seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Language review on che.properties (#19263) 

* Language review on che.properties

* Apply suggestions from code review

Co-authored-by: Yana Hontyk <yhontyk@redhat.com>
7.30.x
Fabrice Flore-Thébault 2021-04-14 13:45:26 +02:00 committed by GitHub
parent 6c3f3c4b0f
commit 14fba9c498
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 191 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

400
assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties
View File

@ -10,28 +10,30 @@
# Red Hat, Inc. - initial API and implementation
#
### Che server
# {orch-name}: Kubernetes or OpenShift
# Folder where Che stores internal data objects.
### {prod-short} server
# Folder where {prod-short} stores internal data objects.
che.database=${che.home}/storage
# API service. Browsers initiate REST communications to Che server with this URL.
# API service. Browsers initiate REST communications to {prod-short} server with this URL.
che.api=http://${CHE_HOST}:${CHE_PORT}/api
# API service internal network url. Back-end services should initiate REST communications to Che server with this URL
# API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL
che.api.internal=http://${CHE_HOST}:${CHE_PORT}/api
# Che websocket major endpoint. Provides basic communication endpoint
# for major websocket interactions and messaging.
# {prod-short} WebSocket major endpoint. Provides basic communication endpoint
# for major WebSocket interactions and messaging.
che.websocket.endpoint=ws://${CHE_HOST}:${CHE_PORT}/api/websocket
# Your projects are synchronized from the Che server into the machine running each
# Your projects are synchronized from the {prod-short} server into the machine running each
# workspace. This is the directory in the machine where your projects are placed.
che.workspace.projects.storage=/projects
# Used when Kubernetes or OpenShift-type components in a devfile request project PVC creation
# (Applied in case of 'unique' and 'per workspace' PVC strategy. In case of the 'common' PVC strategy,
# Used when {orch-name}-type components in a devfile request project PVC creation
# (Applied in case of `unique` and `per workspace` PVC strategy. In case of the `common` PVC strategy,
# it is rewritten with the value of the `che.infra.kubernetes.pvc.quantity` property.)
che.workspace.projects.storage.default.size=1Gi
@ -88,7 +90,7 @@ che.workspace.default_memory_limit_mb=1024
# RAM request for each container that has no explicit RAM settings in its environment.
# This amount is allocated when the workspace container is created.
# This property may not be supported by all infrastructure implementations.
# Currently it is supported by Kubernetes and OpenShift.
# Currently it is supported by {orch-name}.
# A memory request exceeding the memory limit is ignored, and only the limit size is used.
# Value less or equal to 0 is interpreted as disabling the limit.
che.workspace.default_memory_request_mb=200
@ -132,7 +134,7 @@ che.workspace.sidecar.image_pull_policy=Always
che.workspace.activity_check_scheduler_period_s=60
# The period of the cleanup of the activity table. The activity table can contain invalid or stale data
# if some unforeseen errors happen, like a server crash at a peculiar point in time. The default is to
# if some unforeseen errors happen, as a server failure at a peculiar point in time. The default is to
# run the cleanup job every hour.
che.workspace.activity_cleanup_scheduler_period_s=3600
@ -155,7 +157,7 @@ che.workspace.cleanup_temporary_period_min=180
# Number of sequential successful pings to server after which it is treated as available.
# Note: the property is common for all servers e.g. workspace agent, terminal, exec etc.
# the {prod-short} Operator: the property is common for all servers, for example, workspace agent, terminal, exec.
che.workspace.server.ping_success_threshold=1
# Interval, in milliseconds, between successive pings to workspace server.
@ -173,15 +175,15 @@ che.workspace.startup_debug_log_limit_bytes=10485760
# This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled.
che.workspace.stop.role.enabled=true
# Specifies whether che is deployed with DevWorkspaces enabled.
# This property is set by the Che operator if it also installed the support for DevWorkspaces.
# This property is used to advertise this fact to the Che dashboard.
# Specifies whether {prod-short} is deployed with DevWorkspaces enabled.
# This property is set by the {prod-short} Operator if it also installed the support for DevWorkspaces.
# This property is used to advertise this fact to the {prod-short} dashboard.
# It does not make sense to change the value of this property manually.
che.devworkspaces.enabled=false
### Authentication parameters
# Che has a single identity implementation, so this does not change the user experience.
# {prod-short} has a single identity implementation, so this does not change the user experience.
# If true, enables user creation at API level
che.auth.user_self_creation=false
@ -232,7 +234,7 @@ che.oauth1.bitbucket.endpoint=NULL
### Internal
# Che extensions can be scheduled executions on a time basis.
# {prod-short} extensions can be scheduled executions on a time basis.
# This configures the size of the thread pool allocated to extensions that are launched on
# a recurring schedule.
schedule.core_pool_size=10
@ -262,23 +264,23 @@ db.schema.flyway.scripts.locations=classpath:che-schema
# Configuration of Kubernetes client master URL that Infra will use.
che.infra.kubernetes.master_url=
# Boolean to configure Kubernetes client in order to use trusted certificates.
# Boolean to configure Kubernetes client to use trusted certificates.
che.infra.kubernetes.trust_certs=false
