seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove the Helm chart. 

As it has not been updated. Use the chart provided by Che-operator if you want.
https://github.com/eclipse-che/che-operator/tree/main/helmcharts/next

fixes eclipse/che#21478.

Signed-off-by: Masaki Muranaka <monaka@monami-ya.com>
pull/316/head
Masaki Muranaka 2022-06-25 07:47:49 +09:00
parent 132e83a57e
commit 9c0b2f289f
90 changed files with 0 additions and 3154 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deploy/kubernetes/README.md
View File

@ -1 +0,0 @@
Deployment instructions for [Single User](https://www.eclipse.org/che/docs/kubernetes-single-user.html) and [Multi User](https://www.eclipse.org/che/docs/kubernetes-multi-user.html) Che.

1
deploy/kubernetes/helm/.gitignore vendored
View File

@ -1 +0,0 @@
*.tgz

3
deploy/kubernetes/helm/che/.gitignore vendored
View File

@ -1,3 +0,0 @@
charts
requirements.lock

21
deploy/kubernetes/helm/che/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

13
deploy/kubernetes/helm/che/Chart.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
description: A Helm chart for deploying Eclipse Che to Kubernetes
name: che
version: 0.1.0

13
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/Chart.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: "v1"
name: "che-devfile-registry"
version: "0.0.1"
home: "https://github.com/eclipse/che-devfile-registry/"

3
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/README.md
View File

@ -1,3 +0,0 @@
# Che devfile Registry Helm Chart
This Helm Chart install [Che](https://github.com/eclipse/che) devfile Registry. More information about Che devfile Registry can be found [here](https://github.com/eclipse/che-devfile-registry).

25
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/configmap.yaml
View File

@ -1,25 +0,0 @@
#
# Copyright (c) 2018-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
kind: ConfigMap
apiVersion: v1
metadata:
name: che-devfile-registry
data:
{{- with .Values.cheDevfileImagesOverride -}}
{{- with .url }}
CHE_DEVFILE_IMAGES_REGISTRY_URL: {{ . | quote }}
{{- end }}
{{- with .organization }}
CHE_DEVFILE_IMAGES_REGISTRY_ORGANIZATION: {{ . | quote }}
{{- end }}
{{- with .tag }}
CHE_DEVFILE_IMAGES_REGISTRY_TAG: {{ . | quote }}
{{- end }}
{{- end }}

67
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/deployment.yaml
View File

@ -1,67 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: devfile-registry
name: devfile-registry
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: che
component: devfile-registry
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
metadata:
labels:
app: che
component: devfile-registry
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
containers:
- image: {{ .Values.cheDevfileRegistry.image }}
imagePullPolicy: {{ .Values.cheDevfileRegistry.imagePullPolicy }}
name: che-devfile-registry
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /devfiles/
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /devfiles/
port: 8080
scheme: HTTP
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 3
resources:
limits:
memory: {{ .Values.cheDevfileRegistry.memoryLimit }}
requests:
memory: {{ .Values.cheDevfileRegistry.memoryRequests }}
envFrom:
- configMapRef:
name: che-devfile-registry
optional: true

63
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/ingress.yaml
View File

@ -1,63 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: devfile-registry
labels:
app: che
component: devfile-registry
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{- if .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target: "/$1"
{{- end }}
spec:
rules:
{{- if eq .Values.global.serverStrategy "default-host" }}
- http:
paths:
- path: /devfile-registry/(.*)
{{- else if eq .Values.global.serverStrategy "single-host" }}
- host: {{ template "devfileRegistryHost" . }}
http:
paths:
- path: /devfile-registry/(.*)
{{- else }}
- host: {{ template "devfileRegistryHost" . }}
http:
paths:
- path: /
{{- end }}
pathType: ImplementationSpecific
backend:
service:
name: devfile-registry
port:
number: 8080
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "devfileRegistryHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end -}}
{{- end }}

24
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/service.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che
component: devfile-registry
name: devfile-registry
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 8080
selector:
app: che
component: devfile-registry

39
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/templates/traefik-gateway-configmap.yaml
View File

@ -1,39 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che-gateway-config
name: che-gateway-route-devfile-registry
data:
devfile-registry.yml: |
http:
routers:
devfile-registry:
rule: "PathPrefix(`/devfile-registry`)"
service: devfile-registry
middlewares: [devfile-registry]
priority: 10
services:
devfile-registry:
loadBalancer:
servers:
- url: 'http://devfile-registry:8080'
middlewares:
devfile-registry:
stripPrefix:
prefixes:
- '/devfile-registry'
{{- end }}

18
deploy/kubernetes/helm/che/custom-charts/che-devfile-registry/values.yaml
View File

@ -1,18 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
global:
ingress:
class: "nginx"
cheDevfileRegistry:
image: quay.io/eclipse/che-devfile-registry:next
imagePullPolicy: Always
memoryLimit: 256Mi
memoryRequests: 16Mi

12
deploy/kubernetes/helm/che/custom-charts/che-gateway/Chart.yaml
View File

@ -1,12 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: "v1"
name: "che-gateway"
version: "0.0.1"

34
deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/configmap-traefik.yaml
View File

@ -1,34 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che-gateway
name: che-gateway-config
data:
traefik.yml: |
global:
checkNewVersion: false
sendAnonymousUsage: false
entrypoints:
http:
address: ":8080"
forwardedHeaders:
insecure: true
https:
address: ":8443"
forwardedHeaders:
insecure: true
providers:
file:
directory: "/dynamic-config"
watch: true

69
deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/deployment.yaml
View File

@ -1,69 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: che-gateway
name: che-gateway
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: che
component: che-gateway
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
metadata:
labels:
app: che
component: che-gateway
spec:
serviceAccountName: che-gateway
containers:
- name: gateway
image: {{ .Values.cheGateway.gatewayImage }}
imagePullPolicy: {{ .Values.cheGateway.imagePullPolicy }}
volumeMounts:
- name: static-config
mountPath: /etc/traefik
- name: dynamic-config
mountPath: "/dynamic-config"
- name: configbump
image: {{ .Values.cheGateway.configBumpImage }}
imagePullPolicy: {{ .Values.cheGateway.imagePullPolicy }}
env:
- name: CONFIG_BUMP_DIR
value: "/dynamic-config"
- name: CONFIG_BUMP_LABELS
value: {{ .Values.global.singleHostGatewayLabels | quote }}
- name: CONFIG_BUMP_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: dynamic-config
mountPath: "/dynamic-config"
volumes:
- name: static-config
configMap:
name: che-gateway-config
- name: dynamic-config
emptyDir: {}

25
deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/role.yaml
View File

@ -1,25 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: che-gateway
labels:
app: che
component: che-gateway
rules:
- verbs:
- watch
- get
- list
apiGroups:
- ""
resources:
- configmaps

23
deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/rolebinding.yaml
View File

@ -1,23 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: che-gateway
labels:
app: che
component: che-gateway
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: che-gateway
subjects:
- kind: ServiceAccount
name: che-gateway

24
deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/service.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che
component: che-gateway
name: che-gateway
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 8080
selector:
app: che
component: che-gateway

16
deploy/kubernetes/helm/che/custom-charts/che-gateway/templates/serviceaccount.yaml
View File

@ -1,16 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: che
component: che-gateway
name: che-gateway

13
deploy/kubernetes/helm/che/custom-charts/che-gateway/values.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
cheGateway:
gatewayImage: quay.io/eclipse/che--traefik:v2.3.2-6e6d4dc5a19afe06778ca092cdbbb98e31cb9f9c313edafa23f81a0e6ddf8a23
configBumpImage: quay.io/che-incubator/configbump:0.1.4
imagePullPolicy: Always

