diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties index 4ca3888367..0e449fca0f 100644 --- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties +++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties @@ -10,28 +10,30 @@ # Red Hat, Inc. - initial API and implementation # -### Che server +# {orch-name}: Kubernetes or OpenShift -# Folder where Che stores internal data objects. +### {prod-short} server + +# Folder where {prod-short} stores internal data objects. che.database=${che.home}/storage -# API service. Browsers initiate REST communications to Che server with this URL. +# API service. Browsers initiate REST communications to {prod-short} server with this URL. che.api=http://${CHE_HOST}:${CHE_PORT}/api -# API service internal network url. Back-end services should initiate REST communications to Che server with this URL +# API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL che.api.internal=http://${CHE_HOST}:${CHE_PORT}/api -# Che websocket major endpoint. Provides basic communication endpoint -# for major websocket interactions and messaging. +# {prod-short} WebSocket major endpoint. Provides basic communication endpoint +# for major WebSocket interactions and messaging. che.websocket.endpoint=ws://${CHE_HOST}:${CHE_PORT}/api/websocket -# Your projects are synchronized from the Che server into the machine running each +# Your projects are synchronized from the {prod-short} server into the machine running each # workspace. This is the directory in the machine where your projects are placed. che.workspace.projects.storage=/projects -# Used when Kubernetes or OpenShift-type components in a devfile request project PVC creation -# (Applied in case of 'unique' and 'per workspace' PVC strategy. In case of the 'common' PVC strategy, +# Used when {orch-name}-type components in a devfile request project PVC creation +# (Applied in case of `unique` and `per workspace` PVC strategy. In case of the `common` PVC strategy, # it is rewritten with the value of the `che.infra.kubernetes.pvc.quantity` property.) che.workspace.projects.storage.default.size=1Gi @@ -88,7 +90,7 @@ che.workspace.default_memory_limit_mb=1024 # RAM request for each container that has no explicit RAM settings in its environment. # This amount is allocated when the workspace container is created. # This property may not be supported by all infrastructure implementations. -# Currently it is supported by Kubernetes and OpenShift. +# Currently it is supported by {orch-name}. # A memory request exceeding the memory limit is ignored, and only the limit size is used. # Value less or equal to 0 is interpreted as disabling the limit. che.workspace.default_memory_request_mb=200 @@ -132,7 +134,7 @@ che.workspace.sidecar.image_pull_policy=Always che.workspace.activity_check_scheduler_period_s=60 # The period of the cleanup of the activity table. The activity table can contain invalid or stale data -# if some unforeseen errors happen, like a server crash at a peculiar point in time. The default is to +# if some unforeseen errors happen, as a server failure at a peculiar point in time. The default is to # run the cleanup job every hour. che.workspace.activity_cleanup_scheduler_period_s=3600 @@ -155,7 +157,7 @@ che.workspace.cleanup_temporary_period_min=180 # Number of sequential successful pings to server after which it is treated as available. -# Note: the property is common for all servers e.g. workspace agent, terminal, exec etc. +# the {prod-short} Operator: the property is common for all servers, for example, workspace agent, terminal, exec. che.workspace.server.ping_success_threshold=1 # Interval, in milliseconds, between successive pings to workspace server. @@ -173,15 +175,15 @@ che.workspace.startup_debug_log_limit_bytes=10485760 # This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled. che.workspace.stop.role.enabled=true -# Specifies whether che is deployed with DevWorkspaces enabled. -# This property is set by the Che operator if it also installed the support for DevWorkspaces. -# This property is used to advertise this fact to the Che dashboard. +# Specifies whether {prod-short} is deployed with DevWorkspaces enabled. +# This property is set by the {prod-short} Operator if it also installed the support for DevWorkspaces. +# This property is used to advertise this fact to the {prod-short} dashboard. # It does not make sense to change the value of this property manually. che.devworkspaces.enabled=false ### Authentication parameters -# Che has a single identity implementation, so this does not change the user experience. +# {prod-short} has a single identity implementation, so this does not change the user experience. # If true, enables user creation at API level che.auth.user_self_creation=false @@ -232,7 +234,7 @@ che.oauth1.bitbucket.endpoint=NULL ### Internal -# Che extensions can be scheduled executions on a time basis. +# {prod-short} extensions can be scheduled executions on a time basis. # This configures the size of the thread pool allocated to extensions that are launched on # a recurring schedule. schedule.core_pool_size=10 @@ -262,23 +264,23 @@ db.schema.flyway.scripts.locations=classpath:che-schema # Configuration of Kubernetes client master URL that Infra will use. che.infra.kubernetes.master_url= -# Boolean to configure Kubernetes client in order to use trusted certificates. +# Boolean to configure Kubernetes client to use trusted certificates. che.infra.kubernetes.trust_certs=false -# Defines the way how servers are exposed to the world in k8s infra. -# List of strategies implemented in Che: default-host, multi-host, single-host +# Defines the way how servers are exposed to the world in Kubernetes infra. +# List of strategies implemented in {prod-short}: `default-host`, `multi-host`, `single-host`. che.infra.kubernetes.server_strategy=multi-host # Defines the way in which the workspace plugins and editors are exposed in the single-host mode. # Supported exposures: -# - 'native': Exposes servers using k8s Ingresses. Works only on Kubernetes. -# - 