# Defines the way how servers are exposed to the world in k8s infra.
# List of strategies implemented in Che: default-host, multi-host, single-host
# Defines the way how servers are exposed to the world in Kubernetes infra.
# List of strategies implemented in {prod-short}: `default-host`, `multi-host`, `single-host`.
che.infra.kubernetes.server_strategy=multi-host
# Defines the way in which the workspace plugins and editors are exposed in the single-host mode.
# Supported exposures:
# - 'native': Exposes servers using k8s Ingresses. Works only on Kubernetes.
# - 'gateway': Exposes servers using reverse-proxy gateway.
# `native`:: Exposes servers using Kubernetes Ingresses. Works only on Kubernetes.
# `gateway`:: Exposes servers using reverse-proxy gateway.
che.infra.kubernetes.singlehost.workspace.exposure=native
# Defines the way how to expose devfile endpoints, thus end-user's applications, in single-host server strategy.
# Defines the way how to expose devfile endpoints, as end-user's applications, in single-host server strategy.
# They can either follow the single-host strategy and be exposed on subpaths, or they can be exposed on subdomains.
# - 'multi-host': expose on subdomains
# - 'single-host': expose on subpaths
# `multi-host`:: expose on subdomains
# `single-host`:: expose on subpaths
che.infra.kubernetes.singlehost.workspace.devfile_endpoint_exposure=multi-host
# Defines labels which will be set to ConfigMaps configuring single-host gateway.
@ -287,32 +289,32 @@ che.infra.kubernetes.singlehost.gateway.configmap_labels=app=che,component=che-g
# Used to generate domain for a server in a workspace in case property `che.infra.kubernetes.server_strategy` is set to `multi-host`
che.infra.kubernetes.ingress.domain=
# DEPRECATED - please do not change the value of this property otherwise the existing workspaces will loose data. Do not
# DEPRECATED - Do not change the value of this property otherwise the existing workspaces will loose data. Do not
# set it on new installations.
#
# Defines Kubernetes namespace in which all workspaces will be created.
# If not set, every workspace will be created in a new namespace, where namespace = workspace id
# It's possible to use <username> and <userid> placeholders (e.g.: che-workspace-<username>).
# It's possible to use `<username>` and `<userid>` placeholders (for example: `che-workspace-<username>`).
# In that case, new namespace will be created for each user. Service account with permission
# to create new namespace must be used.
#
# Ignored for OpenShift infra. Use `che.infra.openshift.project` instead
#
# If the namespace pointed to by this property exists, it will be used for all workspaces. If it does not exist,
# the namespace specified by the che.infra.kubernetes.namespace.default will be created and used.
# the namespace specified by `che.infra.kubernetes.namespace.default` will be created and used.
# This parameter is subject to removal in future releases.
# Legacy workspaces located in this namespace may become unreachable in future releases.
# Please refer to the documentation about possible next steps.
# See the documentation about possible next steps.
che.infra.kubernetes.namespace=
# Indicates whether Che server is allowed to create namespaces/projects for user
# Indicates whether {prod-short} server is allowed to create {orch-namespace} for user
# workspaces, or they're intended to be created manually by cluster administrator.
# This property is also used by the OpenShift infra.
che.infra.kubernetes.namespace.creation_allowed=true
# Defines Kubernetes default namespace in which user's workspaces are created
# if user does not override it.
# It's possible to use <username>, <userid> and <workspaceid> placeholders (e.g.: che-workspace-<username>).
# It's possible to use `<username>` and `<userid>` placeholders (for example: `che-workspace-<username>`).
# In that case, new namespace will be created for each user (or workspace).
# Used by OpenShift infra as well to specify a Project.
# The `<workspaceid>` placeholder is deprecated and is subject to removal in future releases.
@ -322,25 +324,25 @@ che.infra.kubernetes.namespace.default=<username>-che
# Defines whether che-server should try to label the workspace namespaces.
che.infra.kubernetes.namespace.label=true
# List of labels to find Namespaces/Projects that are used for Che Workspaces.
# List of labels to find {orch-namespace} that are used for {prod-short} Workspaces.
# They are used to:
# - find prepared Namespaces/Projects for users in combination with `che.infra.kubernetes.namespace.annotations`.
# - actively label namespaces with any workspace.
# - find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.annotations`.
# - actively label {orch-namespace} with any workspace.
che.infra.kubernetes.namespace.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspaces-namespace
# List of annotations to find Namespaces/Projects prepared for Che users workspaces.
# Only Namespaces/Projects matching the `che.infra.kubernetes.namespace.labels` will be matched against these annotations.
# Namespaces/Projects that matches both `che.infra.kubernetes.namespace.labels` and `che.infra.kubernetes.namespace.annotations`
# List of annotations to find {orch-namespace} prepared for {prod-short} users workspaces.
# Only {orch-namespace} matching the `che.infra.kubernetes.namespace.labels` will be matched against these annotations.
# {orch-namespace} that matches both `che.infra.kubernetes.namespace.labels` and `che.infra.kubernetes.namespace.annotations`
# will be preferentially used for User's workspaces.
# It's possible to use `<username>` placeholder to specify the Namespace/Project to concrete user.
# It's possible to use `<username>` placeholder to specify the {orch-namespace} to concrete user.
che.infra.kubernetes.namespace.annotations=che.eclipse.org/username=<username>
# Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default.