21
deploy/kubernetes/helm/che/custom-charts/che-jaeger/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

13
deploy/kubernetes/helm/che/custom-charts/che-jaeger/Chart.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
description: A Jaeger Helm chart, used by Che
name: che-jaeger
version: 1.0.0

53
deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/deployment.yaml
View File

@ -1,53 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
name: jaeger
labels:
app: jaeger
jaeger-infra: jaeger-deployment
spec:
replicas: 1
selector:
matchLabels:
app: jaeger
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
app: jaeger
jaeger-infra: jaeger-pod
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "16686"
spec:
containers:
- image: {{ .Values.image }}
name: jaeger
ports:
- containerPort: 5775
protocol: UDP
- containerPort: 6831
protocol: UDP
- containerPort: 6832
protocol: UDP
- containerPort: 16686
protocol: TCP
- containerPort: 5778
protocol: TCP
readinessProbe:
httpGet:
path: "/"
port: 14269
initialDelaySeconds: 5

48
deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/ingress.yaml
View File

@ -1,48 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- define "jaegerHost" }}
{{- printf "jaeger-%s.%s" .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: jaeger-query
labels:
app: jaeger
jaeger-infra: jaeger-deployment
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{- if .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
spec:
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "jaegerHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end }}
rules:
- host: {{ template "jaegerHost" . }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: jaeger-query
port:
number: 16686

36
deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/service-agent.yaml
View File

@ -1,36 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
name: jaeger-agent
labels:
app: jaeger
jaeger-infra: agent-service
spec:
ports:
- name: agent-zipkin-thrift
port: 5775
protocol: UDP
targetPort: 5775
- name: agent-compact
port: 6831
protocol: UDP
targetPort: 6831
- name: agent-binary
port: 6832
protocol: UDP
targetPort: 6832
- name: agent-sampler-manager
port: 5778
protocol: TCP
targetPort: 5778
selector:
jaeger-infra: jaeger-pod

28
deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/service-collector.yaml
View File

@ -1,28 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
name: jaeger-collector
labels:
app: jaeger
jaeger-infra: collector-service
spec:
ports:
- name: jaeger-collector-tchannel
port: 14267
protocol: TCP
targetPort: 14267
- name: jaeger-collector-http
port: 14268
protocol: TCP
targetPort: 14268
selector:
jaeger-infra: jaeger-pod

24
deploy/kubernetes/helm/che/custom-charts/che-jaeger/templates/service-query.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
name: jaeger-query
labels:
app: jaeger
jaeger-infra: jaeger-service
spec:
ports:
- name: query-http
port: 80
protocol: TCP
targetPort: 16686
selector:
jaeger-infra: jaeger-pod

18
deploy/kubernetes/helm/che/custom-charts/che-jaeger/values.yaml
View File

@ -1,18 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Default values for Jaegar
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
ingress:
class: "nginx"
image: jaegertracing/all-in-one:latest

21
deploy/kubernetes/helm/che/custom-charts/che-keycloak/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

13
deploy/kubernetes/helm/che/custom-charts/che-keycloak/Chart.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
description: A Helm chart for Keycloak, used by Che
name: che-keycloak
version: 1.0.0

163
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
View File

@ -1,163 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: keycloak
io.kompose.service: keycloak
name: keycloak
spec:
replicas: 1
selector:
matchLabels:
app: che
component: keycloak
strategy:
type: {{ .Values.deploymentStrategy }}
template:
metadata:
labels:
app: che
component: keycloak
io.kompose.service: keycloak
spec:
initContainers:
- name: wait-for-postgres
image: {{ .Values.global.endpointWatcher.image }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ENDPOINT
value: postgres
containers:
- env:
- name: DB_VENDOR
value: POSTGRES
- name: DB_ADDR
value: postgres
- name: DB_PORT
value: "5432"
- name: DB_DATABASE
value: keycloak
- name: DB_USER
value: keycloak
- name: DB_PASSWORD
value: keycloak
{{- if .Values.keycloakCredentialsSecret }}
- name: KEYCLOAK_USER
valueFrom:
secretKeyRef:
name: {{ .Values.keycloakCredentialsSecret }}
key: user
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.keycloakCredentialsSecret }}
key: password
{{- else }}
- name: KEYCLOAK_USER
value: {{ .Values.keycloakAdminUserName | default "admin" }}
- name: KEYCLOAK_PASSWORD
value: {{ required "keycloakAdminUserPassword cannot be empty" (.Values.keycloakAdminUserPassword | trim) }}
{{- end }}
- name: CHE_HOST
value: {{ template "cheHost" . }}
{{- if .Values.global.useInternalClusterSVCNames }}
{{- if .Values.global.tls.enabled }}
- name: KEYCLOAK_FRONTEND_URL
value: https://{{ template "keycloakHost" . }}/auth
{{- else }}
- name: KEYCLOAK_FRONTEND_URL
value: http://{{ template "keycloakHost" . }}/auth
{{- end }}
{{- end }}
- name: ROUTING_SUFFIX
value: {{ .Values.global.ingressDomain }}
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD
value: {{ .Values.requireAdminPasswordChange | quote }}
- name: PROTOCOL
{{- if .Values.global.tls.enabled }}
value: "https"
- name: KEYCLOAK_HTTPS_PORT
value: "443"
- name: PROXY_ADDRESS_FORWARDING
value: "true"
{{- else }}
value: "http"
- name: KEYCLOAK_HTTP_PORT
value: "80"
{{- end }}
image: {{ .Values.image }}
command: ["/scripts/kc_realm_user.sh"]
imagePullPolicy: Always
name: keycloak
livenessProbe:
failureThreshold: 11
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
tcpSocket:
port: 8080
timeoutSeconds: 30
readinessProbe:
failureThreshold: 10
httpGet:
path: auth/js/keycloak.js
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 8080
resources:
limits:
memory: 1536Mi
requests:
memory: 1024Mi
volumeMounts:
- mountPath: /opt/jboss/keycloak/standalone/data
name: keycloak-data
- mountPath: /opt/jboss/keycloak/standalone/log
name: keycloak-log
{{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
- mountPath: /public-certs
name: che-public-certs
{{- end }}
restartPolicy: Always
securityContext:
# `fsGroup`, `runAsGroup`, and `runAsUser` must be
# same values that `USER` in the container image.
fsGroup: 1000
runAsGroup: 1000
runAsUser: 1000
runAsNonRoot: true
serviceAccountName: che-keycloak
volumes:
- name: keycloak-data
persistentVolumeClaim:
claimName: keycloak-data
- name: keycloak-log
persistentVolumeClaim:
claimName: keycloak-log
{{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
- name: che-public-certs
configMap:
name: {{ .Values.global.tls.serverTrustStoreConfigMapName }}
{{- end }}
status: {}

21
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/endpoints-monitor-role.yaml
View File

@ -1,21 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: {{ .Release.Namespace }}
name: che-endpoints-monitor
labels:
app: che
component: keycloak
rules:
- apiGroups: [""]
resources: ["services", "endpoints", "pods"]
verbs: ["get", "list"]

24
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/endpoints-monitor-rolebinding.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Namespace -}} -keycloak-role-binding
labels:
app: che
component: keycloak
roleRef:
kind: Role
name: che-endpoints-monitor
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: che-keycloak
namespace: {{ .Release.Namespace }}

61
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/ingress.yaml
View File

@ -1,61 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: keycloak-ingress
labels:
app: che
component: keycloak
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{- if .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
spec:
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "keycloakHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end }}
rules:
{{- if eq .Values.global.serverStrategy "default-host" }}
- http:
paths:
- path: /auth/
{{- else if eq .Values.global.serverStrategy "single-host" }}
- host: {{ template "keycloakHost" . }}
http:
paths:
- path: /auth/
{{- else }}
- host: {{ template "keycloakHost" . }}
http:
paths:
- path: /
{{- end }}
pathType: ImplementationSpecific
backend:
service:
name: keycloak
port:
number: 5050
{{- end }}

