n com.redhat.openshift.versions: \"v4.8\"" >> $${BUNDLE_PATH}/metadata/annotations.yaml
printf "\n com.redhat.openshift.versions: \"v4.8\"\n" >> $${BUNDLE_PATH}/metadata/annotations.yaml
# Base cluster service version file has got correctly sorted CRDs.
# They are sorted with help of annotation markers in the api type files ("api/v1" folder).
@ -556,7 +566,7 @@ download-opm: ## Download opm tool
CONTROLLER_GEN = $(shell pwd)/bin/controller-gen
download-controller-gen: ## Download controller-gen tool
$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0)
$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0)
KUSTOMIZE = $(shell pwd)/bin/kustomize
download-kustomize: ## Download kustomize tool

3
api/v1/zz_generated.deepcopy.go
View File

@ -1,8 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// Copyright (c) 2019-2024 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/

10
api/v2/checluster_types.go
View File

@ -106,7 +106,7 @@ type CheClusterDevEnvironments struct {
// +optional
TrustedCerts *TrustedCerts `json:"trustedCerts,omitempty"`
// The default editor to workspace create with. It could be a plugin ID or a URI.
// The plugin ID must have `publisher/plugin/version` format.
// The plugin ID must have `publisher/name/version` format.
// The URI must start from `http://` or `https://`.
// +optional
DefaultEditor string `json:"defaultEditor,omitempty"`
@ -473,6 +473,7 @@ type PersistentHomeConfig struct {
type WorkspaceDefaultPlugins struct {
// The editor ID to specify default plug-ins for.
// The plugin ID must have `publisher/name/version` format.
Editor string `json:"editor,omitempty"`
// Default plug-in URIs for the specified editor.
Plugins []string `json:"plugins,omitempty"`
@ -500,6 +501,9 @@ type Auth struct {
// +optional
OAuthClientName string `json:"oAuthClientName,omitempty"`
// Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.
// For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a
// key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster`
// resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.
// +optional
OAuthSecret string `json:"oAuthSecret,omitempty"`
// Access Token Scope.
@ -586,7 +590,7 @@ type Proxy struct {
// URL (protocol+hostname) of the proxy server.
// Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,
// defining `url` in a custom resource leads to overriding the cluster proxy configuration.
// See the following page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.
// See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.
// +optional
Url string `json:"url,omitempty"`
// Proxy server port.
@ -599,7 +603,7 @@ type Proxy struct {
// - 123.42.12.32
// Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,
// defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources.
// See the following page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.
// See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.
// +optional
NonProxyHosts []string `json:"nonProxyHosts,omitempty"`
// The secret name that contains `user` and `password` for a proxy server.

3
api/v2/zz_generated.deepcopy.go
View File

@ -1,8 +1,7 @@
//go:build !ignore_autogenerated
// +build !ignore_autogenerated
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// Copyright (c) 2019-2024 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/

106
build/scripts/minikube-tests/common.sh
View File

@ -202,6 +202,102 @@ metadata:
kubernetes.io/metadata.name: ${USER_NAMESPACE}
EOF
kubectl apply -f - <<EOF
apiVersion: workspace.devfile.io/v1alpha2
kind: DevWorkspaceTemplate
metadata:
name: che-code
namespace: ${USER_NAMESPACE}
spec:
commands:
- apply:
component: che-code-injector
id: init-container-command
- exec:
commandLine: nohup /checode/entrypoint-volume.sh > /checode/entrypoint-logs.txt
2>&1 &
component: che-code-runtime-description
id: init-che-code-command
components:
- container:
command:
- /entrypoint-init-container.sh
cpuLimit: 500m
cpuRequest: 30m
env:
- name: CHE_DASHBOARD_URL
value: https://$(minikube ip).nip.io
- name: OPENVSX_REGISTRY_URL
value: https://open-vsx.org
image: quay.io/che-incubator/che-code:latest
memoryLimit: 256Mi
memoryRequest: 32Mi
sourceMapping: /projects
volumeMounts:
- name: checode
path: /checode
name: che-code-injector
- attributes:
app.kubernetes.io/component: che-code-runtime
app.kubernetes.io/part-of: che-code.eclipse.org
controller.devfile.io/container-contribution: true
container:
cpuLimit: 500m
cpuRequest: 30m
endpoints:
- attributes:
cookiesAuthEnabled: true
discoverable: false
type: main
urlRewriteSupported: true
exposure: public
name: che-code
protocol: https
secure: true
targetPort: 3100
- attributes:
discoverable: false
urlRewriteSupported: false
exposure: public
name: code-redirect-1
protocol: https
targetPort: 13131
- attributes:
discoverable: false
urlRewriteSupported: false
exposure: public
name: code-redirect-2
protocol: https
targetPort: 13132
- attributes:
discoverable: false
urlRewriteSupported: false
exposure: public
name: code-redirect-3
protocol: https
targetPort: 13133
env:
- name: CHE_DASHBOARD_URL
value: https://$(minikube ip).nip.io
- name: OPENVSX_REGISTRY_URL
value: https://open-vsx.org
image: quay.io/devfile/universal-developer-image:ubi8-latest
memoryLimit: 1024Mi
memoryRequest: 256Mi
sourceMapping: /projects
volumeMounts:
- name: checode
path: /checode
name: che-code-runtime-description
- name: checode
volume: {}
events:
postStart:
- init-che-code-command
preStart:
- init-container-command
EOF
kubectl apply -f - <<EOF
kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
@ -209,12 +305,15 @@ metadata:
name: ${DEV_WORKSPACE_NAME}
namespace: ${USER_NAMESPACE}
spec:
contributions:
- kubernetes:
name: che-code
name: editor
routingClass: che
started: false
contributions:
- name: ide
uri: http://plugin-registry.eclipse-che.svc:8080/v3/plugins/che-incubator/che-code/insiders/devfile.yaml
template:
attributes:
controller.devfile.io/storage-type: ephemeral
components:
- name: tooling-container
container:
@ -227,6 +326,7 @@ EOF
startAndWaitDevWorkspace() {
# pre-pull image for faster workspace startup
minikube image pull quay.io/devfile/universal-developer-image:ubi8-latest
minikube image pull quay.io/che-incubator/che-code:latest
kubectl patch devworkspace ${DEV_WORKSPACE_NAME} -p '{"spec":{"started":true}}' --type=merge -n ${USER_NAMESPACE}
kubectl wait devworkspace ${DEV_WORKSPACE_NAME} -n ${USER_NAMESPACE} --for=jsonpath='{.status.phase}'=Running --timeout=300s

3
build/scripts/minikube-tests/minikube-checluster-patch.yaml
View File

@ -16,6 +16,9 @@ metadata:
che.eclipse.org/checluster-defaults-cleanup: '{"spec.components.pluginRegistry.openVSXURL":"true"}'
spec:
devEnvironments:
storage:
perUserStrategyPvcConfig:
claimSize: 100Mi
gatewayContainer:
resources:
request:

3
build/scripts/minikube-tests/test-operator-from-sources.sh
View File

@ -16,6 +16,9 @@ set -e
OPERATOR_REPO=$(dirname "$(dirname "$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")")")
source "${OPERATOR_REPO}/build/scripts/minikube-tests/common.sh"
# Stop execution on any error
trap "catchFinish" EXIT SIGINT
init() {
unset CR_PATCH_YAML

2
build/scripts/minikube-tests/test-upgrade-from-stable-to-next.sh
View File

@ -53,8 +53,6 @@ runTest() {
popd
# Free up some resources
minikube image rm quay.io/eclipse/che-plugin-registry:${LAST_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-devfile-registry:${LAST_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-dashboard:${LAST_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-server:${LAST_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-operator:${LAST_PACKAGE_VERSION}

2
build/scripts/minikube-tests/test-upgrade-from-stable-to-stable.sh
View File

@ -48,8 +48,6 @@ runTest() {
popd
# Free up some resources
minikube image rm quay.io/eclipse/che-plugin-registry:${PREVIOUS_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-devfile-registry:${PREVIOUS_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-dashboard:${PREVIOUS_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-server:${PREVIOUS_PACKAGE_VERSION}
minikube image rm quay.io/eclipse/che-operator:${PREVIOUS_PACKAGE_VERSION}

2
build/scripts/release/addDigests.sh
View File

@ -94,7 +94,7 @@ do
tagOrDigest="${source#*:}"
fi
if [[ ${imageLabel} == "plugin-registry-image" ]] || [[ ${imageLabel} == "devfile-registry-image" ]]; then
if [[ ${imageLabel} == "devfile-registry-image" ]]; then
# Image tag could contains invalid for Env variable name characters, so let's encode it using base32.
# But alphabet of base32 uses one invalid for env variable name character '=' at the end of the line, so let's replace it by '_'.
# To recovery original tag should be done opposite actions: replace '_' to '=', and decode string using 'base32 -d'.

14
build/scripts/release/buildDigestMap.sh
View File

@ -50,13 +50,6 @@ setOperatorImage() {
OPERATOR_IMAGE=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[0].image' "${CSV}")
}
setPluginRegistryList() {
registry=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name | test("RELATED_IMAGE_.*plugin_registry"; "g")) | .value' "${CSV}")
setRegistryImages "${registry}"
PLUGIN_REGISTRY_LIST=${registryImages}
}
setDevfileRegistryList() {
registry=$(yq -r '.spec.install.spec.deployments[].spec.template.spec.containers[].env[] | select(.name | test("RELATED_IMAGE_.*devfile_registry"; "g")) | .value' "${CSV}")
@ -150,9 +143,6 @@ setImagesFromDeploymentEnv
setOperatorImage
echo "${OPERATOR_IMAGE}"
setPluginRegistryList
echo "${PLUGIN_REGISTRY_LIST}"
setDevfileRegistryList
echo "${DEVFILE_REGISTRY_LIST}"
@ -166,10 +156,6 @@ for image in ${REQUIRED_IMAGES}; do
writeDigest "${image}" "required-image"
done
for image in ${PLUGIN_REGISTRY_LIST}; do
writeDigest "${image}" "plugin-registry-image"
done
for image in ${DEVFILE_REGISTRY_LIST}; do
writeDigest "${image}" "devfile-registry-image"
done

78
build/scripts/release/editors-definitions.sh Executable file
View File

@ -0,0 +1,78 @@
#!/bin/bash
#
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
set -e
OPERATOR_REPO=$(dirname "$(dirname "$(dirname "$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")")")")
EDITORS_DEFINITIONS_DIR="${OPERATOR_REPO}/editors-definitions"
MANAGER_YAML="${OPERATOR_REPO}/config/manager/manager.yaml"
init() {
unset VERSION
unset ENVS
COMMAND=$1
shift
while [[ "$#" -gt 0 ]]; do
case $1 in
'--version') VERSION=$2; shift 1;;
esac
shift 1
done
}
usage () {
echo "Editor definitions utils."
echo
echo "Usage:"
echo -e "\t$0 release --version RELEASE_VERSION"
echo -e "\t$0 update-manager-yaml"
}
release() {
if [[ ! ${VERSION} ]]; then usage; exit 1; fi
yq -riY "(.components[] | select(.name==\"che-code-injector\") | .container.image) = \"quay.io/che-incubator/che-code:${VERSION}\"" "${EDITORS_DEFINITIONS_DIR}/che-code-latest.yaml"
}
updateManagerYaml() {
for EDITOR_DEFINITION_FILE in $(find "${EDITORS_DEFINITIONS_DIR}" -name "*.yaml"); do
NAME=$(yq -r '.metadata.name' "${EDITOR_DEFINITION_FILE}")
VERSION=$(yq -r '.metadata.attributes.version' "${EDITOR_DEFINITION_FILE}")
for COMPONENT in $(yq -r '.components[] | .name' "${EDITOR_DEFINITION_FILE}"); do
ENV_VALUE=$(yq -r ".components[] | select(.name==\"${COMPONENT}\") | .container.image" "${EDITOR_DEFINITION_FILE}")
ENV_NAME=$(echo "RELATED_IMAGE_editor_definition_${NAME}_${VERSION}_${COMPONENT}" | sed 's|[-\.]|_|g')
if [[ ! ${ENV_VALUE} == "null" ]]; then
ENV="{ name: \"${ENV_NAME}\", value: \"${ENV_VALUE}\"}"
if [[ -z ${ENVS} ]]; then
ENVS="${ENV}"
else
ENVS="${ENVS}, ${ENV}"
fi
fi
done
done
yq -riY "(.spec.template.spec.containers[0].env ) += [${ENVS}]" "${MANAGER_YAML}"
}
init "$@"
pushd "${OPERATOR_REPO}" >/dev/null
case $COMMAND in
'release') release;;
'update-manager-yaml'|'add-env-vars') updateManagerYaml;;
*) usage; exit 1;;
esac
popd >/dev/null

28
build/scripts/release/make-release.sh
View File

@ -105,7 +105,7 @@ checkImageReferences() {
echo "[ERROR] Unable to find Che server image with version ${RELEASE} in the $filename"; exit 1
fi
if ! grep -q "value: quay.io/eclipse/che-dashboard:$RELEASE" $filename; then
if ! grep -q "value: quay.io/eclipse/che-dashboard:$RELEASE" $filename; then
echo "[ERROR] Unable to find dashboard image with version ${RELEASE} in the $filename"; exit 1
fi
@ -117,8 +117,8 @@ if ! grep -q "value: quay.io/eclipse/che-dashboard:$RELEASE" $filename; then
echo "[ERROR] Unable to find devfile registry image with version ${RELEASE} in the $filename"; exit 1
fi
if ! grep -q "value: $RELATED_IMAGE_pvc_jobs" $filename; then
echo "[ERROR] Unable to find ubi8_minimal image in the $filename"; exit 1
if ! grep -q "value: quay.io/che-incubator/configbump:$RELEASE" $filename; then
echo "[ERROR] Unable to find configbump image with version ${RELEASE} in the $filename"; exit 1
fi
}
@ -150,11 +150,14 @@ replaceImagesTags() {
lastDefaultDashboardImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_dashboard\") | .value" "${OPERATOR_YAML}")
lastDefaultPluginRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value" "${OPERATOR_YAML}")
lastDefaultDevfileRegistryImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value" "${OPERATOR_YAML}")
lastDefaultGatewayConfigImage=$(yq -r ".spec.template.spec.containers[] | select(.name == \"che-operator\") | .env[] | select(.name == \"RELATED_IMAGE_single_host_gateway_config_sidecar\") | .value" "${OPERATOR_YAML}")
CHE_SERVER_IMAGE_REALEASE=$(replaceTag "${lastDefaultCheServerImage}" "${RELEASE}")
DASHBOARD_IMAGE_REALEASE=$(replaceTag "${lastDefaultDashboardImage}" "${RELEASE}")
PLUGIN_REGISTRY_IMAGE_RELEASE=$(replaceTag "${lastDefaultPluginRegistryImage}" "${RELEASE}")
DEVFILE_REGISTRY_IMAGE_RELEASE=$(replaceTag "${lastDefaultDevfileRegistryImage}" "${RELEASE}")
GATEWAY_CONFIG_IMAGE_RELEASE=$(replaceTag "${lastDefaultGatewayConfigImage}" "${RELEASE}")
NEW_OPERATOR_YAML="${OPERATOR_YAML}.new"
# copy licence header
@ -166,7 +169,8 @@ replaceImagesTags() {
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_che_server\") | .value ) = \"${CHE_SERVER_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_dashboard\") | .value ) = \"${DASHBOARD_IMAGE_REALEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_plugin_registry\") | .value ) = \"${PLUGIN_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_devfile_registry\") | .value ) = \"${DEVFILE_REGISTRY_IMAGE_RELEASE}\"" | \
yq -ryY "( .spec.template.spec.containers[] | select(.name == \"che-operator\").env[] | select(.name == \"RELATED_IMAGE_single_host_gateway_config_sidecar\") | .value ) = \"${GATEWAY_CONFIG_IMAGE_RELEASE}\"" \
>> "${NEW_OPERATOR_YAML}"
mv "${NEW_OPERATOR_YAML}" "${OPERATOR_YAML}"
}
@ -175,6 +179,19 @@ replaceTag() {
echo "${1}" | sed -e "s/\(.*:\).*/\1${2}/"
}
releaseEditorsDefinitions() {
echo "[INFO] Releasing editor definitions"
. "${OPERATOR_REPO}/build/scripts/release/editors-definitions.sh" release --version "${RELEASE}"
. "${OPERATOR_REPO}/build/scripts/release/editors-definitions.sh" update-manager-yaml
make bundle CHANNEL=stable
git add editors-definitions
git add "${OPERATOR_REPO}/config/manager/manager.yaml"
git add "${OPERATOR_REPO}/bundle/stable"
git commit -m "ci: Release editors definitions to $RELEASE" --signoff
}
updateVersionFile() {
echo "[INFO] updating version.go file"
# change version/version.go file
@ -264,7 +281,7 @@ createPRToMainBranch() {
resetChanges main
local tmpBranch="copy-csv-to-main"
git checkout -B $tmpBranch
git diff refs/heads/${BRANCH}...refs/heads/${RELEASE_BRANCH} ':(exclude)config/manager/manager.yaml' ':(exclude)deploy' ':(exclude)Dockerfile' | git apply -3
git diff refs/heads/${BRANCH}...refs/heads/${RELEASE_BRANCH} ':(exclude)config/manager/manager.yaml' ':(exclude)deploy' ':(exclude)editors-definitions' ':(exclude)Dockerfile' | git apply -3
if git status --porcelain; then
git add -A || true # add new generated CSV files in olm/ folder
git commit -am "ci: Copy "$RELEASE" csv to main" --signoff
@ -287,6 +304,7 @@ run() {
checkoutToReleaseBranch
updateVersionFile
releaseEditorsDefinitions
releaseOperatorCode
if [[ $RELEASE_OLM_FILES == "true" ]]; then
releaseOlmFiles

2
bundle/next/eclipse-che/manifests/che-operator-service_v1_service.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