'gateway': Exposes servers using reverse-proxy gateway. +# `native`:: Exposes servers using Kubernetes Ingresses. Works only on Kubernetes. +# `gateway`:: Exposes servers using reverse-proxy gateway. che.infra.kubernetes.singlehost.workspace.exposure=native -# Defines the way how to expose devfile endpoints, thus end-user's applications, in single-host server strategy. +# Defines the way how to expose devfile endpoints, as end-user's applications, in single-host server strategy. # They can either follow the single-host strategy and be exposed on subpaths, or they can be exposed on subdomains. -# - 'multi-host': expose on subdomains -# - 'single-host': expose on subpaths +# `multi-host`:: expose on subdomains +# `single-host`:: expose on subpaths che.infra.kubernetes.singlehost.workspace.devfile_endpoint_exposure=multi-host # Defines labels which will be set to ConfigMaps configuring single-host gateway. @@ -287,32 +289,32 @@ che.infra.kubernetes.singlehost.gateway.configmap_labels=app=che,component=che-g # Used to generate domain for a server in a workspace in case property `che.infra.kubernetes.server_strategy` is set to `multi-host` che.infra.kubernetes.ingress.domain= -# DEPRECATED - please do not change the value of this property otherwise the existing workspaces will loose data. Do not +# DEPRECATED - Do not change the value of this property otherwise the existing workspaces will loose data. Do not # set it on new installations. # # Defines Kubernetes namespace in which all workspaces will be created. # If not set, every workspace will be created in a new namespace, where namespace = workspace id -# It's possible to use and placeholders (e.g.: che-workspace-). +# It's possible to use `` and `` placeholders (for example: `che-workspace-`). # In that case, new namespace will be created for each user. Service account with permission # to create new namespace must be used. # # Ignored for OpenShift infra. Use `che.infra.openshift.project` instead # # If the namespace pointed to by this property exists, it will be used for all workspaces. If it does not exist, -# the namespace specified by the che.infra.kubernetes.namespace.default will be created and used. +# the namespace specified by `che.infra.kubernetes.namespace.default` will be created and used. # This parameter is subject to removal in future releases. # Legacy workspaces located in this namespace may become unreachable in future releases. -# Please refer to the documentation about possible next steps. +# See the documentation about possible next steps. che.infra.kubernetes.namespace= -# Indicates whether Che server is allowed to create namespaces/projects for user +# Indicates whether {prod-short} server is allowed to create {orch-namespace} for user # workspaces, or they're intended to be created manually by cluster administrator. # This property is also used by the OpenShift infra. che.infra.kubernetes.namespace.creation_allowed=true # Defines Kubernetes default namespace in which user's workspaces are created # if user does not override it. -# It's possible to use , and placeholders (e.g.: che-workspace-). +# It's possible to use `` and `` placeholders (for example: `che-workspace-`). # In that case, new namespace will be created for each user (or workspace). # Used by OpenShift infra as well to specify a Project. # The `` placeholder is deprecated and is subject to removal in future releases. @@ -322,25 +324,25 @@ che.infra.kubernetes.namespace.default=-che # Defines whether che-server should try to label the workspace namespaces. che.infra.kubernetes.namespace.label=true -# List of labels to find Namespaces/Projects that are used for Che Workspaces. +# List of labels to find {orch-namespace} that are used for {prod-short} Workspaces. # They are used to: -# - find prepared Namespaces/Projects for users in combination with `che.infra.kubernetes.namespace.annotations`. -# - actively label namespaces with any workspace. +# - find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.annotations`. +# - actively label {orch-namespace} with any workspace. che.infra.kubernetes.namespace.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspaces-namespace -# List of annotations to find Namespaces/Projects prepared for Che users workspaces. -# Only Namespaces/Projects matching the `che.infra.kubernetes.namespace.labels` will be matched against these annotations. -# Namespaces/Projects that matches both `che.infra.kubernetes.namespace.labels` and `che.infra.kubernetes.namespace.annotations` +# List of annotations to find {orch-namespace} prepared for {prod-short} users workspaces. +# Only {orch-namespace} matching the `che.infra.kubernetes.namespace.labels` will be matched against these annotations. +# {orch-namespace} that matches both `che.infra.kubernetes.namespace.labels` and `che.infra.kubernetes.namespace.annotations` # will be preferentially used for User's workspaces. -# It's possible to use `` placeholder to specify the Namespace/Project to concrete user. +# It's possible to use `` placeholder to specify the {orch-namespace} to concrete user. che.infra.kubernetes.namespace.annotations=che.eclipse.org/username= -# Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default. +# Defines if a user is able to specify {orch-namespace} different from the default. # It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra. che.infra.kubernetes.namespace.allow_user_defined=false -# Defines Kubernetes Service Account name which should be specified to be bound to all workspaces pods. -# Note that Kubernetes Infrastructure won't create the service account and it should exist. +# Defines Kubernetes Service Account name which should be specified to be bound to all workspaces Pods. +# the {prod-short} Operator that Kubernetes Infrastructure will not create the service account and it should exist. # OpenShift infrastructure will check if project is predefined(if `che.infra.openshift.project` is not empty): # - if it is predefined then service account must exist there # - if it is 'NULL' or empty string then infrastructure