seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-operator/config/crd/bases/org.eclipse.che_checlusters...

8162 lines
497 KiB
YAML
Raw Blame History

#
# Copyright (c) 2019-2023 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.7.0
creationTimestamp: null
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
versions:
- deprecated: true
deprecationWarning: org.eclipse.che/v1 CheCluster is deprecated and will be removed
in future releases
name: v1
schema:
openAPIV3Schema:
description: The `CheCluster` custom resource allows defining and managing
a Che server installation
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the Operator automatically creates and maintains several
ConfigMaps that will contain the appropriate environment variables the
various components of the Che installation. These generated ConfigMaps
must NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication
used by the Che installation.
properties:
debug:
description: Deprecated. The value of this flag is ignored. Debug
internal identity provider.
type: boolean
externalIdentityProvider:
description: 'Deprecated. The value of this flag is ignored. Instructs
the Operator on whether or not to deploy a dedicated Identity
Provider (Keycloak or RH SSO instance). Instructs the Operator
on whether to deploy a dedicated Identity Provider (Keycloak
or RH-SSO instance). By default, a dedicated Identity Provider
server is deployed as part of the Che installation. When `externalIdentityProvider`
is `true`, no dedicated identity provider will be deployed by
the Operator and you will need to provide details about the
external identity provider you are about to use. See also all
the other fields starting with: `identityProvider`.'
type: boolean
gatewayAuthenticationSidecarImage:
description: Gateway sidecar responsible for authentication when
NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy]
or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy].
type: string
gatewayAuthorizationSidecarImage:
description: Gateway sidecar responsible for authorization when
NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy]
or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy]
type: string
gatewayConfigBumpEnv:
description: List of environment variables to set in the Configbump
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
gatewayEnv:
description: List of environment variables to set in the Gateway
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
gatewayHeaderRewriteSidecarImage:
description: Deprecated. The value of this flag is ignored. Sidecar
functionality is now implemented in Traefik plugin.
type: string
gatewayKubeRbacProxyEnv:
description: List of environment variables to set in the Kube
rbac proxy container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
gatewayOAuthProxyEnv:
description: List of environment variables to set in the OAuth
proxy container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
identityProviderAdminUserName:
description: Deprecated. The value of this flag is ignored. Overrides
the name of the Identity Provider administrator user. Defaults
to `admin`.
type: string
identityProviderClientId:
description: Deprecated. The value of this flag is ignored. Name
of a Identity provider, Keycloak or RH-SSO, `client-id` that
is used for Che. Override this when an external Identity Provider
is in use. See the `externalIdentityProvider` field. When omitted
or left blank, it is set to the value of the `flavour` field
suffixed with `-public`.
type: string
identityProviderContainerResources:
description: Deprecated. The value of this flag is ignored. Identity
provider container custom settings.
properties:
limits:
description: Limits describes the maximum amount of compute
resources allowed.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
request:
description: Requests describes the minimum amount of compute
resources required.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
type: object
identityProviderImage:
description: Deprecated. The value of this flag is ignored. Overrides
the container image used in the Identity Provider, Keycloak
or RH-SSO, deployment. This includes the image tag. Omit it
or leave it empty to use the default container image provided
by the Operator.
type: string
identityProviderImagePullPolicy:
description: Deprecated. The value of this flag is ignored. Overrides
the image pull policy used in the Identity Provider, Keycloak
or RH-SSO, deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
identityProviderIngress:
description: Deprecated. The value of this flag is ignored. Ingress
custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
identityProviderPassword:
description: Deprecated. The value of this flag is ignored. Overrides
the password of Keycloak administrator user. Override this when
an external Identity Provider is in use. See the `externalIdentityProvider`
field. When omitted or left blank, it is set to an auto-generated
password.
type: string
identityProviderPostgresPassword:
description: Deprecated. The value of this flag is ignored. Password
for a Identity Provider, Keycloak or RH-SSO, to connect to the
database. Override this when an external Identity Provider is
in use. See the `externalIdentityProvider` field. When omitted
or left blank, it is set to an auto-generated password.
type: string
identityProviderPostgresSecret:
description: 'Deprecated. The value of this flag is ignored. The
secret that contains `password` for the Identity Provider, Keycloak
or RH-SSO, to connect to the database. When the secret is defined,
the `identityProviderPostgresPassword` is ignored. When the
value is omitted or left blank, the one of following scenarios
applies: 1. `identityProviderPostgresPassword` is defined, then
it will be used to connect to the database. 2. `identityProviderPostgresPassword`
is not defined, then a new secret with the name `che-identity-postgres-secret`
will be created with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderRealm:
description: Deprecated. The value of this flag is ignored. Name
of a Identity provider, Keycloak or RH-SSO, realm that is used
for Che. Override this when an external Identity Provider is
in use. See the `externalIdentityProvider` field. When omitted
or left blank, it is set to the value of the `flavour` field.
type: string
identityProviderRoute:
description: Deprecated. The value of this flag is ignored. Route
custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
identityProviderSecret:
description: 'Deprecated. The value of this flag is ignored. The
secret that contains `user` and `password` for Identity Provider.
When the secret is defined, the `identityProviderAdminUserName`
and `identityProviderPassword` are ignored. When the value is
omitted or left blank, the one of following scenarios applies:
1. `identityProviderAdminUserName` and `identityProviderPassword`
are defined, then they will be used. 2. `identityProviderAdminUserName`
or `identityProviderPassword` are not defined, then a new secret
with the name `che-identity-secret` will be created with default
value `admin` for `user` and with an auto-generated value for
`password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH-SSO server). Set this ONLY when a use of an external Identity
Provider is needed. See the `externalIdentityProvider` field.
By default, this will be automatically calculated and set by
the Operator.
type: string
identityToken:
description: 'Identity token to be passed to upstream. There are
two types of tokens supported: `id_token` and `access_token`.
Default value is `id_token`. This field is specific to Che installations
made for Kubernetes only and ignored for OpenShift.'
type: string
initialOpenShiftOAuthUser:
description: Deprecated. The value of this flag is ignored. For
operating with the OpenShift OAuth authentication, create a
new user account since the kubeadmin can not be used. If the
value is true, then a new OpenShift OAuth user will be created
for the HTPasswd identity provider. If the value is false and
the user has already been created, then it will be removed.
If value is an empty, then do nothing. The user's credentials
are stored in the `openshift-oauth-user-credentials` secret
in 'openshift-config' namespace by Operator. Note that this
solution is Openshift 4 platform-specific.
type: boolean
nativeUserMode:
description: Deprecated. The value of this flag is ignored. Enables
native user mode. Currently works only on OpenShift and DevWorkspace
engine. Native User mode uses OpenShift OAuth directly as identity
provider, without Keycloak.
type: boolean
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used
to setup identity federation on the OpenShift side. Auto-generated
when left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthScope:
description: Access Token Scope. This field is specific to Che
installations made for Kubernetes only and ignored for OpenShift.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift
side. Auto-generated when left blank. See also the `OAuthClientName`
field.
type: string
openShiftoAuth:
description: 'Deprecated. The value of this flag is ignored. Enables
the integration of the identity provider (Keycloak / RHSSO)
with OpenShift OAuth. Empty value on OpenShift by default. This
will allow users to directly login with their OpenShift user
through the OpenShift login, and have their workspaces created
under personal OpenShift namespaces. WARNING: the `kubeadmin`
user is NOT supported, and logging through it will NOT allow
accessing the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Deprecated. The value of this flag is ignored. Forces
the default `admin` Che user to update password on first login.
Defaults to `false`.
type: boolean
type: object
dashboard:
description: Configuration settings related to the User Dashboard
used by the Che installation.
properties:
warning:
description: Warning message that will be displayed on the User
Dashboard
type: string
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresContainerResources:
description: PostgreSQL container custom settings
properties:
limits:
description: Limits describes the maximum amount of compute
resources allowed.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
request:
description: Requests describes the minimum amount of compute
resources required.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
type: object
chePostgresDb:
description: PostgreSQL database name that the Che server uses
to connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: PostgreSQL Database host name that the Che server
uses to connect to. Defaults is `postgres`. Override this value
ONLY when using an external database. See field `externalDb`.
In the default case it will be automatically set by the Operator.
type: string
chePostgresPassword:
description: PostgreSQL password that the Che server uses to connect
to the DB. When omitted or left blank, it will be set to an
automatically generated value.
type: string
chePostgresPort:
description: PostgreSQL Database port that the Che server uses
to connect to. Defaults to 5432. Override this value ONLY when
using an external database. See field `externalDb`. In the default
case it will be automatically set by the Operator.
type: string
chePostgresSecret:
description: 'The secret that contains PostgreSQL`user` and `password`
that the Che server uses to connect to the DB. When the secret
is defined, the `chePostgresUser` and `chePostgresPassword`
are ignored. When the value is omitted or left blank, the one
of following scenarios applies: 1. `chePostgresUser` and `chePostgresPassword`
are defined, then they will be used to connect to the DB. 2.
`chePostgresUser` or `chePostgresPassword` are not defined,
then a new secret with the name `postgres-credentials` will
be created with default value of `pgche` for `user` and with
an auto-generated value for `password`. The secret must have
`app.kubernetes.io/part-of=che.eclipse.org` label.'
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the Operator on whether to deploy a dedicated
database. By default, a dedicated PostgreSQL database is deployed
as part of the Che installation. When `externalDb` is `true`,
no dedicated database will be deployed by the Operator and you
will need to provide connection details to the external DB you
are about to use. See also all the fields starting with: `chePostgres`.'
type: boolean
postgresEnv:
description: List of environment variables to set in the PostgreSQL
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
postgresImage:
description: Overrides the container image used in the PostgreSQL
database deployment. This includes the image tag. Omit it or
leave it empty to use the default container image provided by
the Operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the PostgreSQL
database deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
postgresVersion:
description: 'Indicates a PostgreSQL version image to use. Allowed
values are: `9.6` and `13.3`. Migrate your PostgreSQL database
to switch from one version to another.'
type: string
pvcClaimSize:
description: Size of the persistent volume claim for database.
Defaults to `1Gi`. To update pvc storageclass that provisions
it must support resize when Eclipse Che has been already deployed.
type: string
type: object
devWorkspace:
description: DevWorkspace operator configuration
properties:
controllerImage:
description: Overrides the container image used in the DevWorkspace
controller deployment. This includes the image tag. Omit it
or leave it empty to use the default container image provided
by the Operator.
type: string
enable:
description: Deploys the DevWorkspace Operator in the cluster.
Does nothing when a matching version of the Operator is already
installed. Fails when a non-matching version of the Operator
is already installed.
type: boolean
env:
description: List of environment variables to set in the DevWorkspace
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
runningLimit:
description: Maximum number of the running workspaces per user.
type: string
secondsOfInactivityBeforeIdling:
default: 1800
description: Idle timeout for workspaces in seconds. This timeout
is the duration after which a workspace will be idled if there
is no activity. To disable workspace idling due to inactivity,
set this value to -1.
format: int32
type: integer
secondsOfRunBeforeIdling:
default: -1
description: Run timeout for workspaces in seconds. This timeout
is the maximum duration a workspace runs. To disable workspace
run timeout, set this value to -1.
format: int32
type: integer
required:
- enable
type: object
gitServices:
description: A configuration that allows users to work with remote
Git repositories.
properties:
bitbucket:
description: Enables users to work with repositories hosted on
Bitbucket (bitbucket.org or self-hosted).
items:
description: BitBucketService enables users to work with repositories
hosted on Bitbucket (bitbucket.org or self-hosted).
properties:
endpoint:
description: 'Bitbucket server endpoint URL. Deprecated
in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
type: string
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
type: string
required:
- secretName
type: object
type: array
github:
description: Enables users to work with repositories hosted on
GitHub (github.com or GitHub Enterprise).
items:
description: GitHubService enables users to work with repositories
hosted on GitHub (GitHub.com or GitHub Enterprise).
properties:
endpoint:
description: 'GitHub server endpoint URL. Deprecated in
favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
type: string
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
GitHub OAuth Client id and GitHub OAuth Client secret.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
type: string
required:
- secretName
type: object
type: array
gitlab:
description: Enables users to work with repositories hosted on
GitLab (gitlab.com or self-hosted).
items:
description: GitLabService enables users to work with repositories
hosted on GitLab (gitlab.com or self-hosted).
properties:
endpoint:
description: 'GitLab server endpoint URL. Deprecated in
favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
type: string
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
GitHub Application id and GitLab Application Client secret.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
type: string
required:
- secretName
type: object
type: array
type: object
imagePuller:
description: Kubernetes Image Puller configuration
properties:
enable:
description: Install and configure the Community Supported Kubernetes
Image Puller Operator. When set to `true` and no spec is provided,
it will create a default KubernetesImagePuller object to be
managed by the Operator. When set to `false`, the KubernetesImagePuller
object will be deleted, and the Operator will be uninstalled,
regardless of whether a spec is provided. If the `spec.images`
field is empty, a set of recommended workspace-related images
will be automatically detected and pre-pulled after installation.