# Defines if a user is able to specify {orch-namespace} different from the default.
# It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra.
che.infra.kubernetes.namespace.allow_user_defined=false
# Defines Kubernetes Service Account name which should be specified to be bound to all workspaces pods.
# Note that Kubernetes Infrastructure won't create the service account and it should exist.
# Defines Kubernetes Service Account name which should be specified to be bound to all workspaces Pods.
# the {prod-short} Operator that Kubernetes Infrastructure will not create the service account and it should exist.
# OpenShift infrastructure will check if project is predefined(if `che.infra.openshift.project` is not empty):
# - if it is predefined then service account must exist there
# - if it is 'NULL' or empty string then infrastructure will create new OpenShift project per workspace
@ -348,9 +350,9 @@ che.infra.kubernetes.namespace.allow_user_defined=false
che.infra.kubernetes.service_account_name=NULL
# Specifies optional, additional cluster roles to use with the workspace service account.
# Note that the cluster role names must already exist, and the Che service account needs to be able to create a Role Binding
# the {prod-short} Operator that the cluster role names must already exist, and the {prod-short} service account needs to be able to create a Role Binding
# to associate these cluster roles with the workspace service account. The names are comma separated.
# This property deprecates 'che.infra.kubernetes.cluster_role_name'.
# This property deprecates `che.infra.kubernetes.cluster_role_name`.
che.infra.kubernetes.workspace_sa_cluster_roles=NULL
# Defines time frame that limits the Kubernetes workspace start time
@ -360,52 +362,52 @@ che.infra.kubernetes.workspace_start_timeout_min=8
che.infra.kubernetes.ingress_start_timeout_min=5
# If during workspace startup an unrecoverable event defined in the property occurs,
# terminate workspace immediately instead of waiting until timeout
# Note that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable.
# A failed container startup is handled explicitly by Che server.
# stop the workspace immediately rather than waiting until timeout.
# the {prod-short} Operator that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable.
# A failed container startup is handled explicitly by {prod-short} server.
che.infra.kubernetes.workspace_unrecoverable_events=FailedMount,FailedScheduling,MountVolume.SetUp failed,Failed to pull image,FailedCreate,ReplicaSetCreateError
# Defines whether use the Persistent Volume Claim for che workspace needs
# e.g backup projects, logs etc or disable it.
# Defines whether use the Persistent Volume Claim for {prod-short} workspace needs,
# for example: backup projects, logs, or disable it.
che.infra.kubernetes.pvc.enabled=true
# Defined which strategy will be used while choosing PVC for workspaces.
#
# Supported strategies:
# - 'common'
# All workspaces in the same Kubernetes Namespace will reuse the same PVC.
# Name of PVC may be configured with 'che.infra.kubernetes.pvc.name'.
# Existing PVC will be used or new one will be created if it doesn't exist.
# `common`::
# All workspaces in the same {orch-namespace} will reuse the same PVC.
# Name of PVC may be configured with `che.infra.kubernetes.pvc.name`.
# Existing PVC will be used or a new one will be created if it does not exist.
#
# - 'unique'
# `unique`::
# Separate PVC for each workspace's volume will be used.
# Name of PVC is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + {generated_8_chars}'.
# Existing PVC will be used or a new one will be created if it doesn't exist.
# Name of PVC is evaluated as `'{che.infra.kubernetes.pvc.name} + '-' + {generated_8_chars}'`.
# Existing PVC will be used or a new one will be created if it does not exist.
#
# - 'per-workspace'
# `per-workspace`::
# Separate PVC for each workspace will be used.
# Name of PVC is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + {WORKSPACE_ID}'.
# Name of PVC is evaluated as `'{che.infra.kubernetes.pvc.name} + '-' + {WORKSPACE_ID}'`.
# Existing PVC will be used or a new one will be created if it doesn't exist.
che.infra.kubernetes.pvc.strategy=common
# Defines whether to run a job that creates workspace's subpath directories in persistent volume for the 'common' strategy before launching a workspace.
# Necessary in some versions of OpenShift/Kubernetes as workspace subpath volume mounts are created with root permissions,
# and thus cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in Che).
# The default is "true", but should be set to false if the version of Openshift/Kubernetes creates subdirectories with user permissions.
# Defines whether to run a job that creates workspace's subpath directories in persistent volume for the `common` strategy before launching a workspace.
# Necessary in some versions of {orch-name} as workspace subpath volume mounts are created with root permissions,
# and therefore cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in {prod-short}).
# The default is `true`, but should be set to `false` if the version of {orch-name} creates subdirectories with user permissions.