24
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/keycloak-data-claim.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: che
component: keycloak
io.kompose.service: keycloak-data
name: keycloak-data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}

24
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/keycloak-log-claim.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app: che
component: keycloak
io.kompose.service: keycloak-log
name: keycloak-log
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}

16
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/keycloak-serviceaccount.yaml
View File

@ -1,16 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: che
component: keycloak
name: che-keycloak

25
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/service.yaml
View File

@ -1,25 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
name: keycloak
labels:
app: che
component: keycloak
spec:
ports:
- name: "5050"
port: 5050
targetPort: 8080
selector:
io.kompose.service: keycloak
status:
loadBalancer: {}

33
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/traefik-gateway-configmap.yaml
View File

@ -1,33 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che-gateway-config
name: che-gateway-route-keycloak
data:
keycloak.yml: |
http:
routers:
keycloak:
rule: "PathPrefix(`/auth`)"
service: keycloak
priority: 10
services:
keycloak:
loadBalancer:
servers:
- url: 'http://keycloak:5050'
{{- end }}

34
deploy/kubernetes/helm/che/custom-charts/che-keycloak/values.yaml
View File

@ -1,34 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Default values for Keycloak
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
ingress:
class: "nginx"
tls:
## Name of the config-map with public certificates to add to Java trust store of the Keycloak
serverTrustStoreConfigMapName: ""
# Image used by endpoint watcher (postgres)
endpointWatcher:
image: quay.io/eclipse/che-endpoint-watcher:nightly
image: quay.io/eclipse/che-keycloak:nightly
## Admin credentials configuration
# Manually define them in clear
requireAdminPasswordChange: true
keycloakAdminUserName: admin
keycloakAdminUserPassword: admin
# Or use a secret with keys 'user' and 'password'
#keycloakCredentialsSecret: che-identity-secret
deploymentStrategy: RollingUpdate

13
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/Chart.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: "v1"
name: "che-plugin-registry"
version: "0.0.1"
home: "https://github.com/eclipse/che-plugin-registry/"

3
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/README.md
View File

@ -1,3 +0,0 @@
# Che Plugin Registry Helm Chart
This Helm Chart install [Che](https://github.com/eclipse/che) Plugin Registry. More information about Che Plugin Registry can be found [here](https://github.com/eclipse/che-plugin-registry).

25
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/configmap.yaml
View File

@ -1,25 +0,0 @@
#
# Copyright (c) 2018-2020 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
kind: ConfigMap
apiVersion: v1
metadata:
name: che-plugin-registry
data:
{{- with .Values.chePluginSidecarOverride -}}
{{- with .url }}
CHE_SIDECAR_CONTAINERS_REGISTRY_URL: {{ . | quote }}
{{- end }}
{{- with .organization }}
CHE_SIDECAR_CONTAINERS_REGISTRY_ORGANIZATION: {{ . | quote }}
{{- end }}
{{- with .tag }}
CHE_SIDECAR_CONTAINERS_REGISTRY_TAG: {{ . | quote }}
{{- end }}
{{- end }}

67
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/deployment.yaml
View File

@ -1,67 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: plugin-registry
name: plugin-registry
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: che
component: plugin-registry
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
template:
metadata:
labels:
app: che
component: plugin-registry
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
containers:
- image: {{ .Values.chePluginRegistry.image }}
imagePullPolicy: {{ .Values.chePluginRegistry.imagePullPolicy }}
name: che-plugin-registry
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /v3/plugins/
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /v3/plugins/
port: 8080
scheme: HTTP
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 3
resources:
limits:
memory: {{ .Values.chePluginRegistry.memoryLimit }}
requests:
memory: {{ .Values.chePluginRegistry.memoryRequests }}
envFrom:
- configMapRef:
name: che-plugin-registry
optional: true

63
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/ingress.yaml
View File

@ -1,63 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: plugin-registry
labels:
app: che
component: plugin-registry
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{- if .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target: "/$1"
{{- end }}
spec:
rules:
{{- if eq .Values.global.serverStrategy "default-host" }}
- http:
paths:
- path: /plugin-registry/(.*)
{{- else if eq .Values.global.serverStrategy "single-host" }}
- host: {{ template "pluginRegistryHost" . }}
http:
paths:
- path: /plugin-registry/(.*)
{{- else }}
- host: {{ template "pluginRegistryHost" . }}
http:
paths:
- path: /
{{- end }}
pathType: ImplementationSpecific
backend:
service:
name: plugin-registry
port:
number: 8080
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "pluginRegistryHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end -}}
{{- end }}

24
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/service.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che
component: plugin-registry
name: plugin-registry
spec:
ports:
- protocol: TCP
port: 8080
targetPort: 8080
selector:
app: che
component: plugin-registry

39
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/templates/traefik-gateway-configmap.yaml
View File

@ -1,39 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che-gateway-config
name: che-gateway-route-plugin-registry
data:
plugin-registry.yml: |
http:
routers:
plugin-registry:
rule: "PathPrefix(`/plugin-registry`)"
service: plugin-registry
middlewares: [plugin-registry]
priority: 10
services:
plugin-registry:
loadBalancer:
servers:
- url: 'http://plugin-registry:8080'
middlewares:
plugin-registry:
stripPrefix:
prefixes:
- '/plugin-registry'
{{- end }}

18
deploy/kubernetes/helm/che/custom-charts/che-plugin-registry/values.yaml
View File

@ -1,18 +0,0 @@
#
# Copyright (c) 2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
global:
ingress:
class: "nginx"
chePluginRegistry:
image: quay.io/eclipse/che-plugin-registry:next
imagePullPolicy: Always
memoryLimit: 256Mi
memoryRequests: 16Mi

21
deploy/kubernetes/helm/che/custom-charts/che-postgres/.helmignore
View File

@ -1,21 +0,0 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

13
deploy/kubernetes/helm/che/custom-charts/che-postgres/Chart.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
description: A Helm chart for postgresql, used by Che
name: che-postgres
version: 1.0.0

90
deploy/kubernetes/helm/che/custom-charts/che-postgres/templates/deployment.yaml
View File

@ -1,90 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: postgres
io.kompose.service: postgres
name: postgres
spec:
replicas: 1
selector:
matchLabels:
app: che
component: postgres
strategy:
type: Recreate
template:
metadata:
labels:
app: che
component: postgres
io.kompose.service: postgres
spec:
securityContext:
runAsUser: 26
fsGroup: 26
containers:
- env:
- name: POSTGRESQL_USER
value: keycloak
- name: POSTGRESQL_PASSWORD
value: keycloak
- name: POSTGRESQL_DATABASE
value: keycloak
- name: "CHE_POSTGRES_USERNAME"
value: "pgche"
- name: "CHE_POSTGRES_PASSWORD"
value: "pgchepassword"
- name: "CHE_POSTGRES_DATABASE"
value: "dbche"
{{- if .Values.global.postgresDebugLogs }}
- name: "POSTGRESQL_LOG_DEBUG"
value: "true"
{{- end }}
image: {{ .Values.image }}
securityContext:
runAsUser: 26
imagePullPolicy: Always
name: postgres
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 5432
timeoutSeconds: 1
readinessProbe:
exec:
command:
- bash
- -c
- psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d $POSTGRESQL_DATABASE -c "SELECT 1"
failureThreshold: 10
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 5432
resources: {}
volumeMounts:
- mountPath: /var/lib/pgsql/data
name: postgres-data
restartPolicy: Always
volumes:
- name: postgres-data
persistentVolumeClaim:
claimName: postgres-data
status: {}