will create new OpenShift project per workspace @@ -348,9 +350,9 @@ che.infra.kubernetes.namespace.allow_user_defined=false che.infra.kubernetes.service_account_name=NULL # Specifies optional, additional cluster roles to use with the workspace service account. -# Note that the cluster role names must already exist, and the Che service account needs to be able to create a Role Binding +# the {prod-short} Operator that the cluster role names must already exist, and the {prod-short} service account needs to be able to create a Role Binding # to associate these cluster roles with the workspace service account. The names are comma separated. -# This property deprecates 'che.infra.kubernetes.cluster_role_name'. +# This property deprecates `che.infra.kubernetes.cluster_role_name`. che.infra.kubernetes.workspace_sa_cluster_roles=NULL # Defines time frame that limits the Kubernetes workspace start time @@ -360,52 +362,52 @@ che.infra.kubernetes.workspace_start_timeout_min=8 che.infra.kubernetes.ingress_start_timeout_min=5 # If during workspace startup an unrecoverable event defined in the property occurs, -# terminate workspace immediately instead of waiting until timeout -# Note that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable. -# A failed container startup is handled explicitly by Che server. +# stop the workspace immediately rather than waiting until timeout. +# the {prod-short} Operator that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable. +# A failed container startup is handled explicitly by {prod-short} server. che.infra.kubernetes.workspace_unrecoverable_events=FailedMount,FailedScheduling,MountVolume.SetUp failed,Failed to pull image,FailedCreate,ReplicaSetCreateError -# Defines whether use the Persistent Volume Claim for che workspace needs -# e.g backup projects, logs etc or disable it. +# Defines whether use the Persistent Volume Claim for {prod-short} workspace needs, +# for example: backup projects, logs, or disable it. che.infra.kubernetes.pvc.enabled=true # Defined which strategy will be used while choosing PVC for workspaces. # # Supported strategies: -# - 'common' -# All workspaces in the same Kubernetes Namespace will reuse the same PVC. -# Name of PVC may be configured with 'che.infra.kubernetes.pvc.name'. -# Existing PVC will be used or new one will be created if it doesn't exist. +# `common`:: +# All workspaces in the same {orch-namespace} will reuse the same PVC. +# Name of PVC may be configured with `che.infra.kubernetes.pvc.name`. +# Existing PVC will be used or a new one will be created if it does not exist. # -# - 'unique' +# `unique`:: # Separate PVC for each workspace's volume will be used. -# Name of PVC is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + {generated_8_chars}'. -# Existing PVC will be used or a new one will be created if it doesn't exist. +# Name of PVC is evaluated as `'{che.infra.kubernetes.pvc.name} + '-' + {generated_8_chars}'`. +# Existing PVC will be used or a new one will be created if it does not exist. # -# - 'per-workspace' +# `per-workspace`:: # Separate PVC for each workspace will be used. -# Name of PVC is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + {WORKSPACE_ID}'. +# Name of PVC is evaluated as `'{che.infra.kubernetes.pvc.name} + '-' + {WORKSPACE_ID}'`. # Existing PVC will be used or a new one will be created if it doesn't exist. che.infra.kubernetes.pvc.strategy=common -# Defines whether to run a job that creates workspace's subpath directories in persistent volume for the 'common' strategy before launching a workspace. -# Necessary in some versions of OpenShift/Kubernetes as workspace subpath volume mounts are created with root permissions, -# and thus cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in Che). -# The default is "true", but should be set to false if the version of Openshift/Kubernetes creates subdirectories with user permissions. +# Defines whether to run a job that creates workspace's subpath directories in persistent volume for the `common` strategy before launching a workspace. +# Necessary in some versions of {orch-name} as workspace subpath volume mounts are created with root permissions, +# and therefore cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in {prod-short}). +# The default is `true`, but should be set to `false` if the version of {orch-name} creates subdirectories with user permissions. # Relevant issue: https://github.com/kubernetes/kubernetes/issues/41638 -# Note that this property has effect only if the 'common' PVC strategy used. +# the {prod-short} Operator that this property has effect only if the `common` PVC strategy used. che.infra.kubernetes.pvc.precreate_subpaths=true -# Defines the settings of PVC name for che workspaces. +# Defines the settings of PVC name for {prod-short} workspaces. # Each PVC strategy supplies this value differently. -# See doc for che.infra.kubernetes.pvc.strategy property +# See documentation for `che.infra.kubernetes.pvc.strategy` property che.infra.kubernetes.pvc.name=claim-che-workspace # Defines the storage class of Persistent Volume Claim for the workspaces. # Empty strings means "use default". che.infra.kubernetes.pvc.storage_class_name= -# Defines the size of Persistent Volume Claim of che workspace. +# Defines the size of Persistent Volume Claim of {prod-short} workspace. # Format described here: # https://docs.openshift.com/container-platform/latest/dev_guide/compute_resources.html#dev-compute-resources che.infra.kubernetes.pvc.quantity=10Gi @@ -413,27 +415,25 @@ che.infra.kubernetes.pvc.quantity=10Gi # Pod that is launched when performing persistent volume claim maintenance jobs on OpenShift che.infra.kubernetes.pvc.jobs.image=registry.access.redhat.com/ubi8-minimal:8.3-230 -# Image pull policy of container that used for the maintenance jobs on Kubernetes/OpenShift cluster +# Image pull policy of container that used for the maintenance jobs on {orch-name} cluster che.infra.kubernetes.pvc.jobs.image.pull_policy=IfNotPresent -# Defines pod memory limit for persistent volume