Note that while this Operator and its behavior is community-supported,
its payload may be commercially-supported for pulling commercially-supported
images.
type: boolean
spec:
description: A KubernetesImagePullerSpec to configure the image
puller in the CheCluster
properties:
affinity:
type: string
cachingCPULimit:
type: string
cachingCPURequest:
type: string
cachingIntervalHours:
type: string
cachingMemoryLimit:
type: string
cachingMemoryRequest:
type: string
configMapName:
type: string
daemonsetName:
type: string
deploymentName:
type: string
imagePullSecrets:
type: string
imagePullerImage:
type: string
images:
type: string
nodeSelector:
type: string
type: object
required:
- enable
type: object
k8s:
description: Configuration settings specific to Che installations
made on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controller
will manage ingresses. Defaults to `nginx`. NB: This drives
the `kubernetes.io/ingress.class` annotation on Che-related
ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a Kubernetes cluster.
This MUST be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: 'Deprecated. The value of this flag is ignored. Strategy
for ingress creation. Options are: `multi-host` (host is explicitly
provided in ingress), `single-host` (host is provided, path-based
rules) and `default-host` (no host is provided, path-based rules).
Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy`
in the `server` section, which defines this regardless of the
cluster type. When both are defined, the `serverExposureStrategy`
option takes precedence.'
type: string
securityContextFsGroup:
description: The FSGroup in which the Che Pod and workspace Pods
containers runs in. Default value is `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che Pod and workspace Pods containers
run as. Default value is `1724`.
type: string
singleHostExposureType:
description: Deprecated. The value of this flag is ignored. When
the serverExposureStrategy is set to `single-host`, the way
the server, registries and workspaces are exposed is further
configured by this property. The possible values are `native`,
which means that the server and workspaces are exposed using
ingresses on K8s or `gateway` where the server and workspaces
are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik].
All the endpoints whether backed by the ingress or gateway `route`
always point to the subpaths on the same domain. Defaults to
`native`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination when TLS is enabled. When the field is empty
string, the default cluster certificate will be used. See also
the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` the Che server endpoint. Default
to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server,
the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional host name, or URL, to an alternate container
registry to pull images from. This value overrides the container
registry host name defined in all the default container images
involved in a Che deployment. This is particularly useful to
install Che in a restricted environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to
install Eclipse Che in a restricted environment.
type: string
allowAutoProvisionUserNamespace:
description: Indicates if is allowed to automatically create a
user namespace. If it set to false, then user namespace must
be pre-created by a cluster administrator.
type: boolean
allowUserDefinedWorkspaceNamespaces:
description: Deprecated. The value of this flag is ignored. Defines
that a user is allowed to specify a Kubernetes namespace, or
an OpenShift project, which differs from the default. It's NOT
RECOMMENDED to set to `true` without OpenShift OAuth configured.
The OpenShift infrastructure also uses this property.
type: boolean
cheClusterRoles:
description: A comma-separated list of ClusterRoles that will
be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. Be aware that the Che Operator has to already have all
permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Deprecated. The value of this flag is ignored. Specifies
a variation of the installation. The options are `che` for
upstream Che installations or `devspaces` for Red Hat OpenShift
Dev Spaces (formerly Red Hat CodeReady Workspaces) installation
type: string
cheHost:
description: Public host name of the installed Che server. When
value is omitted, the value it will be automatically set by
the Operator. See the `cheHostTLSSecret` field.
type: string
cheHostTLSSecret:
description: Name of a secret containing certificates to secure
ingress or route for the custom host name of the installed Che
server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label. See the `cheHost` field.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the default container image provided by the
Operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly`, `next` or `latest`
images, and `IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in
Che deployment. Omit it or leave it empty to use the default
image tag provided by the Operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`.
Defaults to `INFO`.'
type: string
cheServerEnv:
description: List of environment variables to set in the Che server
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che
workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label. The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will
be applied in the generated `che` ConfigMap to be used by the
Che server, in addition to the values already generated from
other fields of the `CheCluster` custom resource (CR). When
`customCheProperties` contains a property that would be normally
generated in `che` ConfigMap from other CR fields, the value
defined in the `customCheProperties` is used instead.
type: object
dashboardCpuLimit:
description: Overrides the CPU limit used in the dashboard deployment.
In cores. (500m = .5 cores). Default to 500m.
type: string
dashboardCpuRequest:
description: Overrides the CPU request used in the dashboard deployment.
In cores. (500m = .5 cores). Default to 100m.
type: string
dashboardEnv:
description: List of environment variables to set in the dashboard
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
dashboardImage:
description: Overrides the container image used in the dashboard
deployment. This includes the image tag. Omit it or leave it
empty to use the default container image provided by the Operator.
type: string
dashboardImagePullPolicy:
description: Overrides the image pull policy used in the dashboard
deployment. Default value is `Always` for `nightly`, `next`
or `latest` images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: Deprecated. The value of this flag is ignored. Dashboard
ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard
deployment. Defaults to 256Mi.
type: string
dashboardMemoryRequest:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: Deprecated. The value of this flag is ignored. Dashboard
route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: Overrides the CPU limit used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 500m.
type: string
devfileRegistryCpuRequest:
description: Overrides the CPU request used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 100m.
type: string
devfileRegistryEnv:
description: List of environment variables to set in the plugin
registry container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
devfileRegistryImage:
description: Overrides the container image used in the devfile
registry deployment. This includes the image tag. Omit it or
leave it empty to use the default container image provided by
the Operator.
type: string
devfileRegistryIngress:
description: Deprecated. The value of this flag is ignored. The
devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the devfile
registry deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the devfile
registry deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryRoute:
description: Deprecated. The value of this flag is ignored. The
devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryUrl:
description: Deprecated in favor of `externalDevfileRegistries`
fields.
type: string
disableInternalClusterSVCNames:
description: Deprecated. The value of this flag is ignored. Disable
internal cluster SVC names usage to communicate between components
to speed up the traffic and avoid proxy issues.
type: boolean
externalDevfileRegistries:
description: External devfile registries, that serves sample,
ready-to-use devfiles. Configure this in addition to a dedicated
devfile registry (when `externalDevfileRegistry` is `false`)
or instead of it (when `externalDevfileRegistry` is `true`)
items:
description: Settings for a configuration of the external devfile
registries.
properties:
url:
description: Public URL of the devfile registry.
type: string
type: object
type: array
externalDevfileRegistry:
description: Instructs the Operator on whether to deploy a dedicated
devfile registry server. By default, a dedicated devfile registry
server is started. When `externalDevfileRegistry` is `true`,
no such dedicated server will be started by the Operator and
configure at least one devfile registry with `externalDevfileRegistries`
field.
type: boolean
externalPluginRegistry:
description: Instructs the Operator on whether to deploy a dedicated
plugin registry server. By default, a dedicated plugin registry
server is started. When `externalPluginRegistry` is `true`,
no such dedicated server will be started by the Operator and
you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: When enabled, the certificate from `che-git-self-signed-cert`
ConfigMap will be propagated to the Che components and provide
particular configuration for Git. Note, the `che-git-self-signed-cert`
ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: boolean
nonProxyHosts:
description: 'List of hosts that will be reached directly, bypassing
the proxy. Specify wild card domain use the following form `.<DOMAIN>`
and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional
configuration is required, but defining `nonProxyHosts` in a
custom resource leads to merging non proxy hosts lists from
the cluster proxy configuration and ones defined in the custom
resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.
See also the `proxyURL` fields.'
type: string
openVSXRegistryURL:
description: Open VSX registry URL. If omitted an embedded instance
will be used.
type: string
pluginRegistryCpuLimit:
description: Overrides the CPU limit used in the plugin registry
deployment. In cores. (500m = .5 cores). Default to 500m.
type: string
pluginRegistryCpuRequest:
description: Overrides the CPU request used in the plugin registry
deployment. In cores. (500m = .5 cores). Default to 100m.
type: string
pluginRegistryEnv:
description: List of environment variables to set in the devfile
registry container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind,
uid?'
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
pluginRegistryImage:
description: Overrides the container image used in the plugin
registry deployment. This includes the image tag. Omit it or
leave it empty to use the default container image provided by
the Operator.
type: string
pluginRegistryIngress:
description: Deprecated. The value of this flag is ignored. Plugin
registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the plugin registry
deployment. Defaults to 1536Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the plugin
registry deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryRoute:
description: Deprecated. The value of this flag is ignored. Plugin
registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
pluginRegistryUrl:
description: Public URL of the plugin registry that serves sample
ready-to-use devfiles. Set this ONLY when a use of an external
devfile registry is needed. See the `externalPluginRegistry`
field. By default, this will be automatically calculated by
the Operator.
type: string
proxyPassword:
description: Password of the proxy server. Only use when proxy
configuration is required. See the `proxyURL`, `proxyUser` and
`proxySecret` fields.
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. See also the `proxyURL` and `nonProxyHosts`
fields.
type: string
proxySecret:
description: The secret that contains `user` and `password` for
a proxy server. When the secret is defined, the `proxyUser`
and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
proxyURL:
description: URL (protocol+host name) of the proxy server. This
drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only
use when configuring a proxy is required. Operator respects
OpenShift cluster wide proxy configuration and no additional
configuration is required, but defining `proxyUrl` in a custom
resource leads to overrides the cluster proxy configuration
with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword`
from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.
See also the `proxyPort` and `nonProxyHosts` fields.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required. See also the `proxyURL`, `proxyPassword`
and `proxySecret` fields.
type: string
selfSignedCert:
description: Deprecated. The value of this flag is ignored. The
Che Operator will automatically detect whether the router certificate
is self-signed and propagate it to other components, such as
the Che server.
type: boolean
serverCpuLimit:
description: Overrides the CPU limit used in the Che server deployment
In cores. (500m = .5 cores). Default to 1.
type: string
serverCpuRequest:
description: Overrides the CPU request used in the Che server
deployment In cores. (500m = .5 cores). Default to 100m.
type: string
serverExposureStrategy:
description: Deprecated. The value of this flag is ignored. Sets
the server and workspaces exposure type. Possible values are
`multi-host`, `single-host`, `default-host`. Defaults to `multi-host`,
which creates a separate ingress, or OpenShift routes, for every
required endpoint. `single-host` makes Che exposed on a single
host name with workspaces exposed on subpaths. Read the docs
to learn about the limitations of this approach. Also consult
the `singleHostExposureType` property to further configure how
the Operator and the Che server make that happen on Kubernetes.
`default-host` exposes the Che server on the host of the cluster.
Read the docs to learn about the limitations of this approach.
type: string
serverMemoryLimit:
description: Overrides the memory limit used in the Che server
deployment. Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: Name of the ConfigMap with public certificates to
add to Java trust store of the Che server. This is often required
when adding the OpenShift OAuth provider, which has HTTPS endpoint
signed with self-signed cert. The Che server must be aware of
its CA cert to be able to request it. This is disabled by default.
The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:
type: string
description: The labels that need to be present in the ConfigMaps
representing the gateway configuration.
type: object
singleHostGatewayConfigSidecarImage:
description: The image used for the gateway sidecar that provides
configuration to the gateway. Omit it or leave it empty to use
the default container image provided by the Operator.
type: string
singleHostGatewayImage:
description: The image used for the gateway in the single host
mode. Omit it or leave it empty to use the default container
image provided by the Operator.
type: string
tlsSupport:
description: Deprecated. Instructs the Operator to deploy Che
in TLS mode. This is enabled by default. Disabling TLS sometimes
cause malfunction of some Che components.
type: boolean
useInternalClusterSVCNames:
description: Deprecated in favor of `disableInternalClusterSVCNames`.
type: boolean
workspaceDefaultComponents:
description: Default components applied to DevWorkspaces. These
default components are meant to be used when a Devfile does
not contain any components.
items:
properties:
attributes:
description: Map of implementation-dependant free-form YAML
attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
- Plugin
- Custom
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added to specific
resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to service
type: object
type: object
args:
description: "The arguments to supply to the command
running the dockerimage component. The arguments are
supplied either to the default command provided in
the image or to the overridden command. \n Defaults
to an empty array, meaning use whatever is defined
in the image."
items:
type: string
type: array
command:
description: "The command to run in the dockerimage
component instead of the default one provided in the
image. \n Defaults to an empty array, meaning use
whatever is defined in the image."