27
deploy/kubernetes/helm/che/custom-charts/che-postgres/templates/postgres-data-claim.yaml
View File

@ -1,27 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
io.kompose.service: postgres-data
app: che
component: postgres
name: postgres-data
spec:
{{- if .Values.global.chePostgresPVCStorageClassName }}
storageClassName: {{ .Values.global.chePostgresPVCStorageClassName }}
{{- end }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
status: {}

26
deploy/kubernetes/helm/che/custom-charts/che-postgres/templates/service.yaml
View File

@ -1,26 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
labels:
io.kompose.service: postgres
app: che
component: postgres
name: postgres
spec:
ports:
- name: "5432"
port: 5432
targetPort: 5432
selector:
io.kompose.service: postgres
status:
loadBalancer: {}

13
deploy/kubernetes/helm/che/custom-charts/che-postgres/values.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Default values for postgres.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image: quay.io/eclipse/che-postgres:next

41
deploy/kubernetes/helm/che/requirements.yaml
View File

@ -1,41 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
dependencies:
- name: che-gateway
repository: file://./custom-charts/che-gateway/
version: 0.0.1
condition: cheSinglehostGateway.deploy
- name: che-devfile-registry
repository: file://./custom-charts/che-devfile-registry/
version: 0.0.1
condition: cheDevfileRegistry.deploy
- name: che-plugin-registry
repository: file://./custom-charts/che-plugin-registry/
version: 0.0.1
condition: chePluginRegistry.deploy
- name: che-postgres
repository: file://./custom-charts/che-postgres/
version: 1.0.0
- name: che-keycloak
repository: file://./custom-charts/che-keycloak/
version: 1.0.0
condition: global.cheDedicatedKeycloak
- name: che-jaeger
repository: file://./custom-charts/che-jaeger
version: 1.0.0
condition: global.tracingEnabled
- name: prometheus
repository: https://prometheus-community.github.io/helm-charts
version: ^9.3.1
condition: global.metricsEnabled
- name: grafana
repository: https://grafana.github.io/helm-charts
version: ^4.0.3
condition: global.metricsEnabled

7
deploy/kubernetes/helm/che/templates/_devfileRegistryHostHelper.tpl
View File

@ -1,7 +0,0 @@
{{- define "devfileRegistryHost" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- printf "%s" .Values.global.ingressDomain }}
{{- else }}
{{- printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- end }}

15
deploy/kubernetes/helm/che/templates/_devfileRegistryUrlHelper.tpl
View File

@ -1,15 +0,0 @@
{{- define "devfileRegistryUrl" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- if .Values.global.tls.enabled }}
{{- printf "https://%s/devfile-registry" .Values.global.ingressDomain }}
{{- else }}
{{- printf "http://%s/devfile-registry" .Values.global.ingressDomain }}
{{- end }}
{{- else }}
{{- if .Values.global.tls.enabled }}
https://{{ printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}
{{- else }}
http://{{ printf .Values.global.cheDevfileRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- end }}
{{- end }}

11
deploy/kubernetes/helm/che/templates/_hostHelper.tpl
View File

@ -1,11 +0,0 @@
{{- define "cheHost" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- printf "%s" .Values.global.ingressDomain }}
{{- else }}
{{- if .Values.global.cheHost }}
{{- .Values.global.cheHost }}
{{- else }}
{{- printf "che-%s.%s" .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- end }}
{{- end }}

15
deploy/kubernetes/helm/che/templates/_keycloakAuthUrlHelper.tpl
View File

@ -1,15 +0,0 @@
{{- define "keycloakAuthUrl" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- if .Values.global.tls.enabled }}
{{- printf "https://%s/auth" .Values.global.ingressDomain }}
{{- else }}
{{- printf "http://%s/auth" .Values.global.ingressDomain }}
{{- end }}
{{- else }}
{{- if .Values.global.tls.enabled }}
{{- printf "https://keycloak-%s.%s/auth" .Release.Namespace .Values.global.ingressDomain }}
{{- else }}
{{- printf "http://keycloak-%s.%s/auth" .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- end }}
{{- end }}

7
deploy/kubernetes/helm/che/templates/_keycloakHostHelper.tpl
View File

@ -1,7 +0,0 @@
{{- define "keycloakHost" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- printf "%s" .Values.global.ingressDomain }}
{{- else }}
{{- printf "keycloak-%s.%s" .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- end }}

7
deploy/kubernetes/helm/che/templates/_pluginRegistryHostHelper.tpl
View File

@ -1,7 +0,0 @@
{{- define "pluginRegistryHost" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- printf "%s" .Values.global.ingressDomain }}
{{- else }}
{{- printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- end }}

15
deploy/kubernetes/helm/che/templates/_pluginRegistryUrlHelper.tpl
View File

@ -1,15 +0,0 @@
{{- define "pluginRegistryUrl" }}
{{- if or (eq .Values.global.serverStrategy "default-host") (eq .Values.global.serverStrategy "single-host") }}
{{- if .Values.global.tls.enabled }}
{{- printf "https://%s/plugin-registry/v3" .Values.global.ingressDomain }}
{{- else }}
{{- printf "http://%s/plugin-registry/v3" .Values.global.ingressDomain }}
{{- end }}
{{- else }}
{{- if .Values.global.tls.enabled }}
https://{{ printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}/v3
{{- else }}
http://{{ printf .Values.global.chePluginRegistryUrlFormat .Release.Namespace .Values.global.ingressDomain }}/v3
{{- end }}
{{- end }}
{{- end }}

7
deploy/kubernetes/helm/che/templates/_secretHelper.tpl
View File

@ -1,7 +0,0 @@
{{- define "imagePullSecret" }}
{{- if .Values.registry }}
{{- if and .Values.registry.password .Values.registry.username }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.registry.host (printf "%s:%s" .Values.registry.username .Values.registry.password | b64enc) | b64enc }}
{{- end }}
{{- end }}
{{- end }}

24
deploy/kubernetes/helm/che/templates/cluster-role-binding.yaml
View File

@ -1,24 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Namespace -}} -che-clusterrole-binding
labels:
app: che
component: che
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: che
namespace: {{ .Release.Namespace }}

