seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-operator/deploy/deployment/kubernetes/combined.yaml

9020 lines
500 KiB
YAML
Raw Blame History

#
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: v1
kind: Namespace
metadata:
name: eclipse-che
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: eclipse-che/che-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
labels:
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: checlusters.org.eclipse.che
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: che-operator-service
namespace: eclipse-che
path: /convert
conversionReviewVersions:
- v1
- v2
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
versions:
- deprecated: true
deprecationWarning: org.eclipse.che/v1 CheCluster is deprecated and will be removed
in future releases
name: v1
schema:
openAPIV3Schema:
description: The `CheCluster` custom resource allows defining and managing
a Che server installation
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
Desired configuration of the Che installation.
Based on these settings, the Operator automatically creates and maintains
several ConfigMaps that will contain the appropriate environment variables
the various components of the Che installation.
These generated ConfigMaps must NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication
used by the Che installation.
properties:
debug:
description: |-
Deprecated. The value of this flag is ignored.
Debug internal identity provider.
type: boolean
externalIdentityProvider:
description: |-
Deprecated. The value of this flag is ignored.
Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance).
Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance).
By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`,
no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use.
See also all the other fields starting with: `identityProvider`.
type: boolean
gatewayAuthenticationSidecarImage:
description: |-
Gateway sidecar responsible for authentication when NativeUserMode is enabled.
See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy].
type: string
gatewayAuthorizationSidecarImage:
description: |-
Gateway sidecar responsible for authorization when NativeUserMode is enabled.
See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy]
type: string
gatewayConfigBumpEnv:
description: List of environment variables to set in the Configbump
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
gatewayEnv:
description: List of environment variables to set in the Gateway
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
gatewayHeaderRewriteSidecarImage:
description: Deprecated. The value of this flag is ignored. Sidecar
functionality is now implemented in Traefik plugin.
type: string
gatewayKubeRbacProxyEnv:
description: List of environment variables to set in the Kube
rbac proxy container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
gatewayOAuthProxyEnv:
description: List of environment variables to set in the OAuth
proxy container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
identityProviderAdminUserName:
description: |-
Deprecated. The value of this flag is ignored.
Overrides the name of the Identity Provider administrator user. Defaults to `admin`.
type: string
identityProviderClientId:
description: |-
Deprecated. The value of this flag is ignored.
Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che.
Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`.
type: string
identityProviderContainerResources:
description: |-
Deprecated. The value of this flag is ignored.
Identity provider container custom settings.
properties:
limits:
description: Limits describes the maximum amount of compute
resources allowed.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
request:
description: Requests describes the minimum amount of compute
resources required.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
type: object
identityProviderImage:
description: |-
Deprecated. The value of this flag is ignored.
Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment.
This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator.
type: string
identityProviderImagePullPolicy:
description: |-
Deprecated. The value of this flag is ignored.
Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment.
Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases.
type: string
identityProviderIngress:
description: |-
Deprecated. The value of this flag is ignored.
Ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
identityProviderPassword:
description: |-
Deprecated. The value of this flag is ignored.
Overrides the password of Keycloak administrator user.
Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
When omitted or left blank, it is set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: |-
Deprecated. The value of this flag is ignored.
Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database.
Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
When omitted or left blank, it is set to an auto-generated password.
type: string
identityProviderPostgresSecret:
description: |-
Deprecated. The value of this flag is ignored.
The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database.
When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies:
1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database.
2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
identityProviderRealm:
description: |-
Deprecated. The value of this flag is ignored.
Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che.
Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
When omitted or left blank, it is set to the value of the `flavour` field.
type: string
identityProviderRoute:
description: |-
Deprecated. The value of this flag is ignored.
Route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: |-
Operator uses the domain to generate a hostname for a route.
In a conjunction with labels it creates a route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
identityProviderSecret:
description: |-
Deprecated. The value of this flag is ignored.
The secret that contains `user` and `password` for Identity Provider.
When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored.
When the value is omitted or left blank, the one of following scenarios applies:
1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used.
2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name
`che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
identityProviderURL:
description: |-
Public URL of the Identity Provider server (Keycloak / RH-SSO server).
Set this ONLY when a use of an external Identity Provider is needed.
See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator.
type: string
identityToken:
description: |-
Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`.
Default value is `id_token`.
This field is specific to Che installations made for Kubernetes only and ignored for OpenShift.
type: string
initialOpenShiftOAuthUser:
description: |-
Deprecated. The value of this flag is ignored.
For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used.
If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider.
If the value is false and the user has already been created, then it will be removed.
If value is an empty, then do nothing.
The user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator.
Note that this solution is Openshift 4 platform-specific.
type: boolean
nativeUserMode:
description: |-
Deprecated. The value of this flag is ignored.
Enables native user mode. Currently works only on OpenShift and DevWorkspace engine.
Native User mode uses OpenShift OAuth directly as identity provider, without Keycloak.
type: boolean
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used
to setup identity federation on the OpenShift side. Auto-generated
when left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthScope:
description: |-
Access Token Scope.
This field is specific to Che installations made for Kubernetes only and ignored for OpenShift.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift
side. Auto-generated when left blank. See also the `OAuthClientName`
field.
type: string
openShiftoAuth:
description: |-
Deprecated. The value of this flag is ignored.
Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth.
Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login,
and have their workspaces created under personal OpenShift namespaces.
WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard.
type: boolean
updateAdminPassword:
description: |-
Deprecated. The value of this flag is ignored.
Forces the default `admin` Che user to update password on first login. Defaults to `false`.
type: boolean
type: object
dashboard:
description: Configuration settings related to the User Dashboard
used by the Che installation.
properties:
warning:
description: Warning message that will be displayed on the User
Dashboard
type: string
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresContainerResources:
description: PostgreSQL container custom settings
properties:
limits:
description: Limits describes the maximum amount of compute
resources allowed.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
request:
description: Requests describes the minimum amount of compute
resources required.
properties:
cpu:
description: CPU, in cores. (500m = .5 cores)
type: string
memory:
description: Memory, in bytes. (500Gi = 500GiB = 500 *
1024 * 1024 * 1024)
type: string
type: object
type: object
chePostgresDb:
description: PostgreSQL database name that the Che server uses
to connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: |-
PostgreSQL Database host name that the Che server uses to connect to.
Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`.
In the default case it will be automatically set by the Operator.
type: string
chePostgresPassword:
description: PostgreSQL password that the Che server uses to connect
to the DB. When omitted or left blank, it will be set to an
automatically generated value.
type: string
chePostgresPort:
description: |-
PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432.
Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator.
type: string
chePostgresSecret:
description: |-
The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB.
When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored.
When the value is omitted or left blank, the one of following scenarios applies:
1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB.
2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `postgres-credentials`
will be created with default value of `pgche` for `user` and with an auto-generated value for `password`.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
chePostgresUser:
description: PostgreSQL user that the Che server uses to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: |-
Instructs the Operator on whether to deploy a dedicated database.
By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the
Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`.
type: boolean
postgresEnv:
description: List of environment variables to set in the PostgreSQL
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
postgresImage:
description: Overrides the container image used in the PostgreSQL
database deployment. This includes the image tag. Omit it or
leave it empty to use the default container image provided by
the Operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the PostgreSQL
database deployment. Default value is `Always` for `nightly`,
`next` or `latest` images, and `IfNotPresent` in other cases.
type: string
postgresVersion:
description: |-
Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`.
Migrate your PostgreSQL database to switch from one version to another.
type: string
pvcClaimSize:
description: |-
Size of the persistent volume claim for database. Defaults to `1Gi`.
To update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed.
type: string
type: object
devWorkspace:
description: DevWorkspace operator configuration
properties:
controllerImage:
description: |-
Overrides the container image used in the DevWorkspace controller deployment.
This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator.
type: string
enable:
description: |-
Deploys the DevWorkspace Operator in the cluster.
Does nothing when a matching version of the Operator is already installed.
Fails when a non-matching version of the Operator is already installed.
type: boolean
env:
description: List of environment variables to set in the DevWorkspace
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
runningLimit:
description: Maximum number of the running workspaces per user.
type: string
secondsOfInactivityBeforeIdling:
default: 1800
description: |-
Idle timeout for workspaces in seconds.
This timeout is the duration after which a workspace will be idled if there is no activity.
To disable workspace idling due to inactivity, set this value to -1.
format: int32
type: integer
secondsOfRunBeforeIdling:
default: -1
description: |-
Run timeout for workspaces in seconds.
This timeout is the maximum duration a workspace runs.
To disable workspace run timeout, set this value to -1.
format: int32
type: integer
required:
- enable
type: object
gitServices:
description: A configuration that allows users to work with remote
Git repositories.
properties:
bitbucket:
description: Enables users to work with repositories hosted on
Bitbucket (bitbucket.org or self-hosted).
items:
description: BitBucketService enables users to work with repositories
hosted on Bitbucket (bitbucket.org or self-hosted).
properties:
endpoint:
description: |-
Bitbucket server endpoint URL.
Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
type: string
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data.
See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.
type: string
required:
- secretName
type: object
type: array
github:
description: Enables users to work with repositories hosted on
GitHub (github.com or GitHub Enterprise).
items:
description: GitHubService enables users to work with repositories
hosted on GitHub (GitHub.com or GitHub Enterprise).
properties:
endpoint:
description: |-
GitHub server endpoint URL.
Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
type: string
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
type: string
required:
- secretName
type: object
type: array
gitlab:
description: Enables users to work with repositories hosted on
GitLab (gitlab.com or self-hosted).
items:
description: GitLabService enables users to work with repositories
hosted on GitLab (gitlab.com or self-hosted).
properties:
endpoint:
description: |-
GitLab server endpoint URL.
Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
type: string
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
type: string
required:
- secretName
type: object
type: array
type: object
imagePuller:
description: Kubernetes Image Puller configuration
properties:
enable:
description: |-
Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided,
it will create a default KubernetesImagePuller object to be managed by the Operator.
When set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled,
regardless of whether a spec is provided.
If the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and
pre-pulled after installation.
Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported
for pulling commercially-supported images.
type: boolean
spec:
description: A KubernetesImagePullerSpec to configure the image
puller in the CheCluster
properties:
affinity:
type: string
cachingCPULimit:
type: string
cachingCPURequest:
type: string
cachingIntervalHours:
type: string
cachingMemoryLimit:
type: string
cachingMemoryRequest:
type: string
configMapName:
type: string
daemonsetName:
type: string
deploymentName:
type: string
imagePullSecrets:
type: string
imagePullerImage:
type: string
images:
type: string
nodeSelector:
type: string
type: object
required:
- enable
type: object
k8s:
description: Configuration settings specific to Che installations
made on upstream Kubernetes.
properties:
ingressClass:
description: |-
Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`.
NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses.
type: string
ingressDomain:
description: 'Global ingress domain for a Kubernetes cluster.
This MUST be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: |-
Deprecated. The value of this flag is ignored.
Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress),
`single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules).
Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section,
which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence.
type: string
securityContextFsGroup:
description: The FSGroup in which the Che Pod and workspace Pods
containers runs in. Default value is `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che Pod and workspace Pods containers
run as. Default value is `1724`.
type: string
singleHostExposureType:
description: |-
Deprecated. The value of this flag is ignored.
When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property.
The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s
or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik].
All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`.
type: string
tlsSecretName:
description: |-
Name of a secret that will be used to setup ingress TLS termination when TLS is enabled.
When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` the Che server endpoint. Default
to `true`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server,
the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: |-
Optional host name, or URL, to an alternate container registry to pull images from.
This value overrides the container registry host name defined in all the default container images involved in a Che deployment.
This is particularly useful to install Che in a restricted environment.
type: string
airGapContainerRegistryOrganization:
description: |-
Optional repository name of an alternate container registry to pull images from.
This value overrides the container registry organization defined in all the default container images involved in a Che deployment.
This is particularly useful to install Eclipse Che in a restricted environment.
type: string
allowAutoProvisionUserNamespace:
description: |-
Indicates if is allowed to automatically create a user namespace.
If it set to false, then user namespace must be pre-created by a cluster administrator.
type: boolean
allowUserDefinedWorkspaceNamespaces:
description: |-
Deprecated. The value of this flag is ignored.
Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default.
It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property.
type: boolean
cheClusterRoles:
description: |-
A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount.
Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label.
Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them.
type: string
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: |-
Deprecated. The value of this flag is ignored.
Specifies a variation of the installation. The options are `che` for upstream Che installations or
`devspaces` for Red Hat OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) installation
type: string
cheHost:
description: |-
Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator.
See the `cheHostTLSSecret` field.
type: string
cheHostTLSSecret:
description: |-
Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
See the `cheHost` field.
type: string
cheImage:
description: |-
Overrides the container image used in Che deployment. This does NOT include the container image tag.
Omit it or leave it empty to use the default container image provided by the Operator.
type: string
cheImagePullPolicy:
description: |-
Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases.
type: string
cheImageTag:
description: |-
Overrides the tag of the container image used in Che deployment.
Omit it or leave it empty to use the default image tag provided by the Operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`.
Defaults to `INFO`.'
type: string
cheServerEnv:
description: List of environment variables to set in the Che server
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: |-
Operator uses the domain to generate a hostname for a route.
In a conjunction with labels it creates a route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
cheWorkspaceClusterRole:
description: |-
Custom cluster role bound to the user for the Che workspaces.
The role must have `app.kubernetes.io/part-of=che.eclipse.org` label.
The default roles are used when omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: |-
Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server,
in addition to the values already generated from other fields of the `CheCluster` custom resource (CR).
When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields,
the value defined in the `customCheProperties` is used instead.
type: object
dashboardCpuLimit:
description: |-
Overrides the CPU limit used in the dashboard deployment.
In cores. (500m = .5 cores). Default to 500m.
type: string
dashboardCpuRequest:
description: |-
Overrides the CPU request used in the dashboard deployment.
In cores. (500m = .5 cores). Default to 100m.
type: string
dashboardEnv:
description: List of environment variables to set in the dashboard
container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
dashboardImage:
description: |-
Overrides the container image used in the dashboard deployment.
This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator.
type: string
dashboardImagePullPolicy:
description: |-
Overrides the image pull policy used in the dashboard deployment.
Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: |-
Deprecated. The value of this flag is ignored.
Dashboard ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard
deployment. Defaults to 256Mi.
type: string
dashboardMemoryRequest:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: |-
Deprecated. The value of this flag is ignored.
Dashboard route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: |-
Operator uses the domain to generate a hostname for a route.
In a conjunction with labels it creates a route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: |-
Overrides the CPU limit used in the devfile registry deployment.
In cores. (500m = .5 cores). Default to 500m.
type: string
devfileRegistryCpuRequest:
description: |-
Overrides the CPU request used in the devfile registry deployment.
In cores. (500m = .5 cores). Default to 100m.
type: string
devfileRegistryEnv:
description: List of environment variables to set in the plugin
registry container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
devfileRegistryImage:
description: |-
Overrides the container image used in the devfile registry deployment.
This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator.
type: string
devfileRegistryIngress:
description: |-
Deprecated. The value of this flag is ignored.
The devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the devfile
registry deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: |-
Overrides the image pull policy used in the devfile registry deployment.
Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryRoute:
description: |-
Deprecated. The value of this flag is ignored.
The devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: |-
Operator uses the domain to generate a hostname for a route.
In a conjunction with labels it creates a route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryUrl:
description: Deprecated in favor of `externalDevfileRegistries`
fields.
type: string
disableInternalClusterSVCNames:
description: |-
Deprecated. The value of this flag is ignored.
Disable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues.
type: boolean
externalDevfileRegistries:
description: |-
External devfile registries, that serves sample, ready-to-use devfiles.
Configure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`)
or instead of it (when `externalDevfileRegistry` is `true`)
items:
description: Settings for a configuration of the external devfile
registries.
properties:
url:
description: Public URL of the devfile registry.
type: string
type: object
type: array
externalDevfileRegistry:
description: |-
Instructs the Operator on whether to deploy a dedicated devfile registry server.
By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`,
no such dedicated server will be started by the Operator and configure at least one
devfile registry with `externalDevfileRegistries` field.
type: boolean
externalPluginRegistry:
description: |-
Instructs the Operator on whether to deploy a dedicated plugin registry server.
By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server
will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: |-
When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git.
Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: boolean
nonProxyHosts:
description: |-
List of hosts that will be reached directly, bypassing the proxy.
Specify wild card domain use the following form `.<DOMAIN>` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32`
Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required,
but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources.
See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.
type: string
openVSXRegistryURL:
description: Open VSX registry URL. If omitted an embedded instance
will be used.
type: string
pluginRegistryCpuLimit:
description: |-
Overrides the CPU limit used in the plugin registry deployment.
In cores. (500m = .5 cores). Default to 500m.
type: string
pluginRegistryCpuRequest:
description: |-
Overrides the CPU request used in the plugin registry deployment.
In cores. (500m = .5 cores). Default to 100m.
type: string
pluginRegistryEnv:
description: List of environment variables to set in the devfile
registry container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of the
exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its key
must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
pluginRegistryImage:
description: |-
Overrides the container image used in the plugin registry deployment.
This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator.
type: string
pluginRegistryIngress:
description: |-
Deprecated. The value of this flag is ignored.
Plugin registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the plugin registry
deployment. Defaults to 1536Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: |-
Overrides the image pull policy used in the plugin registry deployment.
Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryRoute:
description: |-
Deprecated. The value of this flag is ignored.
Plugin registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: |-
Operator uses the domain to generate a hostname for a route.
In a conjunction with labels it creates a route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
pluginRegistryUrl:
description: |-
Public URL of the plugin registry that serves sample ready-to-use devfiles.
Set this ONLY when a use of an external devfile registry is needed.
See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator.
type: string
proxyPassword:
description: |-
Password of the proxy server.
Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields.
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required. See also the `proxyURL` and `nonProxyHosts`
fields.
type: string
proxySecret:
description: |-
The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored.
The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
proxyURL:
description: |-
URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables
in the Che server and workspaces containers.
Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration
and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration
with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required. See also the `proxyURL`, `proxyPassword`
and `proxySecret` fields.
type: string
selfSignedCert:
description: |-
Deprecated. The value of this flag is ignored.
The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server.
type: boolean
serverCpuLimit:
description: |-
Overrides the CPU limit used in the Che server deployment
In cores. (500m = .5 cores). Default to 1.
type: string
serverCpuRequest:
description: |-
Overrides the CPU request used in the Che server deployment
In cores. (500m = .5 cores). Default to 100m.
type: string
serverExposureStrategy:
description: |-
Deprecated. The value of this flag is ignored.
Sets the server and workspaces exposure type.
Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint.
`single-host` makes Che exposed on a single host name with workspaces exposed on subpaths.
Read the docs to learn about the limitations of this approach.
Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes.
`default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach.
type: string
serverMemoryLimit:
description: Overrides the memory limit used in the Che server
deployment. Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
serverTrustStoreConfigMapName:
description: |-
Name of the ConfigMap with public certificates to add to Java trust store of the Che server.
This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert.
The Che server must be aware of its CA cert to be able to request it. This is disabled by default.
The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
singleHostGatewayConfigMapLabels:
additionalProperties:
type: string
description: The labels that need to be present in the ConfigMaps
representing the gateway configuration.
type: object
singleHostGatewayConfigSidecarImage:
description: The image used for the gateway sidecar that provides
configuration to the gateway. Omit it or leave it empty to use
the default container image provided by the Operator.
type: string
singleHostGatewayImage:
description: The image used for the gateway in the single host
mode. Omit it or leave it empty to use the default container
image provided by the Operator.
type: string
tlsSupport:
description: Deprecated. Instructs the Operator to deploy Che
in TLS mode. This is enabled by default. Disabling TLS sometimes
cause malfunction of some Che components.
type: boolean
useInternalClusterSVCNames:
description: Deprecated in favor of `disableInternalClusterSVCNames`.
type: boolean
workspaceDefaultComponents:
description: |-
Default components applied to DevWorkspaces.
These default components are meant to be used when a Devfile does not contain any components.
items:
properties:
attributes:
description: Map of implementation-dependant free-form YAML
attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
- Plugin
- Custom
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added to specific
resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to service
type: object
type: object
args:
description: |-
The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
command:
description: |-
The command to run in the dockerimage component instead of the default one provided in the image.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: |-
Specify if a container should run in its own separated pod,
instead of running as part of the main development environment pod.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
env:
description: |-
Environment variables used in this container.
The following variables are reserved and cannot be overridden via env:
- `$PROJECTS_ROOT`
- `$PROJECT_SOURCE`
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: |-
Toggles whether or not the project source code should
be mounted in the component.
Defaults to true for all component types except plugins and components that set `dedicatedPod` to true.
type: boolean
sourceMapping:
default: /projects
description: |-
Optional specification of the path in the container where
project sources should be transferred/mounted when `mountSources` is `true`.
When omitted, the default value of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should be mounted
is this container.
items:
description: Volume that should be mounted to a component
container
properties:
name:
description: |-
The volume mount name is the name of an existing `Volume` component.
If several containers mount the same volume name
then they will reuse the same volume and will be able to access to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: |-
The path in the component container where the volume should be mounted.
If not path is mentioned, default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
required:
- image
type: object
custom:
description: |-
Custom component whose logic is implementation-dependant
and should be provided by the user
possibly through some dedicated controller
properties:
componentClass:
description: |-
Class of component that the associated implementation controller
should use to process this command with the appropriate logic
type: string
embeddedResource:
description: |-
Additional free-form configuration for this custom component
that the implementation controller will know how to use
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
required:
- componentClass
- embeddedResource
type: object
image:
description: Allows specifying the definition of an image
for outer loop builds
properties:
autoBuild:
description: |-
Defines if the image should be built during startup.