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: "Specify if a container should run in its
own separated pod, instead of running as part of the
main development environment pod. \n Default value
is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes. \n Examples
of Che-specific attributes: \n - cookiesAuthEnabled:
\"true\" / \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: "Describes how the endpoint should
be exposed on the network. \n - `public` means
that the endpoint will be exposed on the public
network, typically through a K8S ingress or
an OpenShift route. \n - `internal` means that
the endpoint will be exposed internally outside
of the main devworkspace POD, typically by K8S
services, to be consumed by other elements running
on the same cloud internal network. \n - `none`
means that the endpoint will not be exposed
and will only be accessible inside the main
devworkspace POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: "Describes the application and transport
protocols of the traffic that will go through
this endpoint. \n - `http`: Endpoint will have
`http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https`
when the `secure` field is set to `true`. \n
- `https`: Endpoint will have `https` traffic,
typically on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when
the `secure` field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic, typically
on a TCP connection. \n - `tcp`: Endpoint will
have traffic on a TCP connection, without specifying
an application protocol. \n - `udp`: Endpoint
will have traffic on an UDP connection, without
specifying an application protocol. \n Default
value is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint should
be secured and protected by some authentication
process. This requires a protocol of `https`
or `wss`.
type: boolean
targetPort:
description: Port number to be used within the
container component. The same port cannot be
used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
env:
description: "Environment variables used in this container.
\n The following variables are reserved and cannot
be overridden via env: \n - `$PROJECTS_ROOT` \n -
`$PROJECT_SOURCE`"
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: "Toggles whether or not the project source
code should be mounted in the component. \n Defaults
to true for all component types except plugins and
components that set `dedicatedPod` to true."
type: boolean
sourceMapping:
default: /projects
description: Optional specification of the path in the
container where project sources should be transferred/mounted
when `mountSources` is `true`. When omitted, the default
value of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should be mounted
is this container.
items:
description: Volume that should be mounted to a component
container
properties:
name:
description: The volume mount name is the name
of an existing `Volume` component. If several
containers mount the same volume name then they
will reuse the same volume and will be able
to access to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: The path in the component container
where the volume should be mounted. If not path
is mentioned, default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
required:
- image
type: object
custom:
description: Custom component whose logic is implementation-dependant
and should be provided by the user possibly through some
dedicated controller
properties:
componentClass:
description: Class of component that the associated
implementation controller should use to process this
command with the appropriate logic
type: string
embeddedResource:
description: Additional free-form configuration for
this custom component that the implementation controller
will know how to use
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
required:
- componentClass
- embeddedResource
type: object
image:
description: Allows specifying the definition of an image
for outer loop builds
properties:
autoBuild:
description: "Defines if the image should be built during
startup. \n Default value is `false`"
type: boolean
dockerfile:
description: Allows specifying dockerfile type build
properties:
args:
description: The arguments to supply to the dockerfile
build.
items:
type: string
type: array
buildContext:
description: Path of source directory to establish
build context. Defaults to ${PROJECT_SOURCE} in
the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry source
properties:
id:
description: Id in a devfile registry that contains
a Dockerfile. The src in the OCI registry
required for the Dockerfile build will be
downloaded for building the image.
type: string
registryUrl:
description: Devfile Registry URL to pull the
Dockerfile from when using the Devfile Registry
as Dockerfile src. To ensure the Dockerfile
gets resolved consistently in different environments,
it is recommended to always specify the `devfileRegistryUrl`
when `Id` is used.
type: string
required:
- id
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the project should
be checked out. Required if there are more
than one remote configured
properties:
remote:
description: The remote name should be used
as init. Required if there are more than
one remote configured
type: string
revision:
description: The revision to checkout from.
Should be branch name, tag or commit id.
Default branch is used if missing or specified
revision is not found.
type: string
type: object
fileLocation:
description: Location of the Dockerfile in the
Git repository when using git as Dockerfile
src. Defaults to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: The remotes map which should be
initialized in the git project. Projects must
have at least one remote configured while
StarterProjects & Image Component's Git source
can only have at most one remote configured.
type: object
required:
- remotes
type: object
rootRequired:
description: "Specify if a privileged builder pod
is required. \n Default value is `false`"
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: URI Reference of a Dockerfile. It can
be a full URL or a relative URI from the current
devfile as the base URI.
type: string
type: object
imageName:
description: Name of the image for the resulting outerloop
build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
type: string
required:
- imageName
type: object
kubernetes:
description: Allows importing into the devworkspace the
Kubernetes resources defined in a given manifest. For
example this allows reusing the Kubernetes definitions
used to deploy some runtime components in production.
properties:
deployByDefault:
description: "Defines if the component should be deployed
during startup. \n Default value is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes. \n Examples
of Che-specific attributes: \n - cookiesAuthEnabled:
\"true\" / \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: "Describes how the endpoint should
be exposed on the network. \n - `public` means
that the endpoint will be exposed on the public
network, typically through a K8S ingress or
an OpenShift route. \n - `internal` means that
the endpoint will be exposed internally outside
of the main devworkspace POD, typically by K8S
services, to be consumed by other elements running
on the same cloud internal network. \n - `none`
means that the endpoint will not be exposed
and will only be accessible inside the main
devworkspace POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: "Describes the application and transport
protocols of the traffic that will go through
this endpoint. \n - `http`: Endpoint will have
`http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https`
when the `secure` field is set to `true`. \n
- `https`: Endpoint will have `https` traffic,
typically on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when
the `secure` field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic, typically
on a TCP connection. \n - `tcp`: Endpoint will
have traffic on a TCP connection, without specifying
an application protocol. \n - `udp`: Endpoint
will have traffic on an UDP connection, without
specifying an application protocol. \n Default
value is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint should
be secured and protected by some authentication
process. This requires a protocol of `https`
or `wss`.
type: boolean
targetPort:
description: Port number to be used within the
container component. The same port cannot be
used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
name:
description: Mandatory name that allows referencing the
component from other elements (such as commands) or from
an external devfile that may reference this component
through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: Allows importing into the devworkspace the
OpenShift resources defined in a given manifest. For example
this allows reusing the OpenShift definitions used to
deploy some runtime components in production.
properties:
deployByDefault:
description: "Defines if the component should be deployed
during startup. \n Default value is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes. \n Examples
of Che-specific attributes: \n - cookiesAuthEnabled:
\"true\" / \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: "Describes how the endpoint should
be exposed on the network. \n - `public` means
that the endpoint will be exposed on the public
network, typically through a K8S ingress or
an OpenShift route. \n - `internal` means that
the endpoint will be exposed internally outside
of the main devworkspace POD, typically by K8S
services, to be consumed by other elements running
on the same cloud internal network. \n - `none`
means that the endpoint will not be exposed
and will only be accessible inside the main
devworkspace POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: "Describes the application and transport
protocols of the traffic that will go through
this endpoint. \n - `http`: Endpoint will have
`http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https`
when the `secure` field is set to `true`. \n
- `https`: Endpoint will have `https` traffic,
typically on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when
the `secure` field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic, typically
on a TCP connection. \n - `tcp`: Endpoint will
have traffic on a TCP connection, without specifying
an application protocol. \n - `udp`: Endpoint
will have traffic on an UDP connection, without
specifying an application protocol. \n Default
value is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint should
be secured and protected by some authentication
process. This requires a protocol of `https`
or `wss`.
type: boolean
targetPort:
description: Port number to be used within the
container component. The same port cannot be
used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
plugin:
description: "Allows importing a plugin. \n Plugins are
mainly imported devfiles that contribute components, commands
and events as a consistent single unit. They are defined
in either YAML files following the devfile syntax, or
as `DevWorkspaceTemplate` Kubernetes Custom Resources"
properties:
commands:
description: Overrides of commands encapsulated in a
parent devfile or a plugin. Overriding is done according
to K8S strategic merge patch standard rules.
items:
properties:
apply:
description: "Command that consists in applying
a given component definition, typically bound
to a devworkspace event. \n For example, when
an `apply` command is bound to a `preStart`
event, and references a `container` component,
it will start the container as a K8S initContainer
in the devworkspace POD, unless the component
has its `dedicatedPod` field set to `true`.
\n When no `apply` command exist for a given
component, it is assumed the component will
be applied at devworkspace start by default,
unless `deployByDefault` for that component
is set to false."
properties:
component:
description: Describes component that will
be applied
type: string
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: Optional label that provides
a label for this command to be used in Editor
UI menus for example
type: string
type: object
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
commandType:
description: Type of devworkspace command
enum:
- Exec
- Apply
- Composite
type: string
composite:
description: Composite command that allows executing
several sub-commands either sequentially or
concurrently
properties:
commands:
description: The commands that comprise this
composite command
items:
type: string
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: Optional label that provides
a label for this command to be used in Editor
UI menus for example
type: string
parallel:
description: Indicates if the sub-commands
should be executed concurrently
type: boolean
type: object
exec:
description: CLI Command executed in an existing
component container
properties:
commandLine:
description: "The actual command-line string
\n Special variables that can be used: \n
\ - `$PROJECTS_ROOT`: A path where projects
sources are mounted as defined by container
component's sourceMapping. \n - `$PROJECT_SOURCE`:
A path to a project source ($PROJECTS_ROOT/<project-name>).
If there are multiple projects, this will
point to the directory of the first one."
type: string
component:
description: Describes component to which
given action relates
type: string
env:
description: Optional list of environment
variables that have to be set before running
the command
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
hotReloadCapable:
description: "Specify whether the command
is restarted or not when the source code
changes. If set to `true` the command won't
be restarted. A *hotReloadCapable* `run`
or `debug` command is expected to handle
file changes on its own and won't be restarted.
A *hotReloadCapable* `build` command is
expected to be executed only once and won't
be executed again. This field is taken into
account only for commands `build`, `run`
and `debug` with `isDefault` set to `true`.
\n Default value is `false`"
type: boolean
label:
description: Optional label that provides
a label for this command to be used in Editor
UI menus for example
type: string
workingDir:
description: "Working directory where the
command should be executed \n Special variables
that can be used: \n - `$PROJECTS_ROOT`:
A path where projects sources are mounted
as defined by container component's sourceMapping.
\n - `$PROJECT_SOURCE`: A path to a project
source ($PROJECTS_ROOT/<project-name>).
If there are multiple projects, this will
point to the directory of the first one."
type: string
type: object
id:
description: Mandatory identifier that allows
referencing this command in composite commands,
from a parent, or in events.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- id
type: object
type: array
components:
description: Overrides of components encapsulated in
a parent devfile or a plugin. Overriding is done according
to K8S strategic merge patch standard rules.
items:
properties:
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added
to specific resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to
deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to
service
type: object
type: object
args:
description: "The arguments to supply to the
command running the dockerimage component.
The arguments are supplied either to the
default command provided in the image or
to the overridden command. \n Defaults to
an empty array, meaning use whatever is
defined in the image."
items:
type: string
type: array
command:
description: "The command to run in the dockerimage
component instead of the default one provided
in the image. \n Defaults to an empty array,
meaning use whatever is defined in the image."
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: "Specify if a container should
run in its own separated pod, instead of
running as part of the main development
environment pod. \n Default value is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes.
\n Examples of Che-specific attributes:
\n - cookiesAuthEnabled: \"true\"
/ \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: "Describes how the endpoint
should be exposed on the network.
\n - `public` means that the endpoint
will be exposed on the public network,
typically through a K8S ingress or
an OpenShift route. \n - `internal`
means that the endpoint will be exposed
internally outside of the main devworkspace
POD, typically by K8S services, to
be consumed by other elements running
on the same cloud internal network.
\n - `none` means that the endpoint
will not be exposed and will only
be accessible inside the main devworkspace
POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: "Describes the application
and transport protocols of the traffic
that will go through this endpoint.
\n - `http`: Endpoint will have `http`
traffic, typically on a TCP connection.
It will be automaticaly promoted to
`https` when the `secure` field is
set to `true`. \n - `https`: Endpoint
will have `https` traffic, typically
on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically
on a TCP connection. It will be automaticaly
promoted to `wss` when the `secure`
field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic,
typically on a TCP connection. \n
- `tcp`: Endpoint will have traffic
on a TCP connection, without specifying
an application protocol. \n - `udp`:
Endpoint will have traffic on an UDP
connection, without specifying an
application protocol. \n Default value
is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint
should be secured and protected by
some authentication process. This
requires a protocol of `https` or
`wss`.
type: boolean
targetPort:
description: Port number to be used
within the container component. The
same port cannot be used by two different
container components.
type: integer
required:
- name
type: object
type: array
env:
description: "Environment variables used in
this container. \n The following variables
are reserved and cannot be overridden via
env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`"
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: "Toggles whether or not the project
source code should be mounted in the component.