169
deploy/kubernetes/helm/che/templates/configmap.yaml
View File

@ -1,169 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che
name: che
data:
CHE_HOST: {{ template "cheHost" . }}
CHE_PORT: "8080"
{{- if and .Values.global.tls .Values.global.tls.enabled }}
CHE_API: https://{{ template "cheHost" . }}/api
{{- if .Values.global.useInternalClusterSVCNames }}
CHE_API_INTERNAL: http://che-host.{{ .Release.Namespace }}.svc:8080/api
{{- end }}
CHE_WEBSOCKET_ENDPOINT: wss://{{ template "cheHost" . }}/api/websocket
CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: https://{{ template "cheHost" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper
{{ else }}
CHE_API: http://{{ template "cheHost" . }}/api
{{- if .Values.global.useInternalClusterSVCNames }}
CHE_API_INTERNAL: http://che-host.{{ .Release.Namespace }}.svc:8080/api
{{- end }}
CHE_WEBSOCKET_ENDPOINT: ws://{{ template "cheHost" . }}/api/websocket
CHE_WEBSOCKET_ENDPOINT__MINOR: ws://{{ template "cheHost" . }}/api/websocket-minor
CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: http://{{ template "cheHost" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper
{{- end }}
{{- if .Values.global.useInternalClusterSVCNames }}
CHE_WEBSOCKET_INTERNAL_ENDPOINT: ws://che-host.{{ .Release.Namespace }}.svc:8080/api/websocket
CHE_WEBSOCKET_INTERNAL_ENDPOINT__MINOR: ws://che-host.{{ .Release.Namespace }}.svc:8080/api/websocket-minor
{{- end }}
CHE_DEBUG_SERVER: "true"
CHE_INFRASTRUCTURE_ACTIVE: "kubernetes"
CHE_INFRA_KUBERNETES_INGRESS_DOMAIN: {{ .Values.global.ingressDomain }}
CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN: "5"
CHE_INFRA_KUBERNETES_MASTER__URL: ""
{{- if and .Values.global.tls .Values.global.tls.enabled }}
CHE_INFRA_KUBERNETES_TLS__ENABLED: {{ .Values.global.tls.enabled | quote}}
CHE_INFRA_KUBERNETES_TLS__SECRET: {{ .Values.global.tls.secretName | quote}}
{{- else }}
CHE_INFRA_KUBERNETES_TLS__ENABLED: "false"
CHE_INFRA_KUBERNETES_TLS__SECRET: ""
{{- end }}
CHE_KEYCLOAK_CLIENT__ID: {{ .Values.cheKeycloakClientId | quote}}
CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakAuthUrl" . }}
{{- if .Values.global.useInternalClusterSVCNames }}
CHE_KEYCLOAK_AUTH__INTERNAL__SERVER__URL: http://keycloak.{{ .Release.Namespace }}.svc:5050/auth
{{- end }}
CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }}
{{- if .Values.customOidcProvider }}
CHE_KEYCLOAK_OIDC__PROVIDER: {{ .Values.customOidcProvider }}
{{- end }}
{{- if .Values.customOidcUsernameClaim }}
CHE_KEYCLOAK_USERNAME__CLAIM: {{ .Values.customOidcUsernameClaim }}
{{- end }}
{{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
CHE_TRUSTED__CA__BUNDLES__CONFIGMAP: {{ .Values.global.tls.serverTrustStoreConfigMapName }}
{{- end }}
# This is only kept for the upgrade purposes where we need to make sure we don't loose this piece of old configuration
# so that we can find the data of old workspaces
CHE_INFRA_KUBERNETES_NAMESPACE: {{ .Values.global.cheWorkspacesNamespace | quote}}
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT: {{ .Values.global.cheWorkspacesNamespace | quote}}
CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME: {{ .Values.global.cheWorkspaceServiceAccount }}
CHE_INFRA_KUBERNETES_TRUST__CERTS: "false"
CHE_INFRA_KUBERNETES_PVC_STRATEGY: "{{ .Values.global.cheWorkspacesPVCStrategy }}"
CHE_INFRA_KUBERNETES_PVC_QUANTITY: {{ .Values.global.pvcClaim }}
CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS: "true"
CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME: "{{ .Values.global.cheWorkspacePVCStorageClassName }}"
{{- if .Values.cheInfraKubernetesPvcJobsImage }}
CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE: {{ .Values.cheInfraKubernetesPvcJobsImage | quote }}
{{- end }}
CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER: "{{ .Values.global.securityContext.runAsUser }}"
CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP: "{{ .Values.global.securityContext.fsGroup }}"
CHE_LOCAL_CONF_DIR: /etc/conf
CHE_LOGS_DIR: /data/logs
CHE_LOG_LEVEL: {{ .Values.che.logLevel | quote }}
CHE_MULTIUSER: "true"
CHE_OAUTH_GITHUB_CLIENTID: {{ .Values.global.gitHubClientID | quote}}
CHE_OAUTH_GITHUB_CLIENTSECRET: {{ .Values.global.gitHubClientSecret | quote}}
CHE_OAUTH_OPENSHIFT_CLIENTID: {{ .Values.global.openShiftClientID | quote}}
CHE_OAUTH_OPENSHIFT_CLIENTSECRET: {{ .Values.global.openShiftClientSecret | quote}}
CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT: {{ .Values.global.openShiftOAuthEndpoint | quote}}
CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL: {{ .Values.global.openShiftVerifyTokenUrl | quote}}
JAVA_OPTS: "-XX:MaxRAMPercentage=85.0 "
CHE_WORKSPACE_AUTO_START: "false"
{{- if .Values.global.tls.enabled }}
CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"kubernetes.io/ingress.class": {{ .Values.global.ingress.class | quote }}, "kubernetes.io/tls-acme": "true", "{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target": "/$1","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect": "true","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout": "3600","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout": "3600", "nginx.org/websocket-services": "<service-name>"}'
{{- else }}
CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"kubernetes.io/ingress.class": {{ .Values.global.ingress.class | quote }}, "{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target": "/$1","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect": "false","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout": "3600","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout": "3600", "nginx.org/websocket-services": "<service-name>"}'
{{- end }}
CHE_INFRA_KUBERNETES_INGRESS_PATH__TRANSFORM: '%s(.*)'
CHE_INFRA_KUBERNETES_SERVER__STRATEGY: {{ .Values.global.serverStrategy }}
CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_EXPOSURE: {{ .Values.global.singleHostExposure | quote }}
CHE_INFRA_KUBERNETES_SINGLEHOST_GATEWAY_CONFIGMAP__LABELS: {{ .Values.global.singleHostGatewayLabels | quote }}
CHE_LOGGER_CONFIG: {{ .Values.global.log.loggerConfig | quote}}
CHE_LOGS_APPENDERS_IMPL: {{ .Values.global.log.appenderName }}
CHE_WORKSPACE_HTTP__PROXY: {{ .Values.cheWorkspaceHttpProxy | quote}}
CHE_WORKSPACE_HTTPS__PROXY: {{ .Values.cheWorkspaceHttpsProxy | quote}}
CHE_WORKSPACE_NO__PROXY: {{ .Values.cheWorkspaceNoProxy | quote}}
CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: '{{ .Values.global.workspaceIdleTimeout }}'
{{- if .Values.che.limits.userWorkspacesRunCount }}
CHE_LIMITS_USER_WORKSPACES_RUN_COUNT: {{ .Values.che.limits.userWorkspacesRunCount | quote }}
{{- end }}
{{- if .Values.workspaceDefaultRamRequest }}
CHE_WORKSPACE_DEFAULT_MEMORY_REQUEST_MB: {{ .Values.workspaceDefaultRamRequest | quote }}
{{- end }}
{{- if .Values.workspaceDefaultRamLimit }}
CHE_WORKSPACE_DEFAULT_MEMORY_LIMIT_MB: {{ .Values.workspaceDefaultRamLimit | quote }}
{{- end }}
{{- if .Values.che.workspace.devfileRegistryUrl }}
CHE_WORKSPACE_DEVFILE__REGISTRY__URL: {{ .Values.che.workspace.devfileRegistryUrl | quote }}
{{- else if .Values.cheDevfileRegistry.deploy }}
CHE_WORKSPACE_DEVFILE__REGISTRY__URL: {{ template "devfileRegistryUrl" . }}
{{- if .Values.global.useInternalClusterSVCNames }}
CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL: http://devfile-registry.{{ .Release.Namespace }}.svc:8080
{{- end }}
{{- end }}
{{- if .Values.che.workspace.pluginRegistryUrl }}
CHE_WORKSPACE_PLUGIN__REGISTRY__URL: {{ .Values.che.workspace.pluginRegistryUrl | quote }}
{{- else if .Values.chePluginRegistry.deploy }}
CHE_WORKSPACE_PLUGIN__REGISTRY__URL: {{ template "pluginRegistryUrl" . }}
{{- if .Values.global.useInternalClusterSVCNames }}
CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL: http://plugin-registry.{{ .Release.Namespace }}.svc:8080/v3
{{- end }}
{{- end }}
{{- if .Values.che.workspace.pluginBroker }}
{{- if .Values.che.workspace.pluginBroker.waitTimeoutMin }}
CHE_WORKSPACE_PLUGIN__BROKER_WAIT__TIMEOUT__MIN: {{ .Values.che.workspace.pluginBroker.waitTimeoutMin | quote }}
{{- end }}
CHE_WORKSPACE_PLUGIN__BROKER_METADATA_IMAGE: {{ .Values.che.workspace.pluginBroker.metadataImage | quote }}
CHE_WORKSPACE_PLUGIN__BROKER_ARTIFACTS_IMAGE: {{ .Values.che.workspace.pluginBroker.artifactsImage | quote }}
{{- end }}
{{- if .Values.workspaceSidecarDefaultRamLimit }}
CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB: {{ .Values.workspaceSidecarDefaultRamLimit | quote }}
{{- end }}
{{- if .Values.global.cheWorkspaceClusterRole }}
CHE_INFRA_KUBERNETES_CLUSTER__ROLE__NAME: {{ .Values.global.cheWorkspaceClusterRole }}
{{- end }}
{{- if .Values.che.workspace.podNodeSelector }}
CHE_WORKSPACE_POD_NODE__SELECTOR: {{ .Values.che.workspace.podNodeSelector | quote }}
{{- end }}
CHE_CORS_ENABLED: "false"
CHE_CORS_ALLOW__CREDENTIALS: "false"
CHE_CORS_ALLOWED__ORIGINS: "*"
CHE_TRACING_ENABLED: {{ .Values.global.tracingEnabled | quote }}
JAEGER_ENDPOINT: "http://jaeger-collector:14268/api/traces"
JAEGER_SERVICE_NAME: "che-server"
JAEGER_SAMPLER_MANAGER_HOST_PORT: "jaeger:5778"
JAEGER_SAMPLER_TYPE: "const"
JAEGER_SAMPLER_PARAM: "1"
JAEGER_REPORTER_MAX_QUEUE_SIZE: "10000"
CHE_METRICS_ENABLED: {{ .Values.global.metricsEnabled | quote }}
CHE_WORKSPACE_JAVA__OPTIONS: "-Xmx2000m"
CHE_WORKSPACE_MAVEN__OPTIONS: "-Xmx20000m"
CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN: "15"
{{- if .Values.cheServerSecureExposerJwtProxyImage }}
CHE_SERVER_SECURE__EXPOSER_JWTPROXY_IMAGE: {{ .Values.cheServerSecureExposerJwtProxyImage | quote }}
{{- end }}
{{- if .Values.cheWorkspacePodTolerations }}
CHE_WORKSPACE_POD_TOLERATIONS__JSON: {{ .Values.cheWorkspacePodTolerations | toJson | quote }}
{{- end }}