Default value is `false`
type: boolean
dockerfile:
description: Allows specifying dockerfile type build
properties:
args:
description: The arguments to supply to the dockerfile
build.
items:
type: string
type: array
buildContext:
description: Path of source directory to establish
build context. Defaults to ${PROJECT_SOURCE} in
the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry source
properties:
id:
description: |-
Id in a devfile registry that contains a Dockerfile. The src in the OCI registry
required for the Dockerfile build will be downloaded for building the image.
type: string
registryUrl:
description: |-
Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.
To ensure the Dockerfile gets resolved consistently in different environments,
it is recommended to always specify the `devfileRegistryUrl` when `Id` is used.
type: string
required:
- id
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the project should
be checked out. Required if there are more
than one remote configured
properties:
remote:
description: The remote name should be used
as init. Required if there are more than
one remote configured
type: string
revision:
description: |-
The revision to checkout from. Should be branch name, tag or commit id.
Default branch is used if missing or specified revision is not found.
type: string
type: object
fileLocation:
description: |-
Location of the Dockerfile in the Git repository when using git as Dockerfile src.
Defaults to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: |-
The remotes map which should be initialized in the git project.
Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured.
type: object
required:
- remotes
type: object
rootRequired:
description: |-
Specify if a privileged builder pod is required.
Default value is `false`
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: |-
URI Reference of a Dockerfile.
It can be a full URL or a relative URI from the current devfile as the base URI.
type: string
type: object
imageName:
description: Name of the image for the resulting outerloop
build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
type: string
required:
- imageName
type: object
kubernetes:
description: |-
Allows importing into the devworkspace the Kubernetes resources
defined in a given manifest. For example this allows reusing the Kubernetes
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
name:
description: |-
Mandatory name that allows referencing the component
from other elements (such as commands) or from an external
devfile that may reference this component through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: |-
Allows importing into the devworkspace the OpenShift resources
defined in a given manifest. For example this allows reusing the OpenShift
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
plugin:
description: |-
Allows importing a plugin.
Plugins are mainly imported devfiles that contribute components, commands
and events as a consistent single unit. They are defined in either YAML files
following the devfile syntax,
or as `DevWorkspaceTemplate` Kubernetes Custom Resources
properties:
commands:
description: |-
Overrides of commands encapsulated in a parent devfile or a plugin.
Overriding is done according to K8S strategic merge patch standard rules.
items:
properties:
apply:
description: |-
Command that consists in applying a given component definition,
typically bound to a devworkspace event.
For example, when an `apply` command is bound to a `preStart` event,
and references a `container` component, it will start the container as a
K8S initContainer in the devworkspace POD, unless the component has its
`dedicatedPod` field set to `true`.
When no `apply` command exist for a given component,
it is assumed the component will be applied at devworkspace start
by default, unless `deployByDefault` for that component is set to false.
properties:
component:
description: Describes component that will
be applied
type: string
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: |-
Optional label that provides a label for this command
to be used in Editor UI menus for example
type: string
type: object
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
commandType:
description: Type of devworkspace command
enum:
- Exec
- Apply
- Composite
type: string
composite:
description: |-
Composite command that allows executing several sub-commands
either sequentially or concurrently
properties:
commands:
description: The commands that comprise this
composite command
items:
type: string
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: |-
Optional label that provides a label for this command
to be used in Editor UI menus for example
type: string
parallel:
description: Indicates if the sub-commands
should be executed concurrently
type: boolean
type: object
exec:
description: CLI Command executed in an existing
component container
properties:
commandLine:
description: |-
The actual command-line string
Special variables that can be used:
- `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.
- `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/<project-name>). If there are multiple projects, this will point to the directory of the first one.
type: string
component:
description: Describes component to which
given action relates
type: string
env:
description: |-
Optional list of environment variables that have to be set
before running the command
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
hotReloadCapable:
description: |-
Specify whether the command is restarted or not when the source code changes.
If set to `true` the command won't be restarted.
A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted.
A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again.
This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`.
Default value is `false`
type: boolean
label:
description: |-
Optional label that provides a label for this command
to be used in Editor UI menus for example
type: string
workingDir:
description: |-
Working directory where the command should be executed
Special variables that can be used:
- `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.
- `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/<project-name>). If there are multiple projects, this will point to the directory of the first one.
type: string
type: object
id:
description: |-
Mandatory identifier that allows referencing
this command in composite commands, from
a parent, or in events.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- id
type: object
type: array
components:
description: |-
Overrides of components encapsulated in a parent devfile or a plugin.
Overriding is done according to K8S strategic merge patch standard rules.
items:
properties:
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added
to specific resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to
deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to
service
type: object
type: object
args:
description: |-
The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
command:
description: |-
The command to run in the dockerimage component instead of the default one provided in the image.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: |-
Specify if a container should run in its own separated pod,
instead of running as part of the main development environment pod.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
type: object
type: array
env:
description: |-
Environment variables used in this container.
The following variables are reserved and cannot be overridden via env:
- `$PROJECTS_ROOT`
- `$PROJECT_SOURCE`
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: |-
Toggles whether or not the project source code should
be mounted in the component.
Defaults to true for all component types except plugins and components that set `dedicatedPod` to true.
type: boolean
sourceMapping:
description: |-
Optional specification of the path in the container where
project sources should be transferred/mounted when `mountSources` is `true`.
When omitted, the default value of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should
be mounted is this container.
items:
description: Volume that should be mounted
to a component container
properties:
name:
description: |-
The volume mount name is the name of an existing `Volume` component.
If several containers mount the same volume name
then they will reuse the same volume and will be able to access to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: |-
The path in the component container where the volume should be mounted.
If not path is mentioned, default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
type: object
image:
description: Allows specifying the definition
of an image for outer loop builds
properties:
autoBuild:
description: |-
Defines if the image should be built during startup.
Default value is `false`
type: boolean
dockerfile:
description: Allows specifying dockerfile
type build
properties:
args:
description: The arguments to supply to
the dockerfile build.
items:
type: string
type: array
buildContext:
description: Path of source directory
to establish build context. Defaults
to ${PROJECT_SOURCE} in the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry
source
properties:
id:
description: |-
Id in a devfile registry that contains a Dockerfile. The src in the OCI registry
required for the Dockerfile build will be downloaded for building the image.
type: string
registryUrl:
description: |-
Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.
To ensure the Dockerfile gets resolved consistently in different environments,
it is recommended to always specify the `devfileRegistryUrl` when `Id` is used.
type: string
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the
project should be checked out. Required
if there are more than one remote
configured
properties:
remote:
description: The remote name should
be used as init. Required if
there are more than one remote
configured
type: string
revision:
description: |-
The revision to checkout from. Should be branch name, tag or commit id.
Default branch is used if missing or specified revision is not found.
type: string
type: object
fileLocation:
description: |-
Location of the Dockerfile in the Git repository when using git as Dockerfile src.
Defaults to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: |-
The remotes map which should be initialized in the git project.
Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured.
type: object
type: object
rootRequired:
description: |-
Specify if a privileged builder pod is required.
Default value is `false`
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: |-
URI Reference of a Dockerfile.
It can be a full URL or a relative URI from the current devfile as the base URI.
type: string
type: object
imageName:
description: Name of the image for the resulting
outerloop build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
- AutoBuild
type: string
type: object
kubernetes:
description: |-
Allows importing into the devworkspace the Kubernetes resources
defined in a given manifest. For example this allows reusing the Kubernetes
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
name:
description: |-
Mandatory name that allows referencing the component
from other elements (such as commands) or from an external
devfile that may reference this component through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: |-
Allows importing into the devworkspace the OpenShift resources
defined in a given manifest. For example this allows reusing the OpenShift
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
volume:
description: |-
Allows specifying the definition of a volume
shared by several other components
properties:
ephemeral:
description: |-
Ephemeral volumes are not stored persistently across restarts. Defaults
to false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
id:
description: Id in a registry that contains a Devfile
yaml file
type: string
importReferenceType:
description: type of location from where the referenced
template structure should be retrieved
enum:
- Uri
- Id
- Kubernetes
type: string
kubernetes:
description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
registryUrl:
description: |-
Registry URL to pull the parent devfile from when using id in the parent reference.
To ensure the parent devfile gets resolved consistently in different environments,
it is recommended to always specify the `registryUrl` when `id` is used.
type: string
uri:
description: |-
URI Reference of a parent devfile YAML file.
It can be a full URL or a relative URI with the current devfile as the base URI.
type: string
version:
description: |-
Specific stack/sample version to pull the parent devfile from, when using id in the parent reference.
To specify `version`, `id` must be defined and used as the import reference source.
`version` can be either a specific stack version, or `latest`.
If no `version` specified, default version will be used.
pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$
type: string
type: object
volume:
description: |-
Allows specifying the definition of a volume
shared by several other components
properties:
ephemeral:
description: |-
Ephemeral volumes are not stored persistently across restarts. Defaults
to false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
workspaceDefaultEditor:
default: che-incubator/che-code/latest
description: |-
The default editor to workspace create with. It could be a plugin ID or a URI.
The plugin ID must have `publisher/plugin/version`.
The URI must start from `http`.
type: string
workspaceNamespaceDefault:
description: |-
Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it.
It's possible to use `<username>`, `<userid>` and `<workspaceid>` placeholders, such as che-workspace-<username>.
In that case, a new namespace will be created for each user or workspace.
type: string
workspacePodNodeSelector:
additionalProperties:
type: string
description: The node selector that limits the nodes that can
run the workspace pods.
type: object
workspacePodTolerations:
description: The pod tolerations put on the workspace pods to
limit where the workspace pods can run.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
workspacesDefaultPlugins:
description: Default plug-ins applied to Devworkspaces.
items:
properties:
editor:
description: The editor id to specify default plug-ins for.
type: string
plugins:
description: Default plug-in uris for the specified editor.
items:
type: string
type: array
type: object
type: array
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
perWorkspaceStrategyPVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. When omitted or left blank, a default
storage class is used.
type: string
perWorkspaceStrategyPvcClaimSize:
description: Size of the persistent volume claim for workspaces.
type: string
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the PostgreSQL database. When omitted or left blank, a default
storage class is used.
type: string
preCreateSubPaths:
description: |-
Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes.
Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `10Gi`.
type: string
pvcJobsImage:
description: |-
Overrides the container image used to create sub-paths in the Persistent Volumes.
This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: |-
Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume),
`per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. When omitted or left blank, a default
storage class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`.
type: string
cheURL:
description: Public URL to the Che server.
type: string
cheVersion:
description: Current installed Che version.
type: string
dbProvisioned:
description: Indicates that a PostgreSQL instance has been correctly
provisioned or not.
type: boolean
devfileRegistryURL:
description: Public URL to the devfile registry.
type: string
devworkspaceStatus:
description: The status of the Devworkspace subsystem
properties:
gatewayHost:
description: |-
GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec
on Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift.
type: string
gatewayPhase:
description: |-
GatewayPhase specifies the phase in which the gateway deployment currently is.