\n Defaults to true for all component types
except plugins and components that set `dedicatedPod`
to true."
type: boolean
sourceMapping:
description: Optional specification of the
path in the container where project sources
should be transferred/mounted when `mountSources`
is `true`. When omitted, the default value
of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should
be mounted is this container.
items:
description: Volume that should be mounted
to a component container
properties:
name:
description: The volume mount name is
the name of an existing `Volume` component.
If several containers mount the same
volume name then they will reuse the
same volume and will be able to access
to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: The path in the component
container where the volume should
be mounted. If not path is mentioned,
default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
type: object
image:
description: Allows specifying the definition
of an image for outer loop builds
properties:
autoBuild:
description: "Defines if the image should
be built during startup. \n Default value
is `false`"
type: boolean
dockerfile:
description: Allows specifying dockerfile
type build
properties:
args:
description: The arguments to supply to
the dockerfile build.
items:
type: string
type: array
buildContext:
description: Path of source directory
to establish build context. Defaults
to ${PROJECT_SOURCE} in the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry
source
properties:
id:
description: Id in a devfile registry
that contains a Dockerfile. The
src in the OCI registry required
for the Dockerfile build will be
downloaded for building the image.
type: string
registryUrl:
description: Devfile Registry URL
to pull the Dockerfile from when
using the Devfile Registry as Dockerfile
src. To ensure the Dockerfile gets
resolved consistently in different
environments, it is recommended
to always specify the `devfileRegistryUrl`
when `Id` is used.
type: string
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the
project should be checked out. Required
if there are more than one remote
configured
properties:
remote:
description: The remote name should
be used as init. Required if
there are more than one remote
configured
type: string
revision:
description: The revision to checkout
from. Should be branch name,
tag or commit id. Default branch
is used if missing or specified
revision is not found.
type: string
type: object
fileLocation:
description: Location of the Dockerfile
in the Git repository when using
git as Dockerfile src. Defaults
to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: The remotes map which
should be initialized in the git
project. Projects must have at least
one remote configured while StarterProjects
& Image Component's Git source can
only have at most one remote configured.
type: object
type: object
rootRequired:
description: "Specify if a privileged
builder pod is required. \n Default
value is `false`"
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: URI Reference of a Dockerfile.
It can be a full URL or a relative URI
from the current devfile as the base
URI.
type: string
type: object
imageName:
description: Name of the image for the resulting
outerloop build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
- AutoBuild
type: string
type: object
kubernetes:
description: Allows importing into the devworkspace
the Kubernetes resources defined in a given
manifest. For example this allows reusing the
Kubernetes definitions used to deploy some runtime
components in production.
properties:
deployByDefault:
description: "Defines if the component should
be deployed during startup. \n Default value
is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes.
\n Examples of Che-specific attributes:
\n - cookiesAuthEnabled: \"true\"
/ \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: "Describes how the endpoint
should be exposed on the network.
\n - `public` means that the endpoint
will be exposed on the public network,
typically through a K8S ingress or
an OpenShift route. \n - `internal`
means that the endpoint will be exposed
internally outside of the main devworkspace
POD, typically by K8S services, to
be consumed by other elements running
on the same cloud internal network.
\n - `none` means that the endpoint
will not be exposed and will only
be accessible inside the main devworkspace
POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: "Describes the application
and transport protocols of the traffic
that will go through this endpoint.
\n - `http`: Endpoint will have `http`
traffic, typically on a TCP connection.
It will be automaticaly promoted to
`https` when the `secure` field is
set to `true`. \n - `https`: Endpoint
will have `https` traffic, typically
on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically
on a TCP connection. It will be automaticaly
promoted to `wss` when the `secure`
field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic,
typically on a TCP connection. \n
- `tcp`: Endpoint will have traffic
on a TCP connection, without specifying
an application protocol. \n - `udp`:
Endpoint will have traffic on an UDP
connection, without specifying an
application protocol. \n Default value
is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint
should be secured and protected by
some authentication process. This
requires a protocol of `https` or
`wss`.
type: boolean
targetPort:
description: Port number to be used
within the container component. The
same port cannot be used by two different
container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
name:
description: Mandatory name that allows referencing
the component from other elements (such as commands)
or from an external devfile that may reference
this component through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: Allows importing into the devworkspace
the OpenShift resources defined in a given manifest.
For example this allows reusing the OpenShift
definitions used to deploy some runtime components
in production.
properties:
deployByDefault:
description: "Defines if the component should
be deployed during startup. \n Default value
is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes.
\n Examples of Che-specific attributes:
\n - cookiesAuthEnabled: \"true\"
/ \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: "Describes how the endpoint
should be exposed on the network.
\n - `public` means that the endpoint
will be exposed on the public network,
typically through a K8S ingress or
an OpenShift route. \n - `internal`
means that the endpoint will be exposed
internally outside of the main devworkspace
POD, typically by K8S services, to
be consumed by other elements running
on the same cloud internal network.
\n - `none` means that the endpoint
will not be exposed and will only
be accessible inside the main devworkspace
POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: "Describes the application
and transport protocols of the traffic
that will go through this endpoint.
\n - `http`: Endpoint will have `http`
traffic, typically on a TCP connection.
It will be automaticaly promoted to
`https` when the `secure` field is
set to `true`. \n - `https`: Endpoint
will have `https` traffic, typically
on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically
on a TCP connection. It will be automaticaly
promoted to `wss` when the `secure`
field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic,
typically on a TCP connection. \n
- `tcp`: Endpoint will have traffic
on a TCP connection, without specifying
an application protocol. \n - `udp`:
Endpoint will have traffic on an UDP
connection, without specifying an
application protocol. \n Default value
is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint
should be secured and protected by
some authentication process. This
requires a protocol of `https` or
`wss`.
type: boolean
targetPort:
description: Port number to be used
within the container component. The
same port cannot be used by two different
container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
volume:
description: Allows specifying the definition
of a volume shared by several other components
properties:
ephemeral:
description: Ephemeral volumes are not stored
persistently across restarts. Defaults to
false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
id:
description: Id in a registry that contains a Devfile
yaml file
type: string
importReferenceType:
description: type of location from where the referenced
template structure should be retrieved
enum:
- Uri
- Id
- Kubernetes
type: string
kubernetes:
description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
registryUrl:
description: Registry URL to pull the parent devfile
from when using id in the parent reference. To ensure
the parent devfile gets resolved consistently in different
environments, it is recommended to always specify
the `registryUrl` when `id` is used.
type: string
uri:
description: URI Reference of a parent devfile YAML
file. It can be a full URL or a relative URI with
the current devfile as the base URI.
type: string
version:
description: Specific stack/sample version to pull the
parent devfile from, when using id in the parent reference.
To specify `version`, `id` must be defined and used
as the import reference source. `version` can be either
a specific stack version, or `latest`. If no `version`
specified, default version will be used.
pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$
type: string
type: object
volume:
description: Allows specifying the definition of a volume
shared by several other components
properties:
ephemeral:
description: Ephemeral volumes are not stored persistently
across restarts. Defaults to false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
workspaceDefaultEditor:
default: che-incubator/che-code/latest
description: The default editor to workspace create with. It could
be a plugin ID or a URI. The plugin ID must have `publisher/plugin/version`.
The URI must start from `http`.
type: string
workspaceNamespaceDefault:
description: Defines Kubernetes default namespace in which user's
workspaces are created for a case when a user does not override
it. It's possible to use `<username>`, `<userid>` and `<workspaceid>`
placeholders, such as che-workspace-<username>. In that case,
a new namespace will be created for each user or workspace.
type: string
workspacePodNodeSelector:
additionalProperties:
type: string
description: The node selector that limits the nodes that can
run the workspace pods.
type: object
workspacePodTolerations:
description: The pod tolerations put on the workspace pods to
limit where the workspace pods can run.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
workspacesDefaultPlugins:
description: Default plug-ins applied to Devworkspaces.
items:
properties:
editor:
description: The editor id to specify default plug-ins for.
type: string
plugins:
description: Default plug-in uris for the specified editor.
items:
type: string
type: array
type: object
type: array
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
perWorkspaceStrategyPVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. When omitted or left blank, a default
storage class is used.
type: string
perWorkspaceStrategyPvcClaimSize:
description: Size of the persistent volume claim for workspaces.
type: string
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the PostgreSQL database. When omitted or left blank, a default
storage class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to start a special Pod to
pre-create a sub-path in the Persistent Volumes. Defaults to
`false`, however it will need to enable it according to the
configuration of your Kubernetes cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `10Gi`.
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit
it or leave it empty to use the default container image provided
by the Operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. When omitted or left blank, a default
storage class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`.
type: string
cheURL:
description: Public URL to the Che server.
type: string
cheVersion:
description: Current installed Che version.
type: string
dbProvisioned:
description: Indicates that a PostgreSQL instance has been correctly
provisioned or not.
type: boolean
devfileRegistryURL:
description: Public URL to the devfile registry.
type: string
devworkspaceStatus:
description: The status of the Devworkspace subsystem
properties:
gatewayHost:
description: GatewayHost is the resolved host of the ingress/route.
This is equal to the Host in the spec on Kubernetes but contains
the actual host name of the route if Host is unspecified on
OpenShift.
type: string
gatewayPhase:
description: GatewayPhase specifies the phase in which the gateway
deployment currently is. If the gateway is disabled, the phase
is "Inactive".
type: string
message:
description: Message contains further human-readable info for
why the Che cluster is in the phase it currently is.
type: string
phase:
description: Phase is the phase in which the Che cluster as a
whole finds itself in.
type: string
reason:
description: A brief CamelCase message indicating details about
why the Che cluster is in this state.
type: string
workspaceBaseDomain:
description: The resolved workspace base domain. This is either
the copy of the explicitly defined property of the same name
in the spec or, if it is undefined in the spec and we're running
on OpenShift, the automatically resolved basedomain for routes.
type: string
type: object
gitHubOAuthProvisioned:
description: Indicates whether an Identity Provider instance, Keycloak
or RH-SSO, has been configured to integrate with the GitHub OAuth.
type: boolean
gitServerTLSCertificateConfigMapName:
description: The ConfigMap containing certificates to propagate to
the Che components and to provide particular configuration for Git.
type: string
helpLink:
description: A URL that points to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance, Keycloak
or RH-SSO, has been provisioned with realm, client and user.
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server, Keycloak
or RH-SSO,.
type: string
message:
description: A human readable message indicating details about why
the Pod is in this condition.
type: string
openShiftOAuthUserCredentialsSecret:
description: OpenShift OAuth secret in `openshift-config` namespace
that contains user credentials for HTPasswd identity provider.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance, Keycloak
or RH-SSO, has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the plugin registry.
type: string
reason:
description: A brief CamelCase message indicating details about why
the Pod is in this state.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v2
schema:
openAPIV3Schema:
description: 'The `CheCluster` custom resource allows defining and managing
Eclipse Che server installation. Based on these settings, the Operator
automatically creates and maintains several ConfigMaps: `che`, `plugin-registry`,
`devfile-registry` that will contain the appropriate environment variables
of the various components of the installation. These generated ConfigMaps
must NOT be updated manually.'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of Eclipse Che installation.
properties:
components:
default:
cheServer:
debug: false
logLevel: INFO
metrics:
enable: true
description: Che components configuration.
properties:
cheServer:
default:
debug: false
logLevel: INFO
description: General configuration settings related to the Che
server.
properties:
clusterRoles:
description: 'Additional ClusterRoles assigned to Che ServiceAccount.
Each role must have a `app.kubernetes.io/part-of=che.eclipse.org`
label. The defaults roles are: - `<che-namespace>-cheworkspaces-clusterrole`
- `<che-namespace>-cheworkspaces-namespaces-clusterrole`
- `<che-namespace>-cheworkspaces-devworkspace-clusterrole`
where the <che-namespace> is the namespace where the CheCluster
CR is created. The Che Operator must already have all permissions
in these ClusterRoles to grant them.'
items:
type: string
type: array
debug:
default: false
description: Enables the debug mode for Che server.
type: boolean
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined
environment variables in the container and
any service environment variables. If a
variable cannot be resolved, the reference
in the input string will be unchanged. Double
$$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and
requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
extraProperties:
additionalProperties:
type: string
description: A map of additional environment variables applied
in the generated `che` ConfigMap to be used by the Che server
in addition to the values already generated from other fields
of the `CheCluster` custom resource (CR). If the `extraProperties`
field contains a property normally generated in `che` ConfigMap
from other CR fields, the value defined in the `extraProperties`
is used instead.
type: object
logLevel:
default: INFO
description: 'The log level for the Che server: `INFO` or
`DEBUG`.'
type: string
proxy:
description: Proxy server settings for Kubernetes cluster.
No additional configuration is required for OpenShift cluster.