# Relevant issue: https://github.com/kubernetes/kubernetes/issues/41638
# Note that this property has effect only if the 'common' PVC strategy used.
# the {prod-short} Operator that this property has effect only if the `common` PVC strategy used.
che.infra.kubernetes.pvc.precreate_subpaths=true
# Defines the settings of PVC name for che workspaces.
# Defines the settings of PVC name for {prod-short} workspaces.
# Each PVC strategy supplies this value differently.
# See doc for che.infra.kubernetes.pvc.strategy property
# See documentation for `che.infra.kubernetes.pvc.strategy` property
che.infra.kubernetes.pvc.name=claim-che-workspace
# Defines the storage class of Persistent Volume Claim for the workspaces.
# Empty strings means "use default".
che.infra.kubernetes.pvc.storage_class_name=
# Defines the size of Persistent Volume Claim of che workspace.
# Defines the size of Persistent Volume Claim of {prod-short} workspace.
# Format described here:
# https://docs.openshift.com/container-platform/latest/dev_guide/compute_resources.html#dev-compute-resources
che.infra.kubernetes.pvc.quantity=10Gi
@ -413,27 +415,25 @@ che.infra.kubernetes.pvc.quantity=10Gi
# Pod that is launched when performing persistent volume claim maintenance jobs on OpenShift
che.infra.kubernetes.pvc.jobs.image=registry.access.redhat.com/ubi8-minimal:8.3-230
# Image pull policy of container that used for the maintenance jobs on Kubernetes/OpenShift cluster
# Image pull policy of container that used for the maintenance jobs on {orch-name} cluster
che.infra.kubernetes.pvc.jobs.image.pull_policy=IfNotPresent
# Defines pod memory limit for persistent volume claim maintenance jobs
# Defines Pod memory limit for persistent volume claim maintenance jobs
che.infra.kubernetes.pvc.jobs.memorylimit=250Mi
# Defines Persistent Volume Claim access mode.
# Note that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces.
# If OpenShift flavor where che running is using PVs with RWX access mode then a limit of running workspaces at the same time
# bounded only by che limits configuration like(RAM, CPU etc).
# the {prod-short} Operator that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces.
# If the OpenShift instance running {prod-short} is using Persistent Volumes with RWX access mode, then a limit of running workspaces at the same time is bounded only by {prod-short} limits configuration: RAM, CPU, and so on.
# Detailed information about access mode is described here:
# https://docs.openshift.com/container-platform/latest/architecture/additional_concepts/storage.html#pv-access-modes
che.infra.kubernetes.pvc.access_mode=ReadWriteOnce
# Defines whether Che Server should wait workspaces PVCs to become bound after creating.
# It's used by all PVC strategies.
# Defines if {prod-short} Server should wait workspaces Persistent Volume Claims to become bound after creating.
# Default value is `true`.
# The parameter is used by all Persistent Volume Claim strategies.
#
# It should be set to `false` in case if `volumeBindingMode` is configured to `WaitForFirstConsumer`
# otherwise workspace starts will hangs up on phase of waiting PVCs.
# It should be set to `false` when `volumeBindingMode` is configured to `WaitForFirstConsumer` otherwise workspace starts will hangs up on phase of waiting PVCs.