claim maintenance jobs +# Defines Pod memory limit for persistent volume claim maintenance jobs che.infra.kubernetes.pvc.jobs.memorylimit=250Mi # Defines Persistent Volume Claim access mode. -# Note that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces. -# If OpenShift flavor where che running is using PVs with RWX access mode then a limit of running workspaces at the same time -# bounded only by che limits configuration like(RAM, CPU etc). +# the {prod-short} Operator that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces. +# If the OpenShift instance running {prod-short} is using Persistent Volumes with RWX access mode, then a limit of running workspaces at the same time is bounded only by {prod-short} limits configuration: RAM, CPU, and so on. # Detailed information about access mode is described here: # https://docs.openshift.com/container-platform/latest/architecture/additional_concepts/storage.html#pv-access-modes che.infra.kubernetes.pvc.access_mode=ReadWriteOnce -# Defines whether Che Server should wait workspaces PVCs to become bound after creating. -# It's used by all PVC strategies. +# Defines if {prod-short} Server should wait workspaces Persistent Volume Claims to become bound after creating. +# Default value is `true`. +# The parameter is used by all Persistent Volume Claim strategies. # -# It should be set to `false` in case if `volumeBindingMode` is configured to `WaitForFirstConsumer` -# otherwise workspace starts will hangs up on phase of waiting PVCs. +# It should be set to `false` when `volumeBindingMode` is configured to `WaitForFirstConsumer` otherwise workspace starts will hangs up on phase of waiting PVCs. # -# Default value is true (means that PVCs should be waited to be bound) che.infra.kubernetes.pvc.wait_bound=true # Defined range of ports for installers servers @@ -449,24 +449,24 @@ che.infra.kubernetes.installer_server_max_port=20000 # Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingress # controller. # -# OpenShift infrastructure ignores this property because it uses Routes instead of ingresses. +# OpenShift infrastructure ignores this property because it uses Routes rather than Ingresses. # -# Note that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be -# used (so that URLs can point to different servers while the servers don't need to support changing the app root). -# The che.infra.kubernetes.ingress.path.rewrite_transform property defines how the path of the ingress should be +# the {prod-short} Operator that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be +# used (so that URLs can point to different servers while the servers do not need to support changing the app root). +# The `che.infra.kubernetes.ingress.path.rewrite_transform` property defines how the path of the ingress should be # transformed to support the URL rewriting and this property defines the set of annotations on the ingress itself # that instruct the chosen ingress controller to actually do the URL rewriting, potentially building on the path # transformation (if required by the chosen ingress controller). # -# For example for nginx ingress controller 0.22.0 and later the following value is recommended: -# {"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\ -# "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600"} -# and the che.infra.kubernetes.ingress.path.rewrite_transform should be set to "%s(.*)" +# For example for Nginx ingress controller 0.22.0 and later the following value is recommended: +# `{"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\ +# "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600"}` +# and the `che.infra.kubernetes.ingress.path.rewrite_transform` should be set to `"%s(.*)"`. # -# For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely "/" and the path transform -# to "%s" (see the the che.infra.kubernetes.ingress.path.rewrite_transform property). +# For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely `/` and the path transform +# to `%s` (see the `che.infra.kubernetes.ingress.path.rewrite_transform` property). # -# Please consult the nginx ingress controller documentation for the explanation of how the ingress controller uses +# See the Nginx ingress controller documentation for the explanation of how the ingress controller uses # the regular expression present in the ingress path and how it achieves the URL rewriting. che.infra.kubernetes.ingress.annotations_json=NULL @@ -474,63 +474,58 @@ che.infra.kubernetes.ingress.annotations_json=NULL # The "%s" represents the base public URL of the server and is guaranteed to end with a forward slash. This property # must be a valid input to the String.format() method and contain exactly one reference to "%s". # -# Please see the description of the che.infra.kubernetes.ingress.annotations_json property to see how these two +# See the description of the `che.infra.kubernetes.ingress.annotations_json` property to see how these two # properties interplay when specifying the ingress annotations and path. # # If not defined, this property defaults to "%s" (without the quotes) which means that the path is not transformed in # any way for use with the ingress controller. che.infra.kubernetes.ingress.path_transform=NULL -# Additional labels to add into every Ingress created by Che server +# Additional labels to add into every Ingress created by {prod-short} server # to allow clear identification. che.infra.kubernetes.ingress.labels=NULL -# Defines security context for pods that will be created by Kubernetes Infra. -# Specifies that for any Containers in the Pod, all processes run with given user ID. +# Defines security context for Pods that will be created by Kubernetes Infra +# # This is ignored by OpenShift infra che.infra.kubernetes.pod.security_context.run_as_user=NULL -# Defines security context for pods that will be created by Kubernetes Infra. -# A special supplemental group that applies to all containers in a pod. +# Defines security context for Pods that will be created by Kubernetes Infra. +# A special supplemental group that