If the gateway is disabled, the phase is "Inactive".
type: string
message:
description: Message contains further human-readable info for
why the Che cluster is in the phase it currently is.
type: string
phase:
description: Phase is the phase in which the Che cluster as a
whole finds itself in.
type: string
reason:
description: A brief CamelCase message indicating details about
why the Che cluster is in this state.
type: string
workspaceBaseDomain:
description: |-
The resolved workspace base domain. This is either the copy of the explicitly defined property of the
same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically
resolved basedomain for routes.
type: string
type: object
gitHubOAuthProvisioned:
description: Indicates whether an Identity Provider instance, Keycloak
or RH-SSO, has been configured to integrate with the GitHub OAuth.
type: boolean
gitServerTLSCertificateConfigMapName:
description: The ConfigMap containing certificates to propagate to
the Che components and to provide particular configuration for Git.
type: string
helpLink:
description: A URL that points to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance, Keycloak
or RH-SSO, has been provisioned with realm, client and user.
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server, Keycloak
or RH-SSO,.
type: string
message:
description: A human readable message indicating details about why
the Pod is in this condition.
type: string
openShiftOAuthUserCredentialsSecret:
description: OpenShift OAuth secret in `openshift-config` namespace
that contains user credentials for HTPasswd identity provider.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance, Keycloak
or RH-SSO, has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the plugin registry.
type: string
reason:
description: A brief CamelCase message indicating details about why
the Pod is in this state.
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}
- name: v2
schema:
openAPIV3Schema:
description: |-
The `CheCluster` custom resource allows defining and managing Eclipse Che server installation.
Based on these settings, the Operator automatically creates and maintains several ConfigMaps:
`che`, `plugin-registry`, `devfile-registry` that will contain the appropriate environment variables
of the various components of the installation. These generated ConfigMaps must NOT be updated manually.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Desired configuration of Eclipse Che installation.
properties:
components:
default:
cheServer:
debug: false
logLevel: INFO
metrics:
enable: true
description: Che components configuration.
properties:
cheServer:
default:
debug: false
logLevel: INFO
description: General configuration settings related to the Che
server.
properties:
clusterRoles:
description: |-
Additional ClusterRoles assigned to Che ServiceAccount.
Each role must have a `app.kubernetes.io/part-of=che.eclipse.org` label.
The defaults roles are:
- `<che-namespace>-cheworkspaces-clusterrole`
- `<che-namespace>-cheworkspaces-namespaces-clusterrole`
- `<che-namespace>-cheworkspaces-devworkspace-clusterrole`
where the <che-namespace> is the namespace where the CheCluster CR is created.
The Che Operator must already have all permissions in these ClusterRoles to grant them.
items:
type: string
type: array
debug:
default: false
description: Enables the debug mode for Che server.
type: boolean
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
extraProperties:
additionalProperties:
type: string
description: |-
A map of additional environment variables applied in the generated `che` ConfigMap to be used by the Che server
in addition to the values already generated from other fields of the `CheCluster` custom resource (CR).
If the `extraProperties` field contains a property normally generated in `che` ConfigMap from other CR fields,
the value defined in the `extraProperties` is used instead.
type: object
logLevel:
default: INFO
description: 'The log level for the Che server: `INFO` or
`DEBUG`.'
type: string
proxy:
description: |-
Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster.
By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration.
properties:
credentialsSecretName:
description: |-
The secret name that contains `user` and `password` for a proxy server.
The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
nonProxyHosts:
description: |-
A list of hosts that can be reached directly, bypassing the proxy.
Specify wild card domain use the following form `.<DOMAIN>`, for example:
- localhost
- my.host.com
- 123.42.12.32
Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,
defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources.
See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.
items:
type: string
type: array
port:
description: Proxy server port.
type: string
url:
description: |-
URL (protocol+hostname) of the proxy server.
Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,
defining `url` in a custom resource leads to overriding the cluster proxy configuration.
See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.
type: string
type: object
type: object
dashboard:
description: Configuration settings related to the dashboard used
by the Che installation.
properties:
branding:
description: Dashboard branding resources.
properties:
logo:
description: Dashboard logo.
properties:
base64data:
type: string
mediatype:
type: string
required:
- base64data
- mediatype
type: object
type: object
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
headerMessage:
description: Dashboard header message.
properties:
show:
description: Instructs dashboard to show the message.
type: boolean
text:
description: Warning message displayed on the user dashboard.
type: string
type: object
logLevel:
default: ERROR
description: The log level for the Dashboard.
enum:
- DEBUG
- INFO
- WARN
- ERROR
- FATAL
- TRACE
- SILENT
type: string
type: object
devWorkspace:
description: DevWorkspace Operator configuration.
properties:
runningLimit:
description: |-
Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser`
The maximum number of running workspaces per user.
type: string
type: object
devfileRegistry:
description: Configuration settings related to the devfile registry
used by the Che installation.
properties:
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
disableInternalRegistry:
description: Disables internal devfile registry.
type: boolean
externalDevfileRegistries:
description: External devfile registries serving sample ready-to-use
devfiles.
items:
description: External devfile registries configuration.
properties:
url:
description: The public UR of the devfile registry that
serves sample ready-to-use devfiles.
type: string
type: object
type: array
type: object
imagePuller:
description: Kubernetes Image Puller configuration.
properties:
enable:
description: |-
Install and configure the community supported Kubernetes Image Puller Operator. When you set the value to `true` without providing any specs,
it creates a default Kubernetes Image Puller object managed by the Operator.
When you set the value to `false`, the Kubernetes Image Puller object is deleted, and the Operator uninstalled,
regardless of whether a spec is provided.
If you leave the `spec.images` field empty, a set of recommended workspace-related images is automatically detected and
pre-pulled after installation.
Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported
for pulling commercially-supported images.
type: boolean
spec:
description: A Kubernetes Image Puller spec to configure the
image puller in the CheCluster.
properties:
affinity:
type: string
cachingCPULimit:
type: string
cachingCPURequest:
type: string
cachingIntervalHours:
type: string
cachingMemoryLimit:
type: string
cachingMemoryRequest:
type: string
configMapName:
type: string
daemonsetName:
type: string
deploymentName:
type: string
imagePullSecrets:
type: string
imagePullerImage:
type: string
images:
type: string
nodeSelector:
type: string
type: object
type: object
metrics:
default:
enable: true
description: Che server metrics configuration.
properties:
enable:
default: true
description: Enables `metrics` for the Che server endpoint.
type: boolean
type: object
pluginRegistry:
description: Configuration settings related to the plug-in registry
used by the Che installation.
properties:
deployment:
description: Deployment override options.
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to set
in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's
value. Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in terms
of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to
select in the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required
for volumes, optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to
select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret
or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it
empty to use the default container image provided
by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is
`Always` for `nightly`, `next` or `latest` images,
and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount of
compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of
compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that applies
to all containers in a pod. The default value is
`1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of the
container process. The default value is `1724`.
format: int64
type: integer
type: object
type: object
disableInternalRegistry:
description: Disables internal plug-in registry.
type: boolean
externalPluginRegistries:
description: External plugin registries.
items:
description: External plug-in registries configuration.
properties:
url:
description: Public URL of the plug-in registry.
type: string
type: object
type: array
openVSXURL:
description: Open VSX registry URL. If omitted an embedded
instance will be used.
type: string
type: object
type: object
containerRegistry:
description: Configuration of an alternative registry that stores
Che images.
properties:
hostname:
description: |-
An optional hostname or URL of an alternative container registry to pull images from.
This value overrides the container registry hostname defined in all the default container images involved in a Che deployment.
This is particularly useful for installing Che in a restricted environment.
type: string
organization:
description: |-
An optional repository name of an alternative registry to pull images from.
This value overrides the container registry organization defined in all the default container images involved in a Che deployment.
This is particularly useful for installing Eclipse Che in a restricted environment.
type: string
type: object
devEnvironments:
default:
defaultNamespace:
autoProvision: true
template: <username>-che
maxNumberOfWorkspacesPerUser: -1
secondsOfInactivityBeforeIdling: 1800
secondsOfRunBeforeIdling: -1
startTimeoutSeconds: 300
storage:
pvcStrategy: per-user
description: Development environment default configuration options.
properties:
containerBuildConfiguration:
description: Container build configuration.
properties:
openShiftSecurityContextConstraint:
default: container-build
description: OpenShift security context constraint to build
containers.
type: string
type: object
defaultComponents:
description: |-
Default components applied to DevWorkspaces.
These default components are meant to be used when a Devfile, that does not contain any components.
items:
properties:
attributes:
description: Map of implementation-dependant free-form YAML
attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
- Plugin
- Custom
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added to specific
resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to service
type: object
type: object
args:
description: |-
The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
command:
description: |-
The command to run in the dockerimage component instead of the default one provided in the image.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: |-
Specify if a container should run in its own separated pod,
instead of running as part of the main development environment pod.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
env:
description: |-
Environment variables used in this container.
The following variables are reserved and cannot be overridden via env:
- `$PROJECTS_ROOT`
- `$PROJECT_SOURCE`
items:
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: |-
Toggles whether or not the project source code should
be mounted in the component.
Defaults to true for all component types except plugins and components that set `dedicatedPod` to true.
type: boolean
sourceMapping:
default: /projects
description: |-
Optional specification of the path in the container where
project sources should be transferred/mounted when `mountSources` is `true`.
When omitted, the default value of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should be mounted
is this container.
items:
description: Volume that should be mounted to a component
container
properties:
name:
description: |-
The volume mount name is the name of an existing `Volume` component.
If several containers mount the same volume name
then they will reuse the same volume and will be able to access to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: |-
The path in the component container where the volume should be mounted.
If not path is mentioned, default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
required:
- image
type: object
custom:
description: |-
Custom component whose logic is implementation-dependant
and should be provided by the user
possibly through some dedicated controller
properties:
componentClass:
description: |-
Class of component that the associated implementation controller
should use to process this command with the appropriate logic
type: string
embeddedResource:
description: |-
Additional free-form configuration for this custom component
that the implementation controller will know how to use
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
required:
- componentClass
- embeddedResource
type: object
image:
description: Allows specifying the definition of an image
for outer loop builds
properties:
autoBuild:
description: |-
Defines if the image should be built during startup.
Default value is `false`
type: boolean
dockerfile:
description: Allows specifying dockerfile type build
properties:
args:
description: The arguments to supply to the dockerfile
build.
items:
type: string
type: array
buildContext:
description: Path of source directory to establish
build context. Defaults to ${PROJECT_SOURCE} in
the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry source
properties:
id:
description: |-
Id in a devfile registry that contains a Dockerfile. The src in the OCI registry
required for the Dockerfile build will be downloaded for building the image.
type: string
registryUrl:
description: |-
Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.
