From 8c7ebc6751e05cd29c8f04a6dabcdd98f1069458 Mon Sep 17 00:00:00 2001 From: Guy Daich Date: Thu, 8 Mar 2018 11:36:32 +0200 Subject: [PATCH] K8s multiuser helm (#8973) Signed-off-by: Guy Daich --- .../modules/che-kubernetes-helm/Chart.yaml | 7 ++ .../charts/che-keycloak/.helmignore | 21 +++++ .../charts/che-keycloak/Chart.yaml | 11 +++ .../che-keycloak/templates/deployment.yaml | 90 +++++++++++++++++++ .../che-keycloak/templates/ingress.yaml | 42 +++++++++ .../templates/keycloak-configure-job.yaml | 42 +++++++++ .../templates/keycloak-data-claim.yaml | 20 +++++ .../templates/keycloak-log-claim.yaml | 20 +++++ .../che-keycloak/templates/service.yaml | 20 +++++ .../charts/che-keycloak/values.yaml | 13 +++ .../charts/che-postgres/.helmignore | 21 +++++ .../charts/che-postgres/Chart.yaml | 11 +++ .../che-postgres/templates/deployment.yaml | 72 +++++++++++++++ .../templates/postgres-data-claim.yaml | 21 +++++ .../che-postgres/templates/service.yaml | 23 +++++ .../charts/che-postgres/values.yaml | 11 +++ .../modules/che-kubernetes-helm/readme.md | 51 ++++++++++- .../che-kubernetes-helm/requirements.yaml | 16 ++++ .../templates/_hostHelper.tpl | 6 +- .../templates/_keycloakAuthUrlHelper.tpl | 15 ++++ .../templates/_keycloakHostHelper.tpl | 7 ++ .../templates/cert-issuer.yaml | 9 +- .../templates/certificate.yaml | 15 +++- .../templates/cluster-role-binding.yaml | 7 ++ .../templates/configmap.yaml | 24 +++-- .../templates/deployment.yaml | 44 ++++++++- .../templates/ingress.yaml | 30 ++++--- .../che-kubernetes-helm/templates/pvc.yaml | 7 ++ .../templates/registry-pull-secret.yaml | 7 ++ .../templates/service.yaml | 7 ++ .../templates/serviceaccount.yaml | 7 ++ .../templates/staging-cert-issuer.yaml | 9 +- .../che-kubernetes-helm/tiller-rbac.yaml | 7 ++ .../modules/che-kubernetes-helm/values.yaml | 21 ++++- 34 files changed, 701 insertions(+), 33 deletions(-) create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl diff --git a/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml index f5b58e073b..4d097cc41a 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: v1 description: A Helm chart for deploying Che to Kubernetes name: che-kubernetes-helm diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml new file mode 100644 index 0000000000..b64834b81a --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml @@ -0,0 +1,11 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +description: A Helm chart for Keycloak, used by Che +name: che-keycloak +version: 1.0.0 diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml new file mode 100644 index 0000000000..6bafdd8221 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml @@ -0,0 +1,90 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + labels: + io.kompose.service: keycloak + name: keycloak +spec: + replicas: 1 + template: + metadata: + labels: + io.kompose.service: keycloak + spec: + initContainers: + - name: wait-for-postgres + image: alpine:3.5 + command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + containers: + - env: + - name: POSTGRES_PORT_5432_TCP_ADDR + value: postgres + - name: POSTGRES_PORT_5432_TCP_PORT + value: "5432" + - name: POSTGRES_DATABASE + value: keycloak + - name: POSTGRES_USER + value: keycloak + - name: POSTGRES_PASSWORD + value: keycloak + - name: KEYCLOAK_USER + value: admin + - name: KEYCLOAK_PASSWORD + value: admin + - name: CHE_HOST + value: {{ template "cheHost" . }} + image: {{ .Values.image }} + imagePullPolicy: Always + name: keycloak + livenessProbe: + failureThreshold: 11 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + tcpSocket: + port: 8080 + timeoutSeconds: 30 + readinessProbe: + failureThreshold: 10 + httpGet: + path: auth/js/keycloak.js + port: 8080 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - containerPort: 8080 + resources: + limits: + memory: 1536Mi + requests: + memory: 1024Mi + volumeMounts: + - mountPath: /opt/jboss/keycloak/standalone/data + name: keycloak-data + - mountPath: /opt/jboss/keycloak/standalone/log + name: keycloak-log + restartPolicy: Always + volumes: + - name: keycloak-data + persistentVolumeClaim: + claimName: keycloak-data + - name: keycloak-log + persistentVolumeClaim: + claimName: keycloak-log + test: false +status: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml new file mode 100644 index 0000000000..6041ab57d5 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml @@ -0,0 +1,42 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: keycloak-ingress + annotations: + kubernetes.io/ingress.class: "nginx" + {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600" + {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600" +{{- if .Values.global.tlsEnabled }} + kubernetes.io/tls-acme: "true" +{{- else }} + {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false" +{{- end }} +spec: +{{- if .Values.global.tlsEnabled }} + tls: + - hosts: + - {{ template "keycloakHost" . }} + secretName: keycloak-tls +{{- end }} + rules: +{{- if .Values.global.isHostBased }} + - host: {{ template "keycloakHost" . }} + http: + paths: + - path: / +{{- else }} + - http: + paths: + - path: /auth/ +{{- end }} + backend: + serviceName: keycloak + servicePort: 5050 + diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml new file mode 100644 index 0000000000..06068391ca --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml @@ -0,0 +1,42 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: batch/v1 +kind: Job +metadata: + name: keycloak-configure-job +spec: + template: + spec: + initContainers: + - name: wait-for-keycloak + image: alpine:3.5 + command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for keycloak to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/keycloak`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + containers: + - name: keycloak-configure-job + image: {{ .Values.image }} + command: ["/scripts/keycloak_config.sh"] + env: + - name: HTTP_PROTOCOL +{{- if .Values.global.tlsEnabled }} + value: "https" +{{- else }} + value: "http" +{{- end }} + - name: KC_HOST + value: {{ template "keycloakHost" . }} + - name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD + value: {{ .Values.requireAdminPasswordChange | quote }} + - name: CHE_HOST + value: {{ template "cheHost" . }} + restartPolicy: Never + backoffLimit: 4 \ No newline at end of file diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml new file mode 100644 index 0000000000..ce405f0b96 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: keycloak-data + name: keycloak-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +status: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml new file mode 100644 index 0000000000..b6ee22af05 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + io.kompose.service: keycloak-log + name: keycloak-log +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +status: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml new file mode 100644 index 0000000000..e4766c7449 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml @@ -0,0 +1,20 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +kind: Service +metadata: + name: "keycloak" +spec: + ports: + - name: "5050" + port: 5050 + targetPort: 8080 + selector: + io.kompose.service: keycloak +status: + loadBalancer: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml new file mode 100644 index 0000000000..3ef64d7a6b --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml @@ -0,0 +1,13 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +# Default values for postgres. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: eclipse/che-keycloak:nightly +requireAdminPasswordChange: true diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml new file mode 100644 index 0000000000..57ecf4efeb --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml @@ -0,0 +1,11 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +description: A Helm chart for postgresql, used by Che and Keycloak +name: che-postgres +version: 1.0.0 diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml new file mode 100644 index 0000000000..5014f0391f --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml @@ -0,0 +1,72 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres +spec: + replicas: 1 + template: + metadata: + labels: + io.kompose.service: postgres + spec: + containers: + - env: + - name: POSTGRESQL_USER + value: keycloak + - name: POSTGRESQL_PASSWORD + value: keycloak + - name: POSTGRESQL_DATABASE + value: keycloak + - name: "CHE_POSTGRES_USERNAME" + value: "pgche" + - name: "CHE_POSTGRES_PASSWORD" + value: "pgchepassword" + - name: "CHE_POSTGRES_DATABASE" + value: "dbche" + image: {{ .Values.image }} + securityContext: + runAsUser: 26 + imagePullPolicy: Always + name: postgres + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: 5432 + timeoutSeconds: 1 + readinessProbe: + exec: + command: + - bash + - -c + - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d $POSTGRESQL_DATABASE -c "SELECT 1" + failureThreshold: 10 + initialDelaySeconds: 5 + periodSeconds: 3 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - containerPort: 5432 + resources: {} + volumeMounts: + - mountPath: /var/lib/pgsql/data + name: postgres-data + restartPolicy: Always + volumes: + - name: postgres-data + persistentVolumeClaim: + claimName: postgres-data + test: false +status: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml new file mode 100644 index 0000000000..b200999a5e --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml @@ -0,0 +1,21 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + creationTimestamp: null + labels: + io.kompose.service: postgres-data + name: postgres-data +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +status: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml new file mode 100644 index 0000000000..26ae5f92e7 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml @@ -0,0 +1,23 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +apiVersion: v1 +kind: Service +metadata: + creationTimestamp: null + labels: + io.kompose.service: postgres + name: postgres +spec: + ports: + - name: "5432" + port: 5432 + targetPort: 5432 + selector: + io.kompose.service: postgres +status: + loadBalancer: {} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml new file mode 100644 index 0000000000..c5ab838e9b --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml @@ -0,0 +1,11 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +# Default values for postgres. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: eclipse/che-postgres:nightly diff --git a/dockerfiles/init/modules/che-kubernetes-helm/readme.md b/dockerfiles/init/modules/che-kubernetes-helm/readme.md index 4e39d06706..993ea444bd 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/readme.md +++ b/dockerfiles/init/modules/che-kubernetes-helm/readme.md @@ -21,7 +21,7 @@ In case you're specifying a hostname, simply pass it as the value of the `cheDom If you must use an ip address (e.g. your corporate policy prevents you from using nip.io), you would also have to set `isHostBased` to `false`. -### Perform the Actual Deployment +### Deploying with Helm The context of the commands below is the directory in which this readme file resides - Override default values by changing the values.yaml file and then typing: @@ -32,8 +32,55 @@ The context of the commands below is the directory in which this readme file res - Or, you can override default values during installation, using the `--set` flag: ```bash - helm upgrade --install --namespace --set cheDomain= --set cheImage= ./ + helm upgrade --install --namespace --set global.cheDomain= --set cheImage= ./ ``` + +#### Deployment types +Currenty, only minikube deployment is supported. + +##### Single User +Only Che will be deployed. + + ```bash + helm upgrade --install --namespace --set global.cheDomain= ./ + ``` + +##### Multi User +Che, KeyCloak and Postgres will be deployed. + + ```bash + helm upgrade --install --namespace --set global.multiuser=true --set global.cheDomain= ./ + ``` + +##### No Host: + Ingress will serve requests on minikube-ip. + Path based routing to Che, Secondary servers (KeyCloak) and Workspace servers. + + ```bash + helm upgrade --install --namespace --set global.isHostbased=false --set global.cheDomain= ./ + Master: http:/// + Workspaces: http:/// + Keycloak (if multiuser) : http:///auth/ + ``` + +##### Host (partial): + WS Master Ingress will serve requests on provided domain + Workspaces: Ingress will serve requests on minikube-ip, Path Based routing to workspaces. + KeyCloak : dedicated hostname + + ```bash + helm upgrade --install --namespace --set global.cheDomain=.xip.io ./ + Master: http://master..xip.io + Workspaces: http:/// + Keycloak (if multiuser): http://keycloak..xip.io/ + ``` + + +##### Future options: +- Path Based: single hostname for all components (che, keycloak, WS servers) +- Host Based: unique host for each component +- TLS + ## Deleting a Deployment You can delete a deployment using the following command: ``` bash diff --git a/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml new file mode 100644 index 0000000000..9e9529081a --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml @@ -0,0 +1,16 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +dependencies: + - name: che-postgres + repository: file://./charts/che-postgres/ + version: 1.0.0 + condition: global.multiuser + - name: che-keycloak + repository: file://./charts/che-keycloak/ + version: 1.0.0 + condition: global.multiuser \ No newline at end of file diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl b/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl index ce8ef5bb40..59371f5b0c 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl @@ -1,7 +1,7 @@ {{- define "cheHost" }} -{{- if .Values.isHostBased }} -{{- printf "master.%s" .Values.cheDomain }} +{{- if .Values.global.isHostBased }} +{{- printf "master.%s" .Values.global.cheDomain }} {{- else }} -{{- printf "%s" .Values.cheDomain }} +{{- printf "%s" .Values.global.cheDomain }} {{- end }} {{- end }} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl new file mode 100644 index 0000000000..db73ece70a --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl @@ -0,0 +1,15 @@ +{{- define "keycloakAuthUrl" }} +{{- if .Values.global.isHostBased }} +{{- if .Values.global.tlsEnabled }} +{{- printf "https://keycloak.%s/auth" .Values.global.cheDomain }} +{{- else }} +{{- printf "http://keycloak.