applies to all containers in a Pod. # This is ignored by OpenShift infra. che.infra.kubernetes.pod.security_context.fs_group=NULL -# Defines grace termination period for pods that will be created by Kubernetes / OpenShift infrastructures +# Defines grace termination period for Pods that will be created by {orch-name} infrastructures. # -# Grace termination period of Kubernetes / OpenShift workspace's pods defaults '0', which allows to terminate -# pods almost instantly and significantly decrease the time required for stopping a workspace. -# Note: if `terminationGracePeriodSeconds` have been explicitly set in Kubernetes / OpenShift recipe it will not be overridden. +# Default value: `0`. It allows to stop Pods quickly and significantly decrease the time required for stopping a workspace. +# the {prod-short} Operator: if `terminationGracePeriodSeconds` have been explicitly set in {orch-name} recipe it will not be overridden. che.infra.kubernetes.pod.termination_grace_period_sec=0 -# Number of maximum concurrent async web requests (http requests or ongoing web socket calls) -# supported in the underlying shared http client of the `KubernetesClient` instances. -# Default values are 64, and 5 per-host, which doesn't seem correct for multi-user scenarios, -# knowing that Che keeps a number of connections opened (e.g. for command or ws-agent logs) +# Number of maximum concurrent asynchronous web requests (HTTP requests or ongoing WebSocket calls) supported in the underlying shared HTTP client of the `KubernetesClient` instances. +# Default values: `max=64`, and `max_per_host:5`. +# Default values are not suitable for multi-user scenarios, as {prod-short} keeps open connections, for example for command or ws-agent logs. che.infra.kubernetes.client.http.async_requests.max=1000 -# Number of maximum concurrent async web requests per host. +# Number of maximum concurrent asynchronous web requests per host. che.infra.kubernetes.client.http.async_requests.max_per_host=1000 -# Max number of idle connections in the connection pool -# of the Kubernetes-client shared http client +# Max number of idle connections in the connection pool of the Kubernetes-client shared HTTP client. che.infra.kubernetes.client.http.connection_pool.max_idle=5 -# Keep-alive timeout of the connection pool -# of the Kubernetes-client shared http client -# in minutes +# Keep-alive timeout of the connection pool of the Kubernetes-client shared HTTP client in minutes. che.infra.kubernetes.client.http.connection_pool.keep_alive_min=5 -# Creates Ingresses with Transport Layer Security (TLS) enabled -# In OpenShift infrastructure, Routes will be TLS-enabled +# Creates Ingresses with Transport Layer Security (TLS) enabled. +# In OpenShift infrastructure, Routes will be TLS-enabled. che.infra.kubernetes.tls_enabled=false -# Name of a secret that should be used when creating workspace ingresses with TLS -# Ignored by OpenShift infrastructure +# Name of a secret that should be used when creating workspace ingresses with TLS. +# This property is ignored by OpenShift infrastructure. che.infra.kubernetes.tls_secret= -# Key data for TLS Secret that should be used for workspaces Ingresses. -# Key should be encoded with Base64 algorithm. -# This property is ignored by OpenShift infrastructure. +# Data for TLS Secret that should be used for workspaces Ingresses. +# `cert` and `key` should be encoded with Base64 algorithm. +# These properties are ignored by OpenShift infrastructure. che.infra.kubernetes.tls_key=NULL # Certificate data for TLS Secret that should be used for workspaces Ingresses. @@ -542,37 +537,36 @@ che.infra.kubernetes.tls_cert=NULL # If runtime has inconsistent state then runtime will be stopped automatically. # Value must be more than 0 or `-1`, where `-1` means that checks won't be performed at all. # -# It is disabled by default because there is possible Che Server configuration when Che Server +# It is disabled by default because there is possible {prod-short} Server configuration when {prod-short} Server # doesn't have an ability to interact with Kubernetes API when operation is not invoked by user. # # It DOES work on the following configurations: -# - workspaces objects are created in the same namespace where Che Server is located; -# - cluster-admin service account token is mount to Che Server pod; +# - workspaces objects are created in the same namespace where {prod-short} Server is located; +# - `cluster-admin` service account token is mounted to {prod-short} Server Pod. # # It DOES NOT work on the following configurations: -# - Che Server communicates with Kubernetes API using token from OAuth provider; +# - {prod-short} Server communicates with Kubernetes API using token from OAuth provider. che.infra.kubernetes.runtimes_consistency_check_period_min=-1 -# Name of cofig map in Che server namespace with additional CA TLS certificates to be propagated into all user's workspaces. -# If the property is set on OpenShift 4 infrastructure, and che.infra.openshift.trusted_ca.dest_configmap_labels includes -# config.openshift.io/inject-trusted-cabundle=true label, then cluster CA bundle will be propagated too. +# Name of the ConfigMap in {prod-short} server namespace with additional CA TLS certificates to be propagated into all user's workspaces. +# If the property is set on OpenShift 4 infrastructure, and `che.infra.openshift.trusted_ca.dest_configmap_labels` includes the `config.openshift.io/inject-trusted-cabundle=true` label, then cluster CA bundle will be propagated too. che.infra.kubernetes.trusted_ca.src_configmap=NULL -# Name of configmap in a workspace namespace with additional CA TLS certificates. -# Holds the copy of che.infra.kubernetes.trusted_ca.src_configmap but in a workspace namespace. -# Content of this config map is mounted into all workspace containers including plugin brokers. -# Do not change the config map name unless it conflicts with the already existing config map. -# Note that the resulting config map name can be adjusted eventually to make it unique in k8s