#
# Default value is true (means that PVCs should be waited to be bound)
che.infra.kubernetes.pvc.wait_bound=true
# Defined range of ports for installers servers
@ -449,24 +449,24 @@ che.infra.kubernetes.installer_server_max_port=20000
# Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingress
# controller.
#
# OpenShift infrastructure ignores this property because it uses Routes instead of ingresses.
# OpenShift infrastructure ignores this property because it uses Routes rather than Ingresses.
#
# Note that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be
# used (so that URLs can point to different servers while the servers don't need to support changing the app root).
# The che.infra.kubernetes.ingress.path.rewrite_transform property defines how the path of the ingress should be
# the {prod-short} Operator that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be
# used (so that URLs can point to different servers while the servers do not need to support changing the app root).
# The `che.infra.kubernetes.ingress.path.rewrite_transform` property defines how the path of the ingress should be
# transformed to support the URL rewriting and this property defines the set of annotations on the ingress itself
# that instruct the chosen ingress controller to actually do the URL rewriting, potentially building on the path
# transformation (if required by the chosen ingress controller).
#
# For example for nginx ingress controller 0.22.0 and later the following value is recommended:
# {"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\
# "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600"}
# and the che.infra.kubernetes.ingress.path.rewrite_transform should be set to "%s(.*)"
# For example for Nginx ingress controller 0.22.0 and later the following value is recommended:
# `{"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\
# "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600"}`
# and the `che.infra.kubernetes.ingress.path.rewrite_transform` should be set to `"%s(.*)"`.
#
# For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely "/" and the path transform
# to "%s" (see the the che.infra.kubernetes.ingress.path.rewrite_transform property).
# For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely `/` and the path transform
# to `%s` (see the `che.infra.kubernetes.ingress.path.rewrite_transform` property).
#
# Please consult the nginx ingress controller documentation for the explanation of how the ingress controller uses
# See the Nginx ingress controller documentation for the explanation of how the ingress controller uses
# the regular expression present in the ingress path and how it achieves the URL rewriting.
che.infra.kubernetes.ingress.annotations_json=NULL
@ -474,63 +474,58 @@ che.infra.kubernetes.ingress.annotations_json=NULL
# The "%s" represents the base public URL of the server and is guaranteed to end with a forward slash. This property
# must be a valid input to the String.format() method and contain exactly one reference to "%s".
#
# Please see the description of the che.infra.kubernetes.ingress.annotations_json property to see how these two
# See the description of the `che.infra.kubernetes.ingress.annotations_json` property to see how these two
# properties interplay when specifying the ingress annotations and path.
#
# If not defined, this property defaults to "%s" (without the quotes) which means that the path is not transformed in
# any way for use with the ingress controller.
che.infra.kubernetes.ingress.path_transform=NULL
# Additional labels to add into every Ingress created by Che server
# Additional labels to add into every Ingress created by {prod-short} server
# to allow clear identification.
che.infra.kubernetes.ingress.labels=NULL
# Defines security context for pods that will be created by Kubernetes Infra.
# Specifies that for any Containers in the Pod, all processes run with given user ID.
# Defines security context for Pods that will be created by Kubernetes Infra
#
# This is ignored by OpenShift infra
che.infra.kubernetes.pod.security_context.run_as_user=NULL
# Defines security context for pods that will be created by Kubernetes Infra.
# A special supplemental group that applies to all containers in a pod.
# Defines security context for Pods that will be created by Kubernetes Infra.
# A special supplemental group that applies to all containers in a Pod.
# This is ignored by OpenShift infra.
che.infra.kubernetes.pod.security_context.fs_group=NULL
# Defines grace termination period for pods that will be created by Kubernetes / OpenShift infrastructures
# Defines grace termination period for Pods that will be created by {orch-name} infrastructures.
#
# Grace termination period of Kubernetes / OpenShift workspace's pods defaults '0', which allows to terminate
# pods almost instantly and significantly decrease the time required for stopping a workspace.
# Note: if `terminationGracePeriodSeconds` have been explicitly set in Kubernetes / OpenShift recipe it will not be overridden.
# Default value: `0`. It allows to stop Pods quickly and significantly decrease the time required for stopping a workspace.
# the {prod-short} Operator: if `terminationGracePeriodSeconds` have been explicitly set in {orch-name} recipe it will not be overridden.
che.infra.kubernetes.pod.termination_grace_period_sec=0
# Number of maximum concurrent async web requests (http requests or ongoing web socket calls)
# supported in the underlying shared http client of the `KubernetesClient` instances.
# Default values are 64, and 5 per-host, which doesn't seem correct for multi-user scenarios,
# knowing that Che keeps a number of connections opened (e.g. for command or ws-agent logs)
# Number of maximum concurrent asynchronous web requests (HTTP requests or ongoing WebSocket calls) supported in the underlying shared HTTP client of the `KubernetesClient` instances.
# Default values: `max=64`, and `max_per_host:5`.
# Default values are not suitable for multi-user scenarios, as {prod-short} keeps open connections, for example for command or ws-agent logs.
che.infra.kubernetes.client.http.async_requests.max=1000
# Number of maximum concurrent async web requests per host.
# Number of maximum concurrent asynchronous web requests per host.
che.infra.kubernetes.client.http.async_requests.max_per_host=1000
# Max number of idle connections in the connection pool
# of the Kubernetes-client shared http client
# Max number of idle connections in the connection pool of the Kubernetes-client shared HTTP client.
che.infra.kubernetes.client.http.connection_pool.max_idle=5
# Keep-alive timeout of the connection pool
# of the Kubernetes-client shared http client
# in minutes
# Keep-alive timeout of the connection pool of the Kubernetes-client shared HTTP client in minutes.
che.infra.kubernetes.client.http.connection_pool.keep_alive_min=5
# Creates Ingresses with Transport Layer Security (TLS) enabled
# In OpenShift infrastructure, Routes will be TLS-enabled
# Creates Ingresses with Transport Layer Security (TLS) enabled.
# In OpenShift infrastructure, Routes will be TLS-enabled.
che.infra.kubernetes.tls_enabled=false
# Name of a secret that should be used when creating workspace ingresses with TLS
# Ignored by OpenShift infrastructure
# Name of a secret that should be used when creating workspace ingresses with TLS.
# This property is ignored by OpenShift infrastructure.
che.infra.kubernetes.tls_secret=
# Key data for TLS Secret that should be used for workspaces Ingresses.
# Key should be encoded with Base64 algorithm.
# This property is ignored by OpenShift infrastructure.
# Data for TLS Secret that should be used for workspaces Ingresses.
# `cert` and `key` should be encoded with Base64 algorithm.
# These properties are ignored by OpenShift infrastructure.
che.infra.kubernetes.tls_key=NULL
# Certificate data for TLS Secret that should be used for workspaces Ingresses.
@ -542,37 +537,36 @@ che.infra.kubernetes.tls_cert=NULL
# If runtime has inconsistent state then runtime will be stopped automatically.
# Value must be more than 0 or `-1`, where `-1` means that checks won't be performed at all.
#
# It is disabled by default because there is possible Che Server configuration when Che Server
# It is disabled by default because there is possible {prod-short} Server configuration when {prod-short} Server
# doesn't have an ability to interact with Kubernetes API when operation is not invoked by user.
#
# It DOES work on the following configurations:
# - workspaces objects are created in the same namespace where Che Server is located;
# - cluster-admin service account token is mount to Che Server pod;
# - workspaces objects are created in the same namespace where {prod-short} Server is located;
# - `cluster-admin` service account token is mounted to {prod-short} Server Pod.
#
# It DOES NOT work on the following configurations:
# - Che Server communicates with Kubernetes API using token from OAuth provider;
# - {prod-short} Server communicates with Kubernetes API using token from OAuth provider.
che.infra.kubernetes.runtimes_consistency_check_period_min=-1
# Name of cofig map in Che server namespace with additional CA TLS certificates to be propagated into all user's workspaces.
# If the property is set on OpenShift 4 infrastructure, and che.infra.openshift.trusted_ca.dest_configmap_labels includes
# config.openshift.io/inject-trusted-cabundle=true label, then cluster CA bundle will be propagated too.
# Name of the ConfigMap in {prod-short} server namespace with additional CA TLS certificates to be propagated into all user's workspaces.