498
bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -40,6 +40,13 @@ metadata:
"enable": true
},
"server": {
"externalDevfileRegistries": [
{
"url": "https://registry.devfile.io"
}
],
"externalDevfileRegistry": true,
"externalPluginRegistry": true,
"workspaceNamespaceDefault": "<username>-che"
},
"storage": {
@ -55,7 +62,19 @@ metadata:
"namespace": "eclipse-che"
},
"spec": {
"components": {},
"components": {
"devfileRegistry": {
"disableInternalRegistry": true,
"externalDevfileRegistries": [
{
"url": "https://registry.devfile.io"
}
]
},
"pluginRegistry": {
"disableInternalRegistry": true
}
},
"containerRegistry": {},
"devEnvironments": {},
"gitServices": {},
@ -70,14 +89,22 @@ metadata:
createdAt: "2021-05-11T18:38:31Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
features.operators.openshift.io/cnf: "false"
features.operators.openshift.io/cni: "false"
features.operators.openshift.io/csi: "false"
features.operators.openshift.io/disconnected: "true"
features.operators.openshift.io/fips-compliant: "true"
features.operators.openshift.io/proxy-aware: "true"
features.operators.openshift.io/tls-profiles: "false"
features.operators.openshift.io/token-auth-aws: "false"
features.operators.openshift.io/token-auth-azure: "false"
features.operators.openshift.io/token-auth-gcp: "false"
operatorframework.io/suggested-namespace: openshift-operators
operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware",
"fips"]'
operators.operatorframework.io/builder: operator-sdk-v1.9.0+git
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che.v7.79.0-828.next
name: eclipse-che.v7.87.0-872.next
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -469,11 +496,11 @@ spec:
* Bundled Plugin and Devfile registries
Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che default installation options.
See more in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/).
See more in the [Installation guide](https://www.eclipse.org/che/docs/stable/administration-guide/configuring-che/).
### Certificates
Operator uses a default router certificate to secure Eclipse Che routes.
Follow the [guide](https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/)
Follow the [guide](https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/)
to import certificates into Eclipse Che.
displayName: Eclipse Che
icon:
@ -484,11 +511,17 @@ spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -496,93 +529,61 @@ spec:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -610,64 +611,39 @@ spec:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -681,49 +657,18 @@ spec:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -733,16 +678,6 @@ spec:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -753,33 +688,27 @@ spec:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -789,7 +718,11 @@ spec:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -798,6 +731,14 @@ spec:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -806,32 +747,47 @@ spec:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -874,6 +830,13 @@ spec:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
serviceAccountName: che-operator
deployments:
- name: che-operator
@ -925,7 +888,7 @@ spec:
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:0.1.4
value: quay.io/che-incubator/configbump:next
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.9
- name: RELATED_IMAGE_gateway_authorization_sidecar
@ -991,7 +954,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 1Gi
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi
@ -1010,197 +973,30 @@ spec:
terminationGracePeriodSeconds: 20
permissions:
- rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- ""
resources:
@ -1228,7 +1024,7 @@ spec:
- java
links:
- name: Product Page
url: http://www.eclipse.org/che
url: https://www.eclipse.org/che
- name: Documentation
url: https://www.eclipse.org/che/docs
- name: Operator GitHub Repo
@ -1240,7 +1036,7 @@ spec:
minKubeVersion: 1.19.0
provider:
name: Eclipse Foundation
version: 7.79.0-828.next
version: 7.87.0-872.next
webhookdefinitions:
- admissionReviewVersions:
- v1

5604
bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml
View File

File diff suppressed because it is too large Load Diff

4
bundle/next/eclipse-che/metadata/annotations.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -26,4 +26,4 @@ annotations:
operators.operatorframework.io.test.mediatype.v1: scorecard+v1
operators.operatorframework.io.test.config.v1: tests/scorecard/
com.redhat.openshift.versions: "v4.8"
com.redhat.openshift.versions: "v4.8"

2
bundle/next/eclipse-che/tests/scorecard/config.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

618
bundle/stable/eclipse-che/manifests/che-operator.clusterserviceversion.yaml
View File

@ -40,6 +40,12 @@ metadata:
"enable": true
},
"server": {
"externalDevfileRegistries": [
{
"url": "https://registry.devfile.io"
}
],
"externalDevfileRegistry": true,
"workspaceNamespaceDefault": "<username>-che"
},
"storage": {
@ -55,7 +61,16 @@ metadata:
"namespace": "eclipse-che"
},
"spec": {
"components": {},
"components": {
"devfileRegistry": {
"disableInternalRegistry": true,
"externalDevfileRegistries": [
{
"url": "https://registry.devfile.io"
}
]
}
},
"containerRegistry": {},
"devEnvironments": {},
"gitServices": {},
@ -66,18 +81,26 @@ metadata:
capabilities: Seamless Upgrades
categories: Developer Tools
certified: "false"
containerImage: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a
createdAt: "2023-11-29T19:23:56Z"
containerImage: quay.io/eclipse/che-operator@sha256:4e5b337606ddd62f97b8dd9d8a34607d039a0509ed98fedcf30253b25102b3e2
createdAt: "2024-05-18T01:37:20Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
features.operators.openshift.io/cnf: "false"
features.operators.openshift.io/cni: "false"
features.operators.openshift.io/csi: "false"
features.operators.openshift.io/disconnected: "true"
features.operators.openshift.io/fips-compliant: "true"
features.operators.openshift.io/proxy-aware: "true"
features.operators.openshift.io/tls-profiles: "false"
features.operators.openshift.io/token-auth-aws: "false"
features.operators.openshift.io/token-auth-azure: "false"
features.operators.openshift.io/token-auth-gcp: "false"
operatorframework.io/suggested-namespace: openshift-operators
operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware",
"fips"]'
operators.operatorframework.io/builder: operator-sdk-v1.9.0+git
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che.v7.78.0
name: eclipse-che.v7.86.0
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -469,11 +492,11 @@ spec:
* Bundled Plugin and Devfile registries
Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che default installation options.
See more in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/).
See more in the [Installation guide](https://www.eclipse.org/che/docs/stable/administration-guide/configuring-che/).
### Certificates
Operator uses a default router certificate to secure Eclipse Che routes.
Follow the [guide](https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/)
Follow the [guide](https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/)
to import certificates into Eclipse Che.
displayName: Eclipse Che
icon:
@ -484,11 +507,17 @@ spec:
clusterPermissions:
- rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -496,87 +525,61 @@ spec:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- watch
- list
- apiGroups:
- config.openshift.io
- user.openshift.io
resources:
- infrastructures
- proxies
- groups
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -604,64 +607,39 @@ spec:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -675,49 +653,18 @@ spec:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -727,16 +674,6 @@ spec:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -747,33 +684,27 @@ spec:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -783,7 +714,11 @@ spec:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -792,6 +727,14 @@ spec:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -800,32 +743,47 @@ spec:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -868,6 +826,13 @@ spec:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
serviceAccountName: che-operator
deployments:
- name: che-operator
@ -905,21 +870,21 @@ spec:
- name: OPERATOR_NAME
value: che-operator
- name: CHE_VERSION
value: 7.78.0
value: 7.86.0
- name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server@sha256:6085a3486f1e0ee072fe874048130602f64d3260a94a11a99d5cfdb562d529f1
value: quay.io/eclipse/che-server@sha256:96be029949045d4280c12e5c96695d2fb33fed8044afee715758b8be9565b9eb
- name: RELATED_IMAGE_dashboard
value: quay.io/eclipse/che-dashboard@sha256:8fd291de6db4fc5bc18805e6d5d1fe372e58e3d0f5b4a837b262f8feb1a564b5
value: quay.io/eclipse/che-dashboard@sha256:e78ba685e0567db2ea81d5a9721397f937b778316e583d91a63231e3143c92b4
- name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry@sha256:d8ca527076ee0dcda570d9d862969e9fbede7f96bbe5d750996d993ee47d6668
value: quay.io/eclipse/che-plugin-registry@sha256:6f41dc839120a888b8be7ab2662d5e427ad9683289b741fb1a856184832791ab
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry@sha256:4191a5b12b966b5e6f2213a89f0c26b28f070393232edbcaf2003c644e0042fc
value: quay.io/eclipse/che-devfile-registry@sha256:c1b4aeb7fbabf30e66583dab395532eea7bd3b74c001afe232cf4e6e2caa7925
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik@sha256:bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
value: quay.io/eclipse/che--traefik@sha256:8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump@sha256:175ff2ba1bd74429de192c0a9facf39da5699c6da9f151bd461b3dc8624dd532
value: quay.io/che-incubator/configbump@sha256:811a23111bca810f58bc3efaa9e955757ada6796ac1f0f4513a2d46c5f6da298
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy@sha256:870bfe92a4663720775c0dfe5728ecbb10a17f0644eef5f57276ec135034c6a1
- name: RELATED_IMAGE_gateway_authorization_sidecar
@ -947,7 +912,7 @@ spec:
value: che-incubator/che-code/latest
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS
value: '[{"name": "universal-developer-image", "container":
{"image": "quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74"}}]'
{"image": "quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e"}}]'
- name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL
value: https://open-vsx.org
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES
@ -963,30 +928,34 @@ spec:
value: index.docker.io/wsskeleton/eclipse-broadway@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7
- name: RELATED_IMAGE_code_server_plugin_registry_image_IBZWQYJSGU3DUZLGGA3TEOBRGAYDIOJQHFRGEMTDGIZDQNBSGJSGMMTFHE4WCNLCME2WKNBVGBTGGZJXGU2DMYRYMZQTCOBWHA2TEZRSGNRGMNRXGUYQ____
value: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
- name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUZRUMUZTCOBQGQYTGYLCGNSDCNRZGU3TMNBSMFTDSYRRGJRDAZBRGNQWMZJZMYZTIMRZMVRWINRSMZRTOMLFGI2DKNJTMNQTAY3EG42A____
value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- name: RELATED_IMAGE_che_code_plugin_registry_image_NFXHG2LEMVZHG___
value: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81
- name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUNRXGA3GEZJVMI3TANRUGQ3TAMLEGZSTCN3CGA4GEMZYG5RGINBTMJSGEM3DMIYDIM3DGBQWMZBXGZRDIOJQGRRDQNDGMNSTEOBWGYZA____
value: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
value: quay.io/che-incubator/che-code@sha256:713817c5059210e013efe16f46e42577b4eab6f0773403ead1c24af08bcc9f88
- name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUY3BGQ2DQNJTHBRDKNJZMMYWKZDCGUYWGOLBG4YTSNRWGE4DENBWGBQTMOLBGA3TQZBWG5STOMBXGVSTAMBSGQYWCZBTHE2GIMDGGBSQ____
value: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
- name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUZRXMVSWIODGMQZTMZRRGFSGKZBRGU3GIN3CMJSGKZDFGNSWGNZWGU3DSMRTMRTDSODFGA4WGMZXGYYTMNLCG4YTGOLDGQ4GKNBUGJQQ____
value: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
- name: RELATED_IMAGE_che_idea_plugin_registry_image_NZSXQ5A_
value: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690
value: quay.io/che-incubator/che-idea@sha256:5d6e1bf45bb705b1928409588a2a723841289201057ea6c43b233657c6913f03
- name: RELATED_IMAGE_che_idea_plugin_registry_image_IBZWQYJSGU3DUODBMFSTMOLEMM2GEMDDGEZDENBZGFQTONJUGAYDMMZZMFTDAZTFHEZGENLFGIYTIYZWMU3DQYLDHE3WGZDBGI4WMYRVHBRDINBRGUYQ____
value: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
- name: RELATED_IMAGE_che_pycharm_plugin_registry_image_NZSXQ5A_
value: quay.io/che-incubator/che-pycharm@sha256:c3f377182ba3807b0675fc571167aed468fe4b03cd20a60449e15da3b7431797
value: quay.io/che-incubator/che-pycharm@sha256:88e856029ceb8fa1eda307178bb3298e586ca1128831bb463c4a6c9f7e04e75f
- name: RELATED_IMAGE_che_pycharm_plugin_registry_image_IBZWQYJSGU3DUN3DGBSTGZLBMJSDMMRUHE2TEMBRMNTDKYTBGBQTSMJTG43TMZBZG4ZGCMLFGZTGEOLDMYYWEY3EMM3TQYLGMNTDIZBXGI2TMYLGGQ3Q____
value: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
- name: RELATED_IMAGE_che_idea_dev_server_plugin_registry_image_NZSXQ5A_
value: quay.io/che-incubator/che-idea-dev-server@sha256:5a255cb0db9cc212418f554ed283a9850424d6ac15bb14471aea054a071fa529
- name: RELATED_IMAGE_che_idea_dev_server_plugin_registry_image_IBZWQYJSGU3DUNJVMQ2DGMZWGQ2WIZLDGU3GKYJRG44GIZRQGNTDINRWGYZDGZJQGQ2WMZDFGA2DMZJRMNRDIM3CGM3TIOJTHE4TSYTEMI4TIOJUMRSQ____
value: quay.io/che-incubator/che-idea-dev-server@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
- name: RELATED_IMAGE_che_code_devfile_registry_image_NFXHG2LEMVZHG___
value: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81
- name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUNRXGA3GEZJVMI3TANRUGQ3TAMLEGZSTCN3CGA4GEMZYG5RGINBTMJSGEM3DMIYDIM3DGBQWMZBXGZRDIOJQGRRDQNDGMNSTEOBWGYZA____
value: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
value: quay.io/che-incubator/che-code@sha256:713817c5059210e013efe16f46e42577b4eab6f0773403ead1c24af08bcc9f88
- name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUZRXMVSWIODGMQZTMZRRGFSGKZBRGU3GIN3CMJSGKZDFGNSWGNZWGU3DSMRTMRTDSODFGA4WGMZXGYYTMNLCG4YTGOLDGQ4GKNBUGJQQ____
value: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
- name: RELATED_IMAGE_che_idea_devfile_registry_image_NZSXQ5A_
value: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690
value: quay.io/che-incubator/che-idea@sha256:5d6e1bf45bb705b1928409588a2a723841289201057ea6c43b233657c6913f03
- name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_OVRGSOBNNRQXIZLTOQ______
value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUZRUMUZTCOBQGQYTGYLCGNSDCNRZGU3TMNBSMFTDSYRRGJRDAZBRGNQWMZJZMYZTIMRZMVRWINRSMZRTOMLFGI2DKNJTMNQTAY3EG42A____
value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
value: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
- name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUY3BGQ2DQNJTHBRDKNJZMMYWKZDCGUYWGOLBG4YTSNRWGE4DENBWGBQTMOLBGA3TQZBWG5STOMBXGVSTAMBSGQYWCZBTHE2GIMDGGBSQ____
value: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
- name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWCOJRGVSGEN3CMVRWCOBXGE4TQZTDMQ3TQNRQGA4DMOJYHFTGKODBGMZDOYJRME2GMNRVGA4DAMRVMI3DIYLCGI4GMY3DG42DEM3CGI______
value: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2
- name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWMZTEMYZDIMZRMJRGGNTEHFQTSZBSMEYDGZJZGVRGEYTFHBQWIYRUHFQWEOLFMFRTGMBRMYZDMODBGM2TAMZYMM4DIMRYHAZDKOLDGE______
@ -996,8 +965,8 @@ spec:
- name: RELATED_IMAGE_che__mariadb_devfile_registry_image_GEYC4NZOGEWTKYJYGAYDSMZWHFSWKNJXMM4DKYRWMY2GCMBYGQYDMMJUG5RGIOLDGUYDKY3EMU3GEOBSGUYGIMJWMEZDOZBSME2WMZLCMZSGKYLEG4______
value: quay.io/eclipse/che--mariadb@sha256:5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7
- name: RELATED_IMAGE_ubi_minimal_devfile_registry_image_
value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:87bcbfedfd70e67aab3875fff103bade460aeff510033ebb36b7efa009ab6639
image: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a
value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:2fa47fa9df7b98e2776f447855699c01d06c3271b2d7259b8b314084580cf591
image: quay.io/eclipse/che-operator@sha256:4e5b337606ddd62f97b8dd9d8a34607d039a0509ed98fedcf30253b25102b3e2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 10
@ -1027,7 +996,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 1Gi
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi
@ -1046,197 +1015,30 @@ spec:
terminationGracePeriodSeconds: 20
permissions:
- rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- ""
resources:
@ -1264,7 +1066,7 @@ spec:
- java
links:
- name: Product Page
url: http://www.eclipse.org/che
url: https://www.eclipse.org/che
- name: Documentation
url: https://www.eclipse.org/che/docs
- name: Operator GitHub Repo
@ -1276,7 +1078,7 @@ spec:
minKubeVersion: 1.19.0
provider:
name: Eclipse Foundation
version: 7.78.0
version: 7.86.0
webhookdefinitions:
- admissionReviewVersions:
- v1
@ -1333,33 +1135,33 @@ spec:
type: ConversionWebhook
webhookPath: /convert
relatedImages:
- name: che-operator-7.78.0
image: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a
# tag: quay.io/eclipse/che-operator:7.78.0
- name: che-operator-7.86.0
image: quay.io/eclipse/che-operator@sha256:4e5b337606ddd62f97b8dd9d8a34607d039a0509ed98fedcf30253b25102b3e2
# tag: quay.io/eclipse/che-operator:7.86.0
- name: kube-rbac-proxy-v0.13.1
image: quay.io/brancz/kube-rbac-proxy@sha256:738c854322f56d63ebab75de5210abcdd5e0782ce2d30c0ecd4620f63b24694d
# tag: quay.io/brancz/kube-rbac-proxy:v0.13.1
- name: configbump-0.1.4
image: quay.io/che-incubator/configbump@sha256:175ff2ba1bd74429de192c0a9facf39da5699c6da9f151bd461b3dc8624dd532
# tag: quay.io/che-incubator/configbump:0.1.4
- name: configbump-7.86.0
image: quay.io/che-incubator/configbump@sha256:811a23111bca810f58bc3efaa9e955757ada6796ac1f0f4513a2d46c5f6da298
# tag: quay.io/che-incubator/configbump:7.86.0
- name: header-rewrite-proxy-latest
image: quay.io/che-incubator/header-rewrite-proxy@sha256:bd7873b8feef35f218f54c6251ea224bea2c8bf202a328230019a0ba2941245d
# tag: quay.io/che-incubator/header-rewrite-proxy:latest
- name: che--traefik-v2.9.6-bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
image: quay.io/eclipse/che--traefik@sha256:bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
# tag: quay.io/eclipse/che--traefik:v2.9.6-bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
- name: che-dashboard-7.78.0
image: quay.io/eclipse/che-dashboard@sha256:8fd291de6db4fc5bc18805e6d5d1fe372e58e3d0f5b4a837b262f8feb1a564b5
# tag: quay.io/eclipse/che-dashboard:7.78.0
- name: che-devfile-registry-7.78.0
image: quay.io/eclipse/che-devfile-registry@sha256:4191a5b12b966b5e6f2213a89f0c26b28f070393232edbcaf2003c644e0042fc
# tag: quay.io/eclipse/che-devfile-registry:7.78.0
- name: che-plugin-registry-7.78.0
image: quay.io/eclipse/che-plugin-registry@sha256:d8ca527076ee0dcda570d9d862969e9fbede7f96bbe5d750996d993ee47d6668
# tag: quay.io/eclipse/che-plugin-registry:7.78.0
- name: che-server-7.78.0
image: quay.io/eclipse/che-server@sha256:6085a3486f1e0ee072fe874048130602f64d3260a94a11a99d5cfdb562d529f1
# tag: quay.io/eclipse/che-server:7.78.0
- name: che--traefik-v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
image: quay.io/eclipse/che--traefik@sha256:8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
# tag: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: che-dashboard-7.86.0
image: quay.io/eclipse/che-dashboard@sha256:e78ba685e0567db2ea81d5a9721397f937b778316e583d91a63231e3143c92b4
# tag: quay.io/eclipse/che-dashboard:7.86.0
- name: che-devfile-registry-7.86.0
image: quay.io/eclipse/che-devfile-registry@sha256:c1b4aeb7fbabf30e66583dab395532eea7bd3b74c001afe232cf4e6e2caa7925
# tag: quay.io/eclipse/che-devfile-registry:7.86.0
- name: che-plugin-registry-7.86.0
image: quay.io/eclipse/che-plugin-registry@sha256:6f41dc839120a888b8be7ab2662d5e427ad9683289b741fb1a856184832791ab
# tag: quay.io/eclipse/che-plugin-registry:7.86.0
- name: che-server-7.86.0
image: quay.io/eclipse/che-server@sha256:96be029949045d4280c12e5c96695d2fb33fed8044afee715758b8be9565b9eb
# tag: quay.io/eclipse/che-server:7.86.0
- name: che-tls-secret-creator-alpine-01a4c34
image: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0
# tag: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
@ -1384,29 +1186,35 @@ spec:
- name: code-server-@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
image: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
# tag: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
- name: universal-developer-image-@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
image: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
# tag: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- name: che-code-insiders
image: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81
image: quay.io/che-incubator/che-code@sha256:713817c5059210e013efe16f46e42577b4eab6f0773403ead1c24af08bcc9f88
# tag: quay.io/che-incubator/che-code:insiders
- name: che-code-@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
image: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
# tag: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
- name: universal-developer-image-@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
image: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
# tag: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
- name: che-code-@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
image: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
# tag: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
- name: che-idea-next
image: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690
image: quay.io/che-incubator/che-idea@sha256:5d6e1bf45bb705b1928409588a2a723841289201057ea6c43b233657c6913f03
# tag: quay.io/che-incubator/che-idea:next
- name: che-idea-@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
image: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
# tag: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
- name: che-pycharm-next
image: quay.io/che-incubator/che-pycharm@sha256:c3f377182ba3807b0675fc571167aed468fe4b03cd20a60449e15da3b7431797
image: quay.io/che-incubator/che-pycharm@sha256:88e856029ceb8fa1eda307178bb3298e586ca1128831bb463c4a6c9f7e04e75f
# tag: quay.io/che-incubator/che-pycharm:next
- name: che-pycharm-@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
image: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
# tag: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
- name: che-idea-dev-server-next
image: quay.io/che-incubator/che-idea-dev-server@sha256:5a255cb0db9cc212418f554ed283a9850424d6ac15bb14471aea054a071fa529
# tag: quay.io/che-incubator/che-idea-dev-server:next
- name: che-idea-dev-server-@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
image: quay.io/che-incubator/che-idea-dev-server@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
# tag: quay.io/che-incubator/che-idea-dev-server@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
- name: universal-developer-image-ubi8-latest
image: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
image: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
# tag: quay.io/devfile/universal-developer-image:ubi8-latest
- name: che--centos--mongodb-36-centos7-latest-a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2
image: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2
@ -1421,5 +1229,5 @@ spec:
image: quay.io/eclipse/che--mariadb@sha256:5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7
# tag: quay.io/eclipse/che--mariadb:10.7.1-5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7
- name: ubi-minimal-
image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:87bcbfedfd70e67aab3875fff103bade460aeff510033ebb36b7efa009ab6639
image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:2fa47fa9df7b98e2776f447855699c01d06c3271b2d7259b8b314084580cf591
# tag: registry.access.redhat.com/ubi8/ubi-minimal