To ensure the Dockerfile gets resolved consistently in different environments,
it is recommended to always specify the `devfileRegistryUrl` when `Id` is used.
type: string
required:
- id
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the project should
be checked out. Required if there are more
than one remote configured
properties:
remote:
description: The remote name should be used
as init. Required if there are more than
one remote configured
type: string
revision:
description: |-
The revision to checkout from. Should be branch name, tag or commit id.
Default branch is used if missing or specified revision is not found.
type: string
type: object
fileLocation:
description: |-
Location of the Dockerfile in the Git repository when using git as Dockerfile src.
Defaults to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: |-
The remotes map which should be initialized in the git project.
Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured.
type: object
required:
- remotes
type: object
rootRequired:
description: |-
Specify if a privileged builder pod is required.
Default value is `false`
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: |-
URI Reference of a Dockerfile.
It can be a full URL or a relative URI from the current devfile as the base URI.
type: string
type: object
imageName:
description: Name of the image for the resulting outerloop
build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
type: string
required:
- imageName
type: object
kubernetes:
description: |-
Allows importing into the devworkspace the Kubernetes resources
defined in a given manifest. For example this allows reusing the Kubernetes
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
name:
description: |-
Mandatory name that allows referencing the component
from other elements (such as commands) or from an external
devfile that may reference this component through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: |-
Allows importing into the devworkspace the OpenShift resources
defined in a given manifest. For example this allows reusing the OpenShift
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added to Kubernetes
Ingress or Openshift Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
default: public
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
default: http
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
- targetPort
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from a uri.
type: string
type: object
plugin:
description: |-
Allows importing a plugin.
Plugins are mainly imported devfiles that contribute components, commands
and events as a consistent single unit. They are defined in either YAML files
following the devfile syntax,
or as `DevWorkspaceTemplate` Kubernetes Custom Resources
properties:
commands:
description: |-
Overrides of commands encapsulated in a parent devfile or a plugin.
Overriding is done according to K8S strategic merge patch standard rules.
items:
properties:
apply:
description: |-
Command that consists in applying a given component definition,
typically bound to a devworkspace event.
For example, when an `apply` command is bound to a `preStart` event,
and references a `container` component, it will start the container as a
K8S initContainer in the devworkspace POD, unless the component has its
`dedicatedPod` field set to `true`.
When no `apply` command exist for a given component,
it is assumed the component will be applied at devworkspace start
by default, unless `deployByDefault` for that component is set to false.
properties:
component:
description: Describes component that will
be applied
type: string
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: |-
Optional label that provides a label for this command
to be used in Editor UI menus for example
type: string
type: object
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
commandType:
description: Type of devworkspace command
enum:
- Exec
- Apply
- Composite
type: string
composite:
description: |-
Composite command that allows executing several sub-commands
either sequentially or concurrently
properties:
commands:
description: The commands that comprise this
composite command
items:
type: string
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
label:
description: |-
Optional label that provides a label for this command
to be used in Editor UI menus for example
type: string
parallel:
description: Indicates if the sub-commands
should be executed concurrently
type: boolean
type: object
exec:
description: CLI Command executed in an existing
component container
properties:
commandLine:
description: |-
The actual command-line string
Special variables that can be used:
- `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.
- `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/<project-name>). If there are multiple projects, this will point to the directory of the first one.
type: string
component:
description: Describes component to which
given action relates
type: string
env:
description: |-
Optional list of environment variables that have to be set
before running the command
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
group:
description: Defines the group this command
is part of
properties:
isDefault:
description: Identifies the default command
for a given group kind
type: boolean
kind:
description: Kind of group the command
is part of
enum:
- build
- run
- test
- debug
- deploy
type: string
type: object
hotReloadCapable:
description: |-
Specify whether the command is restarted or not when the source code changes.
If set to `true` the command won't be restarted.
A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted.
A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again.
This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`.
Default value is `false`
type: boolean
label:
description: |-
Optional label that provides a label for this command
to be used in Editor UI menus for example
type: string
workingDir:
description: |-
Working directory where the command should be executed
Special variables that can be used:
- `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping.
- `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/<project-name>). If there are multiple projects, this will point to the directory of the first one.
type: string
type: object
id:
description: |-
Mandatory identifier that allows referencing
this command in composite commands, from
a parent, or in events.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
required:
- id
type: object
type: array
components:
description: |-
Overrides of components encapsulated in a parent devfile or a plugin.
Overriding is done according to K8S strategic merge patch standard rules.
items:
properties:
attributes:
description: Map of implementation-dependant free-form
YAML attributes.
type: object
x-kubernetes-preserve-unknown-fields: true
componentType:
description: Type of component
enum:
- Container
- Kubernetes
- Openshift
- Volume
- Image
type: string
container:
description: Allows adding and configuring devworkspace-related
containers
properties:
annotation:
description: Annotations that should be added
to specific resources for this container
properties:
deployment:
additionalProperties:
type: string
description: Annotations to be added to
deployment
type: object
service:
additionalProperties:
type: string
description: Annotations to be added to
service
type: object
type: object
args:
description: |-
The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
command:
description: |-
The command to run in the dockerimage component instead of the default one provided in the image.
Defaults to an empty array, meaning use whatever is defined in the image.
items:
type: string
type: array
cpuLimit:
type: string
cpuRequest:
type: string
dedicatedPod:
description: |-
Specify if a container should run in its own separated pod,
instead of running as part of the main development environment pod.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
type: object
type: array
env:
description: |-
Environment variables used in this container.
The following variables are reserved and cannot be overridden via env:
- `$PROJECTS_ROOT`
- `$PROJECT_SOURCE`
items:
properties:
name:
type: string
value:
type: string
required:
- name
type: object
type: array
image:
type: string
memoryLimit:
type: string
memoryRequest:
type: string
mountSources:
description: |-
Toggles whether or not the project source code should
be mounted in the component.
Defaults to true for all component types except plugins and components that set `dedicatedPod` to true.
type: boolean
sourceMapping:
description: |-
Optional specification of the path in the container where
project sources should be transferred/mounted when `mountSources` is `true`.
When omitted, the default value of /projects is used.
type: string
volumeMounts:
description: List of volumes mounts that should
be mounted is this container.
items:
description: Volume that should be mounted
to a component container
properties:
name:
description: |-
The volume mount name is the name of an existing `Volume` component.
If several containers mount the same volume name
then they will reuse the same volume and will be able to access to the same files.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: |-
The path in the component container where the volume should be mounted.
If not path is mentioned, default path is the is `/<name>`.
type: string
required:
- name
type: object
type: array
type: object
image:
description: Allows specifying the definition
of an image for outer loop builds
properties:
autoBuild:
description: |-
Defines if the image should be built during startup.
Default value is `false`
type: boolean
dockerfile:
description: Allows specifying dockerfile
type build
properties:
args:
description: The arguments to supply to
the dockerfile build.
items:
type: string
type: array
buildContext:
description: Path of source directory
to establish build context. Defaults
to ${PROJECT_SOURCE} in the container
type: string
devfileRegistry:
description: Dockerfile's Devfile Registry
source
properties:
id:
description: |-
Id in a devfile registry that contains a Dockerfile. The src in the OCI registry
required for the Dockerfile build will be downloaded for building the image.
type: string
registryUrl:
description: |-
Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src.
To ensure the Dockerfile gets resolved consistently in different environments,
it is recommended to always specify the `devfileRegistryUrl` when `Id` is used.
type: string
type: object
git:
description: Dockerfile's Git source
properties:
checkoutFrom:
description: Defines from what the
project should be checked out. Required
if there are more than one remote
configured
properties:
remote:
description: The remote name should
be used as init. Required if
there are more than one remote
configured
type: string
revision:
description: |-
The revision to checkout from. Should be branch name, tag or commit id.
Default branch is used if missing or specified revision is not found.
type: string
type: object
fileLocation:
description: |-
Location of the Dockerfile in the Git repository when using git as Dockerfile src.
Defaults to Dockerfile.
type: string
remotes:
additionalProperties:
type: string
description: |-
The remotes map which should be initialized in the git project.
Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured.
type: object
type: object
rootRequired:
description: |-
Specify if a privileged builder pod is required.
Default value is `false`
type: boolean
srcType:
description: Type of Dockerfile src
enum:
- Uri
- DevfileRegistry
- Git
type: string
uri:
description: |-
URI Reference of a Dockerfile.
It can be a full URL or a relative URI from the current devfile as the base URI.
type: string
type: object
imageName:
description: Name of the image for the resulting
outerloop build
type: string
imageType:
description: Type of image
enum:
- Dockerfile
- AutoBuild
type: string
type: object
kubernetes:
description: |-
Allows importing into the devworkspace the Kubernetes resources
defined in a given manifest. For example this allows reusing the Kubernetes
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
name:
description: |-
Mandatory name that allows referencing the component
from other elements (such as commands) or from an external
devfile that may reference this component through a parent or a plugin.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
openshift:
description: |-
Allows importing into the devworkspace the OpenShift resources
defined in a given manifest. For example this allows reusing the OpenShift
definitions used to deploy some runtime components in production.
properties:
deployByDefault:
description: |-
Defines if the component should be deployed during startup.
Default value is `false`
type: boolean
endpoints:
items:
properties:
annotation:
additionalProperties:
type: string
description: Annotations to be added
to Kubernetes Ingress or Openshift
Route
type: object
attributes:
description: |-
Map of implementation-dependant string-based free-form attributes.
Examples of Che-specific attributes:
- cookiesAuthEnabled: "true" / "false",
- type: "terminal" / "ide" / "ide-dev",
type: object
x-kubernetes-preserve-unknown-fields: true
exposure:
description: |-
Describes how the endpoint should be exposed on the network.
- `public` means that the endpoint will be exposed on the public network, typically through
a K8S ingress or an OpenShift route.
- `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD,
typically by K8S services, to be consumed by other elements running
on the same cloud internal network.
- `none` means that the endpoint will not be exposed and will only be accessible
inside the main devworkspace POD, on a local address.
Default value is `public`
enum:
- public
- internal
- none
type: string
name:
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
path:
description: Path of the endpoint URL
type: string
protocol:
description: |-
Describes the application and transport protocols of the traffic that will go through this endpoint.
- `http`: Endpoint will have `http` traffic, typically on a TCP connection.
It will be automaticaly promoted to `https` when the `secure` field is set to `true`.
- `https`: Endpoint will have `https` traffic, typically on a TCP connection.
- `ws`: Endpoint will have `ws` traffic, typically on a TCP connection.
It will be automaticaly promoted to `wss` when the `secure` field is set to `true`.
- `wss`: Endpoint will have `wss` traffic, typically on a TCP connection.
- `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol.
- `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol.