# If the property is set on OpenShift 4 infrastructure, and `che.infra.openshift.trusted_ca.dest_configmap_labels` includes the `config.openshift.io/inject-trusted-cabundle=true` label, then cluster CA bundle will be propagated too.
che.infra.kubernetes.trusted_ca.src_configmap=NULL
# Name of configmap in a workspace namespace with additional CA TLS certificates.
# Holds the copy of che.infra.kubernetes.trusted_ca.src_configmap but in a workspace namespace.
# Content of this config map is mounted into all workspace containers including plugin brokers.
# Do not change the config map name unless it conflicts with the already existing config map.
# Note that the resulting config map name can be adjusted eventually to make it unique in k8s namespace.
# Name of the ConfigMap in a workspace namespace with additional CA TLS certificates.
# Holds the copy of `che.infra.kubernetes.trusted_ca.src_configmap` but in a workspace namespace.
# Content of this ConfigMap is mounted into all workspace containers including plugin brokers.
# Do not change the ConfigMap name unless it conflicts with the already existing ConfigMap.
# the {prod-short} Operator that the resulting ConfigMap name can be adjusted eventually to make it unique in {orch-namespace}.
# The original name would be stored in `che.original_name` label.
che.infra.kubernetes.trusted_ca.dest_configmap=ca-certs
# Configures path on workspace containers where the CA bundle should be mount.
# Content of config map specified by che.infra.kubernetes.trusted_ca.dest_configmap is mounted.
# Configures path on workspace containers where the CA bundle should be mounted.
# Content of ConfigMap specified by `che.infra.kubernetes.trusted_ca.dest_configmap` is mounted.
che.infra.kubernetes.trusted_ca.mount_path=/public-certs
# Comma separated list of labels to add to the CA certificates config map in user workspace.
# See che.infra.kubernetes.trusted_ca.dest_configmap property.
# Comma separated list of labels to add to the CA certificates ConfigMap in user workspace.
# See the `che.infra.kubernetes.trusted_ca.dest_configmap` property.
che.infra.kubernetes.trusted_ca.dest_configmap_labels=
### OpenShift Infra parameters
@ -580,117 +574,110 @@ che.infra.kubernetes.trusted_ca.dest_configmap_labels=
# Since OpenShift infrastructure reuse Kubernetes infrastructure components
# OpenShift infrastructure reuse most of the Kubernetes configuration attributes.
# DEPRECATED - please do not change the value of this property otherwise the existing workspaces will loose data. Do not
# DEPRECATED - Do not change the value of this property otherwise the existing workspaces will loose data. Do not
# set it on new installations.
#
# Defines OpenShift namespace in which all workspaces will be created.
# If not set, every workspace will be created in a new project, where project name = workspace id
# It's possible to use <username> and <userid> placeholders (e.g.: che-workspace-<username>).
# In that case, new project will be created for each user. OpenShift oauth or service account with
# It's possible to use `<username>` and `<userid>` placeholders (for example: `che-workspace-<username>`).
# In that case, new project will be created for each user. OpenShift OAuth or service account with
# permission to create new projects must be used.
#
# If the project pointed to by this property exists, it will be used for all workspaces. If it does not exist,
# the namespace specified by the che.infra.kubernetes.namespace.default will be created and used.
# the namespace specified by the `che.infra.kubernetes.namespace.default` will be created and used.
# This parameter is subject to removal in future releases.
# Legacy workspaces located in this namespace may become unreachable in future releases.
# Please refer to the documentation about possible next steps.
# See the documentation for possible next steps.
che.infra.openshift.project=
# Comma separated list of labels to add to the CA certificates config map in user workspace.
# See che.infra.kubernetes.trusted_ca.dest_configmap property.
# This default value is used for automatic cluster CA bundle injection in Openshift 4.
# Comma separated list of labels to add to the CA certificates ConfigMap in user workspace.
# See `che.infra.kubernetes.trusted_ca.dest_configmap` property.
# This default value is used for automatic cluster CA bundle injection in OpenShift 4.
che.infra.openshift.trusted_ca.dest_configmap_labels=config.openshift.io/inject-trusted-cabundle=true
# Additional labels to add into every Route created by Che server
# to allow clear identification.
# Additional labels to add into every Route created by {prod-short} server to allow clear identification.
che.infra.openshift.route.labels=NULL
# The hostname that should be used as a suffix for the workspace routes.
# For example host=open.che.org then the route will look like routed3qrtk.open.che.org
# For example: Using `domain_suffix=__<{che-host}>__`, the route resembles: `routed3qrtk.__<{che-host}>__`.
# It has to be a valid DNS name.
che.infra.openshift.route.host.domain_suffix=NULL
### Experimental properties
# Next properties are subject to changes and removal, so do not rely on them in a stable Che assembly
# Next properties are subject to changes and removal, so do not rely on them in a stable {prod-short} instance.
# Docker image of plugin metadata broker.
# This broker must be run prior to starting the workspaces pod, as its job is to provision required containers,
# volumes, and environment variables for the workspace to be able to start with the installed plugins enabled.
# Note this image is overridden by the Che Operator by default; changing the image here will not
# have an effect if Che is installed via Operator.
# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies plugins dependencies to a workspace.