301
bundle/stable/eclipse-che/manifests/che-operator.clusterserviceversion.yaml.diff
View File

@ -1,221 +1,234 @@
--- /home/runner/work/che-operator/che-operator/bundle/stable/eclipse-che/generated/openshift/che-operator.clusterserviceversion.yaml 2023-11-29 19:23:56.334452790 +0000
+++ /home/runner/work/che-operator/che-operator/bundle/stable/eclipse-che/manifests/che-operator.clusterserviceversion.yaml 2023-11-29 19:25:50.579018603 +0000
@@ -66,8 +66,8 @@
--- /home/runner/work/che-operator/che-operator/bundle/stable/eclipse-che/generated/openshift/che-operator.clusterserviceversion.yaml 2024-05-18 01:37:20.491414779 +0000
+++ /home/runner/work/che-operator/che-operator/bundle/stable/eclipse-che/manifests/che-operator.clusterserviceversion.yaml 2024-05-18 01:39:33.080211249 +0000
@@ -81,8 +81,8 @@
capabilities: Seamless Upgrades
categories: Developer Tools
certified: "false"
- containerImage: quay.io/eclipse/che-operator@sha256:8b02ee3c5838d921a90396f1e849107ea53d49715bef4fac34f1710664f38a54
- createdAt: "2023-11-10T01:54:42Z"
+ containerImage: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a
+ createdAt: "2023-11-29T19:23:56Z"
- containerImage: quay.io/eclipse/che-operator@sha256:6308e7f8040d804517fd15c326c22ce4b899f0f68486200b42e33d5340206264
- createdAt: "2024-04-24T22:24:17Z"
+ containerImage: quay.io/eclipse/che-operator@sha256:4e5b337606ddd62f97b8dd9d8a34607d039a0509ed98fedcf30253b25102b3e2
+ createdAt: "2024-05-18T01:37:20Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
operatorframework.io/suggested-namespace: openshift-operators
@@ -77,7 +77,7 @@
features.operators.openshift.io/cnf: "false"
@@ -100,7 +100,7 @@
operators.operatorframework.io/project_layout: go.kubebuilder.io/v3
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
- name: eclipse-che.v7.77.0
+ name: eclipse-che.v7.78.0
- name: eclipse-che.v7.85.0
+ name: eclipse-che.v7.86.0
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -905,15 +905,15 @@
@@ -492,11 +492,11 @@
* Bundled Plugin and Devfile registries
Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che default installation options.
- See more in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/).
+ See more in the [Installation guide](https://www.eclipse.org/che/docs/stable/administration-guide/configuring-che/).
### Certificates
Operator uses a default router certificate to secure Eclipse Che routes.
- Follow the [guide](https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/)
+ Follow the [guide](https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/)
to import certificates into Eclipse Che.
displayName: Eclipse Che
icon:
@@ -870,21 +870,21 @@
- name: OPERATOR_NAME
value: che-operator
- name: CHE_VERSION
- value: 7.77.0
+ value: 7.78.0
- value: 7.85.0
+ value: 7.86.0
- name: RELATED_IMAGE_che_server
- value: quay.io/eclipse/che-server@sha256:87aa2f65a818ef79a17869404e31f244f7e10ab56fbed81ef02a2a0c17388304
+ value: quay.io/eclipse/che-server@sha256:6085a3486f1e0ee072fe874048130602f64d3260a94a11a99d5cfdb562d529f1
- value: quay.io/eclipse/che-server@sha256:d44085c3226795b92a6b235f7d1eb5ae0e680fb98d87d4af27c325d377913322
+ value: quay.io/eclipse/che-server@sha256:96be029949045d4280c12e5c96695d2fb33fed8044afee715758b8be9565b9eb
- name: RELATED_IMAGE_dashboard
- value: quay.io/eclipse/che-dashboard@sha256:93fd374541a8afe049da7499c5aad2f1bb0dc154f6cbbc72329ce36064dd8cab
+ value: quay.io/eclipse/che-dashboard@sha256:8fd291de6db4fc5bc18805e6d5d1fe372e58e3d0f5b4a837b262f8feb1a564b5
- value: quay.io/eclipse/che-dashboard@sha256:974e67d8fe77520d38d9d23c61e8d9ec6bf87096e8cfe3ae2ac30d72173cae45
+ value: quay.io/eclipse/che-dashboard@sha256:e78ba685e0567db2ea81d5a9721397f937b778316e583d91a63231e3143c92b4
- name: RELATED_IMAGE_plugin_registry
- value: quay.io/eclipse/che-plugin-registry@sha256:a7dde94135f55ef57915b45a8bdf718ed29f77aafd04d6bb616ba23259a37b16
+ value: quay.io/eclipse/che-plugin-registry@sha256:d8ca527076ee0dcda570d9d862969e9fbede7f96bbe5d750996d993ee47d6668
- value: quay.io/eclipse/che-plugin-registry@sha256:82a430627004d2f2f2772db62e1a3f41aace355144f0abf159b37a26de7804e1
+ value: quay.io/eclipse/che-plugin-registry@sha256:6f41dc839120a888b8be7ab2662d5e427ad9683289b741fb1a856184832791ab
- name: RELATED_IMAGE_devfile_registry
- value: quay.io/eclipse/che-devfile-registry@sha256:cbad2457b1c343656812082907573eaa2133814673a243540951457d3e27d793
+ value: quay.io/eclipse/che-devfile-registry@sha256:4191a5b12b966b5e6f2213a89f0c26b28f070393232edbcaf2003c644e0042fc
- value: quay.io/eclipse/che-devfile-registry@sha256:15fc5e6a8a4a16c2eea77db61521897191fc6b3997981a2ab71a51f9c5d0a096
+ value: quay.io/eclipse/che-devfile-registry@sha256:c1b4aeb7fbabf30e66583dab395532eea7bd3b74c001afe232cf4e6e2caa7925
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0
- name: RELATED_IMAGE_single_host_gateway
@@ -947,7 +947,7 @@
value: quay.io/eclipse/che--traefik@sha256:8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
- value: quay.io/che-incubator/configbump@sha256:cd9affb8ee237911ee150f67e9bf3137374fa6960dd127da585579c5586b0cfa
+ value: quay.io/che-incubator/configbump@sha256:811a23111bca810f58bc3efaa9e955757ada6796ac1f0f4513a2d46c5f6da298
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy@sha256:870bfe92a4663720775c0dfe5728ecbb10a17f0644eef5f57276ec135034c6a1
- name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -912,7 +912,7 @@
value: che-incubator/che-code/latest
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS
value: '[{"name": "universal-developer-image", "container":
- {"image": "quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f"}}]'
+ {"image": "quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74"}}]'
- {"image": "quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768"}}]'
+ {"image": "quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e"}}]'
- name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL
value: https://open-vsx.org
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES
@@ -963,30 +963,30 @@
value: index.docker.io/wsskeleton/eclipse-broadway@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7
@@ -929,11 +929,11 @@
- name: RELATED_IMAGE_code_server_plugin_registry_image_IBZWQYJSGU3DUZLGGA3TEOBRGAYDIOJQHFRGEMTDGIZDQNBSGJSGMMTFHE4WCNLCME2WKNBVGBTGGZJXGU2DMYRYMZQTCOBWHA2TEZRSGNRGMNRXGUYQ____
value: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
- - name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUYLEHA2GCMZWMQYGEYJUGNRDKOJZGVRTCZLFGJSTANTFGMZDAYJWMQ4WIOJQMQ3TCMZWGVSTSYLBG4YWEMZYMM3DKZRZGA2DONJWGBTA____
- value: quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
+ - name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUZRUMUZTCOBQGQYTGYLCGNSDCNRZGU3TMNBSMFTDSYRRGJRDAZBRGNQWMZJZMYZTIMRZMVRWINRSMZRTOMLFGI2DKNJTMNQTAY3EG42A____
+ value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- name: RELATED_IMAGE_che_code_plugin_registry_image_NFXHG2LEMVZHG___
- value: quay.io/che-incubator/che-code@sha256:70946990e0be3884dd453a295656a2e2f2deb177c15569189957818446333a91
- - name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUNZQMI4TAZDDMY2DQMRZMFSDAMLDGY4DQN3FMU3GGZDEGNSWGZDGG5RTMMBWHFRDCZDDMIYTAMBZMM4WCNRQMI2TAM3DMNSWCZRUMUYQ____
- value: quay.io/che-incubator/che-code@sha256:70b90dcf4829ad01c6887ee6cdd3ecdf7c6069b1dcb1009c9a60b503cceaf4e1
+ value: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81
+ - name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUNRXGA3GEZJVMI3TANRUGQ3TAMLEGZSTCN3CGA4GEMZYG5RGINBTMJSGEM3DMIYDIM3DGBQWMZBXGZRDIOJQGRRDQNDGMNSTEOBWGYZA____
+ value: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
- value: quay.io/che-incubator/che-code@sha256:1995a26528f202ce2bdcb39a477ba0952c9d7f13c7657424ffd4200614ea915e
- - name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUZBYMU2DAOLDHE2TQZRZHFSTIOBRMNSDIYZUGYYGKMJXGU3DAM3CGJTGIZTCMY2GKYJQMJRWCMJQMYZWEMRTGI3DMYRQME2TOOBXGY4A____
- value: quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
- - name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUYLEGI3GMODBMQ3GCMLGMQ3DQNLGMMYTKZRZMI4DQOJWGM3TOZJYMYZGEYZTME4DOMRSMQZWMODFMZRTIYRXGVSWGZDGG5RGEMRRMIYQ____
- value: quay.io/che-incubator/che-code@sha256:ad26f8ad6a1fd685fc15f9b8896377e8f2bc3a8722d3f8efc4b75ecdf7bb21b1
+ value: quay.io/che-incubator/che-code@sha256:713817c5059210e013efe16f46e42577b4eab6f0773403ead1c24af08bcc9f88
+ - name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUY3BGQ2DQNJTHBRDKNJZMMYWKZDCGUYWGOLBG4YTSNRWGE4DENBWGBQTMOLBGA3TQZBWG5STOMBXGVSTAMBSGQYWCZBTHE2GIMDGGBSQ____
+ value: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
+ - name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUZRXMVSWIODGMQZTMZRRGFSGKZBRGU3GIN3CMJSGKZDFGNSWGNZWGU3DSMRTMRTDSODFGA4WGMZXGYYTMNLCG4YTGOLDGQ4GKNBUGJQQ____
+ value: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
- name: RELATED_IMAGE_che_idea_plugin_registry_image_NZSXQ5A_
- value: quay.io/che-incubator/che-idea@sha256:ab1010cff9e34775409894720458728fefd66b41da72dbe3576d23e5b62764b9
+ value: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690
value: quay.io/che-incubator/che-idea@sha256:5d6e1bf45bb705b1928409588a2a723841289201057ea6c43b233657c6913f03
- name: RELATED_IMAGE_che_idea_plugin_registry_image_IBZWQYJSGU3DUODBMFSTMOLEMM2GEMDDGEZDENBZGFQTONJUGAYDMMZZMFTDAZTFHEZGENLFGIYTIYZWMU3DQYLDHE3WGZDBGI4WMYRVHBRDINBRGUYQ____
value: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
- name: RELATED_IMAGE_che_pycharm_plugin_registry_image_NZSXQ5A_
- value: quay.io/che-incubator/che-pycharm@sha256:2a4085f72fb8e7a86106061791ec17b54e8e2cc3b6001e5ab19bbff19adf9396
+ value: quay.io/che-incubator/che-pycharm@sha256:c3f377182ba3807b0675fc571167aed468fe4b03cd20a60449e15da3b7431797
@@ -943,19 +943,19 @@
- name: RELATED_IMAGE_che_pycharm_plugin_registry_image_IBZWQYJSGU3DUN3DGBSTGZLBMJSDMMRUHE2TEMBRMNTDKYTBGBQTSMJTG43TMZBZG4ZGCMLFGZTGEOLDMYYWEY3EMM3TQYLGMNTDIZBXGI2TMYLGGQ3Q____
value: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
- name: RELATED_IMAGE_che_idea_dev_server_plugin_registry_image_NZSXQ5A_
- value: quay.io/che-incubator/che-idea-dev-server@sha256:35eb57fb750a0044f8f3b034693f77e66f82b0470832aa45f6f9d3ffeca92c19
+ value: quay.io/che-incubator/che-idea-dev-server@sha256:5a255cb0db9cc212418f554ed283a9850424d6ac15bb14471aea054a071fa529
- name: RELATED_IMAGE_che_idea_dev_server_plugin_registry_image_IBZWQYJSGU3DUNJVMQ2DGMZWGQ2WIZLDGU3GKYJRG44GIZRQGNTDINRWGYZDGZJQGQ2WMZDFGA2DMZJRMNRDIM3CGM3TIOJTHE4TSYTEMI4TIOJUMRSQ____
value: quay.io/che-incubator/che-idea-dev-server@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
- name: RELATED_IMAGE_che_code_devfile_registry_image_NFXHG2LEMVZHG___
- value: quay.io/che-incubator/che-code@sha256:70946990e0be3884dd453a295656a2e2f2deb177c15569189957818446333a91
- - name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUNZQMI4TAZDDMY2DQMRZMFSDAMLDGY4DQN3FMU3GGZDEGNSWGZDGG5RTMMBWHFRDCZDDMIYTAMBZMM4WCNRQMI2TAM3DMNSWCZRUMUYQ____
- value: quay.io/che-incubator/che-code@sha256:70b90dcf4829ad01c6887ee6cdd3ecdf7c6069b1dcb1009c9a60b503cceaf4e1
+ value: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81
+ - name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUNRXGA3GEZJVMI3TANRUGQ3TAMLEGZSTCN3CGA4GEMZYG5RGINBTMJSGEM3DMIYDIM3DGBQWMZBXGZRDIOJQGRRDQNDGMNSTEOBWGYZA____
+ value: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
- value: quay.io/che-incubator/che-code@sha256:1995a26528f202ce2bdcb39a477ba0952c9d7f13c7657424ffd4200614ea915e
- - name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUYLEGI3GMODBMQ3GCMLGMQ3DQNLGMMYTKZRZMI4DQOJWGM3TOZJYMYZGEYZTME4DOMRSMQZWMODFMZRTIYRXGVSWGZDGG5RGEMRRMIYQ____
- value: quay.io/che-incubator/che-code@sha256:ad26f8ad6a1fd685fc15f9b8896377e8f2bc3a8722d3f8efc4b75ecdf7bb21b1
+ value: quay.io/che-incubator/che-code@sha256:713817c5059210e013efe16f46e42577b4eab6f0773403ead1c24af08bcc9f88
+ - name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUZRXMVSWIODGMQZTMZRRGFSGKZBRGU3GIN3CMJSGKZDFGNSWGNZWGU3DSMRTMRTDSODFGA4WGMZXGYYTMNLCG4YTGOLDGQ4GKNBUGJQQ____
+ value: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
- name: RELATED_IMAGE_che_idea_devfile_registry_image_NZSXQ5A_
- value: quay.io/che-incubator/che-idea@sha256:ab1010cff9e34775409894720458728fefd66b41da72dbe3576d23e5b62764b9
+ value: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690
value: quay.io/che-incubator/che-idea@sha256:5d6e1bf45bb705b1928409588a2a723841289201057ea6c43b233657c6913f03
- name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_OVRGSOBNNRQXIZLTOQ______
- value: quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
- - name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUYLEHA2GCMZWMQYGEYJUGNRDKOJZGVRTCZLFGJSTANTFGMZDAYJWMQ4WIOJQMQ3TCMZWGVSTSYLBG4YWEMZYMM3DKZRZGA2DONJWGBTA____
- value: quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
+ value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
+ - name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUZRUMUZTCOBQGQYTGYLCGNSDCNRZGU3TMNBSMFTDSYRRGJRDAZBRGNQWMZJZMYZTIMRZMVRWINRSMZRTOMLFGI2DKNJTMNQTAY3EG42A____
+ value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- value: quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
- - name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUZBYMU2DAOLDHE2TQZRZHFSTIOBRMNSDIYZUGYYGKMJXGU3DAM3CGJTGIZTCMY2GKYJQMJRWCMJQMYZWEMRTGI3DMYRQME2TOOBXGY4A____
- value: quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
+ value: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
+ - name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUY3BGQ2DQNJTHBRDKNJZMMYWKZDCGUYWGOLBG4YTSNRWGE4DENBWGBQTMOLBGA3TQZBWG5STOMBXGVSTAMBSGQYWCZBTHE2GIMDGGBSQ____
+ value: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
- name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWCOJRGVSGEN3CMVRWCOBXGE4TQZTDMQ3TQNRQGA4DMOJYHFTGKODBGMZDOYJRME2GMNRVGA4DAMRVMI3DIYLCGI4GMY3DG42DEM3CGI______
value: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2
- name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWMZTEMYZDIMZRMJRGGNTEHFQTSZBSMEYDGZJZGVRGEYTFHBQWIYRUHFQWEOLFMFRTGMBRMYZDMODBGM2TAMZYMM4DIMRYHAZDKOLDGE______
@@ -996,8 +996,8 @@
@@ -965,8 +965,8 @@
- name: RELATED_IMAGE_che__mariadb_devfile_registry_image_GEYC4NZOGEWTKYJYGAYDSMZWHFSWKNJXMM4DKYRWMY2GCMBYGQYDMMJUG5RGIOLDGUYDKY3EMU3GEOBSGUYGIMJWMEZDOZBSME2WMZLCMZSGKYLEG4______
value: quay.io/eclipse/che--mariadb@sha256:5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7
- name: RELATED_IMAGE_ubi_minimal_devfile_registry_image_
- value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:b93deceb59a58588d5b16429fc47f98920f84740a1f2ed6454e33275f0701b59
- image: quay.io/eclipse/che-operator@sha256:8b02ee3c5838d921a90396f1e849107ea53d49715bef4fac34f1710664f38a54
+ value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:87bcbfedfd70e67aab3875fff103bade460aeff510033ebb36b7efa009ab6639