By specifying these settings for the OpenShift cluster,
you override the OpenShift proxy configuration.
properties:
credentialsSecretName:
description: The secret name that contains `user` and
`password` for a proxy server. The secret must have
a `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
nonProxyHosts:
description: 'A list of hosts that can be reached directly,
bypassing the proxy. Specify wild card domain use the
following form `.<DOMAIN>`, for example: - localhost -
my.host.com - 123.42.12.32 Use only when a proxy
configuration is required. The Operator respects OpenShift
cluster-wide proxy configuration, defining `nonProxyHosts`
in a custom resource leads to merging non-proxy hosts
lists from the cluster proxy configuration, and the
ones defined in the custom resources. See the following
page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.'
items:
type: string
type: array
port:
description: Proxy server port.
type: string
url:
description: 'URL (protocol+hostname) of the proxy server.
Use only when a proxy configuration is required. The
Operator respects OpenShift cluster-wide proxy configuration,
defining `url` in a custom resource leads to overriding
the cluster proxy configuration. See the following page:
https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.'
type: string
type: object
type: object
dashboard:
description: Configuration settings related to the dashboard used
by the Che installation.
properties:
branding:
description: Dashboard branding resources.
properties:
logo:
description: Dashboard logo.
properties:
base64data:
type: string
mediatype:
type: string
required:
- base64data
- mediatype
type: object
type: object
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined
environment variables in the container and
any service environment variables. If a
variable cannot be resolved, the reference
in the input string will be unchanged. Double
$$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and
requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
headerMessage:
description: Dashboard header message.
properties:
show:
description: Instructs dashboard to show the message.
type: boolean
text:
description: Warning message displayed on the user dashboard.
type: string
type: object
logLevel:
default: ERROR
description: The log level for the Dashboard.
enum:
- DEBUG
- INFO
- WARN
- ERROR
- FATAL
- TRACE
- SILENT
type: string
type: object
devWorkspace:
description: DevWorkspace Operator configuration.
properties:
runningLimit:
description: Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser`
The maximum number of running workspaces per user.
type: string
type: object
devfileRegistry:
description: Configuration settings related to the devfile registry
used by the Che installation.
properties:
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined
environment variables in the container and
any service environment variables. If a
variable cannot be resolved, the reference
in the input string will be unchanged. Double
$$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and
requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
disableInternalRegistry:
description: Disables internal devfile registry.
type: boolean
externalDevfileRegistries:
description: External devfile registries serving sample ready-to-use
devfiles.
items:
description: External devfile registries configuration.
properties:
url:
description: The public UR of the devfile registry that
serves sample ready-to-use devfiles.
type: string
type: object
type: array
type: object
imagePuller:
description: Kubernetes Image Puller configuration.
properties:
enable:
description: Install and configure the community supported
Kubernetes Image Puller Operator. When you set the value
to `true` without providing any specs, it creates a default
Kubernetes Image Puller object managed by the Operator.
When you set the value to `false`, the Kubernetes Image
Puller object is deleted, and the Operator uninstalled,
regardless of whether a spec is provided. If you leave the
`spec.images` field empty, a set of recommended workspace-related
images is automatically detected and pre-pulled after installation.
Note that while this Operator and its behavior is community-supported,
its payload may be commercially-supported for pulling commercially-supported
images.
type: boolean
spec:
description: A Kubernetes Image Puller spec to configure the
image puller in the CheCluster.
properties:
affinity:
type: string
cachingCPULimit:
type: string
cachingCPURequest:
type: string
cachingIntervalHours:
type: string
cachingMemoryLimit:
type: string
cachingMemoryRequest:
type: string
configMapName:
type: string
daemonsetName:
type: string
deploymentName:
type: string
imagePullSecrets:
type: string
imagePullerImage:
type: string
images:
type: string
nodeSelector:
type: string
type: object
type: object
metrics:
default:
enable: true
description: Che server metrics configuration.
properties:
enable:
default: true
description: Enables `metrics` for the Che server endpoint.
type: boolean
type: object
pluginRegistry:
description: Configuration settings related to the plug-in registry
used by the Che installation.
properties:
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined
environment variables in the container and
any service environment variables. If a
variable cannot be resolved, the reference
in the input string will be unchanged. Double
$$ are reduced to a single $, which allows
for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal
"$(VAR_NAME)". Escaped references will never
be expanded, regardless of whether the variable
exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod:
supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the
container: only resources limits and
requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores)
If the value is not specified, then the
default value is set depending on the
component. If value is `0`, then no value
is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi =
500GiB = 500 * 1024 * 1024 * 1024) If
the value is not specified, then the default
value is set depending on the component.
If value is `0`, then no value is set
for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
disableInternalRegistry:
description: Disables internal plug-in registry.
type: boolean
externalPluginRegistries:
description: External plugin registries.
items:
description: External plug-in registries configuration.
properties:
url:
description: Public URL of the plug-in registry.
type: string
type: object
type: array
openVSXURL:
description: Open VSX registry URL. If omitted an embedded
instance will be used.
type: string
type: object
type: object
containerRegistry:
description: Configuration of an alternative registry that stores
Che images.
properties:
hostname:
description: An optional hostname or URL of an alternative container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful for
installing Che in a restricted environment.
type: string
organization:
description: An optional repository name of an alternative registry
to pull images from. This value overrides the container registry
organization defined in all the default container images involved
in a Che deployment. This is particularly useful for installing
Eclipse Che in a restricted environment.
type: string
type: object
devEnvironments:
default:
defaultNamespace:
autoProvision: true
template: <username>-che
maxNumberOfWorkspacesPerUser: -1
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
properties:
containerBuildConfiguration:
description: Container build configuration.
properties:
openShiftSecurityContextConstraint:
default: container-build
description: OpenShift security context constraint to build
containers.
type: string
type: object
defaultComponents:
description: Default components applied to DevWorkspaces. These
default components are meant to be used when a Devfile, that
does not contain any components.
items:
properties:
attributes:
description: Map of implementation-dependant free-form YAML
attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
- Plugin
- Custom
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added to specific
resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to service
type: object
type: object
args:
description: "The arguments to supply to the command
running the dockerimage component. The arguments are
supplied either to the default command provided in
the image or to the overridden command. \n Defaults
to an empty array, meaning use whatever is defined
in the image."
items:
type: string
type: array
command:
description: "The command to run in the dockerimage
component instead of the default one provided in the
image. \n Defaults to an empty array, meaning use
whatever is defined in the image."
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: "Specify if a container should run in its
own separated pod, instead of running as part of the
main development environment pod. \n Default value
is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes. \n Examples
of Che-specific attributes: \n - cookiesAuthEnabled:
\"true\" / \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: "Describes how the endpoint should
be exposed on the network. \n - `public` means
that the endpoint will be exposed on the public
network, typically through a K8S ingress or
an OpenShift route. \n - `internal` means that
the endpoint will be exposed internally outside
of the main devworkspace POD, typically by K8S
services, to be consumed by other elements running
on the same cloud internal network. \n - `none`
means that the endpoint will not be exposed
and will only be accessible inside the main
devworkspace POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: "Describes the application and transport
protocols of the traffic that will go through
this endpoint. \n - `http`: Endpoint will have
`http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https`
when the `secure` field is set to `true`. \n
- `https`: Endpoint will have `https` traffic,
typically on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when
the `secure` field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic, typically
on a TCP connection. \n - `tcp`: Endpoint will
have traffic on a TCP connection, without specifying
an application protocol. \n - `udp`: Endpoint
will have traffic on an UDP connection, without
specifying an application protocol. \n Default
value is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint should
be secured and protected by some authentication
process. This requires a protocol of `https`
or `wss`.
type: boolean
targetPort:
description: Port number to be used within the
container component. The same port cannot be
used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
env:
description: "Environment variables used in this container.
\n The following variables are reserved and cannot
be overridden via env: \n - `$PROJECTS_ROOT` \n -
`$PROJECT_SOURCE`"
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: "Toggles whether or not the project source
code should be mounted in the component. \n Defaults
to true for all component types except plugins and
components that set `dedicatedPod` to true."
type: boolean
sourceMapping:
default: /projects
description: Optional specification of the path in the
container where project sources should be transferred/mounted
when `mountSources` is `true`. When omitted, the default
value of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should be mounted
is this container.
items:
description: Volume that should be mounted to a component
container
properties:
name:
description: The volume mount name is the name
of an existing `Volume` component. If several
containers mount the same volume name then they
will reuse the same volume and will be able
to access to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: The path in the component container
where the volume should be mounted. If not path
is mentioned, default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
required:
- image
type: object
custom:
description: Custom component whose logic is implementation-dependant
and should be provided by the user possibly through some
dedicated controller
properties:
componentClass:
description: Class of component that the associated
implementation controller should use to process this
command with the appropriate logic
type: string
embeddedResource:
description: Additional free-form configuration for
this custom component that the implementation controller
will know how to use
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
required:
- componentClass
- embeddedResource
type: object
image:
description: Allows specifying the definition of an image
for outer loop builds
properties:
autoBuild:
description: "Defines if the image should be built during
startup. \n Default value is `false`"
type: boolean
dockerfile:
description: Allows specifying dockerfile type build
properties:
args:
description: The arguments to supply to the dockerfile
build.
items:
type: string
type: array
buildContext:
description: Path of source directory to establish
build context. Defaults to ${PROJECT_SOURCE} in
the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry source
properties:
id:
description: Id in a devfile registry that contains
a Dockerfile. The src in the OCI registry
required for the Dockerfile build will be
downloaded for building the image.
type: string
registryUrl:
description: Devfile Registry URL to pull the
Dockerfile from when using the Devfile Registry
as Dockerfile src. To ensure the Dockerfile
gets resolved consistently in different environments,
it is recommended to always specify the `devfileRegistryUrl`
when `Id` is used.
type: string
required:
- id
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the project should
be checked out. Required if there are more
than one remote configured
properties:
remote:
description: The remote name should be used
as init. Required if there are more than
one remote configured
type: string
revision:
description: The revision to checkout from.
Should be branch name, tag or commit id.
Default branch is used if missing or specified
revision is not found.
type: string
type: object
fileLocation:
description: Location of the Dockerfile in the
Git repository when using git as Dockerfile
src. Defaults to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: The remotes map which should be
initialized in the git project. Projects must
have at least one remote configured while
StarterProjects & Image Component's Git source
can only have at most one remote configured.
type: object
required:
- remotes
type: object
rootRequired:
description: "Specify if a privileged builder pod
is required. \n Default value is `false`"
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: URI Reference of a Dockerfile. It can
be a full URL or a relative URI from the current
devfile as the base URI.
type: string
type: object
imageName:
description: Name of the image for the resulting outerloop
build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
type: string
required:
- imageName
type: object
kubernetes:
description: Allows importing into the devworkspace the
Kubernetes resources defined in a given manifest. For
example this allows reusing the Kubernetes definitions
used to deploy some runtime components in production.
properties:
deployByDefault:
description: "Defines if the component should be deployed
during startup. \n Default value is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes. \n Examples
of Che-specific attributes: \n - cookiesAuthEnabled:
\"true\" / \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: "Describes how the endpoint should
be exposed on the network. \n - `public` means
that the endpoint will be exposed on the public
network, typically through a K8S ingress or
an OpenShift route. \n - `internal` means that
the endpoint will be exposed internally outside
of the main devworkspace POD, typically by K8S
services, to be consumed by other elements running
on the same cloud internal network. \n - `none`
means that the endpoint will not be exposed
and will only be accessible inside the main
devworkspace POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: "Describes the application and transport
protocols of the traffic that will go through
this endpoint. \n - `http`: Endpoint will have
`http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https`
when the `secure` field is set to `true`. \n
- `https`: Endpoint will have `https` traffic,
typically on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when
the `secure` field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic, typically
on a TCP connection. \n - `tcp`: Endpoint will
have traffic on a TCP connection, without specifying
an application protocol. \n - `udp`: Endpoint
will have traffic on an UDP connection, without
specifying an application protocol. \n Default
value is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint should
be secured and protected by some authentication
process. This requires a protocol of `https`
or `wss`.
type: boolean
targetPort:
description: Port number to be used within the
container component. The same port cannot be
used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
name:
description: Mandatory name that allows referencing the
component from other elements (such as commands) or from
an external devfile that may reference this component
through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: Allows importing into the devworkspace the
OpenShift resources defined in a given manifest. For example
this allows reusing the OpenShift definitions used to
deploy some runtime components in production.
properties:
deployByDefault:
description: "Defines if the component should be deployed
during startup. \n Default value is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes. \n Examples
of Che-specific attributes: \n - cookiesAuthEnabled:
\"true\" / \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: "Describes how the endpoint should
be exposed on the network. \n - `public` means
that the endpoint will be exposed on the public
network, typically through a K8S ingress or
an OpenShift route. \n - `internal` means that
the endpoint will be exposed internally outside
of the main devworkspace POD, typically by K8S
services, to be consumed by other elements running
on the same cloud internal network. \n - `none`
means that the endpoint will not be exposed
and will only be accessible inside the main
devworkspace POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: "Describes the application and transport
protocols of the traffic that will go through
this endpoint. \n - `http`: Endpoint will have
`http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https`
when the `secure` field is set to `true`. \n
- `https`: Endpoint will have `https` traffic,
typically on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when
the `secure` field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic, typically
on a TCP connection. \n - `tcp`: Endpoint will
have traffic on a TCP connection, without specifying
an application protocol. \n - `udp`: Endpoint
will have traffic on an UDP connection, without
specifying an application protocol. \n Default
value is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint should
be secured and protected by some authentication
process. This requires a protocol of `https`
or `wss`.
type: boolean
targetPort:
description: Port number to be used within the
container component. The same port cannot be
used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
plugin:
description: "Allows importing a plugin. \n Plugins are
mainly imported devfiles that contribute components, commands
and events as a consistent single unit. They are defined
in either YAML files following the devfile syntax, or
as `DevWorkspaceTemplate` Kubernetes Custom Resources"
properties:
commands:
description: Overrides of commands encapsulated in a
parent devfile or a plugin. Overriding is done according
to K8S strategic merge patch standard rules.
items:
properties:
apply:
description: "Command that consists in applying
a given component definition, typically bound
to a devworkspace event. \n For example, when
an `apply` command is bound to a `preStart`
event, and references a `container` component,
it will start the container as a K8S initContainer
in the devworkspace POD, unless the component
has its `dedicatedPod` field set to `true`.