# The {prod-short} Operator overrides these images by default. Changing the images here will not
# have an effect if {prod-short} is installed using the Operator.
che.workspace.plugin_broker.metadata.image=quay.io/eclipse/che-plugin-metadata-broker:v3.4.0
# Docker image of Che plugin artifacts broker.
# This broker runs as an init container on the workspace pod. Its job is to take in a list of plugin identifiers
# This broker runs as an init container on the workspace Pod. Its job is to take in a list of plugin identifiers
# (either references to a plugin in the registry or a link to a plugin meta.yaml) and ensure that the correct .vsix
# and .theia extenions are downloaded into the /plugins directory, for each plugin requested for the workspace.
# and .theia extensions are downloaded into the /plugins directory, for each plugin requested for the workspace.
che.workspace.plugin_broker.artifacts.image=quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0
# Configures the default behavior of the plugin brokers when provisioning plugins into a workspace.
# If set to true, the plugin brokers will attempt to merge plugins when possible (i.e. they run in
# the same sidecar image and do not have conflicting settings). This value is the default setting
# used when the devfile does not specify otherwise, via the "mergePlugins" attribute.
# If set to true, the plugin brokers will attempt to merge plugins when possible: they run in
# the same sidecar image and do not have conflicting settings. This value is the default setting
# used when the devfile does not specify the `mergePlugins` attribute.
che.workspace.plugin_broker.default_merge_plugins=false
# Docker image of Che plugin broker app that resolves workspace tooling configuration and copies
# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies
# plugins dependencies to a workspace
che.workspace.plugin_broker.pull_policy=Always
# Defines the timeout in minutes that limits the max period of result waiting for plugin broker.
che.workspace.plugin_broker.wait_timeout_min=3
# Workspace tooling plugins registry endpoint. Should be a valid HTTP URL.
# Example: http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io
# In case Che plugins tooling is not needed value 'NULL' should be used
# Workspace plug-ins registry endpoint. Should be a valid HTTP URL.
# Example: ++http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io++
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
che.workspace.plugin_registry_url=https://che-plugin-registry.prod-preview.openshift.io/v3
# Workspace tooling plugins registry "internal" endpoint. Should be a valid HTTP URL.
# Example: http://devfile-registry.che.svc.cluster.local:8080
# In case Che plugins tooling is not needed value 'NULL' should be used
# Workspace plugins registry internal endpoint. Should be a valid HTTP URL.
# Example: ++http://devfile-registry.che.svc.cluster.local:8080++
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
che.workspace.plugin_registry_internal_url=NULL
# Devfile Registry endpoint. Should be a valid HTTP URL.
# Example: http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io
# In case Che plugins tooling is not needed value 'NULL' should be used
# Example: ++http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io++
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
che.workspace.devfile_registry_url=https://che-devfile-registry.prod-preview.openshift.io/
# Devfile Registry "internal" endpoint. Should be a valid HTTP URL.
# Example: http://plugin-registry.che.svc.cluster.local:8080
# In case Che plugins tooling is not needed value 'NULL' should be used
# Example: ++http://plugin-registry.che.svc.cluster.local:8080++
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
che.workspace.devfile_registry_internal_url=NULL
# The configuration property that defines available values for storage types that clients like
# Dashboard should propose for users during workspace creation/update.
# The configuration property that defines available values for storage types that clients such as the Dashboard should propose to users during workspace creation and update.
# Available values:
# - 'persistent': Persistent Storage slow I/O but persistent.
# - 'ephemeral': Ephemeral Storage allows for faster I/O but may have limited storage
# - `persistent`: Persistent Storage slow I/O but persistent.
# - `ephemeral`: Ephemeral Storage allows for faster I/O but may have limited storage
# and is not persistent.
# - 'async': Experimental feature: Asynchronous storage is combination of Ephemeral
# - `async`: Experimental feature: Asynchronous storage is combination of Ephemeral
# and Persistent storage. Allows for faster I/O and keep your changes, will backup on stop
# and restore on start workspace.
# Will work only if:
# - che.infra.kubernetes.pvc.strategy='common'
# - che.limits.user.workspaces.run.count=1
# - che.infra.kubernetes.namespace.allow_user_defined=false
# - che.infra.kubernetes.namespace.default contains <username>
# in other cases remove 'async' from the list.
# - `che.infra.kubernetes.pvc.strategy='common'`
# - `che.limits.user.workspaces.run.count=1`
# - `che.infra.kubernetes.namespace.allow_user_defined=false`
# - `che.infra.kubernetes.namespace.default` contains `<username>`
# in other cases remove `async` from the list.
che.workspace.storage.available_types=persistent,ephemeral,async
# The configuration property that defines a default value for storage type that clients like
# Dashboard should propose for users during workspace creation/update.
# The 'async' value not recommended as default type since it's experimental
# The configuration property that defines a default value for storage type that clients such as the Dashboard should propose to users during workspace creation and update.