+ image: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a
- value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2
- image: quay.io/eclipse/che-operator@sha256:6308e7f8040d804517fd15c326c22ce4b899f0f68486200b42e33d5340206264
+ value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:2fa47fa9df7b98e2776f447855699c01d06c3271b2d7259b8b314084580cf591
+ image: quay.io/eclipse/che-operator@sha256:4e5b337606ddd62f97b8dd9d8a34607d039a0509ed98fedcf30253b25102b3e2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 10
@@ -1027,10 +1027,10 @@
resources:
limits:
cpu: 500m
- memory: 256Mi
+ memory: 1Gi
requests:
cpu: 100m
- memory: 64Mi
+ memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -1276,7 +1276,7 @@
@@ -1078,7 +1078,7 @@
minKubeVersion: 1.19.0
provider:
name: Eclipse Foundation
- version: 7.77.0
+ version: 7.78.0
- version: 7.85.0
+ version: 7.86.0
webhookdefinitions:
- admissionReviewVersions:
- v1
@@ -1333,9 +1333,9 @@
@@ -1135,33 +1135,33 @@
type: ConversionWebhook
webhookPath: /convert
relatedImages:
- - name: che-operator-7.77.0
- image: quay.io/eclipse/che-operator@sha256:8b02ee3c5838d921a90396f1e849107ea53d49715bef4fac34f1710664f38a54
- # tag: quay.io/eclipse/che-operator:7.77.0
+ - name: che-operator-7.78.0
+ image: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a
+ # tag: quay.io/eclipse/che-operator:7.78.0
- - name: che-operator-7.85.0
- image: quay.io/eclipse/che-operator@sha256:6308e7f8040d804517fd15c326c22ce4b899f0f68486200b42e33d5340206264
- # tag: quay.io/eclipse/che-operator:7.85.0
+ - name: che-operator-7.86.0
+ image: quay.io/eclipse/che-operator@sha256:4e5b337606ddd62f97b8dd9d8a34607d039a0509ed98fedcf30253b25102b3e2
+ # tag: quay.io/eclipse/che-operator:7.86.0
- name: kube-rbac-proxy-v0.13.1
image: quay.io/brancz/kube-rbac-proxy@sha256:738c854322f56d63ebab75de5210abcdd5e0782ce2d30c0ecd4620f63b24694d
# tag: quay.io/brancz/kube-rbac-proxy:v0.13.1
@@ -1348,18 +1348,18 @@
- name: che--traefik-v2.9.6-bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
image: quay.io/eclipse/che--traefik@sha256:bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
# tag: quay.io/eclipse/che--traefik:v2.9.6-bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2
- - name: che-dashboard-7.77.0
- image: quay.io/eclipse/che-dashboard@sha256:93fd374541a8afe049da7499c5aad2f1bb0dc154f6cbbc72329ce36064dd8cab
- # tag: quay.io/eclipse/che-dashboard:7.77.0
- - name: che-devfile-registry-7.77.0
- image: quay.io/eclipse/che-devfile-registry@sha256:cbad2457b1c343656812082907573eaa2133814673a243540951457d3e27d793
- # tag: quay.io/eclipse/che-devfile-registry:7.77.0
- - name: che-plugin-registry-7.77.0
- image: quay.io/eclipse/che-plugin-registry@sha256:a7dde94135f55ef57915b45a8bdf718ed29f77aafd04d6bb616ba23259a37b16
- # tag: quay.io/eclipse/che-plugin-registry:7.77.0
- - name: che-server-7.77.0
- image: quay.io/eclipse/che-server@sha256:87aa2f65a818ef79a17869404e31f244f7e10ab56fbed81ef02a2a0c17388304
- # tag: quay.io/eclipse/che-server:7.77.0
+ - name: che-dashboard-7.78.0
+ image: quay.io/eclipse/che-dashboard@sha256:8fd291de6db4fc5bc18805e6d5d1fe372e58e3d0f5b4a837b262f8feb1a564b5
+ # tag: quay.io/eclipse/che-dashboard:7.78.0
+ - name: che-devfile-registry-7.78.0
+ image: quay.io/eclipse/che-devfile-registry@sha256:4191a5b12b966b5e6f2213a89f0c26b28f070393232edbcaf2003c644e0042fc
+ # tag: quay.io/eclipse/che-devfile-registry:7.78.0
+ - name: che-plugin-registry-7.78.0
+ image: quay.io/eclipse/che-plugin-registry@sha256:d8ca527076ee0dcda570d9d862969e9fbede7f96bbe5d750996d993ee47d6668
+ # tag: quay.io/eclipse/che-plugin-registry:7.78.0
+ - name: che-server-7.78.0
+ image: quay.io/eclipse/che-server@sha256:6085a3486f1e0ee072fe874048130602f64d3260a94a11a99d5cfdb562d529f1
+ # tag: quay.io/eclipse/che-server:7.78.0
- - name: configbump-7.85.0
- image: quay.io/che-incubator/configbump@sha256:cd9affb8ee237911ee150f67e9bf3137374fa6960dd127da585579c5586b0cfa
- # tag: quay.io/che-incubator/configbump:7.85.0
+ - name: configbump-7.86.0
+ image: quay.io/che-incubator/configbump@sha256:811a23111bca810f58bc3efaa9e955757ada6796ac1f0f4513a2d46c5f6da298
+ # tag: quay.io/che-incubator/configbump:7.86.0
- name: header-rewrite-proxy-latest
image: quay.io/che-incubator/header-rewrite-proxy@sha256:bd7873b8feef35f218f54c6251ea224bea2c8bf202a328230019a0ba2941245d
# tag: quay.io/che-incubator/header-rewrite-proxy:latest
- name: che--traefik-v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
image: quay.io/eclipse/che--traefik@sha256:8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
# tag: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- - name: che-dashboard-7.85.0
- image: quay.io/eclipse/che-dashboard@sha256:974e67d8fe77520d38d9d23c61e8d9ec6bf87096e8cfe3ae2ac30d72173cae45
- # tag: quay.io/eclipse/che-dashboard:7.85.0
- - name: che-devfile-registry-7.85.0
- image: quay.io/eclipse/che-devfile-registry@sha256:15fc5e6a8a4a16c2eea77db61521897191fc6b3997981a2ab71a51f9c5d0a096
- # tag: quay.io/eclipse/che-devfile-registry:7.85.0
- - name: che-plugin-registry-7.85.0
- image: quay.io/eclipse/che-plugin-registry@sha256:82a430627004d2f2f2772db62e1a3f41aace355144f0abf159b37a26de7804e1
- # tag: quay.io/eclipse/che-plugin-registry:7.85.0
- - name: che-server-7.85.0
- image: quay.io/eclipse/che-server@sha256:d44085c3226795b92a6b235f7d1eb5ae0e680fb98d87d4af27c325d377913322
- # tag: quay.io/eclipse/che-server:7.85.0
+ - name: che-dashboard-7.86.0
+ image: quay.io/eclipse/che-dashboard@sha256:e78ba685e0567db2ea81d5a9721397f937b778316e583d91a63231e3143c92b4
+ # tag: quay.io/eclipse/che-dashboard:7.86.0
+ - name: che-devfile-registry-7.86.0
+ image: quay.io/eclipse/che-devfile-registry@sha256:c1b4aeb7fbabf30e66583dab395532eea7bd3b74c001afe232cf4e6e2caa7925
+ # tag: quay.io/eclipse/che-devfile-registry:7.86.0
+ - name: che-plugin-registry-7.86.0
+ image: quay.io/eclipse/che-plugin-registry@sha256:6f41dc839120a888b8be7ab2662d5e427ad9683289b741fb1a856184832791ab
+ # tag: quay.io/eclipse/che-plugin-registry:7.86.0
+ - name: che-server-7.86.0
+ image: quay.io/eclipse/che-server@sha256:96be029949045d4280c12e5c96695d2fb33fed8044afee715758b8be9565b9eb
+ # tag: quay.io/eclipse/che-server:7.86.0
- name: che-tls-secret-creator-alpine-01a4c34
image: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0
# tag: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
@@ -1384,29 +1384,29 @@
- name: code-server-@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
@@ -1187,14 +1187,14 @@
image: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
# tag: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751
- - name: universal-developer-image-@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
- image: quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
- # tag: quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
+ - name: universal-developer-image-@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
+ image: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
+ # tag: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- name: che-code-insiders
- image: quay.io/che-incubator/che-code@sha256:70946990e0be3884dd453a295656a2e2f2deb177c15569189957818446333a91
+ image: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81
- image: quay.io/che-incubator/che-code@sha256:1995a26528f202ce2bdcb39a477ba0952c9d7f13c7657424ffd4200614ea915e
+ image: quay.io/che-incubator/che-code@sha256:713817c5059210e013efe16f46e42577b4eab6f0773403ead1c24af08bcc9f88
# tag: quay.io/che-incubator/che-code:insiders
- - name: che-code-@sha256:70b90dcf4829ad01c6887ee6cdd3ecdf7c6069b1dcb1009c9a60b503cceaf4e1
- image: quay.io/che-incubator/che-code@sha256:70b90dcf4829ad01c6887ee6cdd3ecdf7c6069b1dcb1009c9a60b503cceaf4e1
- # tag: quay.io/che-incubator/che-code@sha256:70b90dcf4829ad01c6887ee6cdd3ecdf7c6069b1dcb1009c9a60b503cceaf4e1
+ - name: che-code-@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
+ image: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
+ # tag: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662
- - name: universal-developer-image-@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
- image: quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
- # tag: quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
- - name: che-code-@sha256:ad26f8ad6a1fd685fc15f9b8896377e8f2bc3a8722d3f8efc4b75ecdf7bb21b1
- image: quay.io/che-incubator/che-code@sha256:ad26f8ad6a1fd685fc15f9b8896377e8f2bc3a8722d3f8efc4b75ecdf7bb21b1
- # tag: quay.io/che-incubator/che-code@sha256:ad26f8ad6a1fd685fc15f9b8896377e8f2bc3a8722d3f8efc4b75ecdf7bb21b1
+ - name: universal-developer-image-@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
+ image: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
+ # tag: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
+ - name: che-code-@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
+ image: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
+ # tag: quay.io/che-incubator/che-code@sha256:f7eed8fd36f11ded156d7bbdede3ec7656923df98e09c376165b7139c48e442a
- name: che-idea-next
- image: quay.io/che-incubator/che-idea@sha256:ab1010cff9e34775409894720458728fefd66b41da72dbe3576d23e5b62764b9
+ image: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690
image: quay.io/che-incubator/che-idea@sha256:5d6e1bf45bb705b1928409588a2a723841289201057ea6c43b233657c6913f03
# tag: quay.io/che-incubator/che-idea:next
- name: che-idea-@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
image: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
# tag: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151
- name: che-pycharm-next
- image: quay.io/che-incubator/che-pycharm@sha256:2a4085f72fb8e7a86106061791ec17b54e8e2cc3b6001e5ab19bbff19adf9396
+ image: quay.io/che-incubator/che-pycharm@sha256:c3f377182ba3807b0675fc571167aed468fe4b03cd20a60449e15da3b7431797
# tag: quay.io/che-incubator/che-pycharm:next
- name: che-pycharm-@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
@@ -1208,13 +1208,13 @@
image: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
# tag: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47
- name: che-idea-dev-server-next
- image: quay.io/che-incubator/che-idea-dev-server@sha256:35eb57fb750a0044f8f3b034693f77e66f82b0470832aa45f6f9d3ffeca92c19
+ image: quay.io/che-incubator/che-idea-dev-server@sha256:5a255cb0db9cc212418f554ed283a9850424d6ac15bb14471aea054a071fa529
# tag: quay.io/che-incubator/che-idea-dev-server:next
- name: che-idea-dev-server-@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
image: quay.io/che-incubator/che-idea-dev-server@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
# tag: quay.io/che-incubator/che-idea-dev-server@sha256:55d433645dec56ea178df03f466623e045fde046e1cb43b37493999bdb9494de
- name: universal-developer-image-ubi8-latest
- image: quay.io/devfile/universal-developer-image@sha256:ad84a36d0ba43b5995c1ee2e06e320a6d9d90d71365e9aa71b38c65f9047560f
+ image: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74
- image: quay.io/devfile/universal-developer-image@sha256:d8e409c958f99e481cd4c460e175603b2fdfbf4ea0bca10f3b23266b0a578768
+ image: quay.io/devfile/universal-developer-image@sha256:ca448538b559c1edb51c9a71966182460a69a078d67e7075e00241ad394d0f0e
# tag: quay.io/devfile/universal-developer-image:ubi8-latest
- name: che--centos--mongodb-36-centos7-latest-a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2
image: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2
@@ -1421,5 +1421,5 @@
@@ -1229,5 +1229,5 @@
image: quay.io/eclipse/che--mariadb@sha256:5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7
# tag: quay.io/eclipse/che--mariadb:10.7.1-5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7
- name: ubi-minimal-
- image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:b93deceb59a58588d5b16429fc47f98920f84740a1f2ed6454e33275f0701b59
+ image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:87bcbfedfd70e67aab3875fff103bade460aeff510033ebb36b7efa009ab6639
- image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2
+ image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:2fa47fa9df7b98e2776f447855699c01d06c3271b2d7259b8b314084580cf591
# tag: registry.access.redhat.com/ubi8/ubi-minimal

46
bundle/stable/eclipse-che/manifests/org.eclipse.che_checlusters.yaml
View File

@ -4348,7 +4348,7 @@ spec:
defining `nonProxyHosts` in a custom resource leads
to merging non-proxy hosts lists from the cluster
proxy configuration, and the ones defined in the custom
resources. See the following page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.'
resources. See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.'
items:
type: string
type: array
@ -4361,7 +4361,7 @@ spec:
Operator respects OpenShift cluster-wide proxy configuration,
defining `url` in a custom resource leads to overriding
the cluster proxy configuration. See the following
page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.'
page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.'
type: string
type: object
type: object
@ -7917,6 +7917,40 @@ spec:
component: che-gateway-config
description: Authentication settings.
properties:
advancedAuthorization:
description: Advance authorization settings. Determines
which users and groups are allowed to access Che. User
is allowed to access Che if he/she is either in the `allowUsers`
list or is member of group from `allowGroups` list and
not in neither the `denyUsers` list nor is member of group
from `denyGroups` list. If `allowUsers` and `allowGroups`
are empty, then all users are allowed to access Che. if
`denyUsers` and `denyGroups` are empty, then no users
are denied to access Che.
properties:
allowGroups:
description: List of groups allowed to access Che (currently
supported in OpenShift only).
items:
type: string
type: array
allowUsers:
description: List of users allowed to access Che.
items:
type: string
type: array
denyGroups:
description: List of groups denied to access Che (currently
supported in OpenShift only).
items:
type: string
type: array
denyUsers:
description: List of users denied to access Che.
items:
type: string
type: array
type: object
gateway:
default:
configLabels:
@ -8259,9 +8293,13 @@ spec:
for OpenShift.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
description: 'Name of the secret set in the OpenShift `OAuthClient`
resource used to set up identity federation on the OpenShift
side.
side. For Kubernetes, this can either be the plain text
oAuthSecret value, or the name of a kubernetes secret
which contains a key `oAuthSecret` and the value is the
secret. NOTE: this secret must exist in the same namespace
as the `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.'
type: string
type: object
domain:

36
bundle/stable/eclipse-che/manifests/org.eclipse.che_checlusters.yaml.diff
View File

@ -0,0 +1,36 @@
--- /home/runner/work/che-operator/che-operator/bundle/stable/eclipse-che/generated/openshift/org.eclipse.che_checlusters.yaml 2024-05-18 01:37:20.651415769 +0000
+++ /home/runner/work/che-operator/che-operator/bundle/stable/eclipse-che/manifests/org.eclipse.che_checlusters.yaml 2024-05-18 01:37:20.659415818 +0000
@@ -4348,7 +4348,7 @@
defining `nonProxyHosts` in a custom resource leads
to merging non-proxy hosts lists from the cluster
proxy configuration, and the ones defined in the custom
- resources. See the following page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.'
+ resources. See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.'
items:
type: string
type: array
@@ -4361,7 +4361,7 @@
Operator respects OpenShift cluster-wide proxy configuration,
defining `url` in a custom resource leads to overriding
the cluster proxy configuration. See the following
- page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.'
+ page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.'
type: string
type: object
type: object
@@ -8293,9 +8293,13 @@
for OpenShift.
type: string
oAuthSecret:
- description: Name of the secret set in the OpenShift `OAuthClient`
+ description: 'Name of the secret set in the OpenShift `OAuthClient`
resource used to set up identity federation on the OpenShift
- side.
+ side. For Kubernetes, this can either be the plain text
+ oAuthSecret value, or the name of a kubernetes secret
+ which contains a key `oAuthSecret` and the value is the
+ secret. NOTE: this secret must exist in the same namespace
+ as the `CheCluster` resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.'
type: string
type: object
domain:

2
bundle/stable/eclipse-che/metadata/annotations.yaml
View File

@ -26,4 +26,4 @@ annotations:
operators.operatorframework.io.test.mediatype.v1: scorecard+v1
operators.operatorframework.io.test.config.v1: tests/scorecard/
com.redhat.openshift.versions: "v4.8"
com.redhat.openshift.versions: "v4.8"

5442
config/crd/bases/org.eclipse.che_checlusters.yaml
View File

File diff suppressed because it is too large Load Diff

4
config/manager/manager.yaml
View File

@ -74,7 +74,7 @@ spec:
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:0.1.4
value: quay.io/che-incubator/configbump:next
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.9
- name: RELATED_IMAGE_gateway_authorization_sidecar
@ -137,7 +137,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 1Gi
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi

20
config/manifests/bases/che-operator.clusterserviceversion.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -22,9 +22,17 @@ metadata:
createdAt: "2021-05-11T18:38:31Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
features.operators.openshift.io/cnf: "false"
features.operators.openshift.io/cni: "false"
features.operators.openshift.io/csi: "false"
features.operators.openshift.io/disconnected: "true"
features.operators.openshift.io/fips-compliant: "true"
features.operators.openshift.io/proxy-aware: "true"
features.operators.openshift.io/tls-profiles: "false"
features.operators.openshift.io/token-auth-aws: "false"
features.operators.openshift.io/token-auth-azure: "false"
features.operators.openshift.io/token-auth-gcp: "false"
operatorframework.io/suggested-namespace: openshift-operators
operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware",
"fips"]'
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che.v0.0.0
@ -415,11 +423,11 @@ spec:
* Bundled Plugin and Devfile registries
Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che default installation options.
See more in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/).
See more in the [Installation guide](https://www.eclipse.org/che/docs/stable/administration-guide/configuring-che/).
### Certificates
Operator uses a default router certificate to secure Eclipse Che routes.
Follow the [guide](https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/)
Follow the [guide](https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/)
to import certificates into Eclipse Che.
displayName: Eclipse Che
icon:
@ -447,7 +455,7 @@ spec:
- java
links:
- name: Product Page
url: http://www.eclipse.org/che
url: https://www.eclipse.org/che
- name: Documentation
url: https://www.eclipse.org/che/docs
- name: Operator GitHub Repo

29
config/rbac/auth_proxy_role.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

24
config/rbac/auth_proxy_role_binding.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: proxy-role
subjects:
- kind: ServiceAccount
name: che-operator
namespace: system

26
config/rbac/auth_proxy_service.yaml
View File

@ -1,26 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che-operator
name: controller-manager-metrics-service
namespace: system
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
app: che-operator

36
config/rbac/checluster_editor_role.yaml
View File

@ -1,36 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# permissions for end users to edit checlusters.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: checluster-editor-role
rules:
- apiGroups:
- org.eclipse.che
resources:
- checlusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- org.eclipse.che
resources:
- checlusters/status
verbs:
- get

32
config/rbac/checluster_viewer_role.yaml
View File

@ -1,32 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# permissions for end users to view checlusters.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: checluster-viewer-role
rules:
- apiGroups:
- org.eclipse.che
resources:
- checlusters
verbs:
- get
- list
- watch
- apiGroups:
- org.eclipse.che
resources:
- checlusters/status
verbs:
- get

270
config/rbac/cluster_role.yaml
View File

@ -21,11 +21,17 @@ metadata:
app.kubernetes.io/component: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ''
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ''
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ''
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ''
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ''
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resources:
@ -335,6 +241,14 @@ rules:
- cluster
verbs:
- get
- apiGroups:
- config.openshift.io
resources:
- proxies
resourceNames:
- cluster
verbs:
- get
- apiGroups:
- ''
resources:
@ -343,32 +257,47 @@ rules:
- get
- list
- watch
- apiGroups:
- ''
resources:
- pods/portforward
verbs:
- get
- list
- create
- apiGroups:
- ''
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -410,4 +339,11 @@ rules:
resources:
- limitranges
verbs:
- list
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

2
config/rbac/kustomization.yaml
View File

@ -21,5 +21,3 @@ resources:
- role_binding.yaml
- cluster_role.yaml
- cluster_rolebinding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml

56
config/rbac/leader_election_role.yaml
View File

@ -1,56 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: che-operator-leader-election
namespace: eclipse-che
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
config/rbac/leader_election_role_binding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: che-operator-leader-election
namespace: eclipse-che
labels:
app.kubernetes.io/name: che
app.kubernetes.io/instance: che
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: che-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

198
config/rbac/role.yaml
View File

@ -21,170 +21,34 @@ metadata:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/name: che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

4
config/rbac/role_binding.yaml
View File

@ -25,5 +25,5 @@ roleRef:
kind: Role
name: che-operator
subjects:
- kind: ServiceAccount
name: che-operator
- kind: ServiceAccount
name: che-operator

6
config/samples/org_v1_checluster.yaml
View File

@ -17,7 +17,11 @@ metadata:
namespace: eclipse-che
spec:
server:
workspaceNamespaceDefault: "<username>-che"
workspaceNamespaceDefault: '<username>-che'
externalPluginRegistry: true
externalDevfileRegistry: true
externalDevfileRegistries:
- url: 'https://registry.devfile.io'
database:
externalDb: false
storage:

8
config/samples/org_v2_checluster.yaml
View File

@ -16,7 +16,13 @@ metadata:
name: eclipse-che
namespace: eclipse-che
spec:
components: {}
components:
pluginRegistry:
disableInternalRegistry: true
devfileRegistry:
disableInternalRegistry: true
externalDevfileRegistries:
- url: 'https://registry.devfile.io'
devEnvironments: {}
networking: {}
containerRegistry: {}

33
controllers/che/checluster_controller.go
View File

@ -15,6 +15,8 @@ package che
import (
"context"
editorsdefinitions "github.com/eclipse-che/che-operator/pkg/deploy/editors-definitions"
"github.com/eclipse-che/che-operator/pkg/common/test"
containerbuild "github.com/eclipse-che/che-operator/pkg/deploy/container-build"
@ -54,7 +56,6 @@ import (
chev2 "github.com/eclipse-che/che-operator/api/v2"
networking "k8s.io/api/networking/v1"
"k8s.io/apimachinery/pkg/api/errors"
)
// CheClusterReconciler reconciles a CheCluster object
@ -111,6 +112,7 @@ func NewReconciler(
}
reconcileManager.RegisterReconciler(devfileregistry.NewDevfileRegistryReconciler())
reconcileManager.RegisterReconciler(pluginregistry.NewPluginRegistryReconciler())
reconcileManager.RegisterReconciler(editorsdefinitions.NewEditorsDefinitionsReconciler())
reconcileManager.RegisterReconciler(dashboard.NewDashboardReconciler())
reconcileManager.RegisterReconciler(gateway.NewGatewayReconciler())
reconcileManager.RegisterReconciler(server.NewCheServerReconciler())
@ -150,7 +152,7 @@ func (r *CheClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
}
var toTrustedBundleConfigMapRequestMapper handler.MapFunc = func(obj client.Object) []ctrl.Request {
isTrusted, reconcileRequest := IsTrustedBundleConfigMap(r.nonCachedClient, r.namespace, obj)
isTrusted, reconcileRequest := IsTrustedBundleConfigMap(r.client, r.namespace, obj)
if isTrusted {
return []ctrl.Request{reconcileRequest}
}
@ -158,7 +160,7 @@ func (r *CheClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
}
var toEclipseCheRelatedObjRequestMapper handler.MapFunc = func(obj client.Object) []ctrl.Request {
isEclipseCheRelatedObj, reconcileRequest := IsEclipseCheRelatedObj(r.nonCachedClient, r.namespace, obj)
isEclipseCheRelatedObj, reconcileRequest := IsEclipseCheRelatedObj(r.client, r.namespace, obj)
if isEclipseCheRelatedObj {
return []ctrl.Request{reconcileRequest}
}
@ -197,10 +199,6 @@ func (r *CheClusterReconciler) SetupWithManager(mgr ctrl.Manager) error {
IsController: true,
OwnerType: &chev2.CheCluster{},
}).
Watches(&source.Kind{Type: &corev1.PersistentVolumeClaim{}}, &handler.EnqueueRequestForOwner{
IsController: true,
OwnerType: &chev2.CheCluster{},
}).
Watches(&source.Kind{Type: &corev1.ConfigMap{}},
handler.EnqueueRequestsFromMapFunc(toTrustedBundleConfigMapRequestMapper),
builder.WithPredicates(onAllExceptGenericEventsPredicate),
@ -251,16 +249,11 @@ func (r *CheClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
}
// Fetch the CheCluster instance
checluster, err := r.GetCR(req)
if err != nil {
if errors.IsNotFound(err) {
r.Log.Info("CheCluster Custom Resource not found.")
// Request object not found, could have been deleted after reconcile request.
// Owned objects are automatically garbage collected. For additional cleanup logic use finalizers.
// Return and don't requeue
return ctrl.Result{}, nil
}
checluster, err := deploy.FindCheClusterCRInNamespace(r.client, req.NamespacedName.Namespace)
if checluster == nil {
r.Log.Info("CheCluster Custom Resource not found.")
return ctrl.Result{}, nil
} else if err != nil {
// Error reading the object - requeue the request.
return ctrl.Result{}, err
}
@ -305,9 +298,3 @@ func (r *CheClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request)
return ctrl.Result{Requeue: !done}, nil
}
}
func (r *CheClusterReconciler) GetCR(request ctrl.Request) (*chev2.CheCluster, error) {
checluster := &chev2.CheCluster{}
err := r.client.Get(context.TODO(), request.NamespacedName, checluster)
return checluster, err
}

15
controllers/che/cheobj_verifier.go
View File

@ -16,7 +16,6 @@ import (
"github.com/eclipse-che/che-operator/pkg/common/constants"
"github.com/eclipse-che/che-operator/pkg/deploy"
"github.com/eclipse-che/che-operator/pkg/deploy/tls"
"github.com/sirupsen/logrus"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
@ -29,11 +28,8 @@ func IsTrustedBundleConfigMap(cl client.Client, watchNamespace string, obj clien
return false, ctrl.Request{}
}
checluster, num, _ := deploy.FindCheClusterCRInNamespace(cl, watchNamespace)
if num != 1 {
if num > 1 {
logrus.Warn("More than one checluster Custom Resource found.")
}
checluster, _ := deploy.FindCheClusterCRInNamespace(cl, watchNamespace)
if checluster == nil {
return false, ctrl.Request{}
}
@ -71,11 +67,8 @@ func IsEclipseCheRelatedObj(cl client.Client, watchNamespace string, obj client.
return false, ctrl.Request{}
}
checluster, num, _ := deploy.FindCheClusterCRInNamespace(cl, watchNamespace)
if num != 1 {
if num > 1 {
logrus.Warn("More than one checluster Custom Resource found.")
}
checluster, _ := deploy.FindCheClusterCRInNamespace(cl, watchNamespace)
if checluster == nil {
return false, ctrl.Request{}
}

4
controllers/che/cheobj_verifier_test.go
View File

@ -123,7 +123,7 @@ func TestIsTrustedBundleConfigMap(t *testing.T) {
newTestObject.ObjectMeta.Labels = testCase.objLabels
}
isEclipseCheObj, req := IsTrustedBundleConfigMap(deployContext.ClusterAPI.NonCachingClient, testCase.watchNamespace, newTestObject)
isEclipseCheObj, req := IsTrustedBundleConfigMap(deployContext.ClusterAPI.Client, testCase.watchNamespace, newTestObject)
assert.Equal(t, testCase.expectedIsEclipseCheObj, isEclipseCheObj)
if isEclipseCheObj {
@ -217,7 +217,7 @@ func TestIsEclipseCheRelatedObj(t *testing.T) {
deployContext := test.GetDeployContext(nil, testCase.initObjects)
testObject.ObjectMeta.Namespace = testCase.objNamespace
isEclipseCheObj, req := IsEclipseCheRelatedObj(deployContext.ClusterAPI.NonCachingClient, testCase.watchNamespace, testObject)
isEclipseCheObj, req := IsEclipseCheRelatedObj(deployContext.ClusterAPI.Client, testCase.watchNamespace, testObject)
assert.Equal(t, testCase.expectedIsEclipseCheObj, isEclipseCheObj)
if isEclipseCheObj {

16
controllers/che/proxy.go
View File

@ -13,6 +13,8 @@
package che
import (
"os"
"github.com/devfile/devworkspace-operator/pkg/infrastructure"
"github.com/eclipse-che/che-operator/pkg/common/chetypes"
"github.com/eclipse-che/che-operator/pkg/deploy"
@ -50,9 +52,15 @@ func GetProxyConfiguration(deployContext *chetypes.DeployContext) (*chetypes.Pro
}
// Add cluster-wide trusted CA certs, if any
cheClusterProxyConf.TrustedCAMapName = clusterWideProxyConf.TrustedCAMapName
// Add kubernetes host to the no proxy list.
cheClusterProxyConf.NoProxy = deploy.MergeNonProxy(cheClusterProxyConf.NoProxy, os.Getenv("KUBERNETES_SERVICE_HOST"))
return cheClusterProxyConf, nil
} else {
clusterWideProxyConf.NoProxy = deploy.MergeNonProxy(clusterWideProxyConf.NoProxy, cheClusterProxyConf.NoProxy)
if clusterWideProxyConf.HttpProxy != "" {
// Add kubernetes host to the no proxy list.
clusterWideProxyConf.NoProxy = deploy.MergeNonProxy(clusterWideProxyConf.NoProxy, os.Getenv("KUBERNETES_SERVICE_HOST"))
clusterWideProxyConf.NoProxy = deploy.MergeNonProxy(clusterWideProxyConf.NoProxy, cheClusterProxyConf.NoProxy)
}
return clusterWideProxyConf, nil
}
}
@ -62,6 +70,10 @@ func GetProxyConfiguration(deployContext *chetypes.DeployContext) (*chetypes.Pro
if err != nil {
return nil, err
}
cheClusterProxyConf.NoProxy = deploy.MergeNonProxy(cheClusterProxyConf.NoProxy, ".svc")
if cheClusterProxyConf.HttpProxy != "" {
// Add kubernetes host to the no proxy list.
cheClusterProxyConf.NoProxy = deploy.MergeNonProxy(cheClusterProxyConf.NoProxy, os.Getenv("KUBERNETES_SERVICE_HOST"))
cheClusterProxyConf.NoProxy = deploy.MergeNonProxy(cheClusterProxyConf.NoProxy, ".svc")
}
return cheClusterProxyConf, nil
}

12
controllers/devworkspace/solver/che_routing_test.go
View File

@ -1569,24 +1569,24 @@ func TestReportSubdomainExposedEndpointsLongUsername(t *testing.T) {
if e1.Name != "e1" {
t.Errorf("The first endpoint should have been e1 but is %s", e1.Name)
}
if e1.Url != "https://wsid-1.down.on.earth/1/" {
t.Errorf("The e1 endpoint should have the following URL: '%s' but has '%s'.", "https://wsid-1.down.on.earth/1/", e1.Url)
if e1.Url != "https://wsid-e1.down.on.earth/1/" {
t.Errorf("The e1 endpoint should have the following URL: '%s' but has '%s'.", "https://wsid-e1.down.on.earth/1/", e1.Url)
}
e2 := m1[1]
if e2.Name != "e2" {
t.Errorf("The second endpoint should have been e2 but is %s", e1.Name)
}
if e2.Url != "https://wsid-2.down.on.earth/2.js" {
t.Errorf("The e2 endpoint should have the following URL: '%s' but has '%s'.", "https://wsid-2.down.on.earth/2.js", e2.Url)
if e2.Url != "https://wsid-e2.down.on.earth/2.js" {
t.Errorf("The e2 endpoint should have the following URL: '%s' but has '%s'.", "https://wsid-e2.down.on.earth/2.js", e2.Url)
}
e3 := m1[2]
if e3.Name != "e3" {
t.Errorf("The third endpoint should have been e3 but is %s", e1.Name)
}
if e3.Url != "http://wsid-3.down.on.earth/" {
t.Errorf("The e3 endpoint should have the following URL: '%s' but has '%s'.", "https://wsid-3.down.on.earth/", e3.Url)
if e3.Url != "http://wsid-e3.down.on.earth/" {
t.Errorf("The e3 endpoint should have the following URL: '%s' but has '%s'.", "https://wsid-e3.down.on.earth/", e3.Url)
}
}

6
controllers/devworkspace/solver/endpoint_strategy.go
View File

@ -72,8 +72,10 @@ func (u UsernameWkspName) getEndpointPathPrefix(endpointPath string) string {
func (u UsernameWkspName) getHostname(endpointInfo *EndpointInfo, baseDomain string) string {
subDomain := fmt.Sprintf("%s-%s-%s", u.username, u.workspaceName, endpointInfo.endpointName)
if errs := validation.IsValidLabelValue(subDomain); len(errs) > 0 {
// if subdomain is not valid, use legacy paths
return fmt.Sprintf("%s-%d.%s", u.workspaceID, endpointInfo.order, baseDomain)
// If subdomain is not valid (e.g. too long), use alternate format
// The below should always be under 63 characters, as endpoint names are limited to 15 characters and workspace IDs are
// 25 characters.
return fmt.Sprintf("%s-%s.%s", u.workspaceID, endpointInfo.endpointName, baseDomain)
}
return fmt.Sprintf("%s.%s", subDomain, baseDomain)

