106 lines
6.8 KiB
YAML
106 lines
6.8 KiB
YAML
#
|
|
# Copyright (c) 2019-2021 Red Hat, Inc.
|
|
# This program and the accompanying materials are made
|
|
# available under the terms of the Eclipse Public License 2.0
|
|
# which is available at https://www.eclipse.org/legal/epl-2.0/
|
|
#
|
|
# SPDX-License-Identifier: EPL-2.0
|
|
#
|
|
# Contributors:
|
|
# Red Hat, Inc. - initial API and implementation
|
|
#
|
|
|
|
apiVersion: org.eclipse.che/v1
|
|
kind: CheCluster
|
|
metadata:
|
|
name: eclipse-che
|
|
spec:
|
|
server:
|
|
# A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount.
|
|
# Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them.
|
|
cheClusterRoles: ''
|
|
# Custom cluster role bound to the user for the Che workspaces.
|
|
# The default roles are used when omitted or left blank.
|
|
cheWorkspaceClusterRole: ''
|
|
# When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git.
|
|
gitSelfSignedCert: false
|
|
# URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables
|
|
# in the Che server and workspaces containers.
|
|
# Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration
|
|
# and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration
|
|
# with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource.
|
|
# See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields.
|
|
proxyURL: ''
|
|
# Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields.
|
|
proxyPort: ''
|
|
# The secret that contains `user` and `password` for a proxy server.
|
|
# The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
|
|
proxySecret: ''
|
|
# List of hosts that will be reached directly, bypassing the proxy.
|
|
# Specify wild card domain use the following form `.<DOMAIN>` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32`
|
|
# Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required,
|
|
# but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources.
|
|
# See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.
|
|
nonProxyHosts: ''
|
|
# Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it.
|
|
# It's possible to use `<username>`, `<userid>` and `<workspaceid>` placeholders, such as che-workspace-<username>.
|
|
# In that case, a new namespace will be created for each user or workspace.
|
|
workspaceNamespaceDefault: "<username>-che"
|
|
database:
|
|
# Instructs the Operator on whether to deploy a dedicated database.
|
|
# By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the
|
|
# Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`.
|
|
externalDb: false
|
|
# PostgreSQL Database host name that the Che server uses to connect to.
|
|
# Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`.
|
|
# In the default case it will be automatically set by the Operator.
|
|
chePostgresHostName: ''
|
|
# PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432.
|
|
# Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator.
|
|
chePostgresPort: ''
|
|
# The secret that contains PostgreSQL `user` and `password` that the Che server uses to connect to the DB.
|
|
# The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
|
|
chePostgresSecret: ''
|
|
# PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`.
|
|
chePostgresDb: ''
|
|
storage:
|
|
# Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume),
|
|
# `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume).
|
|
pvcStrategy: 'common'
|
|
# Size of the persistent volume claim for workspaces.
|
|
pvcClaimSize: '10Gi'
|
|
# Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes.
|
|
preCreateSubPaths: true
|
|
# Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. When omitted or left blank, a default storage class is used.
|
|
postgresPVCStorageClassName: ''
|
|
# Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used.
|
|
workspacePVCStorageClassName: ''
|
|
auth:
|
|
# Public URL of the Identity Provider server (Keycloak / RH-SSO server).
|
|
identityProviderURL: ''
|
|
# Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field.
|
|
oAuthClientName: ''
|
|
# Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field.
|
|
oAuthSecret: ''
|
|
k8s:
|
|
# Global ingress domain for a Kubernetes cluster.
|
|
ingressDomain: '192.168.99.101.nip.io'
|
|
# Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`.
|
|
# NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses.
|
|
ingressClass: ''
|
|
# Name of a secret that will be used to setup ingress TLS termination when TLS is enabled.
|
|
# When the field is empty string, the default cluster certificate will be used.
|
|
tlsSecretName: 'che-tls'
|
|
# The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`.
|
|
securityContextFsGroup: ''
|
|
# ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`.
|
|
securityContextRunAsUser: ''
|
|
metrics:
|
|
# Enables `metrics` the Che server endpoint.
|
|
enable: true
|
|
devWorkspace:
|
|
# Deploys the DevWorkspace Operator in the cluster.
|
|
# Does nothing when a matching version of the Operator is already installed.
|
|
# Fails when a non-matching version of the Operator is already installed.
|
|
enable: true
|