# The `async` value is an experimental feature, not recommended as default type.
che.workspace.storage.preferred_type=persistent
# Configures in which way secure servers will be protected with authentication.
# Suitable values:
# - 'default': jwtproxy is configured in a pass-through mode.
# So, servers should authenticate requests themselves.
# - 'jwtproxy': jwtproxy will authenticate requests.
# So, servers will receive only authenticated ones.
# - `default`: `jwtproxy` is configured in a pass-through mode. Servers should authenticate requests themselves.
# - `jwtproxy`: `jwtproxy` will authenticate requests. Servers will receive only authenticated requests.
che.server.secure_exposer=jwtproxy
# JWTProxy issuer string.
# `Jwtproxy` issuer string, token lifetime, and optional auth page path to route unsigned requests to.
che.server.secure_exposer.jwtproxy.token.issuer=wsmaster
# JWTProxy issuer token lifetime.
@ -714,46 +701,41 @@ che.server.secure_exposer.jwtproxy.cpu_request=0.03
# JWTProxy CPU limit.
che.server.secure_exposer.jwtproxy.cpu_limit=0.5
### Configuration of major "/websocket" endpoint
### Configuration of the major WebSocket endpoint
# Maximum size of the JSON RPC processing pool
# in case if pool size would be exceeded message execution will be rejected
che.core.jsonrpc.processor_max_pool_size=50
# Initial json processing pool. Minimum number of threads that used to process major JSON RPC messages.
# Initial JSON processing pool. Minimum number of threads that used to process major JSON RPC messages.
che.core.jsonrpc.processor_core_pool_size=5
# Configuration of queue used to process Json RPC messages.
# Configuration of queue used to process JSON RPC messages.
che.core.jsonrpc.processor_queue_capacity=100000
# Port the the http server endpoint that would be exposed with Prometheus metrics
# Port the HTTP server endpoint that would be exposed with Prometheus metrics.
che.metrics.port=8087
### CORS settings
# Indicates which request origins are allowed.
# CORS filter on WS Master is turned off by default.
# Use environment variable "CHE_CORS_ENABLED=true" to turn it on
# "cors.allowed.origins" indicates which request origins are allowed
# Use environment variable "CHE_CORS_ENABLED=true" to turn it on.
che.cors.allowed_origins=*
# "cors.support.credentials" indicates if it allows processing of requests with credentials
# (in cookies, headers, TLS client certificates)
# Indicates if it allows processing of requests with credentials (in cookies, headers, TLS client certificates).
che.cors.allow_credentials=false
### Factory defaults
# Editor that will be used for factories which are created from remote git repository
# which doesn't contain any Che-specific workspace descriptor.
che.factory.default_editor=eclipse/che-theia/next
# Plugins that will be used for factories which are created from remote git repository
# which doesn't contain any Che-specific workspace descriptor.
# Editor and plugin which will be used for factories that are created from a remote Git repository
# which does not contain any {prod-short}-specific workspace descriptor
# Multiple plugins must be comma-separated, for example:
# pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion
# `pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion`
che.factory.default_plugins=NULL
# Devfile filenames to look on repository-based factories (like GitHub etc).
# Devfile filenames to look on repository-based factories (for example GitHub).
# Factory will try to locate those files in the order they enumerated in the property.
che.factory.default_devfile_filenames=devfile.yaml,.devfile.yaml
@ -764,35 +746,35 @@ che.factory.default_devfile_filenames=devfile.yaml,.devfile.yaml
# `NULL` or absence of value means that default editor should not be provisioned.
che.workspace.devfile.default_editor=eclipse/che-theia/next
# Default Plugins which should be provisioned for Default Editor.
# Default Plug-ins which should be provisioned for Default Editor.
# All the plugins from this list that are not explicitly mentioned in the user-defined devfile
# will be provisioned but only when the default editor is used or if the user-defined editor is
# the same as the default one (even if in different version).
# Format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs. For example:
# eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml
# If the plugin is a URL, the plugin's meta.yaml is retrieved from that URL.
# `eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml`
# If the plugin is a URL, the plugin's `meta.yaml` is retrieved from that URL.
che.workspace.devfile.default_editor.plugins=NULL
# Defines comma-separated list of labels for selecting secrets from a user namespace,
# which will be mount into workspace containers as a files or env variables.
# which will be mount into workspace containers as a files or environment variables.
# Only secrets that match ALL given labels will be selected.
che.workspace.provision.secret.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspace-secret
# Plugin is added in case async storage feature will be enabled in workspace config
# Plugin is added in case asynchronous storage feature will be enabled in workspace configuration
# and supported by environment
che.workspace.devfile.async.storage.plugin=eclipse/che-async-pv-plugin/latest
# Docker image for the Che async storage
# Docker image for the {prod-short} asynchronous storage
che.infra.kubernetes.async.storage.image=quay.io/eclipse/che-workspace-data-sync-storage:0.0.1
# Optionally configures node selector for workspace pod. Format is comma-separated
# key=value pairs, e.g: disktype=ssd,cpu=xlarge,foo=bar
# Optionally configures node selector for workspace Pod. Format is comma-separated
# key=value pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar`
che.workspace.pod.node_selector=NULL
# Optionally configures tolerations for workspace pod. Format is a string representing a JSON Array of taint tolerations,
# Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations,
# or `NULL` to disable it. The objects contained in the array have to follow this
# link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core[spec].
# Example: [{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]
# Example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]`
che.workspace.pod.tolerations_json=NULL
# The timeout for the Asynchronous Storage Pod shutdown after stopping the last used workspace.
@ -803,9 +785,9 @@ che.infra.kubernetes.async.storage.shutdown_timeout_min=120
che.infra.kubernetes.async.storage.shutdown_check_period_min=30
# Bitbucket endpoints used for factory integrations.
# Comma separated list of bitbucket server URLs or NULL if no integration expected.
# Comma separated list of Bitbucket server URLs or NULL if no integration expected.
che.integration.bitbucket.server_endpoints=NULL
# Gitlab endpoints used for factory integrations.
# Comma separated list of Gitlab server URLs or NULL if no integration expected.
# GitLab endpoints used for factory integrations.
# Comma separated list of GitLab server URLs or NULL if no integration expected.
che.integration.gitlab.server_endpoints=NULL