66
deploy/kubernetes/helm/che/templates/dashboard-deployment.yaml
View File

@ -1,66 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: che-dashboard
name: che-dashboard
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: che
component: che-dashboard
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: che
component: che-dashboard
spec:
containers:
- name: che-dashboard
image: {{ .Values.dashboard.image }}
imagePullPolicy: {{ .Values.dashboard.imagePullPolicy }}
ports:
- containerPort: 8080
name: http
resources:
limits:
memory: {{ .Values.dashboard.memoryLimit }}
cpu: {{ .Values.dashboard.cpuLimit }}
requests:
memory: {{ .Values.dashboard.memoryRequest }}
cpu: {{ .Values.dashboard.cpuRequest }}
livenessProbe:
httpGet:
path: /dashboard/
port: 8080
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 3
readinessProbe:
httpGet:
path: /dashboard/
port: 8080
scheme: HTTP
initialDelaySeconds: 3
periodSeconds: 10
timeoutSeconds: 3
env:
- name: CHE_HOST
value: {{ template "cheHost" . }}
- name: CHE_URL
value: {{ template "cheHost" . }}

55
deploy/kubernetes/helm/che/templates/dashboard-ingress.yaml
View File

@ -1,55 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# If single-host powered by gateway is configured - the corresponding gateway configmap is expexted to be created
# but not this ingress
{{- if not (and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway")) }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: che-dashboard-ingress
labels:
app: che
component: che-dashboard
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{- if and .Values.global.tls .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
spec:
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "cheHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end }}
rules:
{{- if ne .Values.global.serverStrategy "default-host" }}
- host: {{ template "cheHost" . }}
http:
{{- else }}
- http:
{{- end }}
paths:
# The path rule for Che Dashboard
- path: {{ .Values.dashboard.ingressPath }}
pathType: ImplementationSpecific
backend:
service:
name: che-dashboard
port:
number: 8080
{{- end }}

25
deploy/kubernetes/helm/che/templates/dashboard-service.yaml
View File

@ -1,25 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che
component: che-dashboard
name: che-dashboard
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
selector:
app: che
component: che-dashboard

32
deploy/kubernetes/helm/che/templates/dashboard-traefik-gateway-configmap.yaml
View File

@ -1,32 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che-gateway-config
name: che-gateway-route-dashboard
data:
dashboard.yml: |
http:
routers:
che-dashboard:
rule: "PathPrefix(`/dashboard/`)"
service: che-dashboard
priority: 10
services:
che-dashboard:
loadBalancer:
servers:
- url: 'http://che-dashboard:8080'
{{- end }}

169
deploy/kubernetes/helm/che/templates/deployment.yaml
View File

@ -1,169 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che
component: che
name: che
spec:
replicas: 1
revisionHistoryLimit: 2
selector:
matchLabels:
app: che
strategy:
type: Recreate
template:
metadata:
labels:
app: che
component: che
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
securityContext:
fsGroup: {{ .Values.global.securityContext.fsGroup }}
initContainers:
- name: wait-for-postgres
image: {{ .Values.global.endpointWatcher.image }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ENDPOINT
value: postgres
#wait for keycloak if .Values.customOidcProvider was not defined
{{- if not .Values.customOidcProvider }}
- name: wait-for-keycloak
image: {{ .Values.global.endpointWatcher.image }}
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ENDPOINT
value: keycloak
{{- end }}
containers:
- envFrom:
- configMapRef:
name: che
env:
- name: OPENSHIFT_KUBE_PING_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBERNETES_NAMESPACE
value: {{ .Release.Namespace }}
# If git-self-signed-cert is used then configure Che Server with certificate content
# to propagate it to the specified location and provide particular configuration for Git service
{{- if .Values.global.useGitSelfSignedCerts }}
- name: CHE_GIT_SELF__SIGNED__CERT
valueFrom:
configMapKeyRef:
name: {{ .Values.global.cheGitSelfSignedCertConfigMapName }}
key: ca.crt
optional: false
- name: CHE_GIT_SELF__SIGNED__CERT__HOST
valueFrom:
configMapKeyRef:
name: {{ .Values.global.cheGitSelfSignedCertConfigMapName }}
key: githost
optional: false
{{- end }}
{{- if .Values.global.tls.enabled }}
# If self-signed-cert is used then configure Che Server with certificate content
# to propagate it to trust store
{{- if .Values.global.tls.useSelfSignedCerts }}
- name: CHE_SELF__SIGNED__CERT
valueFrom:
secretKeyRef:
key: ca.crt
name: {{ .Values.global.tls.selfSignedCertSecretName }}
optional: false
{{- end }}
# If workspaces are created in a separate namespace(s)
# then configure Che Server to propagate TLS secret to workspaces' namespaces
# Do not propagate anything in case of using default ingress controller certificate (global.tls.secretName is empty)
{{- if and (ne .Release.Namespace .Values.global.cheWorkspacesNamespace) (.Values.global.tls.secretName) }}
- name: "CHE_INFRA_KUBERNETES_TLS__CERT"
valueFrom:
secretKeyRef:
key: tls.crt
name: {{ .Values.global.tls.secretName }}
optional: false
- name: "CHE_INFRA_KUBERNETES_TLS__KEY"
valueFrom:
secretKeyRef:
key: tls.key
name: {{ .Values.global.tls.secretName }}
optional: false
{{- end }}
{{- end }}
image: {{ .Values.cheImage }}
imagePullPolicy: {{ .Values.cheImagePullPolicy }}
securityContext:
runAsUser: {{ .Values.global.securityContext.runAsUser }}
{{- if not .Values.che.disableProbes }}
livenessProbe:
httpGet:
path: /api/system/state
port: 8080
scheme: HTTP
initialDelaySeconds: 120
timeoutSeconds: 10
readinessProbe:
httpGet:
path: /api/system/state
port: 8080
scheme: HTTP
initialDelaySeconds: 15
timeoutSeconds: 60
{{- end }}
name: che
ports:
- containerPort: 8080
name: http
- containerPort: 8000
name: http-debug
- containerPort: 8888
name: jgroups-ping
- containerPort: 8087
name: http-metrics
resources:
limits:
memory: 600Mi
requests:
memory: 256Mi
# If serverTrustStoreConfigMapName is defined, then add the che-public-certs volume mount with certificate contents
# to propagate them to trust store.
{{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
volumeMounts:
- mountPath: /public-certs
name: che-public-certs
volumes:
- name: che-public-certs
configMap:
name: {{ .Values.global.tls.serverTrustStoreConfigMapName }}
{{- end }}
{{- if .Values.registry }}
{{- if and .Values.registry.password .Values.registry.username }}
imagePullSecrets:
- name: registry-pull-secret
{{- end }}
{{- end }}
serviceAccountName: che