namespace. +# Name of the ConfigMap in a workspace namespace with additional CA TLS certificates. +# Holds the copy of `che.infra.kubernetes.trusted_ca.src_configmap` but in a workspace namespace. +# Content of this ConfigMap is mounted into all workspace containers including plugin brokers. +# Do not change the ConfigMap name unless it conflicts with the already existing ConfigMap. +# the {prod-short} Operator that the resulting ConfigMap name can be adjusted eventually to make it unique in {orch-namespace}. # The original name would be stored in `che.original_name` label. che.infra.kubernetes.trusted_ca.dest_configmap=ca-certs -# Configures path on workspace containers where the CA bundle should be mount. -# Content of config map specified by che.infra.kubernetes.trusted_ca.dest_configmap is mounted. +# Configures path on workspace containers where the CA bundle should be mounted. +# Content of ConfigMap specified by `che.infra.kubernetes.trusted_ca.dest_configmap` is mounted. che.infra.kubernetes.trusted_ca.mount_path=/public-certs -# Comma separated list of labels to add to the CA certificates config map in user workspace. -# See che.infra.kubernetes.trusted_ca.dest_configmap property. +# Comma separated list of labels to add to the CA certificates ConfigMap in user workspace. +# See the `che.infra.kubernetes.trusted_ca.dest_configmap` property. che.infra.kubernetes.trusted_ca.dest_configmap_labels= ### OpenShift Infra parameters @@ -580,117 +574,110 @@ che.infra.kubernetes.trusted_ca.dest_configmap_labels= # Since OpenShift infrastructure reuse Kubernetes infrastructure components # OpenShift infrastructure reuse most of the Kubernetes configuration attributes. -# DEPRECATED - please do not change the value of this property otherwise the existing workspaces will loose data. Do not +# DEPRECATED - Do not change the value of this property otherwise the existing workspaces will loose data. Do not # set it on new installations. # # Defines OpenShift namespace in which all workspaces will be created. # If not set, every workspace will be created in a new project, where project name = workspace id -# It's possible to use and placeholders (e.g.: che-workspace-). -# In that case, new project will be created for each user. OpenShift oauth or service account with +# It's possible to use `` and `` placeholders (for example: `che-workspace-`). +# In that case, new project will be created for each user. OpenShift OAuth or service account with # permission to create new projects must be used. # # If the project pointed to by this property exists, it will be used for all workspaces. If it does not exist, -# the namespace specified by the che.infra.kubernetes.namespace.default will be created and used. +# the namespace specified by the `che.infra.kubernetes.namespace.default` will be created and used. # This parameter is subject to removal in future releases. # Legacy workspaces located in this namespace may become unreachable in future releases. -# Please refer to the documentation about possible next steps. +# See the documentation for possible next steps. che.infra.openshift.project= -# Comma separated list of labels to add to the CA certificates config map in user workspace. -# See che.infra.kubernetes.trusted_ca.dest_configmap property. -# This default value is used for automatic cluster CA bundle injection in Openshift 4. +# Comma separated list of labels to add to the CA certificates ConfigMap in user workspace. +# See `che.infra.kubernetes.trusted_ca.dest_configmap` property. +# This default value is used for automatic cluster CA bundle injection in OpenShift 4. che.infra.openshift.trusted_ca.dest_configmap_labels=config.openshift.io/inject-trusted-cabundle=true -# Additional labels to add into every Route created by Che server -# to allow clear identification. +# Additional labels to add into every Route created by {prod-short} server to allow clear identification. che.infra.openshift.route.labels=NULL # The hostname that should be used as a suffix for the workspace routes. -# For example host=open.che.org then the route will look like routed3qrtk.open.che.org +# For example: Using `domain_suffix=__<{che-host}>__`, the route resembles: `routed3qrtk.__<{che-host}>__`. # It has to be a valid DNS name. che.infra.openshift.route.host.domain_suffix=NULL ### Experimental properties -# Next properties are subject to changes and removal, so do not rely on them in a stable Che assembly +# Next properties are subject to changes and removal, so do not rely on them in a stable {prod-short} instance. -# Docker image of plugin metadata broker. -# This broker must be run prior to starting the workspaces pod, as its job is to provision required containers, -# volumes, and environment variables for the workspace to be able to start with the installed plugins enabled. -# Note this image is overridden by the Che Operator by default; changing the image here will not -# have an effect if Che is installed via Operator. +# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies plugins dependencies to a workspace. +# The {prod-short} Operator overrides these images by default. Changing the images here will not +# have an effect if {prod-short} is installed using the Operator. che.workspace.plugin_broker.metadata.image=quay.io/eclipse/che-plugin-metadata-broker:v3.4.0 # Docker image of Che plugin artifacts broker. -# This broker runs as an init container on the workspace pod. Its job is to take in a list of plugin identifiers +# This broker runs as an init container on the workspace Pod. Its job is to take in a list of plugin identifiers # (either references to a plugin in the registry or a link to a plugin meta.yaml) and ensure that the correct .vsix -# and .theia extenions are downloaded into the /plugins directory, for each plugin requested for the workspace. +# and .theia extensions are downloaded into the /plugins directory, for each plugin requested for the workspace. che.workspace.plugin_broker.artifacts.image=quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0 # Configures the