Default value is `http`
enum:
- http
- https
- ws
- wss
- tcp
- udp
type: string
secure:
description: |-
Describes whether the endpoint should be secured and protected by some
authentication process. This requires a protocol of `https` or `wss`.
type: boolean
targetPort:
description: |-
Port number to be used within the container component. The same port cannot
be used by two different container components.
type: integer
required:
- name
type: object
type: array
inlined:
description: Inlined manifest
type: string
locationType:
description: Type of Kubernetes-like location
enum:
- Uri
- Inlined
type: string
uri:
description: Location in a file fetched from
a uri.
type: string
type: object
volume:
description: |-
Allows specifying the definition of a volume
shared by several other components
properties:
ephemeral:
description: |-
Ephemeral volumes are not stored persistently across restarts. Defaults
to false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
id:
description: Id in a registry that contains a Devfile
yaml file
type: string
importReferenceType:
description: type of location from where the referenced
template structure should be retrieved
enum:
- Uri
- Id
- Kubernetes
type: string
kubernetes:
description: Reference to a Kubernetes CRD of type DevWorkspaceTemplate
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
registryUrl:
description: |-
Registry URL to pull the parent devfile from when using id in the parent reference.
To ensure the parent devfile gets resolved consistently in different environments,
it is recommended to always specify the `registryUrl` when `id` is used.
type: string
uri:
description: |-
URI Reference of a parent devfile YAML file.
It can be a full URL or a relative URI with the current devfile as the base URI.
type: string
version:
description: |-
Specific stack/sample version to pull the parent devfile from, when using id in the parent reference.
To specify `version`, `id` must be defined and used as the import reference source.
`version` can be either a specific stack version, or `latest`.
If no `version` specified, default version will be used.
pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$
type: string
type: object
volume:
description: |-
Allows specifying the definition of a volume
shared by several other components
properties:
ephemeral:
description: |-
Ephemeral volumes are not stored persistently across restarts. Defaults
to false
type: boolean
size:
description: Size of the volume
type: string
type: object
required:
- name
type: object
type: array
defaultEditor:
description: |-
The default editor to workspace create with. It could be a plugin ID or a URI.
The plugin ID must have `publisher/name/version` format.
The URI must start from `http://` or `https://`.
type: string
defaultNamespace:
default:
autoProvision: true
template: <username>-che
description: User's default namespace.
properties:
autoProvision:
default: true
description: |-
Indicates if is allowed to automatically create a user namespace.
If it set to false, then user namespace must be pre-created by a cluster administrator.
type: boolean
template:
default: <username>-che
description: |-
If you don't create the user namespaces in advance, this field defines the Kubernetes namespace created when you start your first workspace.
You can use `<username>` and `<userid>` placeholders, such as che-workspace-<username>.
pattern: <username>|<userid>
type: string
type: object
defaultPlugins:
description: Default plug-ins applied to DevWorkspaces.
items:
properties:
editor:
description: |-
The editor ID to specify default plug-ins for.
The plugin ID must have `publisher/name/version` format.
type: string
plugins:
description: Default plug-in URIs for the specified editor.
items:
type: string
type: array
type: object
type: array
deploymentStrategy:
description: |-
DeploymentStrategy defines the deployment strategy to use to replace existing workspace pods
with new ones. The available deployment stragies are `Recreate` and `RollingUpdate`.
With the `Recreate` deployment strategy, the existing workspace pod is killed before the new one is created.
With the `RollingUpdate` deployment strategy, a new workspace pod is created and the existing workspace pod is deleted
only when the new workspace pod is in a ready state.
If not specified, the default `Recreate` deployment strategy is used.
enum:
- Recreate
- RollingUpdate
type: string
disableContainerBuildCapabilities:
description: |-
Disables the container build capabilities.
When set to `false` (the default value), the devEnvironments.security.containerSecurityContext
field is ignored, and the following container SecurityContext is applied:
containerSecurityContext:
allowPrivilegeEscalation: true
capabilities:
add:
- SETGID
- SETUID
type: boolean
gatewayContainer:
description: GatewayContainer configuration.
properties:
env:
description: List of environment variables to set in the container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must
be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it empty to
use the default container image provided by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is `Always`
for `nightly`, `next` or `latest` images, and `IfNotPresent`
in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this container.
properties:
limits:
description: Describes the maximum amount of compute resources
allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of compute resources
required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
imagePullPolicy:
description: ImagePullPolicy defines the imagePullPolicy used
for containers in a DevWorkspace.
enum:
- Always
- IfNotPresent
- Never
type: string
maxNumberOfRunningWorkspacesPerUser:
description: |-
The maximum number of running workspaces per user.
The value, -1, allows users to run an unlimited number of workspaces.
format: int64
minimum: -1
type: integer
maxNumberOfWorkspacesPerUser:
default: -1
description: |-
Total number of workspaces, both stopped and running, that a user can keep.
The value, -1, allows users to keep an unlimited number of workspaces.
format: int64
minimum: -1
type: integer
nodeSelector:
additionalProperties:
type: string
description: The node selector limits the nodes that can run the
workspace pods.
type: object
persistUserHome:
description: |-
PersistUserHome defines configuration options for persisting the
user home directory in workspaces.
properties:
enabled:
description: |-
Determines whether the user home directory in workspaces should persist between
workspace shutdown and startup.
Must be used with the 'per-user' or 'per-workspace' PVC strategy in order to take effect.
Disabled by default.
type: boolean
type: object
podSchedulerName:
description: |-
Pod scheduler for the workspace pods.
If not specified, the pod scheduler is set to the default scheduler on the cluster.
type: string
projectCloneContainer:
description: Project clone container configuration.
properties:
env:
description: List of environment variables to set in the container.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must
be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the ConfigMap or
its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field to select in
the specified API version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output format of
the exposed resources, defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
properties:
key:
description: The key of the secret to select
from. Must be a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the Secret or its
key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave it empty to
use the default container image provided by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value is `Always`
for `nightly`, `next` or `latest` images, and `IfNotPresent`
in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this container.
properties:
limits:
description: Describes the maximum amount of compute resources
allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount of compute resources
required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
secondsOfInactivityBeforeIdling:
default: 1800
description: |-
Idle timeout for workspaces in seconds.
This timeout is the duration after which a workspace will be idled if there is no activity.
To disable workspace idling due to inactivity, set this value to -1.
format: int32
type: integer
secondsOfRunBeforeIdling:
default: -1
description: |-
Run timeout for workspaces in seconds.
This timeout is the maximum duration a workspace runs.
To disable workspace run timeout, set this value to -1.
format: int32
type: integer
security:
description: Workspace security configuration.
properties:
containerSecurityContext:
description: |-
Container SecurityContext used by all workspace-related containers.
If set, defined values are merged into the default Container SecurityContext configuration.
Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect.
properties:
allowPrivilegeEscalation:
description: |-
AllowPrivilegeEscalation controls whether a process can gain more
privileges than its parent process. This bool directly controls if
the no_new_privs flag will be set on the container process.
AllowPrivilegeEscalation is true always when the container is:
1) run as Privileged
2) has CAP_SYS_ADMIN
Note that this field cannot be set when spec.os.name is windows.
type: boolean
capabilities:
description: |-
The capabilities to add/drop when running containers.
Defaults to the default set of capabilities granted by the container runtime.
Note that this field cannot be set when spec.os.name is windows.
properties:
add:
description: Added capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
drop:
description: Removed capabilities
items:
description: Capability represent POSIX capabilities
type
type: string
type: array
type: object
privileged:
description: |-
Run container in privileged mode.
Processes in privileged containers are essentially equivalent to root on the host.
Defaults to false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
procMount:
description: |-
procMount denotes the type of proc mount to use for the containers.
The default is DefaultProcMount which uses the container runtime defaults for
readonly paths and masked paths.
This requires the ProcMountType feature flag to be enabled.
Note that this field cannot be set when spec.os.name is windows.
type: string
readOnlyRootFilesystem:
description: |-
Whether this container has a read-only root filesystem.
Default is false.
Note that this field cannot be set when spec.os.name is windows.
type: boolean
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: |-
The SELinux context to be applied to the container.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: |-
The seccomp options to use by this container. If seccomp options are
provided at both the pod & container level, the container options
override the pod options.
Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must only be set if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
windowsOptions:
description: |-
The Windows specific settings applied to all containers.
If unspecified, the options from the PodSecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: |-
GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
hostProcess:
description: |-
HostProcess determines if a container should be run as a 'Host Process' container.
This field is alpha-level and will only be honored by components that enable the
WindowsHostProcessContainers feature flag. Setting this field without the feature
flag will result in errors when validating the Pod. All of a Pod's containers must
have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
containers and non-HostProcess containers). In addition, if HostProcess is true
then HostNetwork must also be set to true.
type: boolean
runAsUserName:
description: |-
The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
podSecurityContext:
description: |-
PodSecurityContext used by all workspace-related pods.
If set, defined values are merged into the default PodSecurityContext configuration.
properties:
fsGroup:
description: |-
A special supplemental group that applies to all containers in a pod.
Some volume types allow the Kubelet to change the ownership of that volume
to be owned by the pod:
1. The owning GID will be the FSGroup
2. The setgid bit is set (new files created in the volume will be owned by FSGroup)
If unset, the Kubelet will not modify the ownership and permissions of any volume.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
fsGroupChangePolicy:
description: |-
fsGroupChangePolicy defines behavior of changing ownership and permission of the volume
before being exposed inside Pod. This field will only apply to
volume types which support fsGroup based ownership(and permissions).
It will have no effect on ephemeral volume types such as: secret, configmaps
and emptydir.
Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.
Note that this field cannot be set when spec.os.name is windows.
type: string
runAsGroup:
description: |-
The GID to run the entrypoint of the container process.
Uses runtime default if unset.
May also be set in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence
for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
runAsNonRoot:
description: |-
Indicates that the container must run as a non-root user.
If true, the Kubelet will validate the image at runtime to ensure that it
does not run as UID 0 (root) and fail to start the container if it does.
If unset or false, no such validation will be performed.
May also be set in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: boolean
runAsUser:
description: |-
The UID to run the entrypoint of the container process.
Defaults to user specified in image metadata if unspecified.
May also be set in SecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence
for that container.
Note that this field cannot be set when spec.os.name is windows.
format: int64
type: integer
seLinuxOptions:
description: |-
The SELinux context to be applied to all containers.
If unspecified, the container runtime will allocate a random SELinux context for each
container. May also be set in SecurityContext. If set in
both SecurityContext and PodSecurityContext, the value specified in SecurityContext
takes precedence for that container.
Note that this field cannot be set when spec.os.name is windows.
properties:
level:
description: Level is SELinux level label that applies
to the container.
type: string
role:
description: Role is a SELinux role label that applies
to the container.
type: string
type:
description: Type is a SELinux type label that applies
to the container.
type: string
user:
description: User is a SELinux user label that applies
to the container.
type: string
type: object
seccompProfile:
description: |-
The seccomp options to use by the containers in this pod.