27
deploy/kubernetes/helm/che/templates/exec-role.yaml
View File

@ -1,27 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: exec
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods/exec
verbs:
- create
{{- end }}

54
deploy/kubernetes/helm/che/templates/ingress.yaml
View File

@ -1,54 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: che-ingress
labels:
app: che
component: che
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}org/websocket-services: "che-host"
{{- if and .Values.global.tls .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
spec:
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "cheHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end }}
rules:
{{- if ne .Values.global.serverStrategy "default-host" }}
- host: {{ template "cheHost" . }}
http:
{{- else }}
- http:
{{- end }}
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
port:
number: 8080
{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
name: che-gateway
{{- else }}
name: che-host
{{- end }}

65
deploy/kubernetes/helm/che/templates/metrics-ingress.yaml
View File

@ -1,65 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- define "prometheusHost" }}
{{- printf "prometheus-%s.%s" .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- define "grafanaHost" }}
{{- printf "grafana-%s.%s" .Release.Namespace .Values.global.ingressDomain }}
{{- end }}
{{- if .Values.global.metricsEnabled }}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: che-metrics-ingress
annotations:
kubernetes.io/ingress.class: {{ .Values.global.ingress.class | quote }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
{{- if and .Values.global.tls .Values.global.tls.enabled }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "true"
{{- else }}
{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
{{- end }}
spec:
{{- if .Values.global.tls.enabled }}
tls:
- hosts:
- {{ template "prometheusHost" . }}
- {{ template "grafanaHost" . }}
{{- if .Values.global.tls.secretName }}
secretName: {{ .Values.global.tls.secretName }}
{{- end -}}
{{- end }}
rules:
- host: {{ template "prometheusHost" . }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: che-prometheus-server
port:
number: 80
- host: {{ template "grafanaHost" . }}
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: che-grafana
port:
number: 80
{{- end }}

29
deploy/kubernetes/helm/che/templates/registry-pull-secret.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if .Values.registry }}
{{- if and .Values.registry.password .Values.registry.username }}
# When creating a pod based on an image that resides in a private Docker registry (a secure registry protected by basic authentication),
# one must specify an imagePullSecrets as part of the pod's spec.
# (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-pod-that-uses-your-secret)
# This resource creates a docker registry pull secret that's based on values provided in values.yaml (it relies on a template defined in _secretHelper.tpl). The secret must be deployed to
# the same namespace in which the pod will be created.
apiVersion: v1
kind: Secret
metadata:
name: registry-pull-secret
labels:
app: che
component: che
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "imagePullSecret" . }}
{{- end }}
{{- end }}

27
deploy/kubernetes/helm/che/templates/resource-monitor-role-binding.yaml
View File

@ -1,27 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: che-resource-monitor
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
roleRef:
kind: Role
name: resource-monitor
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ .Values.global.cheWorkspaceServiceAccount }}
namespace: {{ .Values.global.cheWorkspacesNamespace }}
{{- end }}

34
deploy/kubernetes/helm/che/templates/resource-monitor-role.yaml
View File

@ -1,34 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: resource-monitor
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
verbs:
- list
- apiGroups:
- "metrics.k8s.io"
attributeRestrictions: null
resources:
- pods
verbs:
- get
{{- end }}

29
deploy/kubernetes/helm/che/templates/service.yaml
View File

@ -1,29 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: Service
metadata:
labels:
app: che
component: che
name: che-host
spec:
ports:
- name: http
port: 8080
protocol: TCP
targetPort: 8080
- name: metrics
port: 8087
protocol: TCP
targetPort: 8087
selector:
app: che
component: che

16
deploy/kubernetes/helm/che/templates/serviceaccount.yaml
View File

@ -1,16 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: che
component: che
name: che

33
deploy/kubernetes/helm/che/templates/traefik-gateway-configmap.yaml
View File

@ -1,33 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if and (eq .Values.global.serverStrategy "single-host") (eq .Values.global.singleHostExposure "gateway") }}
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: che
component: che-gateway-config
name: che-gateway-route-che
data:
che.yml: |
http:
routers:
che:
rule: "PathPrefix(`/`)"
service: che
priority: 1
services:
che:
loadBalancer:
servers:
- url: 'http://che-host:8080'
{{- end }}

27
deploy/kubernetes/helm/che/templates/workspace-exec-role-binding.yaml
View File

@ -1,27 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: che-workspace-exec
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
roleRef:
kind: Role
name: exec
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ .Values.global.cheWorkspaceServiceAccount }}
namespace: {{ .Values.global.cheWorkspacesNamespace }}
{{- end }}

19
deploy/kubernetes/helm/che/templates/workspace-service-account.yaml
View File

@ -1,19 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ .Values.global.cheWorkspaceServiceAccount }}
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
{{- end }}

27
deploy/kubernetes/helm/che/templates/workspace-view-role-binding.yaml
View File

@ -1,27 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: che-workspace-view
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
roleRef:
kind: Role
name: workspace-view
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ .Values.global.cheWorkspaceServiceAccount }}
namespace: {{ .Values.global.cheWorkspacesNamespace }}
{{- end }}

28
deploy/kubernetes/helm/che/templates/workspace-view-role.yaml
View File

@ -1,28 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
{{- if not (contains "<" .Values.global.cheWorkspacesNamespace) }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: workspace-view
namespace: {{ .Values.global.cheWorkspacesNamespace }}
labels:
app: che
component: che
rules:
- apiGroups:
- ""
attributeRestrictions: null
resources:
- pods
- services
verbs:
- list
{{- end }}

37
deploy/kubernetes/helm/che/tiller-rbac.yaml
View File

@ -1,37 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: tiller-role-binding
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: tiller
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: tiller
namespace: kube-system
####################################################
# after applying this resource, run this command:
# helm init --service-account tiller
# or if your already performed helm init, run this command:
# kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
# see: https://github.com/kubernetes/helm/issues/2224, https://stackoverflow.com/a/45306258/2365824
####################################################