default behavior of the plugin brokers when provisioning plugins into a workspace. -# If set to true, the plugin brokers will attempt to merge plugins when possible (i.e. they run in -# the same sidecar image and do not have conflicting settings). This value is the default setting -# used when the devfile does not specify otherwise, via the "mergePlugins" attribute. +# If set to true, the plugin brokers will attempt to merge plugins when possible: they run in +# the same sidecar image and do not have conflicting settings. This value is the default setting +# used when the devfile does not specify the `mergePlugins` attribute. che.workspace.plugin_broker.default_merge_plugins=false -# Docker image of Che plugin broker app that resolves workspace tooling configuration and copies +# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies # plugins dependencies to a workspace che.workspace.plugin_broker.pull_policy=Always # Defines the timeout in minutes that limits the max period of result waiting for plugin broker. che.workspace.plugin_broker.wait_timeout_min=3 -# Workspace tooling plugins registry endpoint. Should be a valid HTTP URL. -# Example: http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io -# In case Che plugins tooling is not needed value 'NULL' should be used +# Workspace plug-ins registry endpoint. Should be a valid HTTP URL. +# Example: ++http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io++ +# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used che.workspace.plugin_registry_url=https://che-plugin-registry.prod-preview.openshift.io/v3 -# Workspace tooling plugins registry "internal" endpoint. Should be a valid HTTP URL. -# Example: http://devfile-registry.che.svc.cluster.local:8080 -# In case Che plugins tooling is not needed value 'NULL' should be used +# Workspace plugins registry internal endpoint. Should be a valid HTTP URL. +# Example: ++http://devfile-registry.che.svc.cluster.local:8080++ +# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used che.workspace.plugin_registry_internal_url=NULL # Devfile Registry endpoint. Should be a valid HTTP URL. -# Example: http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io -# In case Che plugins tooling is not needed value 'NULL' should be used +# Example: ++http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io++ +# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used che.workspace.devfile_registry_url=https://che-devfile-registry.prod-preview.openshift.io/ # Devfile Registry "internal" endpoint. Should be a valid HTTP URL. -# Example: http://plugin-registry.che.svc.cluster.local:8080 -# In case Che plugins tooling is not needed value 'NULL' should be used +# Example: ++http://plugin-registry.che.svc.cluster.local:8080++ +# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used che.workspace.devfile_registry_internal_url=NULL -# The configuration property that defines available values for storage types that clients like -# Dashboard should propose for users during workspace creation/update. +# The configuration property that defines available values for storage types that clients such as the Dashboard should propose to users during workspace creation and update. # Available values: -# - 'persistent': Persistent Storage slow I/O but persistent. -# - 'ephemeral': Ephemeral Storage allows for faster I/O but may have limited storage +# - `persistent`: Persistent Storage slow I/O but persistent. +# - `ephemeral`: Ephemeral Storage allows for faster I/O but may have limited storage # and is not persistent. -# - 'async': Experimental feature: Asynchronous storage is combination of Ephemeral +# - `async`: Experimental feature: Asynchronous storage is combination of Ephemeral # and Persistent storage. Allows for faster I/O and keep your changes, will backup on stop # and restore on start workspace. # Will work only if: -# - che.infra.kubernetes.pvc.strategy='common' -# - che.limits.user.workspaces.run.count=1 -# - che.infra.kubernetes.namespace.allow_user_defined=false -# - che.infra.kubernetes.namespace.default contains -# in other cases remove 'async' from the list. +# - `che.infra.kubernetes.pvc.strategy='common'` +# - `che.limits.user.workspaces.run.count=1` +# - `che.infra.kubernetes.namespace.allow_user_defined=false` +# - `che.infra.kubernetes.namespace.default` contains `` +# in other cases remove `async` from the list. che.workspace.storage.available_types=persistent,ephemeral,async -# The configuration property that defines a default value for storage type that clients like -# Dashboard should propose for users during workspace creation/update. -# The 'async' value not recommended as default type since it's experimental +# The configuration property that defines a default value for storage type that clients such as the Dashboard should propose to users during workspace creation and update. +# The `async` value is an experimental feature, not recommended as default type. che.workspace.storage.preferred_type=persistent # Configures in which way secure servers will be protected with authentication. # Suitable values: -# - 'default': jwtproxy is configured in a pass-through mode. -# So, servers should authenticate requests themselves. -# - 'jwtproxy': jwtproxy will authenticate requests. -# So, servers will receive only authenticated ones. +# - `default`: `jwtproxy` is configured in a pass-through mode. Servers should authenticate requests themselves. +# - `jwtproxy`: `jwtproxy` will authenticate requests. Servers will receive only authenticated requests. che.server.secure_exposer=jwtproxy -# JWTProxy issuer string. +# `Jwtproxy` issuer string, token lifetime, and optional auth page path to route unsigned requests to. che.server.secure_exposer.jwtproxy.token.issuer=wsmaster # JWTProxy issuer token lifetime. @@ -714,46 +701,41 @@ che.server.secure_exposer.jwtproxy.cpu_request=0.03 # JWTProxy CPU limit. che.server.secure_exposer.jwtproxy.cpu_limit=0.5 -### Configuration of major "/websocket" endpoint +### Configuration of the major WebSocket endpoint # Maximum