Note that this field cannot be set when spec.os.name is windows.
properties:
localhostProfile:
description: |-
localhostProfile indicates a profile defined in a file on the node should be used.
The profile must be preconfigured on the node to work.
Must be a descending path, relative to the kubelet's configured seccomp profile location.
Must only be set if type is "Localhost".
type: string
type:
description: |-
type indicates which kind of seccomp profile will be applied.
Valid options are:
Localhost - a profile defined in a file on the node should be used.
RuntimeDefault - the container runtime default profile should be used.
Unconfined - no profile should be applied.
type: string
required:
- type
type: object
supplementalGroups:
description: |-
A list of groups applied to the first process run in each container, in addition
to the container's primary GID, the fsGroup (if specified), and group memberships
defined in the container image for the uid of the container process. If unspecified,
no additional groups are added to any container. Note that group memberships
defined in the container image for the uid of the container process are still effective,
even if they are not included in this list.
Note that this field cannot be set when spec.os.name is windows.
items:
format: int64
type: integer
type: array
sysctls:
description: |-
Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported
sysctls (by the container runtime) might fail to launch.
Note that this field cannot be set when spec.os.name is windows.
items:
description: Sysctl defines a kernel parameter to be
set
properties:
name:
description: Name of a property to set
type: string
value:
description: Value of a property to set
type: string
required:
- name
- value
type: object
type: array
windowsOptions:
description: |-
The Windows specific settings applied to all containers.
If unspecified, the options within a container's SecurityContext will be used.
If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.
Note that this field cannot be set when spec.os.name is linux.
properties:
gmsaCredentialSpec:
description: |-
GMSACredentialSpec is where the GMSA admission webhook
(https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the
GMSA credential spec named by the GMSACredentialSpecName field.
type: string
gmsaCredentialSpecName:
description: GMSACredentialSpecName is the name of
the GMSA credential spec to use.
type: string
hostProcess:
description: |-
HostProcess determines if a container should be run as a 'Host Process' container.
This field is alpha-level and will only be honored by components that enable the
WindowsHostProcessContainers feature flag. Setting this field without the feature
flag will result in errors when validating the Pod. All of a Pod's containers must
have the same effective HostProcess value (it is not allowed to have a mix of HostProcess
containers and non-HostProcess containers). In addition, if HostProcess is true
then HostNetwork must also be set to true.
type: boolean
runAsUserName:
description: |-
The UserName in Windows to run the entrypoint of the container process.
Defaults to the user specified in image metadata if unspecified.
May also be set in PodSecurityContext. If set in both SecurityContext and
PodSecurityContext, the value specified in SecurityContext takes precedence.
type: string
type: object
type: object
type: object
serviceAccount:
description: ServiceAccount to use by the DevWorkspace operator
when starting the workspaces.
maxLength: 63
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
serviceAccountTokens:
description: List of ServiceAccount tokens that will be mounted
into workspace pods as projected volumes.
items:
properties:
audience:
description: |-
Audience is the intended audience of the token. A recipient of a token
must identify itself with an identifier specified in the audience of the
token, and otherwise should reject the token. The audience defaults to the
identifier of the apiserver.
type: string
expirationSeconds:
default: 3600
description: |-
ExpirationSeconds is the requested duration of validity of the service
account token. As the token approaches expiration, the kubelet volume
plugin will proactively rotate the service account token. The kubelet will
start trying to rotate the token if the token is older than 80 percent of
its time to live or if the token is older than 24 hours. Defaults to 1 hour
and must be at least 10 minutes.
format: int64
minimum: 600
type: integer
mountPath:
description: |-
Path within the workspace container at which the token should be mounted. Must
not contain ':'.
type: string
name:
description: |-
Identifiable name of the ServiceAccount token.
If multiple ServiceAccount tokens use the same mount path, a generic name will be used
for the projected volume instead.
type: string
path:
description: |-
Path is the path relative to the mount point of the file to project the
token into.
type: string
required:
- mountPath
- name
- path
type: object
type: array
startTimeoutSeconds:
default: 300
description: |-
StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start
before it is automatically failed.
If not specified, the default value of 300 seconds (5 minutes) is used.
format: int32
minimum: 1
type: integer
storage:
default:
pvcStrategy: per-user
description: Workspaces persistent storage.
properties:
perUserStrategyPvcConfig:
description: PVC settings when using the `per-user` PVC strategy.
properties:
claimSize:
description: Persistent Volume Claim size. To update the
claim size, the storage class that provisions it must
support resizing.
type: string
storageClass:
description: Storage class for the Persistent Volume Claim.
When omitted or left blank, a default storage class
is used.
type: string
type: object
perWorkspaceStrategyPvcConfig:
description: PVC settings when using the `per-workspace` PVC
strategy.
properties:
claimSize:
description: Persistent Volume Claim size. To update the
claim size, the storage class that provisions it must
support resizing.
type: string
storageClass:
description: Storage class for the Persistent Volume Claim.
When omitted or left blank, a default storage class
is used.
type: string
type: object
pvcStrategy:
default: per-user
description: |-
Persistent volume claim strategy for the Che server.
The supported strategies are: `per-user` (all workspaces PVCs in one volume),
`per-workspace` (each workspace is given its own individual PVC)
and `ephemeral` (non-persistent storage where local changes will be lost when
the workspace is stopped.)
enum:
- common
- per-user
- per-workspace
- ephemeral
type: string
type: object
tolerations:
description: The pod tolerations of the workspace pods limit where
the workspace pods can run.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
trustedCerts:
description: Trusted certificate settings.
properties:
gitTrustedCertsConfigMapName:
description: |-
The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/
The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
type: object
user:
description: User configuration.
properties:
clusterRoles:
description: |-
Additional ClusterRoles assigned to the user.
The role must have `app.kubernetes.io/part-of=che.eclipse.org` label.
items:
type: string
type: array
type: object
type: object
gitServices:
description: A configuration that allows users to work with remote
Git repositories.
properties:
azure:
description: Enables users to work with repositories hosted on
Azure DevOps Service (dev.azure.com).
items:
description: AzureDevOpsService enables users to work with repositories
hosted on Azure DevOps Service (dev.azure.com).
properties:
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded Azure DevOps Service Application ID and Client Secret.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services
type: string
required:
- secretName
type: object
type: array
bitbucket:
description: Enables users to work with repositories hosted on
Bitbucket (bitbucket.org or self-hosted).
items:
description: BitBucketService enables users to work with repositories
hosted on Bitbucket (bitbucket.org or self-hosted).
properties:
endpoint:
description: |-
Bitbucket server endpoint URL.
Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.
type: string
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data.
See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/
and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.
type: string
required:
- secretName
type: object
type: array
github:
description: Enables users to work with repositories hosted on
GitHub (github.com or GitHub Enterprise).
items:
description: GitHubService enables users to work with repositories
hosted on GitHub (GitHub.com or GitHub Enterprise).
properties:
disableSubdomainIsolation:
description: |-
Disables subdomain isolation.
Deprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
type: boolean
endpoint:
description: |-
GitHub server endpoint URL.
Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
type: string
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret.
See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.
type: string
required:
- secretName
type: object
type: array
gitlab:
description: Enables users to work with repositories hosted on
GitLab (gitlab.com or self-hosted).
items:
description: GitLabService enables users to work with repositories
hosted on GitLab (gitlab.com or self-hosted).
properties:
endpoint:
description: |-
GitLab server endpoint URL.
Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
type: string
secretName:
description: |-
Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret.
See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.
type: string
required:
- secretName
type: object
type: array
type: object
networking:
default:
auth:
gateway:
configLabels:
app: che
component: che-gateway-config
description: Networking, Che authentication, and TLS configuration.
properties:
annotations:
additionalProperties:
type: string
description: |-
Defines annotations which will be set for an Ingress (a route for OpenShift platform).
The defaults for kubernetes platforms are:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600",
nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600",
nginx.ingress.kubernetes.io/ssl-redirect: "true"
type: object
auth:
default:
gateway:
configLabels:
app: che
component: che-gateway-config
description: Authentication settings.
properties:
advancedAuthorization:
description: |-
Advance authorization settings. Determines which users and groups are allowed to access Che.
User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list
and not in neither the `denyUsers` list nor is member of group from `denyGroups` list.
If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che.
if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che.
properties:
allowGroups:
description: List of groups allowed to access Che (currently
supported in OpenShift only).
items:
type: string
type: array
allowUsers:
description: List of users allowed to access Che.
items:
type: string
type: array
denyGroups:
description: List of groups denied to access Che (currently
supported in OpenShift only).
items:
type: string
type: array
denyUsers:
description: List of users denied to access Che.
items:
type: string
type: array
type: object
gateway:
default:
configLabels:
app: che
component: che-gateway-config
description: Gateway settings.
properties:
configLabels:
additionalProperties:
type: string
default:
app: che
component: che-gateway-config
description: Gateway configuration labels.
type: object
deployment:
description: |-
Deployment override options.
Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names:
- `gateway`
- `configbump`
- `oauth-proxy`
- `kube-rbac-proxy`
properties:
containers:
description: List of containers belonging to the pod.
items:
description: Container custom settings.
properties:
env:
description: List of environment variables to
set in the container.
items:
description: EnvVar represents an environment
variable present in a Container.
properties:
name:
description: Name of the environment variable.
Must be a C_IDENTIFIER.
type: string
value:
description: |-
Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in the container and
any service environment variables. If a variable cannot be resolved,
the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless of whether the variable
exists or not.
Defaults to "".
type: string
valueFrom:
description: Source for the environment
variable's value. Cannot be used if
value is not empty.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the
ConfigMap or its key must be
defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
fieldRef:
description: |-
Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['<KEY>']`, `metadata.annotations['<KEY>']`,
spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
properties:
apiVersion:
description: Version of the schema
the FieldPath is written in
terms of, defaults to "v1".
type: string
fieldPath:
description: Path of the field
to select in the specified API
version.
type: string
required:
- fieldPath
type: object
x-kubernetes-map-type: atomic
resourceFieldRef:
description: |-
Selects a resource of the container: only resources limits and requests
(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
properties:
containerName:
description: 'Container name:
required for volumes, optional
for env vars'
type: string
divisor:
anyOf:
- type: integer
- type: string
description: Specifies the output
format of the exposed resources,
defaults to "1"
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource
to select'
type: string
required:
- resource
type: object
x-kubernetes-map-type: atomic
secretKeyRef:
description: Selects a key of a secret
in the pod's namespace
properties:
key:
description: The key of the secret
to select from. Must be a valid
secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
optional:
description: Specify whether the
Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
type: object
required:
- name
type: object
type: array
image:
description: Container image. Omit it or leave
it empty to use the default container image
provided by the Operator.
type: string
imagePullPolicy:
description: Image pull policy. Default value
is `Always` for `nightly`, `next` or `latest`
images, and `IfNotPresent` in other cases.
enum:
- Always
- IfNotPresent
- Never
type: string
name:
description: Container name.
type: string
resources:
description: Compute resources required by this
container.
properties:
limits:
description: Describes the maximum amount
of compute resources allowed.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
request:
description: Describes the minimum amount
of compute resources required.
properties:
cpu:
anyOf:
- type: integer
- type: string
description: |-
CPU, in cores. (500m = .5 cores)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
memory:
anyOf:
- type: integer
- type: string
description: |-
Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
If the value is not specified, then the default value is set depending on the component.