\n When no `apply` command exist for a given
component, it is assumed the component will
be applied at devworkspace start by default,
unless `deployByDefault` for that component
is set to false."
properties:
component:
description: Describes component that will
be applied
type: string
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: Optional label that provides
a label for this command to be used in Editor
UI menus for example
type: string
type: object
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
commandType:
description: Type of devworkspace command
enum:
- Exec
- Apply
- Composite
type: string
composite:
description: Composite command that allows executing
several sub-commands either sequentially or
concurrently
properties:
commands:
description: The commands that comprise this
composite command
items:
type: string
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: Optional label that provides
a label for this command to be used in Editor
UI menus for example
type: string
parallel:
description: Indicates if the sub-commands
should be executed concurrently
type: boolean
type: object
exec:
description: CLI Command executed in an existing
component container
properties:
commandLine:
description: "The actual command-line string
\n Special variables that can be used: \n
\ - `$PROJECTS_ROOT`: A path where projects
sources are mounted as defined by container
component's sourceMapping. \n - `$PROJECT_SOURCE`:
A path to a project source ($PROJECTS_ROOT/<project-name>).
If there are multiple projects, this will
point to the directory of the first one."
type: string
component:
description: Describes component to which
given action relates
type: string
env:
description: Optional list of environment
variables that have to be set before running
the command
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
hotReloadCapable:
description: "Specify whether the command
is restarted or not when the source code
changes. If set to `true` the command won't
be restarted. A *hotReloadCapable* `run`
or `debug` command is expected to handle
file changes on its own and won't be restarted.
A *hotReloadCapable* `build` command is
expected to be executed only once and won't
be executed again. This field is taken into
account only for commands `build`, `run`
and `debug` with `isDefault` set to `true`.
\n Default value is `false`"
type: boolean
label:
description: Optional label that provides
a label for this command to be used in Editor
UI menus for example
type: string
workingDir:
description: "Working directory where the
command should be executed \n Special variables
that can be used: \n - `$PROJECTS_ROOT`:
A path where projects sources are mounted
as defined by container component's sourceMapping.
\n - `$PROJECT_SOURCE`: A path to a project
source ($PROJECTS_ROOT/<project-name>).
If there are multiple projects, this will
point to the directory of the first one."
type: string
type: object
id:
description: Mandatory identifier that allows
referencing this command in composite commands,
from a parent, or in events.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- id
type: object
type: array
components:
description: Overrides of components encapsulated in
a parent devfile or a plugin. Overriding is done according
to K8S strategic merge patch standard rules.
items:
properties:
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added
to specific resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to
deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to
service
type: object
type: object
args:
description: "The arguments to supply to the
command running the dockerimage component.
The arguments are supplied either to the
default command provided in the image or
to the overridden command. \n Defaults to
an empty array, meaning use whatever is
defined in the image."
items:
type: string
type: array
command:
description: "The command to run in the dockerimage
component instead of the default one provided
in the image. \n Defaults to an empty array,
meaning use whatever is defined in the image."
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: "Specify if a container should
run in its own separated pod, instead of
running as part of the main development
environment pod. \n Default value is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes.
\n Examples of Che-specific attributes:
\n - cookiesAuthEnabled: \"true\"
/ \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: "Describes how the endpoint
should be exposed on the network.
\n - `public` means that the endpoint
will be exposed on the public network,
typically through a K8S ingress or
an OpenShift route. \n - `internal`
means that the endpoint will be exposed
internally outside of the main devworkspace
POD, typically by K8S services, to
be consumed by other elements running
on the same cloud internal network.
\n - `none` means that the endpoint
will not be exposed and will only
be accessible inside the main devworkspace
POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: "Describes the application
and transport protocols of the traffic
that will go through this endpoint.
\n - `http`: Endpoint will have `http`
traffic, typically on a TCP connection.
It will be automaticaly promoted to
`https` when the `secure` field is
set to `true`. \n - `https`: Endpoint
will have `https` traffic, typically
on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically
on a TCP connection. It will be automaticaly
promoted to `wss` when the `secure`
field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic,
typically on a TCP connection. \n
- `tcp`: Endpoint will have traffic
on a TCP connection, without specifying
an application protocol. \n - `udp`:
Endpoint will have traffic on an UDP
connection, without specifying an
application protocol. \n Default value
is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint
should be secured and protected by
some authentication process. This
requires a protocol of `https` or
`wss`.
type: boolean
targetPort:
description: Port number to be used
within the container component. The
same port cannot be used by two different
container components.
type: integer
required:
- name
type: object
type: array
env:
description: "Environment variables used in
this container. \n The following variables
are reserved and cannot be overridden via
env: \n - `$PROJECTS_ROOT` \n - `$PROJECT_SOURCE`"
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: "Toggles whether or not the project
source code should be mounted in the component.
\n Defaults to true for all component types
except plugins and components that set `dedicatedPod`
to true."
type: boolean
sourceMapping:
description: Optional specification of the
path in the container where project sources
should be transferred/mounted when `mountSources`
is `true`. When omitted, the default value
of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should
be mounted is this container.
items:
description: Volume that should be mounted
to a component container
properties:
name:
description: The volume mount name is
the name of an existing `Volume` component.
If several containers mount the same
volume name then they will reuse the
same volume and will be able to access
to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: The path in the component
container where the volume should
be mounted. If not path is mentioned,
default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
type: object
image:
description: Allows specifying the definition
of an image for outer loop builds
properties:
autoBuild:
description: "Defines if the image should
be built during startup. \n Default value
is `false`"
type: boolean
dockerfile:
description: Allows specifying dockerfile
type build
properties:
args:
description: The arguments to supply to
the dockerfile build.
items:
type: string
type: array
buildContext:
description: Path of source directory
to establish build context. Defaults
to ${PROJECT_SOURCE} in the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry
source
properties:
id:
description: Id in a devfile registry
that contains a Dockerfile. The
src in the OCI registry required
for the Dockerfile build will be
downloaded for building the image.
type: string
registryUrl:
description: Devfile Registry URL
to pull the Dockerfile from when
using the Devfile Registry as Dockerfile
src. To ensure the Dockerfile gets
resolved consistently in different
environments, it is recommended
to always specify the `devfileRegistryUrl`
when `Id` is used.
type: string
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the
project should be checked out. Required
if there are more than one remote
configured
properties:
remote:
description: The remote name should
be used as init. Required if
there are more than one remote
configured
type: string
revision:
description: The revision to checkout
from. Should be branch name,
tag or commit id. Default branch
is used if missing or specified
revision is not found.
type: string
type: object
fileLocation:
description: Location of the Dockerfile
in the Git repository when using
git as Dockerfile src. Defaults
to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: The remotes map which
should be initialized in the git
project. Projects must have at least
one remote configured while StarterProjects
& Image Component's Git source can
only have at most one remote configured.
type: object
type: object
rootRequired:
description: "Specify if a privileged
builder pod is required. \n Default
value is `false`"
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: URI Reference of a Dockerfile.
It can be a full URL or a relative URI
from the current devfile as the base
URI.
type: string
type: object
imageName:
description: Name of the image for the resulting
outerloop build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
- AutoBuild
type: string
type: object
kubernetes:
description: Allows importing into the devworkspace
the Kubernetes resources defined in a given
manifest. For example this allows reusing the
Kubernetes definitions used to deploy some runtime
components in production.
properties:
deployByDefault:
description: "Defines if the component should
be deployed during startup. \n Default value
is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes.
\n Examples of Che-specific attributes:
\n - cookiesAuthEnabled: \"true\"
/ \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: "Describes how the endpoint
should be exposed on the network.
\n - `public` means that the endpoint
will be exposed on the public network,
typically through a K8S ingress or
an OpenShift route. \n - `internal`
means that the endpoint will be exposed
internally outside of the main devworkspace
POD, typically by K8S services, to
be consumed by other elements running
on the same cloud internal network.
\n - `none` means that the endpoint
will not be exposed and will only
be accessible inside the main devworkspace
POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: "Describes the application
and transport protocols of the traffic
that will go through this endpoint.
\n - `http`: Endpoint will have `http`
traffic, typically on a TCP connection.
It will be automaticaly promoted to
`https` when the `secure` field is
set to `true`. \n - `https`: Endpoint
will have `https` traffic, typically
on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically
on a TCP connection. It will be automaticaly
promoted to `wss` when the `secure`
field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic,
typically on a TCP connection. \n
- `tcp`: Endpoint will have traffic
on a TCP connection, without specifying
an application protocol. \n - `udp`:
Endpoint will have traffic on an UDP
connection, without specifying an
application protocol. \n Default value
is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint
should be secured and protected by
some authentication process. This
requires a protocol of `https` or
`wss`.
type: boolean
targetPort:
description: Port number to be used
within the container component. The
same port cannot be used by two different
container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
name:
description: Mandatory name that allows referencing
the component from other elements (such as commands)
or from an external devfile that may reference
this component through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: Allows importing into the devworkspace
the OpenShift resources defined in a given manifest.
For example this allows reusing the OpenShift
definitions used to deploy some runtime components
in production.
properties:
deployByDefault:
description: "Defines if the component should
be deployed during startup. \n Default value
is `false`"
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: "Map of implementation-dependant
string-based free-form attributes.
\n Examples of Che-specific attributes:
\n - cookiesAuthEnabled: \"true\"
/ \"false\", \n - type: \"terminal\"
/ \"ide\" / \"ide-dev\","
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: "Describes how the endpoint
should be exposed on the network.
\n - `public` means that the endpoint
will be exposed on the public network,
typically through a K8S ingress or
an OpenShift route. \n - `internal`
means that the endpoint will be exposed
internally outside of the main devworkspace
POD, typically by K8S services, to
be consumed by other elements running
on the same cloud internal network.
\n - `none` means that the endpoint
will not be exposed and will only
be accessible inside the main devworkspace
POD, on a local address. \n Default
value is `public`"
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: "Describes the application
and transport protocols of the traffic
that will go through this endpoint.
\n - `http`: Endpoint will have `http`
traffic, typically on a TCP connection.
It will be automaticaly promoted to
`https` when the `secure` field is
set to `true`. \n - `https`: Endpoint
will have `https` traffic, typically
on a TCP connection. \n - `ws`: Endpoint
will have `ws` traffic, typically
on a TCP connection. It will be automaticaly
promoted to `wss` when the `secure`
field is set to `true`. \n - `wss`:
Endpoint will have `wss` traffic,
typically on a TCP connection. \n
- `tcp`: Endpoint will have traffic
on a TCP connection, without specifying
an application protocol. \n - `udp`:
Endpoint will have traffic on an UDP
connection, without specifying an
application protocol. \n Default value
is `http`"
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: Describes whether the endpoint
should be secured and protected by
some authentication process. This
requires a protocol of `https` or
`wss`.
type: boolean
targetPort:
description: Port number to be used
within the container component. The
same port cannot be used by two different
container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
volume:
description: Allows specifying the definition
of a volume shared by several other components
properties:
ephemeral:
description: Ephemeral volumes are not stored
persistently across restarts. Defaults to
false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
id:
description: Id in a registry that contains a Devfile
yaml file
type: string
importReferenceType:
description: type of location from where the referenced
template structure should be retrieved
enum:
- Uri
- Id
- Kubernetes
type: string
kubernetes:
description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
registryUrl:
description: Registry URL to pull the parent devfile
from when using id in the parent reference. To ensure
the parent devfile gets resolved consistently in different
environments, it is recommended to always specify
the `registryUrl` when `id` is used.
type: string
uri:
description: URI Reference of a parent devfile YAML
file. It can be a full URL or a relative URI with
the current devfile as the base URI.
type: string
version:
description: Specific stack/sample version to pull the
parent devfile from, when using id in the parent reference.