size of the JSON RPC processing pool # in case if pool size would be exceeded message execution will be rejected che.core.jsonrpc.processor_max_pool_size=50 -# Initial json processing pool. Minimum number of threads that used to process major JSON RPC messages. +# Initial JSON processing pool. Minimum number of threads that used to process major JSON RPC messages. che.core.jsonrpc.processor_core_pool_size=5 -# Configuration of queue used to process Json RPC messages. +# Configuration of queue used to process JSON RPC messages. che.core.jsonrpc.processor_queue_capacity=100000 -# Port the the http server endpoint that would be exposed with Prometheus metrics +# Port the HTTP server endpoint that would be exposed with Prometheus metrics. che.metrics.port=8087 ### CORS settings +# Indicates which request origins are allowed. # CORS filter on WS Master is turned off by default. -# Use environment variable "CHE_CORS_ENABLED=true" to turn it on -# "cors.allowed.origins" indicates which request origins are allowed +# Use environment variable "CHE_CORS_ENABLED=true" to turn it on. che.cors.allowed_origins=* -# "cors.support.credentials" indicates if it allows processing of requests with credentials -# (in cookies, headers, TLS client certificates) +# Indicates if it allows processing of requests with credentials (in cookies, headers, TLS client certificates). che.cors.allow_credentials=false ### Factory defaults -# Editor that will be used for factories which are created from remote git repository -# which doesn't contain any Che-specific workspace descriptor. -che.factory.default_editor=eclipse/che-theia/next - -# Plugins that will be used for factories which are created from remote git repository -# which doesn't contain any Che-specific workspace descriptor. +# Editor and plugin which will be used for factories that are created from a remote Git repository +# which does not contain any {prod-short}-specific workspace descriptor # Multiple plugins must be comma-separated, for example: -# pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion +# `pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion` che.factory.default_plugins=NULL -# Devfile filenames to look on repository-based factories (like GitHub etc). +# Devfile filenames to look on repository-based factories (for example GitHub). # Factory will try to locate those files in the order they enumerated in the property. che.factory.default_devfile_filenames=devfile.yaml,.devfile.yaml @@ -764,35 +746,35 @@ che.factory.default_devfile_filenames=devfile.yaml,.devfile.yaml # `NULL` or absence of value means that default editor should not be provisioned. che.workspace.devfile.default_editor=eclipse/che-theia/next -# Default Plugins which should be provisioned for Default Editor. +# Default Plug-ins which should be provisioned for Default Editor. # All the plugins from this list that are not explicitly mentioned in the user-defined devfile # will be provisioned but only when the default editor is used or if the user-defined editor is # the same as the default one (even if in different version). # Format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs. For example: -# eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml -# If the plugin is a URL, the plugin's meta.yaml is retrieved from that URL. +# `eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml` +# If the plugin is a URL, the plugin's `meta.yaml` is retrieved from that URL. che.workspace.devfile.default_editor.plugins=NULL # Defines comma-separated list of labels for selecting secrets from a user namespace, -# which will be mount into workspace containers as a files or env variables. +# which will be mount into workspace containers as a files or environment variables. # Only secrets that match ALL given labels will be selected. che.workspace.provision.secret.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspace-secret -# Plugin is added in case async storage feature will be enabled in workspace config +# Plugin is added in case asynchronous storage feature will be enabled in workspace configuration # and supported by environment che.workspace.devfile.async.storage.plugin=eclipse/che-async-pv-plugin/latest -# Docker image for the Che async storage +# Docker image for the {prod-short} asynchronous storage che.infra.kubernetes.async.storage.image=quay.io/eclipse/che-workspace-data-sync-storage:0.0.1 -# Optionally configures node selector for workspace pod. Format is comma-separated -# key=value pairs, e.g: disktype=ssd,cpu=xlarge,foo=bar +# Optionally configures node selector for workspace Pod. Format is comma-separated +# key=value pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar` che.workspace.pod.node_selector=NULL -# Optionally configures tolerations for workspace pod. Format is a string representing a JSON Array of taint tolerations, +# Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations, # or `NULL` to disable it. The objects contained in the array have to follow this # link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core[spec]. -# Example: [{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}] +# Example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]` che.workspace.pod.tolerations_json=NULL # The timeout for the Asynchronous Storage Pod shutdown after stopping the last used workspace. @@ -803,9 +785,9 @@ che.infra.kubernetes.async.storage.shutdown_timeout_min=120 che.infra.kubernetes.async.storage.shutdown_check_period_min=30 # Bitbucket endpoints used for factory integrations. -# Comma separated list of bitbucket server URLs or NULL if no integration expected. +# Comma separated list of Bitbucket server URLs or NULL if no integration expected. che.integration.bitbucket.server_endpoints=NULL -# Gitlab endpoints used for factory integrations. -# Comma separated list of Gitlab server URLs or NULL if no integration expected. +# GitLab endpoints used for factory integrations. +# Comma separated list of GitLab server URLs or NULL if no integration expected. che.integration.gitlab.server_endpoints=NULL