3
controllers/usernamespace/namespacecache.go
View File

@ -48,8 +48,9 @@ type namespaceInfo struct {
CheCluster *types.NamespacedName
}
func NewNamespaceCache() *namespaceCache {
func NewNamespaceCache(client client.Client) *namespaceCache {
return &namespaceCache{
client: client,
knownNamespaces: map[string]namespaceInfo{},
lock: sync.Mutex{},
}

2
controllers/usernamespace/namespacecache_test.go
View File

@ -26,7 +26,6 @@ import (
routev1 "github.com/openshift/api/route/v1"
appsv1 "k8s.io/api/apps/v1"
corev1 "k8s.io/api/core/v1"
extensions "k8s.io/api/extensions/v1beta1"
networkingv1 "k8s.io/api/networking/v1"
"k8s.io/api/node/v1alpha1"
rbac "k8s.io/api/rbac/v1"
@ -42,7 +41,6 @@ import (
func createTestScheme() *runtime.Scheme {
scheme := runtime.NewScheme()
utilruntime.Must(v1alpha1.AddToScheme(scheme))
utilruntime.Must(extensions.AddToScheme(scheme))
utilruntime.Must(corev1.AddToScheme(scheme))
utilruntime.Must(appsv1.AddToScheme(scheme))
utilruntime.Must(rbac.AddToScheme(scheme))

88
controllers/usernamespace/controller.go → controllers/usernamespace/usernamespace_controller.go
View File

@ -29,7 +29,6 @@ import (
"github.com/devfile/devworkspace-operator/pkg/infrastructure"
chev2 "github.com/eclipse-che/che-operator/api/v2"
"github.com/eclipse-che/che-operator/controllers/che"
"github.com/eclipse-che/che-operator/controllers/devworkspace"
"github.com/eclipse-che/che-operator/controllers/devworkspace/defaults"
"github.com/eclipse-che/che-operator/pkg/deploy"
projectv1 "github.com/openshift/api/project/v1"
@ -55,27 +54,28 @@ const (
)
type CheUserNamespaceReconciler struct {
client client.Client
scheme *runtime.Scheme
namespaceCache namespaceCache
}
type eventRule struct {
check func(metav1.Object) bool
namespaces func(metav1.Object) []string
scheme *runtime.Scheme
client client.Client
nonCachedClient client.Client
namespaceCache *namespaceCache
}
var _ reconcile.Reconciler = (*CheUserNamespaceReconciler)(nil)
func NewReconciler() *CheUserNamespaceReconciler {
return &CheUserNamespaceReconciler{namespaceCache: *NewNamespaceCache()}
func NewCheUserNamespaceReconciler(
client client.Client,
noncachedClient client.Client,
scheme *runtime.Scheme,
namespaceCache *namespaceCache) *CheUserNamespaceReconciler {
return &CheUserNamespaceReconciler{
scheme: scheme,
client: client,
nonCachedClient: noncachedClient,
namespaceCache: namespaceCache}
}
func (r *CheUserNamespaceReconciler) SetupWithManager(mgr ctrl.Manager) error {
r.scheme = mgr.GetScheme()
r.client = mgr.GetClient()
r.namespaceCache.client = r.client
var obj client.Object
if infrastructure.IsOpenShift() {
obj = &projectv1.Project{}
@ -101,26 +101,6 @@ func (r *CheUserNamespaceReconciler) watchRulesForSecrets(ctx context.Context) h
}))
}
func asReconcileRequestsForNamespaces(obj metav1.Object, rules []eventRule) []reconcile.Request {
for _, r := range rules {
if r.check(obj) {
nss := r.namespaces(obj)
ret := make([]reconcile.Request, len(nss))
for i, n := range nss {
ret[i] = reconcile.Request{
NamespacedName: types.NamespacedName{
Name: n,
},
}
}
return ret
}
}
return []reconcile.Request{}
}
func (r *CheUserNamespaceReconciler) commonRules(ctx context.Context, namesInCheClusterNamespace ...string) []eventRule {
return []eventRule{
{
@ -192,6 +172,10 @@ func (r *CheUserNamespaceReconciler) hasCheCluster(ctx context.Context, namespac
}
func (r *CheUserNamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
if req.Name == "" {
return ctrl.Result{}, nil
}
info, err := r.namespaceCache.ExamineNamespace(ctx, req.Name)
if err != nil {
logrus.Errorf("Failed to examine namespace %s for presence of Che user info labels: %v", req.Name, err)
@ -203,9 +187,10 @@ func (r *CheUserNamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Req
return ctrl.Result{}, nil
}
checluster := findManagingCheCluster(*info.CheCluster)
if checluster == nil {
return ctrl.Result{Requeue: true}, nil
checluster, err := deploy.FindCheClusterCRInNamespace(r.client, "")
if checluster == nil || err != nil {
// CheCluster is not found or error occurred, requeue the request
return ctrl.Result{}, err
}
// let's construct the deployContext to be able to use methods from v1 operator
@ -213,8 +198,7 @@ func (r *CheUserNamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Req
CheCluster: checluster,
ClusterAPI: chetypes.ClusterAPI{
Client: r.client,
NonCachingClient: r.client,
DiscoveryClient: nil,
NonCachingClient: r.nonCachedClient,
Scheme: r.scheme,
},
}
@ -257,30 +241,6 @@ func (r *CheUserNamespaceReconciler) Reconcile(ctx context.Context, req ctrl.Req
return ctrl.Result{}, nil
}
func findManagingCheCluster(key types.NamespacedName) *chev2.CheCluster {
instances := devworkspace.GetCurrentCheClusterInstances()
if len(instances) == 0 {
return nil
}
if len(instances) == 1 {
for k, v := range instances {
if key.Name == "" || (key.Name == k.Name && key.Namespace == k.Namespace) {
return &v
}
return nil
}
}
ret, ok := instances[key]
if ok {
return &ret
} else {
return nil
}
}
func (r *CheUserNamespaceReconciler) reconcileSelfSignedCert(ctx context.Context, deployContext *chetypes.DeployContext, targetNs string, checluster *chev2.CheCluster) error {
if err := deleteLegacyObject("server-cert", &corev1.Secret{}, targetNs, checluster, deployContext); err != nil {
return err

110
controllers/usernamespace/controller_test.go → controllers/usernamespace/usernamespace_controller_test.go
View File

@ -160,9 +160,10 @@ func setup(infraType devworkspaceinfra.Type, objs ...runtime.Object) (*runtime.S
cl := fake.NewFakeClientWithScheme(scheme, objs...)
r := &CheUserNamespaceReconciler{
client: cl,
scheme: scheme,
namespaceCache: namespaceCache{
client: cl,
nonCachedClient: cl,
scheme: scheme,
namespaceCache: &namespaceCache{
client: cl,
knownNamespaces: map[string]namespaceInfo{},
lock: sync.Mutex{},
@ -214,96 +215,6 @@ func TestSkipsUnlabeledNamespaces(t *testing.T) {
})
}
func TestRequiresLabelsToMatchOneOfMultipleCheCluster(t *testing.T) {
test := func(t *testing.T, infraType devworkspaceinfra.Type, namespace metav1.Object) {
ctx := context.TODO()
scheme, cl, r := setup(infraType, namespace.(runtime.Object))
setupCheCluster(t, ctx, cl, scheme, "che1", "che")
setupCheCluster(t, ctx, cl, scheme, "che2", "che")
res, err := r.Reconcile(context.TODO(), reconcile.Request{NamespacedName: types.NamespacedName{Name: namespace.GetName()}})
assert.NoError(t, err, "Reconciliation should have succeeded.")
assert.True(t, res.Requeue, "The reconciliation request should have been requeued.")
}
t.Run("k8s", func(t *testing.T) {
test(t, devworkspaceinfra.Kubernetes, &corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "ns",
Labels: map[string]string{
workspaceNamespaceOwnerUidLabel: "uid",
},
},
})
})
t.Run("openshift", func(t *testing.T) {
test(t, devworkspaceinfra.OpenShiftv4, &projectv1.Project{
ObjectMeta: metav1.ObjectMeta{
Name: "prj",
Labels: map[string]string{
workspaceNamespaceOwnerUidLabel: "uid",
},
},
})
})
}
func TestMatchingCheClusterCanBeSelectedUsingLabels(t *testing.T) {
test := func(t *testing.T, infraType devworkspaceinfra.Type, namespace string, objs ...runtime.Object) {
ctx := context.TODO()
scheme, cl, r := setup(infraType, objs...)
setupCheCluster(t, ctx, cl, scheme, "che1", "che")
setupCheCluster(t, ctx, cl, scheme, "che2", "che")
res, err := r.Reconcile(context.TODO(), reconcile.Request{NamespacedName: types.NamespacedName{Name: namespace}})
assert.NoError(t, err, "Reconciliation shouldn't have failed")
assert.False(t, res.Requeue, "The reconciliation request should have succeeded but is requesting a requeue.")
}
t.Run("k8s", func(t *testing.T) {
test(t, devworkspaceinfra.Kubernetes,
"ns",
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "ns",
Labels: map[string]string{
workspaceNamespaceOwnerUidLabel: "uid",
cheNameLabel: "che",
cheNamespaceLabel: "che1",
},
},
})
})
t.Run("openshift", func(t *testing.T) {
test(t, devworkspaceinfra.OpenShiftv4,
"ns",
&corev1.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: "ns",
Labels: map[string]string{
workspaceNamespaceOwnerUidLabel: "uid",
cheNameLabel: "che",
cheNamespaceLabel: "che1",
},
},
},
&projectv1.Project{
ObjectMeta: metav1.ObjectMeta{
Name: "prj",
Labels: map[string]string{
workspaceNamespaceOwnerUidLabel: "uid",
cheNameLabel: "che",
cheNamespaceLabel: "che1",
},
},
})
})
}
func TestCreatesDataInNamespace(t *testing.T) {
infrastructure.InitializeForTesting(infrastructure.Kubernetes)
@ -332,19 +243,6 @@ func TestCreatesDataInNamespace(t *testing.T) {
assert.False(t, res.Requeue, "The reconciliation request should have succeeded but it is requesting a requeue")
proxySettings := corev1.ConfigMap{}
assert.NoError(t, cl.Get(ctx, client.ObjectKey{Name: "che-proxy-settings", Namespace: namespace.GetName()}, &proxySettings))
assert.Equal(t, "env", proxySettings.GetAnnotations()[dwconstants.DevWorkspaceMountAsAnnotation],
"proxy settings should be annotated as mount as 'env'")
assert.Equal(t, "true", proxySettings.GetLabels()[dwconstants.DevWorkspaceMountLabel],
"proxy settings should be labeled as mounted")
assert.Equal(t, 2, len(proxySettings.Data), "Expecting 2 elements in the default proxy settings")
assert.Equal(t, ".svc", proxySettings.Data["NO_PROXY"], "Unexpected proxy settings")
idleSettings := corev1.ConfigMap{}
assert.NoError(t, cl.Get(ctx, client.ObjectKey{Name: "che-idle-settings", Namespace: namespace.GetName()}, &idleSettings))

44
controllers/usernamespace/usernamespace_utils.go Normal file
View File

@ -0,0 +1,44 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
)
type eventRule struct {
check func(metav1.Object) bool
namespaces func(metav1.Object) []string
}
func asReconcileRequestsForNamespaces(obj metav1.Object, rules []eventRule) []reconcile.Request {
for _, r := range rules {
if r.check(obj) {
nss := r.namespaces(obj)
ret := make([]reconcile.Request, len(nss))
for i, n := range nss {
ret[i] = reconcile.Request{
NamespacedName: types.NamespacedName{
Name: n,
},
}
}
return ret
}
}
return []reconcile.Request{}
}

90
controllers/usernamespace/workspace_cm_syncer.go Normal file
View File

@ -0,0 +1,90 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
dwconstants "github.com/devfile/devworkspace-operator/pkg/constants"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
)
var (
v1ConfigMapGKV = corev1.SchemeGroupVersion.WithKind("ConfigMap")
)
type configMapSyncer struct {
workspaceConfigSyncer
}
func newConfigMapSyncer() *configMapSyncer {
return &configMapSyncer{}
}
func (p *configMapSyncer) gkv() schema.GroupVersionKind {
return v1ConfigMapGKV
}
func (p *configMapSyncer) newObjectFrom(src client.Object) client.Object {
dst := src.(runtime.Object).DeepCopyObject()
dst.(*corev1.ConfigMap).ObjectMeta = metav1.ObjectMeta{
Name: src.GetName(),
Annotations: src.GetAnnotations(),
Labels: mergeWorkspaceConfigObjectLabels(
src.GetLabels(),
map[string]string{
dwconstants.DevWorkspaceWatchConfigMapLabel: "true",
dwconstants.DevWorkspaceMountLabel: "true",
},
),
}
return dst.(client.Object)
}
func (p *configMapSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool {
if newObj.GetLabels() != nil {
for key, value := range newObj.GetLabels() {
if existedObj.GetLabels()[key] != value {
return true
}
}
}
if newObj.GetAnnotations() != nil {
for key, value := range newObj.GetAnnotations() {
if existedObj.GetAnnotations()[key] != value {
return true
}
}
}
return cmp.Diff(
newObj,
existedObj,
cmp.Options{
cmpopts.IgnoreFields(corev1.ConfigMap{}, "TypeMeta", "ObjectMeta"),
}) != ""
}
func (p *configMapSyncer) getObjectList() client.ObjectList {
return &corev1.ConfigMapList{}
}
func (p *configMapSyncer) hasReadOnlySpec() bool {
return false
}

312
controllers/usernamespace/workspace_cm_syncer_test.go Normal file
View File

@ -0,0 +1,312 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
"context"
"testing"
"github.com/eclipse-che/che-operator/pkg/common/constants"
"github.com/eclipse-che/che-operator/pkg/common/test"
"github.com/eclipse-che/che-operator/pkg/common/utils"
"github.com/eclipse-che/che-operator/pkg/deploy"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/pointer"
"k8s.io/apimachinery/pkg/runtime/schema"
"github.com/stretchr/testify/assert"
"k8s.io/apimachinery/pkg/types"
)
const (
eclipseCheNamespace = "eclipse-che"
userNamespace = "user-namespace"
objectName = "che-workspaces-config"
)
var (
objectKeyInUserNs = types.NamespacedName{Name: objectName, Namespace: userNamespace}
objectKeyInCheNs = types.NamespacedName{Name: objectName, Namespace: eclipseCheNamespace}
)
func TestSyncConfigMap(t *testing.T) {
deployContext := test.GetDeployContext(nil, []runtime.Object{
&corev1.ConfigMap{
TypeMeta: metav1.TypeMeta{
Kind: "ConfigMap",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: objectName,
Namespace: "eclipse-che",
Labels: map[string]string{
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
},
Annotations: map[string]string{},
},
Data: map[string]string{
"a": "b",
},
Immutable: pointer.Bool(false),
}})
workspaceConfigReconciler := NewWorkspacesConfigReconciler(
deployContext.ClusterAPI.Client,
deployContext.ClusterAPI.NonCachingClient,
deployContext.ClusterAPI.Scheme,
NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
// Sync ConfigMap
err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check ConfigMap in a user namespace is created
cm := &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, "b", cm.Data["a"])
assert.Equal(t, false, *cm.Immutable)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
// Update src ConfigMap
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInCheNs, cm)
assert.Nil(t, err)
cm.Data["a"] = "c"
err = workspaceConfigReconciler.client.Update(context.TODO(), cm)
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check that destination ConfigMap is updated
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, "c", cm.Data["a"])
assert.Equal(t, false, *cm.Immutable)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
// Update dst ConfigMap
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
cm.Data["a"] = "new-c"
err = workspaceConfigReconciler.client.Update(context.TODO(), cm)
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check that destination ConfigMap is reverted
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, "c", cm.Data["a"])
assert.Equal(t, false, *cm.Immutable)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
// Update dst ConfigMap in the way that it won't be reverted
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
cm.Annotations = map[string]string{"new-annotation": "new-test"}
utils.AddMap(cm.Labels, map[string]string{"new-label": "new-test"})
err = workspaceConfigReconciler.client.Update(context.TODO(), cm)
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check that destination ConfigMap is not reverted
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, "c", cm.Data["a"])
assert.Equal(t, false, *cm.Immutable)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "new-test", cm.Labels["new-label"])
assert.Equal(t, "new-test", cm.Annotations["new-annotation"])
// Delete dst ConfigMap
err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInUserNs, &corev1.ConfigMap{})
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check that destination ConfigMap is reverted
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, "c", cm.Data["a"])
assert.Equal(t, false, *cm.Immutable)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
// Delete src ConfigMap
err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &corev1.ConfigMap{})
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 0, v1ConfigMapGKV)
// Check that destination ConfigMap in a user namespace is deleted
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.NotNil(t, err)
assert.True(t, errors.IsNotFound(err))
}
func TestSyncConfigMapShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) {
deployContext := test.GetDeployContext(nil, []runtime.Object{
&corev1.ConfigMap{
TypeMeta: metav1.TypeMeta{
Kind: "ConfigMap",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: objectName,
Namespace: "eclipse-che",
Labels: map[string]string{
"label": "label-value",
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
},
Annotations: map[string]string{
"annotation": "annotation-value",
},
},
Data: map[string]string{
"a": "b",
},
}})
workspaceConfigReconciler := NewWorkspacesConfigReconciler(
deployContext.ClusterAPI.Client,
deployContext.ClusterAPI.NonCachingClient,
deployContext.ClusterAPI.Scheme,
NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
// Sync ConfigMap
err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check ConfigMap in a user namespace is created
cm := &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "label-value", cm.Labels["label"])
assert.Equal(t, "annotation-value", cm.Annotations["annotation"])
// Update labels and annotations on dst ConfigMap
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
utils.AddMap(cm.Labels, map[string]string{"new-label": "new-label-value"})
utils.AddMap(cm.Annotations, map[string]string{"new-annotation": "new-annotation-value"})
err = workspaceConfigReconciler.client.Update(context.TODO(), cm)
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check that destination ConfigMap is not reverted
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "label-value", cm.Labels["label"])
assert.Equal(t, "new-label-value", cm.Labels["new-label"])
assert.Equal(t, "annotation-value", cm.Annotations["annotation"])
assert.Equal(t, "new-annotation-value", cm.Annotations["new-annotation"])
// Update src ConfigMap
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInCheNs, cm)
assert.Nil(t, err)
cm.Data["a"] = "c"
utils.AddMap(cm.Labels, map[string]string{"label": "label-value-2"})
utils.AddMap(cm.Annotations, map[string]string{"annotation": "annotation-value-2"})
err = workspaceConfigReconciler.client.Update(context.TODO(), cm)
assert.Nil(t, err)
// Sync ConfigMap
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1ConfigMapGKV)
// Check that destination ConfigMap is updated but old labels and annotations are preserved
cm = &corev1.ConfigMap{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, cm)
assert.Nil(t, err)
assert.Equal(t, "c", cm.Data["a"])
assert.Equal(t, constants.WorkspacesConfig, cm.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, cm.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/watch-configmap"])
assert.Equal(t, "true", cm.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "label-value-2", cm.Labels["label"])
assert.Equal(t, "new-label-value", cm.Labels["new-label"])
assert.Equal(t, "annotation-value-2", cm.Annotations["annotation"])
assert.Equal(t, "new-annotation-value", cm.Annotations["new-annotation"])
}
func assertSyncConfig(t *testing.T, workspaceConfigReconciler *WorkspacesConfigReconciler, expectedNumberOfRecords int, gkv schema.GroupVersionKind) {
cm, err := workspaceConfigReconciler.getSyncConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assert.Equal(t, expectedNumberOfRecords, len(cm.Data))
if expectedNumberOfRecords == 2 {
assert.Contains(t, cm.Data, buildKey(gkv, objectName, userNamespace))
assert.Contains(t, cm.Data, buildKey(gkv, objectName, eclipseCheNamespace))
}
}