%s/auth" .Values.global.cheDomain }} +{{- end }} +{{- else }} +{{- if .Values.global.tlsEnabled }} +{{- printf "https://%s/auth" .Values.global.cheDomain }} +{{- else }} +{{- printf "http://%s/auth" .Values.global.cheDomain }} +{{- end }} +{{- end }} +{{- end }} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl new file mode 100644 index 0000000000..71e0654db1 --- /dev/null +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl @@ -0,0 +1,7 @@ +{{- define "keycloakHost" }} +{{- if .Values.global.isHostBased }} +{{- printf "keycloak.%s" .Values.global.cheDomain }} +{{- else }} +{{- printf "%s" .Values.global.cheDomain }} +{{- end }} +{{- end }} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml index 17b1f44cd8..f055e38ecf 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml @@ -1,4 +1,11 @@ -{{- if .Values.tlsEnabled }} +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +{{- if .Values.global.tlsEnabled }} apiVersion: certmanager.k8s.io/v1alpha1 kind: Issuer metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml index dc93da99cc..4312c77762 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml @@ -1,4 +1,11 @@ -{{- if .Values.tlsEnabled }} +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +{{- if .Values.global.tlsEnabled }} apiVersion: certmanager.k8s.io/v1alpha1 kind: Certificate metadata: @@ -7,13 +14,13 @@ spec: secretName: che-tls issuerRef: name: letsencrypt - commonName: {{ .Values.cheDomain }} + commonName: {{ .Values.global.cheDomain }} dnsNames: - - {{ .Values.cheDomain }} + - {{ .Values.global.cheDomain }} acme: config: - http01: ingressClass: nginx domains: - - {{ .Values.cheDomain }} + - {{ .Values.global.cheDomain }} {{- end }} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml index ba84489fe0..5f46608b66 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml index 28c2d60029..1ddc3b2902 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: v1 kind: ConfigMap metadata: @@ -5,10 +12,10 @@ metadata: app: che name: che data: - CHE_DOMAIN: {{ .Values.cheDomain }} + CHE_DOMAIN: {{ .Values.global.cheDomain }} CHE_HOST: {{ template "cheHost" . }} CHE_PORT: "8080" -{{- if .Values.tlsEnabled }} +{{- if .Values.global.tlsEnabled }} CHE_API: https://{{ template "cheHost" . }}/api CHE_WEBSOCKET_ENDPOINT: wss://{{ template "cheHost" . }}/api/websocket CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: https://{{ template "cheHost" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper @@ -24,6 +31,11 @@ data: CHE_INFRA_KUBERNETES_OAUTH__TOKEN: "" CHE_INFRA_KUBERNETES_PASSWORD: "" CHE_INFRA_KUBERNETES_USERNAME: "" +{{- if .Values.global.multiuser }} + CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakAuthUrl" . }} + CHE_KEYCLOAK_CLIENT__ID: {{ .Values.cheKeycloakClientId }} + CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }} +{{- end }} CHE_INFRA_KUBERNETES_NAMESPACE: "" CHE_INFRA_KUBERNETES_TRUST__CERTS: "false" CHE_INFRA_KUBERNETES_PVC_STRATEGY: "common" @@ -33,14 +45,14 @@ data: CHE_LOCAL_CONF_DIR: /etc/conf CHE_LOGS_DIR: /data/logs CHE_LOG_LEVEL: "INFO" - CHE_MULTIUSER: "false" + CHE_MULTIUSER: {{ .Values.global.multiuser | quote }} CHE_OAUTH_GITHUB_CLIENTID: "" CHE_OAUTH_GITHUB_CLIENTSECRET: "" CHE_PREDEFINED_STACKS_RELOAD__ON__START: "false" JAVA_OPTS: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m " CHE_WORKSPACE_AUTO_START: "false" -{{- if .Values.tlsEnabled }} - CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "true","kubernetes.io/tls-acme": "true","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}' +{{- if .Values.global.tlsEnabled }} + CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"kubernetes.io/ingress.class": "nginx", "kubernetes.io/tls-acme": "true", "{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target": "/","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect": "true","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout": "3600","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout": "3600"}' {{- else }} - CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}' + CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"kubernetes.io/ingress.class": "nginx", "{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target": "/","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect": "false","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout": "3600","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout": "3600"}' {{- end }} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml index 09394b0a4d..96ea2947ff 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: extensions/v1beta1 kind: Deployment metadata: @@ -14,11 +21,27 @@ spec: type: Recreate template: metadata: - annotations: - pod.alpha.kubernetes.io/init-containers: '[{"image":"busybox","imagePullPolicy":"IfNotPresent","name":"fmp-volume-permission","command":["chmod","777","/data"],"volumeMounts":[{"mountPath":"/data","name":"che-data-volume"}]}]' labels: app: che spec: + initContainers: +{{- if .Values.global.multiuser }} + - name: wait-for-postgres + image: alpine:3.5 + command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\" https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"] + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace +{{- end }} + - name: fmp-volume-permission + image: busybox + command: ["chmod", "777", "/data"] + volumeMounts: [{ + "mountPath": "/data", + "name": "che-data-volume" + }] containers: - env: - name: CHE_DOMAIN @@ -116,6 +139,23 @@ spec: configMapKeyRef: key: CHE_INFRA_KUBERNETES_USERNAME name: che +{{- if .Values.global.multiuser }} + - name: CHE_KEYCLOAK_AUTH__SERVER__URL + valueFrom: + configMapKeyRef: + key: CHE_KEYCLOAK_AUTH__SERVER__URL + name: che + - name: CHE_KEYCLOAK_CLIENT__ID + valueFrom: + configMapKeyRef: + key: CHE_KEYCLOAK_CLIENT__ID + name: che + - name: CHE_KEYCLOAK_REALM + valueFrom: + configMapKeyRef: + key: CHE_KEYCLOAK_REALM + name: che +{{- end }} - name: CHE_INFRA_KUBERNETES_NAMESPACE valueFrom: configMapKeyRef: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml index fb7ce7abfd..9aaf5351c3 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml @@ -1,31 +1,39 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: extensions/v1beta1 kind: Ingress metadata: name: che-ingress annotations: - nginx.ingress.kubernetes.io/rewrite-target: / kubernetes.io/ingress.class: "nginx" -{{- if .Values.tlsEnabled }} + {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600" + {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600" +{{- if .Values.global.tlsEnabled }} kubernetes.io/tls-acme: "true" {{- else }} - nginx.ingress.kubernetes.io/ssl-redirect: "false" + {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false" {{- end }} - ingress.kubernetes.io/proxy-read-timeout: "3600" - ingress.kubernetes.io/proxy-connect-timeout: "3600" spec: -{{- if .Values.tlsEnabled }} +{{- if .Values.global.tlsEnabled }} tls: - hosts: - {{ template "cheHost" . }} secretName: che-tls {{- end }} rules: +{{- if .Values.global.isHostBased }} + - host: {{ template "cheHost" . }} + http: +{{- else }} - http: +{{- end }} paths: - - backend: + - path: / + backend: serviceName: che-host servicePort: 8080 - path: / -{{- if .Values.isHostBased }} - host: {{ template "cheHost" . }} -{{- end }} diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml index f0f9143b15..341c320235 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml index b92adb54b7..75c3c5d057 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + {{- if .Values.registry }} {{- if and .Values.registry.password .Values.registry.username }} # When creating a pod based on an image that resides in a private Docker registry (a secure registry protected by basic authentication), diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml index c1f594bacf..c3ef6aa854 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: v1 kind: Service metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml index 2074a0995f..787dd46d88 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + apiVersion: v1 kind: ServiceAccount metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml index 82dfd66f73..b8a7bcf34d 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml @@ -1,4 +1,11 @@ -# {{- if .Values.tlsEnabled }} +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + +# {{- if .Values.global.tlsEnabled }} # apiVersion: certmanager.k8s.io/v1alpha1 # kind: Issuer # metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml b/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml index af84a050ee..0025caf586 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml @@ -1,3 +1,10 @@ +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# + kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: diff --git a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml index 14c2370f4b..1730904ad3 100644 --- a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml +++ b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml @@ -1,12 +1,27 @@ -cheDomain: 192.168.99.100.nip.io -isHostBased: true -tlsEnabled: false +# Copyright (c) 2012-2017 Red Hat, Inc +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Eclipse Public License v1.0 +# which accompanies this distribution, and is available at +# http://www.eclipse.org/legal/epl-v10.html +# # the following section is for secure registries. when uncommented, a pull secret will be created #registry: # host: my-secure-private-registry.com +# host: my-secure-private-registry.com # username: myUser # password: myPass cheImage: eclipse/che-server:nightly cheImagePullPolicy: Always + +cheKeycloakClientId: "che-public" +cheKeycloakRealm: "che" + +global: + tlsEnabled: false + multiuser: false + isHostBased: true + cheDomain: 192.168.99.100.nip.io + # See --annotations-prefix flag (https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/cli-arguments.md) + ingressAnnotationsPrefix: "nginx."