If value is `0`, then no value is set for the component.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
type: object
type: object
type: object
type: array
securityContext:
description: Security options the pod should run with.
properties:
fsGroup:
description: A special supplemental group that
applies to all containers in a pod. The default
value is `1724`.
format: int64
type: integer
runAsUser:
description: The UID to run the entrypoint of
the container process. The default value is
`1724`.
format: int64
type: integer
type: object
type: object
kubeRbacProxy:
description: Configuration for kube-rbac-proxy within
the Che gateway pod.
properties:
logLevel:
default: 0
description: The glog log level for the kube-rbac-proxy
container within the gateway pod. Larger values
represent a higher verbosity. The default value
is `0`.
format: int32
minimum: 0
type: integer
type: object
oAuthProxy:
description: Configuration for oauth-proxy within the
Che gateway pod.
properties:
cookieExpireSeconds:
default: 86400
description: Expire timeframe for cookie. If set to
0, cookie becomes a session-cookie which will expire
when the browser is closed.
format: int32
minimum: 0
type: integer
type: object
traefik:
description: Configuration for Traefik within the Che
gateway pod.
properties:
logLevel:
default: INFO
description: 'The log level for the Traefik container
within the gateway pod: `DEBUG`, `INFO`, `WARN`,
`ERROR`, `FATAL`, or `PANIC`. The default value
is `INFO`'
enum:
- DEBUG
- INFO
- WARN
- ERROR
- FATAL
- PANIC
type: string
type: object
type: object
identityProviderURL:
description: Public URL of the Identity Provider server.
type: string
identityToken:
description: |-
Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`.
Default value is `id_token`.
This field is specific to Che installations made for Kubernetes only and ignored for OpenShift.
enum:
- id_token
- access_token
type: string
oAuthAccessTokenInactivityTimeoutSeconds:
description: |-
Inactivity timeout for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.
0 means tokens for this client never time out.
format: int32
type: integer
oAuthAccessTokenMaxAgeSeconds:
description: |-
Access token max age for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.
0 means no expiration.
format: int32
type: integer
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource
used to set up identity federation on the OpenShift side.
type: string
oAuthScope:
description: |-
Access Token Scope.
This field is specific to Che installations made for Kubernetes only and ignored for OpenShift.
type: string
oAuthSecret:
description: |-
Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side.
For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a
key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster`
resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`.
type: string
type: object
domain:
description: |-
For an OpenShift cluster, the Operator uses the domain to generate a hostname for the route.
The generated hostname follows this pattern: che-<che-namespace>.<domain>. The <che-namespace> is the namespace where the CheCluster CRD is created.
In conjunction with labels, it creates a route served by a non-default Ingress controller.
For a Kubernetes cluster, it contains a global ingress domain. There are no default values: you must specify them.
type: string
hostname:
description: The public hostname of the installed Che server.
type: string
ingressClassName:
description: |-
IngressClassName is the name of an IngressClass cluster resource.
If a class name is defined in both the `IngressClassName` field and the `kubernetes.io/ingress.class` annotation,
`IngressClassName` field takes precedence.
type: string
labels:
additionalProperties:
type: string
description: Defines labels which will be set for an Ingress (a
route for OpenShift platform).
type: object
tlsSecretName:
description: |-
The name of the secret used to set up Ingress TLS termination.
If the field is an empty string, the default cluster certificate is used.
The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label.
type: string
type: object
type: object
status:
description: Defines the observed state of Che installation.
properties:
chePhase:
description: Specifies the current phase of the Che deployment.
type: string
cheURL:
description: Public URL of the Che server.
type: string
cheVersion:
description: Currently installed Che version.
type: string
devfileRegistryURL:
description: The public URL of the internal devfile registry.
type: string
gatewayPhase:
description: Specifies the current phase of the gateway deployment.
type: string
message:
description: A human readable message indicating details about why
the Che deployment is in the current phase.
type: string
pluginRegistryURL:
description: The public URL of the internal plug-in registry.
type: string
reason:
description: A brief CamelCase message indicating details about why
the Che deployment is in the current phase.
type: string
workspaceBaseDomain:
description: |-
The resolved workspace base domain. This is either the copy of the explicitly defined property of the
same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically
resolved basedomain for routes.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
namespace: eclipse-che
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
namespace: eclipse-che
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
rules:
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- oauth.openshift.io
resources:
- oauthclients
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- user.openshift.io
resources:
- groups
verbs:
- get
- apiGroups:
- console.openshift.io
resources:
- consolelinks
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
- clusterroles
- clusterrolebindings
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- authorization.openshift.io
resources:
- rolebindings
verbs:
- get
- create
- update
- delete
- apiGroups:
- authorization.openshift.io
resources:
- roles
verbs:
- get
- create
- update
- apiGroups:
- project.openshift.io
resources:
- projectrequests
verbs:
- create
- update
- apiGroups:
- project.openshift.io
resources:
- projects
verbs:
- get
- list
- watch
- create
- update
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- create
- update
- watch
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- patch
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- list
- create
- watch
- update
- get
- patch
- delete
- apiGroups:
- route.openshift.io
resources:
- routes
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- route.openshift.io
resources:
- routes/custom-host
verbs:
- create
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
- persistentvolumeclaims
- pods
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- org.eclipse.che
resources:
- checlusters
- checlusters/status
- checlusters/finalizers
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- nonResourceURLs:
- /metrics
verbs:
- get
- apiGroups:
- che.eclipse.org
resources:
- kubernetesimagepullers
verbs:
- create
- delete
- get
- update
- list
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- consoles
verbs:
- get
- apiGroups:
- config.openshift.io
resourceNames:
- cluster
resources:
- proxies
verbs:
- get
- apiGroups:
- ""
resources:
- pods/log
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods/portforward
verbs:
- get
- list
- create
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- get
- apiGroups:
- workspace.devfile.io
resources:
- devworkspaces
- devworkspacetemplates
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings
- devworkspaceoperatorconfigs
verbs:
- create
- delete
- get
- update
- patch
- watch
- list
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/finalizers
verbs:
- update
- apiGroups:
- controller.devfile.io
resources:
- devworkspaceroutings/status
verbs:
- get
- patch
- update
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- security.openshift.io
resources:
- securitycontextconstraints
verbs:
- get
- create
- delete
- update
- use
- apiGroups:
- ""
resources:
- limitranges
verbs:
- list
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
namespace: eclipse-che
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-operator
subjects:
- kind: ServiceAccount
name: che-operator
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: che-operator
subjects:
- kind: ServiceAccount
name: che-operator
namespace: eclipse-che
---
apiVersion: v1
kind: Service
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-service
namespace: eclipse-che
spec:
ports:
- port: 443
targetPort: 9443
selector:
app: che-operator
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che-operator
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
namespace: eclipse-che
spec:
replicas: 1
selector:
matchLabels:
app: che-operator
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: che-operator
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
spec:
containers:
- args:
- --leader-elect
command:
- /manager
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: che-operator
- name: CHE_VERSION
value: next
- name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:next
- name: RELATED_IMAGE_dashboard
value: quay.io/eclipse/che-dashboard:next
- name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:next
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:next
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:next
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.9
- name: RELATED_IMAGE_gateway_authorization_sidecar
value: quay.io/openshift/origin-kube-rbac-proxy:4.9
- name: RELATED_IMAGE_gateway_authentication_sidecar_k8s
value: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0
- name: RELATED_IMAGE_gateway_authorization_sidecar_k8s
value: quay.io/brancz/kube-rbac-proxy:v0.13.1
- name: RELATED_IMAGE_gateway_header_sidecar
value: quay.io/che-incubator/header-rewrite-proxy:latest
- name: CHE_FLAVOR
value: che
- name: CONSOLE_LINK_NAME
value: che
- name: CONSOLE_LINK_DISPLAY_NAME
value: Eclipse Che
- name: CONSOLE_LINK_SECTION
value: Red Hat Applications
- name: CONSOLE_LINK_IMAGE
value: /dashboard/assets/branding/loader.svg
- name: MAX_CONCURRENT_RECONCILES
value: "1"
- name: CHE_DEFAULT_SPEC_COMPONENTS_DASHBOARD_HEADERMESSAGE_TEXT
value: ""
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTEDITOR
value: che-incubator/che-code/latest
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS
value: '[{"name": "universal-developer-image", "container": {"image": "quay.io/devfile/universal-developer-image:ubi8-latest"}}]'
- name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL
value: https://open-vsx.org
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES
value: "false"
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
"SETUID"]}}'
image: quay.io/eclipse/che-operator:next
imagePullPolicy: Always
livenessProbe:
failureThreshold: 10
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: che-operator
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 60000
name: metrics
readinessProbe:
failureThreshold: 10
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: 500m
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-tls-certs
readOnly: true
hostIPC: false
hostNetwork: false
hostPID: false
restartPolicy: Always
securityContext:
fsGroup: 1724
runAsUser: 1724
serviceAccountName: che-operator
terminationGracePeriodSeconds: 20
volumes:
- name: webhook-tls-certs
secret:
defaultMode: 420
secretName: che-operator-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-serving-cert
namespace: eclipse-che
spec:
dnsNames:
- che-operator-service.eclipse-che.svc
- che-operator-service.eclipse-che.svc.cluster.local
issuerRef:
kind: Issuer
name: che-operator-selfsigned-issuer
secretName: che-operator-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator-selfsigned-issuer
namespace: eclipse-che
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: eclipse-che/che-operator-serving-cert
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: org.eclipse.che
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: che-operator-service
namespace: eclipse-che
path: /mutate-org-eclipse-che-v2-checluster
failurePolicy: Fail
name: mchecluster.kb.io
rules:
- apiGroups:
- org.eclipse.che
apiVersions:
- v2
operations:
- CREATE
- UPDATE
resources:
- checlusters
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: eclipse-che/che-operator-serving-cert
labels:
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: org.eclipse.che
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: che-operator-service
namespace: eclipse-che
path: /validate-org-eclipse-che-v2-checluster
failurePolicy: Fail
name: vchecluster.kb.io
rules:
- apiGroups:
- org.eclipse.che
apiVersions:
- v2
operations:
- CREATE
- UPDATE
resources:
- checlusters
sideEffects: None
Reference in New Issue View Git Blame Copy Permalink