337
deploy/kubernetes/helm/che/values.yaml
View File

@ -1,337 +0,0 @@
#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# the following section is for secure registries. when uncommented, a pull secret will be created
#registry:
# host: my-secure-private-registry.com
# username: myUser
# password: myPass
cheWorkspaceHttpProxy: ""
cheWorkspaceHttpsProxy: ""
cheWorkspaceNoProxy: ""
#cheWorkspacePodTolerations:
# - key: "a.node.taint"
# operator: "Equal"
# value: "aValue"
# effect: "NoExecute"
cheImage: quay.io/eclipse/che-server:next
cheImagePullPolicy: Always
cheKeycloakRealm: "che"
cheKeycloakClientId: "che-public"
#customOidcUsernameClaim: ""
#customOidcProvider: ""
#workspaceDefaultRamRequest: ""
#workspaceDefaultRamLimit: ""
#workspaceSidecarDefaultRamLimit: ""
global:
# This value can be passed if custom Oidc provider is used, and there is no need to deploy keycloak
# default (if empty) is true
#cheDedicatedKeycloak: false
ingressDomain: 192.168.99.100.nip.io
ingress:
class: "nginx"
# See --annotations-prefix flag (https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/cli-arguments.md)
ingressAnnotationsPrefix: "nginx."
# options: default-host, single-host, multi-host
serverStrategy: multi-host
# exposure type for `serverStrategy: single-host`. options: native, gateway
singleHostExposure: native
# labels used for single-host gateway ConfigMaps
singleHostGatewayLabels: app=che,component=che-gateway-config
# Public hostname of the installed Che server. If value is omitted then it will be automatically set.
cheHost: ""
# Image used by endpoint watchers
endpointWatcher:
image: quay.io/eclipse/che-endpoint-watcher:next
# Use internal cluster svc names to communicate between components
useInternalClusterSVCNames: true
## Allows to enable and configure TLS
tls:
enabled: false
## Secret name that will be used in Che Ingresses for setting TLS up
## Note the helm chart does not create this secret and
## it MUST be pre-created in the configured Che namespace
## If the value is empty, then the certificate from default ingress controller will be used.
secretName: che-tls
## If self-signed certificate flag is enabled
## then CA certificate from `tls.selfSignedCertSecretName` will be propagated to Che components' trust stores
useSelfSignedCerts: true
selfSignedCertSecretName: self-signed-certificate
## Name of the config-map with public certificates to add to Java trust store
## of the Che server, Keycloak and propagate into user workspaces.
serverTrustStoreConfigMapName: ""
## If using git self-signed certificate is enabled
## then certificate from `cheGitSelfSignedCertConfigMapName` will be propagated to Che components'
## and provide particular configuration for Git
useGitSelfSignedCerts: false
cheGitSelfSignedCertConfigMapName: che-git-self-signed-cert
gitHubClientID: ""
gitHubClientSecret: ""
openShiftClientID: ""
openShiftClientSecret: ""
openShiftOAuthEndpoint: ""
openShiftVerifyTokenUrl: ""
# Possible values: common, per-workspace, unique
cheWorkspacesPVCStrategy: "common"
pvcClaim: "1Gi"
# Defines the storage class of Persistent Volume Claim(s) for the workspaces.
cheWorkspacePVCStorageClassName: ""
cheWorkspacesNamespace: "<username>-che"
# Service account name that will be mounted to workspaces pods
# Note that:
# if `cheWorkspacesNamespace` doesn't contain placeholders then service account with configured name will be created by helm chart during deploying Che
# if `cheWorkspacesNamespace` contains placeholders then Che Server creates new namespaces accordingly and ensures that configured SA exists there
cheWorkspaceServiceAccount: "che-workspace"
# If set, Che will bind the specified cluster role to the workspace service account when creating a workspace.
cheWorkspaceClusterRole: ""
workspaceIdleTimeout: "1800000"
log:
loggerConfig: ""
appenderName: "plaintext"
tracingEnabled: false
metricsEnabled: false
# Run Che and Che workspaces as the same non-root user
securityContext:
runAsUser: 1724
fsGroup: 1724
postgresDebugLogs: false
# Defines the storage class of Persistent Volume Claim for Postgres database.
chePostgresPVCStorageClassName: ""
cheDevfileRegistryUrlFormat: "devfile-registry-%s.%s"
chePluginRegistryUrlFormat: "plugin-registry-%s.%s"
che:
limits: {
# userWorkspacesRunCount
}
workspace: {}
# This variable may contain a set of comma-separated key=value pairs to form the nodeSelector rule
# podNodeSelector: "key1=value1,key2=value2"
# devfileRegistryUrl: "https://che-devfile-registry.openshift.io/"
# pluginBroker:
# waitTimeoutMin: "3"
# pluginRegistryUrl: "https://che-plugin-registry.openshift.io/v3"
disableProbes: false
logLevel: "INFO"
dashboard:
image: quay.io/eclipse/che-dashboard:next
imagePullPolicy: "Always"
memoryRequest: 16Mi
memoryLimit: 256Mi
cpuRequest: 50m
cpuLimit: 500m
ingressPath: /dashboard
cheDevfileRegistry:
deploy: true
chePluginRegistry:
deploy: true
cheSinglehostGateway:
deploy: false
prometheus:
alertmanager:
enabled: false
kubeStateMetrics:
enabled: false
nodeExporter:
enabled: false
pushgateway:
enabled: false
rbac:
enabled: false
serverFiles:
prometheus.yml:
scrape_configs:
- job_name: che
static_configs:
- targets:
- che-host:8087
grafana:
adminUser: admin
adminPassword: admin
datasources:
datasources.yaml:
apiVersion: 1
datasources:
- name: che
type: prometheus
access: proxy
url: http://che-prometheus-server
isDefault: true
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: default
editable: true
type: file
folder: ''
orgId: 1
options:
path: /var/lib/grafana/dashboards/default
dashboards:
default:
chejvm:
json: |
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": 1,
"links": [],
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "che",
"fill": 1,
"gridPos": {
"h": 9,
"w": 12,
"x": 0,
"y": 0
},
"id": 2,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 5,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"expr": "jvm_memory_used_bytes{job=\"che\"}",
"format": "time_series",
"interval": "",
"intervalFactor": 1,
"legendFormat": "{{ id }}",
"refId": "A"
}
],
"thresholds": [],
"timeFrom": null,
"timeShift": null,
"title": "Che JVM Heap",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
},
{
"format": "short",
"label": null,
"logBase": 1,
"max": null,
"min": null,
"show": true
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
}
],
"refresh": false,
"schemaVersion": 16,
"style": "dark",
"tags": [],
"templating": {
"list": []
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Che JVM Heap",
"uid": "IkmWvLLmk",
"version": 1
}

12
deploy/kubernetes/helm/che/values/default-host.yaml
View File

@ -1,12 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
global:
ingressDomain: 192.168.99.100
serverStrategy: default-host

11
deploy/kubernetes/helm/che/values/multi-user.yaml
View File

@ -1,11 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# multi user authentication mode the only available and enabled by default
# keep this file for backward compatibility

15
deploy/kubernetes/helm/che/values/single-host-gateway.yaml
View File

@ -1,15 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
global:
serverStrategy: single-host
singleHostExposure: gateway
singleHostGatewayLabels: app=che,component=che-gateway-config
cheSinglehostGateway:
deploy: true

13
deploy/kubernetes/helm/che/values/tls.yaml
View File

@ -1,13 +0,0 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
global:
tls:
enabled: true
secretName: che-tls