61
controllers/usernamespace/workspace_pvc_syncer.go Normal file
View File

@ -0,0 +1,61 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
)
var (
v1PvcGKV = corev1.SchemeGroupVersion.WithKind("PersistentVolumeClaim")
)
type pvcSyncer struct {
workspaceConfigSyncer
}
func newPvcSyncer() *pvcSyncer {
return &pvcSyncer{}
}
func (p *pvcSyncer) gkv() schema.GroupVersionKind {
return v1PvcGKV
}
func (p *pvcSyncer) newObjectFrom(src client.Object) client.Object {
dst := src.(runtime.Object).DeepCopyObject()
dst.(*corev1.PersistentVolumeClaim).ObjectMeta = metav1.ObjectMeta{
Name: src.GetName(),
Annotations: src.GetAnnotations(),
Labels: src.GetLabels(),
}
dst.(*corev1.PersistentVolumeClaim).Status = corev1.PersistentVolumeClaimStatus{}
return dst.(client.Object)
}
func (p *pvcSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool {
return false
}
func (p *pvcSyncer) getObjectList() client.ObjectList {
return &corev1.PersistentVolumeClaimList{}
}
func (p *pvcSyncer) hasReadOnlySpec() bool {
return true
}

127
controllers/usernamespace/workspace_pvc_syncer_test.go Normal file
View File

@ -0,0 +1,127 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
"context"
"testing"
"github.com/eclipse-che/che-operator/pkg/deploy"
"k8s.io/apimachinery/pkg/api/errors"
"github.com/eclipse-che/che-operator/pkg/common/constants"
"github.com/eclipse-che/che-operator/pkg/common/test"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
func TestSyncPVC(t *testing.T) {
deployContext := test.GetDeployContext(nil, []runtime.Object{
&corev1.PersistentVolumeClaim{
TypeMeta: metav1.TypeMeta{
Kind: "PersistentVolumeClaim",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: objectName,
Namespace: "eclipse-che",
Labels: map[string]string{
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
},
},
Spec: corev1.PersistentVolumeClaimSpec{
Resources: corev1.ResourceRequirements{
Requests: corev1.ResourceList{
corev1.ResourceStorage: resource.MustParse("1Gi"),
},
},
},
}})
workspaceConfigReconciler := NewWorkspacesConfigReconciler(
deployContext.ClusterAPI.Client,
deployContext.ClusterAPI.NonCachingClient,
deployContext.ClusterAPI.Scheme,
NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
// Sync PVC to a user namespace
err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV)
// Check if PVC in a user namespace is created
pvc := &corev1.PersistentVolumeClaim{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, pvc)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, pvc.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, pvc.Labels[constants.KubernetesPartOfLabelKey])
assert.True(t, pvc.Spec.Resources.Requests[corev1.ResourceStorage].Equal(resource.MustParse("1Gi")))
// Update src PVC
pvc = &corev1.PersistentVolumeClaim{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInCheNs, pvc)
assert.Nil(t, err)
pvc.Spec.Resources.Requests[corev1.ResourceStorage] = resource.MustParse("2Gi")
err = workspaceConfigReconciler.client.Update(context.TODO(), pvc)
// Sync PVC
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV)
// Check that destination PVC is not updated
pvc = &corev1.PersistentVolumeClaim{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, pvc)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, pvc.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, pvc.Labels[constants.KubernetesPartOfLabelKey])
assert.True(t, pvc.Spec.Resources.Requests[corev1.ResourceStorage].Equal(resource.MustParse("1Gi")))
// Delete dst PVC
err = deploy.DeleteIgnoreIfNotFound(context.TODO(), workspaceConfigReconciler.client, objectKeyInUserNs, &corev1.PersistentVolumeClaim{})
assert.Nil(t, err)
// Sync PVC
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1PvcGKV)
// Check if PVC in a user namespace is created again
pvc = &corev1.PersistentVolumeClaim{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, pvc)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, pvc.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, pvc.Labels[constants.KubernetesPartOfLabelKey])
assert.True(t, pvc.Spec.Resources.Requests[corev1.ResourceStorage].Equal(resource.MustParse("2Gi")))
// Delete src PVC
err = deploy.DeleteIgnoreIfNotFound(context.TODO(), workspaceConfigReconciler.client, objectKeyInCheNs, &corev1.PersistentVolumeClaim{})
assert.Nil(t, err)
// Sync PVC
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 0, v1PvcGKV)
// Check that destination PersistentVolumeClaim in a user namespace is deleted
pvc = &corev1.PersistentVolumeClaim{}
err = deployContext.ClusterAPI.Client.Get(context.TODO(), objectKeyInUserNs, pvc)
assert.NotNil(t, err)
assert.True(t, errors.IsNotFound(err))
}

90
controllers/usernamespace/workspace_secret_syncer.go Normal file
View File

@ -0,0 +1,90 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
dwconstants "github.com/devfile/devworkspace-operator/pkg/constants"
"github.com/google/go-cmp/cmp"
"github.com/google/go-cmp/cmp/cmpopts"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"sigs.k8s.io/controller-runtime/pkg/client"
)
var (
v1SecretGKV = corev1.SchemeGroupVersion.WithKind("Secret")
)
type secretSyncer struct {
workspaceConfigSyncer
}
func newSecretSyncer() *secretSyncer {
return &secretSyncer{}
}
func (p *secretSyncer) gkv() schema.GroupVersionKind {
return v1SecretGKV
}
func (p *secretSyncer) newObjectFrom(src client.Object) client.Object {
dst := src.(runtime.Object).DeepCopyObject()
dst.(*corev1.Secret).ObjectMeta = metav1.ObjectMeta{
Name: src.GetName(),
Annotations: src.GetAnnotations(),
Labels: mergeWorkspaceConfigObjectLabels(
src.GetLabels(),
map[string]string{
dwconstants.DevWorkspaceWatchSecretLabel: "true",
dwconstants.DevWorkspaceMountLabel: "true",
},
),
}
return dst.(client.Object)
}
func (p *secretSyncer) isExistedObjChanged(newObj client.Object, existedObj client.Object) bool {
if newObj.GetLabels() != nil {
for key, value := range newObj.GetLabels() {
if existedObj.GetLabels()[key] != value {
return true
}
}
}
if newObj.GetAnnotations() != nil {
for key, value := range newObj.GetAnnotations() {
if existedObj.GetAnnotations()[key] != value {
return true
}
}
}
return cmp.Diff(
newObj,
existedObj,
cmp.Options{
cmpopts.IgnoreFields(corev1.Secret{}, "TypeMeta", "ObjectMeta"),
}) != ""
}
func (p *secretSyncer) getObjectList() client.ObjectList {
return &corev1.SecretList{}
}
func (p *secretSyncer) hasReadOnlySpec() bool {
return false
}

300
controllers/usernamespace/workspace_secret_syncer_test.go Normal file
View File

@ -0,0 +1,300 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
"context"
"testing"
"github.com/eclipse-che/che-operator/pkg/common/utils"
"github.com/eclipse-che/che-operator/pkg/deploy"
"k8s.io/apimachinery/pkg/api/errors"
"github.com/eclipse-che/che-operator/pkg/common/constants"
"github.com/eclipse-che/che-operator/pkg/common/test"
"github.com/stretchr/testify/assert"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/utils/pointer"
)
func TestSyncSecrets(t *testing.T) {
deployContext := test.GetDeployContext(nil, []runtime.Object{
&corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: objectName,
Namespace: "eclipse-che",
Labels: map[string]string{
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
},
},
StringData: map[string]string{
"a": "b",
},
Data: map[string][]byte{
"c": []byte("d"),
},
Immutable: pointer.Bool(false),
}})
workspaceConfigReconciler := NewWorkspacesConfigReconciler(
deployContext.ClusterAPI.Client,
deployContext.ClusterAPI.NonCachingClient,
deployContext.ClusterAPI.Scheme,
NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
// Sync Secret
err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check Secret in a user namespace is created
secret := &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, "b", secret.StringData["a"])
assert.Equal(t, []byte("d"), secret.Data["c"])
assert.Equal(t, false, *secret.Immutable)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
// Update src Secret
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInCheNs, secret)
assert.Nil(t, err)
secret.StringData["a"] = "c"
secret.Annotations = map[string]string{
"test": "test",
}
err = workspaceConfigReconciler.client.Update(context.TODO(), secret)
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check that destination Secret is updated
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, "c", secret.StringData["a"])
assert.Equal(t, []byte("d"), secret.Data["c"])
assert.Equal(t, false, *secret.Immutable)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "test", secret.Annotations["test"])
// Update dst Secret
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
secret.StringData["a"] = "new-c"
err = workspaceConfigReconciler.client.Update(context.TODO(), secret)
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check that destination Secret is reverted
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, "c", secret.StringData["a"])
assert.Equal(t, []byte("d"), secret.Data["c"])
assert.Equal(t, false, *secret.Immutable)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
// Update dst Secret in the way that it won't be reverted
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
utils.AddMap(secret.Annotations, map[string]string{"new-annotation": "new-test"})
utils.AddMap(secret.Labels, map[string]string{"new-label": "new-test"})
err = workspaceConfigReconciler.client.Update(context.TODO(), secret)
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check that destination Secret is not reverted
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, "c", secret.StringData["a"])
assert.Equal(t, []byte("d"), secret.Data["c"])
assert.Equal(t, false, *secret.Immutable)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "new-test", secret.Labels["new-label"])
assert.Equal(t, "new-test", secret.Annotations["new-annotation"])
// Delete dst Secret
err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInUserNs, &corev1.Secret{})
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check that destination Secret is reverted
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, "c", secret.StringData["a"])
assert.Equal(t, []byte("d"), secret.Data["c"])
assert.Equal(t, false, *secret.Immutable)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
// Delete src Secret
err = deploy.DeleteIgnoreIfNotFound(context.TODO(), deployContext.ClusterAPI.Client, objectKeyInCheNs, &corev1.Secret{})
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 0, v1SecretGKV)
// Check that destination Secret in a user namespace is deleted
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.NotNil(t, err)
assert.True(t, errors.IsNotFound(err))
}
func TestSyncSecretShouldMergeLabelsAndAnnotationsOnUpdate(t *testing.T) {
deployContext := test.GetDeployContext(nil, []runtime.Object{
&corev1.Secret{
TypeMeta: metav1.TypeMeta{
Kind: "Secret",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: objectName,
Namespace: "eclipse-che",
Labels: map[string]string{
"label": "label-value",
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
},
Annotations: map[string]string{
"annotation": "annotation-value",
},
},
StringData: map[string]string{
"a": "b",
},
}})
workspaceConfigReconciler := NewWorkspacesConfigReconciler(
deployContext.ClusterAPI.Client,
deployContext.ClusterAPI.NonCachingClient,
deployContext.ClusterAPI.Scheme,
NewNamespaceCache(deployContext.ClusterAPI.NonCachingClient))
// Sync Secret
err := workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check Secret in a user namespace is created
secret := &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "label-value", secret.Labels["label"])
assert.Equal(t, "annotation-value", secret.Annotations["annotation"])
// Update labels and annotations on dst Secret
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
utils.AddMap(secret.Labels, map[string]string{"new-label": "new-label-value"})
utils.AddMap(secret.Annotations, map[string]string{"new-annotation": "new-annotation-value"})
err = workspaceConfigReconciler.client.Update(context.TODO(), secret)
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check that destination Secret is not reverted
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "label-value", secret.Labels["label"])
assert.Equal(t, "new-label-value", secret.Labels["new-label"])
assert.Equal(t, "annotation-value", secret.Annotations["annotation"])
assert.Equal(t, "new-annotation-value", secret.Annotations["new-annotation"])
// Update src Secret
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInCheNs, secret)
assert.Nil(t, err)
secret.StringData["a"] = "c"
utils.AddMap(secret.Labels, map[string]string{"label": "label-value-2"})
utils.AddMap(secret.Annotations, map[string]string{"annotation": "annotation-value-2"})
err = workspaceConfigReconciler.client.Update(context.TODO(), secret)
assert.Nil(t, err)
// Sync Secret
err = workspaceConfigReconciler.syncWorkspacesConfig(context.TODO(), userNamespace)
assert.Nil(t, err)
assertSyncConfig(t, workspaceConfigReconciler, 2, v1SecretGKV)
// Check that destination Secret is updated but old labels and annotations are preserved
secret = &corev1.Secret{}
err = workspaceConfigReconciler.client.Get(context.TODO(), objectKeyInUserNs, secret)
assert.Nil(t, err)
assert.Equal(t, "c", secret.StringData["a"])
assert.Equal(t, constants.WorkspacesConfig, secret.Labels[constants.KubernetesComponentLabelKey])
assert.Equal(t, constants.CheEclipseOrg, secret.Labels[constants.KubernetesPartOfLabelKey])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/watch-secret"])
assert.Equal(t, "true", secret.Labels["controller.devfile.io/mount-to-devworkspace"])
assert.Equal(t, "label-value-2", secret.Labels["label"])
assert.Equal(t, "new-label-value", secret.Labels["new-label"])
assert.Equal(t, "annotation-value-2", secret.Annotations["annotation"])
assert.Equal(t, "new-annotation-value", secret.Annotations["new-annotation"])
}

513
controllers/usernamespace/workspaces_config_controller.go Normal file
View File