To specify `version`, `id` must be defined and used
as the import reference source. `version` can be either
a specific stack version, or `latest`. If no `version`
specified, default version will be used.
pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$
type: string
type: object
volume:
description: Allows specifying the definition of a volume
shared by several other components
properties:
ephemeral:
description: Ephemeral volumes are not stored persistently
across restarts. Defaults to false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
defaultEditor:
description: The default editor to workspace create with. It could
be a plugin ID or a URI. The plugin ID must have `publisher/plugin/version`
format. The URI must start from `http://` or `https://`.
type: string
defaultNamespace:
default:
autoProvision: true
template: <username>-che
description: User's default namespace.
properties:
autoProvision:
default: true
description: Indicates if is allowed to automatically create
a user namespace. If it set to false, then user namespace
must be pre-created by a cluster administrator.
type: boolean
template:
default: <username>-che
description: If you don't create the user namespaces in advance,
this field defines the Kubernetes namespace created when
you start your first workspace. You can use `<username>`
and `<userid>` placeholders, such as che-workspace-<username>.
pattern: <username>|<userid>
type: string
type: object
defaultPlugins:
description: Default plug-ins applied to DevWorkspaces.
items:
properties:
editor:
description: The editor ID to specify default plug-ins for.
type: string
plugins:
description: Default plug-in URIs for the specified editor.
items:
type: string
type: array
type: object
type: array
deploymentStrategy:
description: DeploymentStrategy defines the deployment strategy
to use to replace existing workspace pods with new ones. The
available deployment stragies are `Recreate` and `RollingUpdate`.
With the `Recreate` deployment strategy, the existing workspace
pod is killed before the new one is created. With the `RollingUpdate`
deployment strategy, a new workspace pod is created and the
existing workspace pod is deleted only when the new workspace
pod is in a ready state. If not specified, the default `Recreate`
deployment strategy is used.
enum:
- Recreate
- RollingUpdate
type: string
disableContainerBuildCapabilities:
description: "Disables the container build capabilities. When
set to `false` (the default value), the devEnvironments.security.containerSecurityContext
field is ignored, and the following container SecurityContext
is applied: \n containerSecurityContext: allowPrivilegeEscalation:
true capabilities: add: - SETGID - SETUID"
type: boolean
gatewayContainer:
description: GatewayContainer configuration.
properties:
env:
description: List of environment variables to set in the container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must
be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables
in the container and any service environment variables.
If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are
reduced to a single $, which allows for escaping the
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
the string literal "$(VAR_NAME)". Escaped references
will never be expanded, regardless of whether the
variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it empty to
use the default container image provided by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is `Always`
for `nightly`, `next` or `latest` images, and `IfNotPresent`
in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this container.
properties:
limits:
description: Describes the maximum amount of compute resources
allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores) If the
value is not specified, then the default value is
set depending on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024) If the value is not specified,
then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of compute resources
required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores) If the
value is not specified, then the default value is
set depending on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024) If the value is not specified,
then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
imagePullPolicy:
description: ImagePullPolicy defines the imagePullPolicy used
for containers in a DevWorkspace.
enum:
- Always
- IfNotPresent
- Never
type: string
maxNumberOfRunningWorkspacesPerUser:
description: The maximum number of running workspaces per user.
The value, -1, allows users to run an unlimited number of workspaces.
format: int64
minimum: -1
type: integer
maxNumberOfWorkspacesPerUser:
default: -1
description: Total number of workspaces, both stopped and running,
that a user can keep. The value, -1, allows users to keep an
unlimited number of workspaces.
format: int64
minimum: -1
type: integer
nodeSelector:
additionalProperties:
type: string
description: The node selector limits the nodes that can run the
workspace pods.
type: object
persistUserHome:
description: PersistUserHome defines configuration options for
persisting the user home directory in workspaces.
properties:
enabled:
description: Determines whether the user home directory in
workspaces should persist between workspace shutdown and
startup. Must be used with the 'per-user' or 'per-workspace'
PVC strategy in order to take effect. Disabled by default.
type: boolean
type: object
podSchedulerName:
description: Pod scheduler for the workspace pods. If not specified,
the pod scheduler is set to the default scheduler on the cluster.
type: string
projectCloneContainer:
description: Project clone container configuration.
properties:
env:
description: List of environment variables to set in the container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must
be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables
in the container and any service environment variables.
If a variable cannot be resolved, the reference in
the input string will be unchanged. Double $$ are
reduced to a single $, which allows for escaping the
$(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce
the string literal "$(VAR_NAME)". Escaped references
will never be expanded, regardless of whether the
variable exists or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports
metadata.name, metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container:
only resources limits and requests (limits.cpu,
limits.memory, limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: 'Name of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion,
kind, uid?'
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it empty to
use the default container image provided by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is `Always`
for `nightly`, `next` or `latest` images, and `IfNotPresent`
in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this container.
properties:
limits:
description: Describes the maximum amount of compute resources
allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores) If the
value is not specified, then the default value is
set depending on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024) If the value is not specified,
then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of compute resources
required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m = .5 cores) If the
value is not specified, then the default value is
set depending on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi = 500GiB = 500
* 1024 * 1024 * 1024) If the value is not specified,
then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
secondsOfInactivityBeforeIdling:
default: 1800
description: Idle timeout for workspaces in seconds. This timeout
is the duration after which a workspace will be idled if there
is no activity. To disable workspace idling due to inactivity,
set this value to -1.
format: int32
type: integer
secondsOfRunBeforeIdling:
default: -1
description: Run timeout for workspaces in seconds. This timeout
is the maximum duration a workspace runs. To disable workspace
run timeout, set this value to -1.
format: int32
type: integer
security:
description: Workspace security configuration.
properties:
containerSecurityContext:
description: Container SecurityContext used by all workspace-related
containers. If set, defined values are merged into the default
Container SecurityContext configuration. Requires devEnvironments.disableContainerBuildCapabilities
to be set to `true` in order to take effect.
properties:
allowPrivilegeEscalation:
description: 'AllowPrivilegeEscalation controls whether
a process can gain more privileges than its parent process.
This bool directly controls if the no_new_privs flag
will be set on the container process. AllowPrivilegeEscalation
is true always when the container is: 1) run as Privileged
2) has CAP_SYS_ADMIN Note that this field cannot be
set when spec.os.name is windows.'
type: boolean
capabilities:
description: The capabilities to add/drop when running
containers. Defaults to the default set of capabilities
granted by the container runtime. Note that this field
cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: Run container in privileged mode. Processes
in privileged containers are essentially equivalent
to root on the host. Defaults to false. Note that this
field cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: procMount denotes the type of proc mount
to use for the containers. The default is DefaultProcMount
which uses the container runtime defaults for readonly
paths and masked paths. This requires the ProcMountType
feature flag to be enabled. Note that this field cannot
be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: Whether this container has a read-only root
filesystem. Default is false. Note that this field cannot
be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence. Note that this field cannot be set
when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as
a non-root user. If true, the Kubelet will validate
the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it
does. If unset or false, no such validation will be
performed. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in PodSecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name
is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to the
container. If unspecified, the container runtime will
allocate a random SELinux context for each container. May
also be set in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence. Note that this field cannot be set
when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by this container.
If seccomp options are provided at both the pod & container
level, the container options override the pod options.
Note that this field cannot be set when spec.os.name
is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used. The
profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's
configured seccomp profile location. Must only be
set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are: \n Localhost
- a profile defined in a file on the node should
be used. RuntimeDefault - the container runtime
default profile should be used. Unconfined - no
profile should be applied."
type: string
required:
- type
type: object
windowsOptions:
description: The Windows specific settings applied to
all containers. If unspecified, the options from the
PodSecurityContext will be used. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence. Note that this field cannot be set
when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec
named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container. This
field is alpha-level and will only be honored by
components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the feature
flag will result in errors when validating the Pod.
All of a Pod's containers must have the same effective
HostProcess value (it is not allowed to have a mix
of HostProcess containers and non-HostProcess containers). In
addition, if HostProcess is true then HostNetwork
must also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
podSecurityContext:
description: PodSecurityContext used by all workspace-related
pods. If set, defined values are merged into the default
PodSecurityContext configuration.
properties:
fsGroup:
description: "A special supplemental group that applies
to all containers in a pod. Some volume types allow
the Kubelet to change the ownership of that volume to
be owned by the pod: \n 1. The owning GID will be the
FSGroup 2. The setgid bit is set (new files created
in the volume will be owned by FSGroup) 3. The permission
will not modify the ownership and permissions of any
volume. Note that this field cannot be set when spec.os.name
is windows."
format: int64
type: integer
fsGroupChangePolicy:
description: 'fsGroupChangePolicy defines behavior of
changing ownership and permission of the volume before
being exposed inside Pod. This field will only apply
to volume types which support fsGroup based ownership(and
permissions). It will have no effect on ephemeral volume
types such as: secret, configmaps and emptydir. Valid
values are "OnRootMismatch" and "Always". If not specified,
"Always" is used. Note that this field cannot be set
when spec.os.name is windows.'
type: string
runAsGroup:
description: The GID to run the entrypoint of the container
process. Uses runtime default if unset. May also be
set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container. Note that this
field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: Indicates that the container must run as
a non-root user. If true, the Kubelet will validate
the image at runtime to ensure that it does not run
as UID 0 (root) and fail to start the container if it
does. If unset or false, no such validation will be
performed. May also be set in SecurityContext. If set
in both SecurityContext and PodSecurityContext, the
value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: The UID to run the entrypoint of the container
process. Defaults to user specified in image metadata
if unspecified. May also be set in SecurityContext. If
set in both SecurityContext and PodSecurityContext,
the value specified in SecurityContext takes precedence
for that container. Note that this field cannot be set
when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: The SELinux context to be applied to all
containers. If unspecified, the container runtime will
allocate a random SELinux context for each container. May
also be set in SecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container. Note that this
field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: The seccomp options to use by the containers
in this pod. Note that this field cannot be set when
spec.os.name is windows.
properties:
localhostProfile:
description: localhostProfile indicates a profile
defined in a file on the node should be used. The
profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's
configured seccomp profile location. Must only be
set if type is "Localhost".
type: string
type:
description: "type indicates which kind of seccomp
profile will be applied. Valid options are: \n Localhost
- a profile defined in a file on the node should
be used. RuntimeDefault - the container runtime
default profile should be used. Unconfined - no
profile should be applied."
type: string
required:
- type
type: object
supplementalGroups:
description: A list of groups applied to the first process
run in each container, in addition to the container's
primary GID, the fsGroup (if specified), and group memberships
defined in the container image for the uid of the container
process. If unspecified, no additional groups are added
to any container. Note that group memberships defined
in the container image for the uid of the container
process are still effective, even if they are not included
in this list. Note that this field cannot be set when
spec.os.name is windows.
items:
format: int64
type: integer
type: array
sysctls:
description: Sysctls hold a list of namespaced sysctls
used for the pod. Pods with unsupported sysctls (by
the container runtime) might fail to launch. Note that
this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: The Windows specific settings applied to
all containers. If unspecified, the options within a
container's SecurityContext will be used. If set in
both SecurityContext and PodSecurityContext, the value
specified in SecurityContext takes precedence. Note
that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: GMSACredentialSpec is where the GMSA
admission webhook (https://github.com/kubernetes-sigs/windows-gmsa)
inlines the contents of the GMSA credential spec
named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
hostProcess:
description: HostProcess determines if a container
should be run as a 'Host Process' container. This
field is alpha-level and will only be honored by
components that enable the WindowsHostProcessContainers
feature flag. Setting this field without the feature
flag will result in errors when validating the Pod.
All of a Pod's containers must have the same effective
HostProcess value (it is not allowed to have a mix
of HostProcess containers and non-HostProcess containers). In
addition, if HostProcess is true then HostNetwork
must also be set to true.
type: boolean
runAsUserName:
description: The UserName in Windows to run the entrypoint
of the container process. Defaults to the user specified
in image metadata if unspecified. May also be set
in PodSecurityContext. If set in both SecurityContext
and PodSecurityContext, the value specified in SecurityContext
takes precedence.
type: string
type: object
type: object
type: object
serviceAccount:
description: ServiceAccount to use by the DevWorkspace operator
when starting the workspaces.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
serviceAccountTokens:
description: List of ServiceAccount tokens that will be mounted
into workspace pods as projected volumes.
items:
properties:
audience:
description: Audience is the intended audience of the token.
A recipient of a token must identify itself with an identifier
specified in the audience of the token, and otherwise
should reject the token. The audience defaults to the
identifier of the apiserver.
type: string
expirationSeconds:
default: 3600
description: ExpirationSeconds is the requested duration
of validity of the service account token. As the token
approaches expiration, the kubelet volume plugin will
proactively rotate the service account token. The kubelet
will start trying to rotate the token if the token is
older than 80 percent of its time to live or if the token
is older than 24 hours. Defaults to 1 hour and must be
at least 10 minutes.
format: int64
minimum: 600
type: integer
mountPath:
description: Path within the workspace container at which
the token should be mounted. Must not contain ':'.
type: string
name:
description: Identifiable name of the ServiceAccount token.
If multiple ServiceAccount tokens use the same mount path,
a generic name will be used for the projected volume instead.
type: string
path:
description: Path is the path relative to the mount point
of the file to project the token into.
type: string
required:
- mountPath
- name
- path
type: object
type: array
startTimeoutSeconds:
default: 300
description: StartTimeoutSeconds determines the maximum duration
(in seconds) that a workspace can take to start before it is
automatically failed. If not specified, the default value of
300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
description: Workspaces persistent storage.
properties:
perUserStrategyPvcConfig:
description: PVC settings when using the `per-user` PVC strategy.
properties:
claimSize:
description: Persistent Volume Claim size. To update the
claim size, the storage class that provisions it must
support resizing.
type: string
storageClass:
description: Storage class for the Persistent Volume Claim.
When omitted or left blank, a default storage class
is used.
type: string
type: object
perWorkspaceStrategyPvcConfig:
description: PVC settings when using the `per-workspace` PVC
strategy.
properties:
claimSize:
description: Persistent Volume Claim size. To update the
claim size, the storage class that provisions it must
support resizing.
type: string
storageClass:
description: Storage class for the Persistent Volume Claim.
When omitted or left blank, a default storage class
is used.
type: string
type: object
pvcStrategy:
default: per-user
description: 'Persistent volume claim strategy for the Che
server. The supported strategies are: `per-user` (all workspaces
PVCs in one volume), `per-workspace` (each workspace is
given its own individual PVC) and `ephemeral` (non-persistent
storage where local changes will be lost when the workspace
is stopped.)'
enum:
- common
- per-user
- per-workspace
- ephemeral
type: string
type: object
tolerations:
description: The pod tolerations of the workspace pods limit where
the workspace pods can run.
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
type: string
type: object
type: array
trustedCerts:
description: Trusted certificate settings.
properties:
gitTrustedCertsConfigMapName:
description: 'The ConfigMap contains certificates to propagate
to the Che components and to provide a particular configuration
for Git. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/
The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org`
label.'
type: string
type: object
user:
description: User configuration.
properties:
clusterRoles:
description: Additional ClusterRoles assigned to the user.
The role must have `app.kubernetes.io/part-of=che.eclipse.org`
label.
items:
type: string
type: array
type: object
type: object
gitServices:
description: A configuration that allows users to work with remote
Git repositories.
properties:
azure:
description: Enables users to work with repositories hosted on
Azure DevOps Service (dev.azure.com).
items:
description: AzureDevOpsService enables users to work with repositories
hosted on Azure DevOps Service (dev.azure.com).
properties:
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
Azure DevOps Service Application ID and Client Secret.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services'
type: string
required:
- secretName
type: object
type: array
bitbucket:
description: Enables users to work with repositories hosted on
Bitbucket (bitbucket.org or self-hosted).
items:
description: BitBucketService enables users to work with repositories
hosted on Bitbucket (bitbucket.org or self-hosted).
properties:
endpoint:
description: 'Bitbucket server endpoint URL. Deprecated
in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.'
type: string
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following
pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.'
type: string
required:
- secretName
type: object
type: array
github:
description: Enables users to work with repositories hosted on
GitHub (github.com or GitHub Enterprise).
items:
description: GitHubService enables users to work with repositories
hosted on GitHub (GitHub.com or GitHub Enterprise).
properties:
disableSubdomainIsolation:
description: 'Disables subdomain isolation. Deprecated in
favor of `che.eclipse.org/scm-github-disable-subdomain-isolation`
annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
type: boolean
endpoint:
description: 'GitHub server endpoint URL. Deprecated in
favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
type: string
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
GitHub OAuth Client id and GitHub OAuth Client secret.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.'
type: string
required:
- secretName
type: object
type: array
gitlab:
description: Enables users to work with repositories hosted on
GitLab (gitlab.com or self-hosted).
items:
description: GitLabService enables users to work with repositories
hosted on GitLab (gitlab.com or self-hosted).
properties:
endpoint:
description: 'GitLab server endpoint URL. Deprecated in
favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
type: string
secretName:
description: 'Kubernetes secret, that contains Base64-encoded
GitHub Application id and GitLab Application Client secret.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.'
type: string
required:
- secretName
type: object
type: array
type: object
networking:
default:
auth:
gateway:
configLabels:
app: che
component: che-gateway-config
description: Networking, Che authentication, and TLS configuration.
properties:
annotations:
additionalProperties:
type: string
description: 'Defines annotations which will be set for an Ingress
(a route for OpenShift platform). The defaults for kubernetes
platforms are: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600", nginx.ingress.kubernetes.io/proxy-connect-timeout:
"3600", nginx.ingress.kubernetes.io/ssl-redirect: "true"'
type: object
auth:
default:
gateway:
configLabels:
app: che
component: che-gateway-config
description: Authentication settings.
properties:
advancedAuthorization:
description: Advance authorization settings. Determines which
users and groups are allowed to access Che. User is allowed
to access Che if he/she is either in the `allowUsers` list
or is member of group from `allowGroups` list and not in
neither the `denyUsers` list nor is member of group from
`denyGroups` list. If `allowUsers` and `allowGroups` are
empty, then all users are allowed to access Che. if `denyUsers`
and `denyGroups` are empty, then no users are denied to
access Che.
properties:
allowGroups:
description: List of groups allowed to access Che (currently
supported in OpenShift only).
items:
type: string
type: array
allowUsers:
description: List of users allowed to access Che.
items:
type: string
type: array
denyGroups:
description: List of groups denied to access Che (currently
supported in OpenShift only).
items:
type: string
type: array
denyUsers:
description: List of users denied to access Che.
items:
type: string
type: array
type: object
gateway:
default:
configLabels:
app: che
component: che-gateway-config
description: Gateway settings.
properties:
configLabels:
additionalProperties:
type: string
default:
app: che
component: che-gateway-config
description: Gateway configuration labels.
type: object
deployment:
description: 'Deployment override options. Since gateway
deployment consists of several containers, they must
be distinguished in the configuration by their names:
- `gateway` - `configbump` - `oauth-proxy` - `kube-rbac-proxy`'
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to
set in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME)
are expanded using the previously defined
environment variables in the container
and any service environment variables.
If a variable cannot be resolved, the
reference in the input string will be
unchanged. Double $$ are reduced to
a single $, which allows for escaping
the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)"
will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded,
regardless of whether the variable exists
or not. Defaults to "".'
type: string
valueFrom:
description: Source for the environment
variable's value. Cannot be used if
value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields.
apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
ConfigMap or its key must be
defined
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the
pod: supports metadata.name, metadata.namespace,
`metadata.labels[''<KEY>'']`, `metadata.annotations[''<KEY>'']`,
spec.nodeName, spec.serviceAccountName,
status.hostIP, status.podIP, status.podIPs.'
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in
terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field
to select in the specified API
version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of
the container: only resources limits
and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu,
requests.memory and requests.ephemeral-storage)
are currently supported.'
properties:
containerName:
description: 'Container name:
required for volumes, optional
for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource
to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: 'Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields.
apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the
Secret or its key must be defined
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave
it empty to use the default container image
provided by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value
is `Always` for `nightly`, `next` or `latest`
images, and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount
of compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m =
.5 cores) If the value is not specified,
then the default value is set depending
on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi
= 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then
the default value is set depending
on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount
of compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: CPU, in cores. (500m =
.5 cores) If the value is not specified,
then the default value is set depending
on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: Memory, in bytes. (500Gi
= 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then
the default value is set depending
on the component. If value is `0`,
then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that
applies to all containers in a pod. The default
value is `1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of
the container process. The default value is
`1724`.
format: int64
type: integer
type: object
type: object
kubeRbacProxy:
description: Configuration for kube-rbac-proxy within
the Che gateway pod.
properties:
logLevel:
default: 0
description: The glog log level for the kube-rbac-proxy
container within the gateway pod. Larger values
represent a higher verbosity. The default value
is `0`.
format: int32
minimum: 0
type: integer
type: object
oAuthProxy:
description: Configuration for oauth-proxy within the
Che gateway pod.
properties:
cookieExpireSeconds:
default: 86400
description: Expire timeframe for cookie. If set to
0, cookie becomes a session-cookie which will expire
when the browser is closed.
format: int32
minimum: 0
type: integer
type: object
traefik:
description: Configuration for Traefik within the Che
gateway pod.
properties:
logLevel:
default: INFO
description: 'The log level for the Traefik container
within the gateway pod: `DEBUG`, `INFO`, `WARN`,
`ERROR`, `FATAL`, or `PANIC`. The default value
is `INFO`'
enum:
- DEBUG
- INFO
- WARN
- ERROR
- FATAL
- PANIC
type: string
type: object
type: object
identityProviderURL:
description: Public URL of the Identity Provider server.
type: string
identityToken:
description: 'Identity token to be passed to upstream. There
are two types of tokens supported: `id_token` and `access_token`.
Default value is `id_token`. This field is specific to Che
installations made for Kubernetes only and ignored for OpenShift.'
enum:
- id_token
- access_token
type: string
oAuthAccessTokenInactivityTimeoutSeconds:
description: Inactivity timeout for tokens to set in the OpenShift
`OAuthClient` resource used to set up identity federation
on the OpenShift side. 0 means tokens for this client never
time out.
format: int32
type: integer
oAuthAccessTokenMaxAgeSeconds:
description: Access token max age for tokens to set in the
OpenShift `OAuthClient` resource used to set up identity
federation on the OpenShift side. 0 means no expiration.
format: int32
type: integer
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource
used to set up identity federation on the OpenShift side.
type: string
oAuthScope:
description: Access Token Scope. This field is specific to
Che installations made for Kubernetes only and ignored for
OpenShift.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to set up identity federation on the OpenShift
side.
type: string
type: object
domain:
description: 'For an OpenShift cluster, the Operator uses the
domain to generate a hostname for the route. The generated hostname
follows this pattern: che-<che-namespace>.<domain>. The <che-namespace>
is the namespace where the CheCluster CRD is created. In conjunction
with labels, it creates a route served by a non-default Ingress
controller. For a Kubernetes cluster, it contains a global ingress
domain. There are no default values: you must specify them.'
type: string
hostname:
description: The public hostname of the installed Che server.
type: string
ingressClassName:
description: IngressClassName is the name of an IngressClass cluster
resource. If a class name is defined in both the `IngressClassName`
field and the `kubernetes.io/ingress.class` annotation, `IngressClassName`
field takes precedence.
type: string
labels:
additionalProperties:
type: string
description: Defines labels which will be set for an Ingress (a
route for OpenShift platform).
type: object
tlsSecretName:
description: The name of the secret used to set up Ingress TLS
termination. If the field is an empty string, the default cluster
certificate is used. The secret must have a `app.kubernetes.io/part-of=che.eclipse.org`
label.
type: string
type: object
type: object
status:
description: Defines the observed state of Che installation.
properties:
chePhase:
description: Specifies the current phase of the Che deployment.
type: string
cheURL:
description: Public URL of the Che server.
type: string
cheVersion:
description: Currently installed Che version.
type: string
devfileRegistryURL:
description: The public URL of the internal devfile registry.
type: string
gatewayPhase:
description: Specifies the current phase of the gateway deployment.
type: string
message:
description: A human readable message indicating details about why
the Che deployment is in the current phase.
type: string
pluginRegistryURL:
description: The public URL of the internal plug-in registry.
type: string
reason:
description: A brief CamelCase message indicating details about why
the Che deployment is in the current phase.
type: string
workspaceBaseDomain:
description: The resolved workspace base domain. This is either the
copy of the explicitly defined property of the same name in the
spec or, if it is undefined in the spec and we're running on OpenShift,
the automatically resolved basedomain for routes.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
Reference in New Issue View Git Blame Copy Permalink