@ -0,0 +1,513 @@
//
// Copyright (c) 2019-2023 Red Hat, Inc.
// This program and the accompanying materials are made
// available under the terms of the Eclipse Public License 2.0
// which is available at https://www.eclipse.org/legal/epl-2.0/
//
// SPDX-License-Identifier: EPL-2.0
//
// Contributors:
// Red Hat, Inc. - initial API and implementation
//
package usernamespace
import (
"context"
"fmt"
"strings"
"github.com/eclipse-che/che-operator/pkg/common/utils"
"github.com/eclipse-che/che-operator/pkg/common/constants"
"github.com/eclipse-che/che-operator/pkg/deploy"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/types"
ctrl "sigs.k8s.io/controller-runtime"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
"sigs.k8s.io/controller-runtime/pkg/source"
)
const (
syncedWorkspacesConfig = "sync-workspaces-config"
)
type WorkspacesConfigReconciler struct {
scheme *runtime.Scheme
client client.Client
nonCachedClient client.Client
namespaceCache *namespaceCache
}
// Interface for syncing workspace config objects.
type workspaceConfigSyncer interface {
gkv() schema.GroupVersionKind
isExistedObjChanged(newObj client.Object, existedObj client.Object) bool
hasReadOnlySpec() bool
getObjectList() client.ObjectList
newObjectFrom(src client.Object) client.Object
}
type syncContext struct {
dstNamespace string
srcNamespace string
ctx context.Context
syncer workspaceConfigSyncer
syncConfig map[string]string
}
var (
log = ctrl.Log.WithName("workspaces-config")
workspacesConfigLabels = map[string]string{
constants.KubernetesPartOfLabelKey: constants.CheEclipseOrg,
constants.KubernetesComponentLabelKey: constants.WorkspacesConfig,
}
workspacesConfigSelector = labels.SelectorFromSet(workspacesConfigLabels)
)
func NewWorkspacesConfigReconciler(
client client.Client,
noncachedClient client.Client,
scheme *runtime.Scheme,
namespaceCache *namespaceCache) *WorkspacesConfigReconciler {
return &WorkspacesConfigReconciler{
scheme: scheme,
client: client,
nonCachedClient: noncachedClient,
namespaceCache: namespaceCache,
}
}
func (r *WorkspacesConfigReconciler) SetupWithManager(mgr ctrl.Manager) error {
ctx := context.Background()
bld := ctrl.NewControllerManagedBy(mgr).
For(&corev1.Namespace{}).
Watches(&source.Kind{Type: &corev1.PersistentVolumeClaim{}}, r.watchRules(ctx)).
Watches(&source.Kind{Type: &corev1.Secret{}}, r.watchRules(ctx)).
Watches(&source.Kind{Type: &corev1.ConfigMap{}}, r.watchRules(ctx))
return bld.Complete(r)
}
func (r *WorkspacesConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
if req.Name == "" {
return ctrl.Result{}, nil
}
info, err := r.namespaceCache.ExamineNamespace(ctx, req.Name)
if err != nil {
log.Error(err, "Failed to examine namespace", "namespace", req.Name)
return ctrl.Result{}, err
}
if info == nil || !info.IsWorkspaceNamespace {
// namespace is not a workspace namespace, nothing to do
return ctrl.Result{}, nil
}
if err = r.syncWorkspacesConfig(ctx, req.Name); err != nil {
log.Error(err, "Failed to sync workspace configs", "namespace", req.Name)
return ctrl.Result{}, err
}
return ctrl.Result{}, nil
}
func (r *WorkspacesConfigReconciler) watchRules(ctx context.Context) handler.EventHandler {
return handler.EnqueueRequestsFromMapFunc(
func(obj client.Object) []reconcile.Request {
return asReconcileRequestsForNamespaces(obj,
[]eventRule{
{
// reconcile rule when workspace config is modified in a user namespace
// to revert the config
check: func(o metav1.Object) bool {
workspaceInfo, _ := r.namespaceCache.GetNamespaceInfo(ctx, o.GetNamespace())
return isLabeledAsWorkspacesConfig(o) &&
o.GetName() != syncedWorkspacesConfig &&
workspaceInfo != nil &&
workspaceInfo.IsWorkspaceNamespace
},
namespaces: func(o metav1.Object) []string { return []string{o.GetNamespace()} },
},
{
// reconcile rule when workspace config is modified in a che namespace
// to update the config in all users` namespaces
check: func(o metav1.Object) bool {
cheCluster, _ := deploy.FindCheClusterCRInNamespace(r.client, o.GetNamespace())
return isLabeledAsWorkspacesConfig(o) && cheCluster != nil
},
namespaces: func(o metav1.Object) []string { return r.namespaceCache.GetAllKnownNamespaces() },
}})
})
}
func (r *WorkspacesConfigReconciler) syncWorkspacesConfig(ctx context.Context, targetNs string) error {
checluster, err := deploy.FindCheClusterCRInNamespace(r.client, "")
if checluster == nil {
return nil
}
syncedConfig, err := r.getSyncConfig(ctx, targetNs)
if err != nil {
log.Error(err, "Failed to get workspace sync config", "namespace", targetNs)
return nil
}
defer func() {
if syncedConfig != nil {
if syncedConfig.GetResourceVersion() == "" {
if err := r.client.Create(ctx, syncedConfig); err != nil {
log.Error(err, "Failed to workspace create sync config", "namespace", targetNs)
}
} else {
if err := r.client.Update(ctx, syncedConfig); err != nil {
log.Error(err, "Failed to update workspace sync config", "namespace", targetNs)
}
}
}
}()
if err := r.syncObjects(
&syncContext{
dstNamespace: targetNs,
srcNamespace: checluster.GetNamespace(),
syncer: newConfigMapSyncer(),
syncConfig: syncedConfig.Data,
ctx: ctx,
}); err != nil {
return err
}
if err := r.syncObjects(
&syncContext{
dstNamespace: targetNs,
srcNamespace: checluster.GetNamespace(),
syncer: newSecretSyncer(),
syncConfig: syncedConfig.Data,
ctx: ctx,
}); err != nil {
return err
}
if err := r.syncObjects(
&syncContext{
dstNamespace: targetNs,
srcNamespace: checluster.GetNamespace(),
syncer: newPvcSyncer(),
syncConfig: syncedConfig.Data,
ctx: ctx,
}); err != nil {
return err
}
return nil
}
// syncObjects syncs objects from che namespace to target namespace.
func (r *WorkspacesConfigReconciler) syncObjects(syncContext *syncContext) error {
srcObjsList := syncContext.syncer.getObjectList()
if err := r.readSrcObjsList(syncContext.ctx, syncContext.srcNamespace, srcObjsList); err != nil {
return err
}
srcObjs, err := meta.ExtractList(srcObjsList)
if err != nil {
return err
}
for _, srcObj := range srcObjs {
newObj := syncContext.syncer.newObjectFrom(srcObj.(client.Object))
newObj.SetNamespace(syncContext.dstNamespace)
if err := r.syncObjectToNamespace(syncContext, srcObj.(client.Object), newObj); err != nil {
log.Error(err, "Failed to sync object",
"namespace", syncContext.dstNamespace,
"kind", gvk2String(syncContext.syncer.gkv()),
"name", newObj.GetName())
return err
}
}
actualSyncedSrcObjKeys := make(map[string]bool)
for _, srcObj := range srcObjs {
// compute actual synced objects keys from che namespace
actualSyncedSrcObjKeys[getKey(srcObj.(client.Object))] = true
}
for syncObjKey, _ := range syncContext.syncConfig {
if err := r.deleteObsoleteObjectFromNamespace(syncContext, actualSyncedSrcObjKeys, syncObjKey); err != nil {
log.Error(err, "Failed to delete obsolete object",
"namespace", syncContext.dstNamespace,
"kind", gvk2String(syncContext.syncer.gkv()),
"name", getNameElement(syncObjKey))
return err
}
}
return nil
}
// deleteObsoleteObjectFromNamespace deletes objects that are not synced with source objects.
// Returns error if delete failed in a destination namespace.
func (r *WorkspacesConfigReconciler) deleteObsoleteObjectFromNamespace(
syncContext *syncContext,
actualSyncedSrcObjKeys map[string]bool,
syncObjKey string,
) error {
isObjectOfGivenKind := getGVKElement(syncObjKey) == gvk2Element(syncContext.syncer.gkv())
isObjectFromSrcNamespace := getNamespaceElement(syncObjKey) == syncContext.srcNamespace
isNotSyncedInTargetNs := !actualSyncedSrcObjKeys[syncObjKey]
if isObjectOfGivenKind && isObjectFromSrcNamespace && isNotSyncedInTargetNs {
blueprint, err := r.scheme.New(syncContext.syncer.gkv())
if err != nil {
return err
}
// then delete object from target namespace if it is not synced with source object
if err := deploy.DeleteIgnoreIfNotFound(
syncContext.ctx,
r.client,
types.NamespacedName{
Name: getNameElement(syncObjKey),
Namespace: syncContext.dstNamespace,
},
blueprint.(client.Object)); err != nil {
return err
}
delete(syncContext.syncConfig, syncObjKey)
delete(syncContext.syncConfig,
buildKey(
syncContext.syncer.gkv(),
getNameElement(syncObjKey),
syncContext.dstNamespace),
)
}
return nil
}
// syncObjectToNamespace syncs source object to destination object if they differ.
// Returns error if sync failed in a destination namespace.
func (r *WorkspacesConfigReconciler) syncObjectToNamespace(
syncContext *syncContext,
srcObj client.Object,
newObj client.Object) error {
existedDstObj, err := r.scheme.New(syncContext.syncer.gkv())
if err != nil {
return err
}
err = r.client.Get(
syncContext.ctx,
types.NamespacedName{
Name: newObj.GetName(),
Namespace: newObj.GetNamespace()},
existedDstObj.(client.Object))
if err == nil {
// destination object exists, update it if it differs from source object
srcHasBeenChanged := syncContext.syncConfig[getKey(srcObj)] != srcObj.GetResourceVersion()
dstHasBeenChanged := syncContext.syncConfig[getKey(existedDstObj.(client.Object))] != existedDstObj.(client.Object).GetResourceVersion()
if srcHasBeenChanged || dstHasBeenChanged {
return r.doSyncObjectToNamespace(syncContext, srcObj, newObj, existedDstObj.(client.Object))
}
} else if errors.IsNotFound(err) {
// destination object does not exist, so it will be created
return r.doSyncObjectToNamespace(syncContext, srcObj, newObj, nil)
} else {
return err
}
return nil
}
// doSyncObjectToNamespace syncs source object to destination object by updating or creating it.
// Returns error if sync failed in a destination namespace.
func (r *WorkspacesConfigReconciler) doSyncObjectToNamespace(
syncContext *syncContext,
srcObj client.Object,
newObj client.Object,
existedObj client.Object) error {
if existedObj == nil {
if err := r.client.Create(syncContext.ctx, newObj); err != nil {
return err
}
syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion()
syncContext.syncConfig[buildKey(
syncContext.syncer.gkv(),
newObj.GetName(),
newObj.GetNamespace())] = newObj.GetResourceVersion()
log.Info("Object created",
"namespace", newObj.GetNamespace(),
"kind", gvk2String(syncContext.syncer.gkv()),
"name", newObj.GetName())
return nil
} else {
if syncContext.syncer.hasReadOnlySpec() {
// skip updating objects with readonly spec
// admin has to re-create them to update
// just update resource versions
syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion()
syncContext.syncConfig[getKey(existedObj)] = existedObj.GetResourceVersion()
log.Info("Object skipped since has readonly spec, re-create it to update",
"namespace", newObj.GetNamespace(),
"kind", gvk2String(syncContext.syncer.gkv()),
"name", newObj.GetName())
return nil
} else {
if syncContext.syncer.isExistedObjChanged(newObj, existedObj) {
// preserve labels and annotations from existed object
newObj.SetLabels(preserveExistedMapValues(newObj.GetLabels(), existedObj.GetLabels()))
newObj.SetAnnotations(preserveExistedMapValues(newObj.GetAnnotations(), existedObj.GetAnnotations()))
// set the correct resource version to update object
newObj.SetResourceVersion(existedObj.GetResourceVersion())
if err := r.client.Update(syncContext.ctx, newObj); err != nil {
return err
}
syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion()
syncContext.syncConfig[getKey(existedObj)] = newObj.GetResourceVersion()
log.Info("Object updated",
"namespace", newObj.GetNamespace(),
"kind", gvk2String(syncContext.syncer.gkv()),
"name", newObj.GetName())
return nil
} else {
// nothing to update objects are equal
// just update resource versions
syncContext.syncConfig[getKey(srcObj)] = srcObj.GetResourceVersion()
syncContext.syncConfig[getKey(existedObj)] = existedObj.GetResourceVersion()
return nil
}
}
}
}
// getSyncConfig returns ConfigMap with synced objects resource versions.
// Returns error if ConfigMap failed to be retrieved.
func (r *WorkspacesConfigReconciler) getSyncConfig(ctx context.Context, targetNs string) (*corev1.ConfigMap, error) {
syncedConfig := &corev1.ConfigMap{}
err := r.client.Get(
ctx,
types.NamespacedName{
Name: syncedWorkspacesConfig,
Namespace: targetNs,
},
syncedConfig)
if err != nil {
if errors.IsNotFound(err) {
syncedConfig = &corev1.ConfigMap{
TypeMeta: metav1.TypeMeta{
Kind: "ConfigMap",
APIVersion: "v1",
},
ObjectMeta: metav1.ObjectMeta{
Name: syncedWorkspacesConfig,
Namespace: targetNs,
Labels: workspacesConfigLabels,
},
Data: map[string]string{},
}
} else {
return nil, err
}
} else if syncedConfig.Data == nil {
syncedConfig.Data = map[string]string{}
}
return syncedConfig, nil
}
func (r *WorkspacesConfigReconciler) readSrcObjsList(ctx context.Context, srcNamespace string, objList client.ObjectList) error {
return r.client.List(
ctx,
objList,
&client.ListOptions{
Namespace: srcNamespace,
LabelSelector: workspacesConfigSelector,
})
}
func getKey(object client.Object) string {
return buildKey(object.GetObjectKind().GroupVersionKind(), object.GetName(), object.GetNamespace())
}
func buildKey(gvk schema.GroupVersionKind, name string, namespace string) string {
return fmt.Sprintf("%s.%s.%s", gvk2Element(gvk), name, namespace)
}
func gvk2Element(gvk schema.GroupVersionKind) string {
if gvk.Group == "" {
return fmt.Sprintf("%s_%s", gvk.Version, gvk.Kind)
}
return fmt.Sprintf("%s_%s_%s", gvk.Group, gvk.Version, gvk.Kind)
}
func gvk2String(gkv schema.GroupVersionKind) string {
return fmt.Sprintf("%s.%s", gkv.Version, gkv.Kind)
}
func getGVKElement(key string) string {
splits := strings.Split(key, ".")
return splits[0]
}
func getNameElement(key string) string {
splits := strings.Split(key, ".")
return splits[1]
}
func getNamespaceElement(key string) string {
splits := strings.Split(key, ".")
return splits[2]
}
func isLabeledAsWorkspacesConfig(obj metav1.Object) bool {
return obj.GetLabels()[constants.KubernetesComponentLabelKey] == constants.WorkspacesConfig &&
obj.GetLabels()[constants.KubernetesPartOfLabelKey] == constants.CheEclipseOrg
}
func mergeWorkspaceConfigObjectLabels(srcLabels map[string]string, additionalLabels map[string]string) map[string]string {
newLabels := utils.CloneMap(srcLabels)
for key, value := range additionalLabels {
newLabels[key] = value
}
// default labels
for key, value := range deploy.GetLabels(constants.WorkspacesConfig) {
newLabels[key] = value
}
return newLabels
}
func preserveExistedMapValues(newObjMap map[string]string, existedObjMap map[string]string) map[string]string {
preservedMap := utils.CloneMap(newObjMap)
for key, value := range existedObjMap {
if _, ok := preservedMap[key]; !ok {
preservedMap[key] = value
}
}
return preservedMap
}

5923
deploy/deployment/kubernetes/combined.yaml
View File

File diff suppressed because it is too large Load Diff

54
deploy/deployment/kubernetes/objects/che-operator-leader-election.Role.yaml
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
deploy/deployment/kubernetes/objects/che-operator-leader-election.RoleBinding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

2
deploy/deployment/kubernetes/objects/che-operator-selfsigned-issuer.Issuer.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/kubernetes/objects/che-operator-service.Service.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/kubernetes/objects/che-operator-serving-cert.Certificate.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

268
deploy/deployment/kubernetes/objects/che-operator.ClusterRole.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -21,11 +21,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -335,6 +241,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -343,32 +257,47 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -411,3 +340,10 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

2
deploy/deployment/kubernetes/objects/che-operator.ClusterRoleBinding.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

6
deploy/deployment/kubernetes/objects/che-operator.Deployment.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -68,7 +68,7 @@ spec:
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:0.1.4
value: quay.io/che-incubator/configbump:next
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.9
- name: RELATED_IMAGE_gateway_authorization_sidecar
@ -134,7 +134,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 1Gi
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi

168
deploy/deployment/kubernetes/objects/che-operator.Role.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -21,170 +21,34 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

2
deploy/deployment/kubernetes/objects/che-operator.RoleBinding.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/kubernetes/objects/che-operator.ServiceAccount.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

5440
deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml
View File

File diff suppressed because it is too large Load Diff

2
deploy/deployment/kubernetes/objects/eclipse-che.Namespace.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/kubernetes/objects/org.eclipse.che.MutatingWebhookConfiguration.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/kubernetes/objects/org.eclipse.che.ValidatingWebhookConfiguration.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

8
deploy/deployment/kubernetes/org_v2_checluster.yaml
View File

@ -16,7 +16,13 @@ metadata:
name: eclipse-che
namespace: eclipse-che
spec:
components: {}
components:
pluginRegistry:
disableInternalRegistry: true
devfileRegistry:
disableInternalRegistry: true
externalDevfileRegistries:
- url: 'https://registry.devfile.io'
devEnvironments: {}
networking: {}
containerRegistry: {}

5923
deploy/deployment/openshift/combined.yaml
View File

File diff suppressed because it is too large Load Diff

54
deploy/deployment/openshift/objects/che-operator-leader-election.Role.yaml
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

29
deploy/deployment/openshift/objects/che-operator-leader-election.RoleBinding.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-leader-election
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator-leader-election
subjects:
- kind: ServiceAccount
name: che-operator

2
deploy/deployment/openshift/objects/che-operator-service.Service.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

268
deploy/deployment/openshift/objects/che-operator.ClusterRole.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -21,11 +21,17 @@ metadata:
name: che-operator
rules:
- apiGroups:
- ""
- batch
resources:
- nodes
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
@ -33,93 +39,61 @@ rules:
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- oauths
verbs:
- get
- list
- watch
- patch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
- proxies
verbs:
- get
- list
- watch
- apiGroups:
- user.openshift.io
resources:
- users
verbs:
- list
- delete
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- user.openshift.io
resources:
- identities
verbs:
- delete
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- get
- list
- create
- delete
- get
- update
- patch
- delete
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
- checlusters/status
verbs:
- '*'
- apiGroups:
- project.openshift.io
resources:
@ -147,64 +121,39 @@ rules:
- create
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- apps
resources:
- secrets
- replicasets
verbs:
- list
- apiGroups:
- ""
resources:
- secrets
verbs:
- list
- get
- create
- update
- list
- patch
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- create
- get
- list
- watch
- delete
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- create
- watch
- delete
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- '*'
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
@ -218,49 +167,18 @@ rules:
verbs:
- list
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- list
- get
- patch
- delete
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- create
- delete
- get
- update
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
verbs:
- get
- apiGroups:
- operators.coreos.com
resources:
- clusterserviceversions
verbs:
- list
- get
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
@ -270,16 +188,6 @@ rules:
- get
- list
- watch
- apiGroups:
- cert-manager.io
resources:
- issuers
- certificates
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
@ -290,33 +198,27 @@ rules:
- serviceaccounts
- services
verbs:
- '*'
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- batch
- org.eclipse.che
resources:
- jobs
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- create
- get
- nonResourceURLs:
- /metrics
verbs:
@ -326,7 +228,11 @@ rules:
resources:
- kubernetesimagepullers
verbs:
- '*'
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
@ -335,6 +241,14 @@ rules:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
@ -343,32 +257,47 @@ rules:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- get
- list
- watch
- create
- delete
- patch
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
@ -411,3 +340,10 @@ rules:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create

2
deploy/deployment/openshift/objects/che-operator.ClusterRoleBinding.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

6
deploy/deployment/openshift/objects/che-operator.Deployment.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -68,7 +68,7 @@ spec:
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:0.1.4
value: quay.io/che-incubator/configbump:next
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.9
- name: RELATED_IMAGE_gateway_authorization_sidecar
@ -134,7 +134,7 @@ spec:
resources:
limits:
cpu: 500m
memory: 1Gi
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi

168
deploy/deployment/openshift/objects/che-operator.Role.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
@ -21,170 +21,34 @@ metadata:
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- '*'
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes
- routes/custom-host
verbs:
- '*'
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- list
- create
- watch
- update
- get
- delete
- apiGroups:
- ""
resources:
- pods
- services
- serviceaccounts
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- pods/exec
- pods/log
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- apps
- extensions
resources:
- deployments
- replicasets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- '*'
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- operators.coreos.com
resources:
- subscriptions
- clusterserviceversions
- operatorgroups
verbs:
- '*'
- apiGroups:
- packages.operators.coreos.com
resources:
- packagemanifests
verbs:
- get
- list
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- apps
resourceNames:
- che-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
verbs:
- '*'
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch

2
deploy/deployment/openshift/objects/che-operator.RoleBinding.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/openshift/objects/che-operator.ServiceAccount.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

5440
deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml
View File

File diff suppressed because it is too large Load Diff

2
deploy/deployment/openshift/objects/eclipse-che.Namespace.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

2
deploy/deployment/openshift/objects/org.eclipse.che.MutatingWebhookConfiguration.yaml
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2019-2023 Red Hat, Inc.
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/

Some files were not shown because too many files have changed in this diff Show More