language review of che.properties and multiuser.properties (#315)
* language review * peer review suggestions * Update che.properties * implemented feedback * Update che.properties add missing `che.infra.kubernetes.server_strategy=multi-host`; update text Co-authored-by: Fabrice Flore-Thébault <ffloreth@redhat.com> Co-authored-by: Nick Boldt <nboldt@redhat.com>pull/358/head
Jana Vrbkova
GitHub
parent
64fd318bb5
commit
b02dc2e9b7
|
|
@ -18,7 +18,7 @@
|
|||
# API service. Browsers initiate REST communications to {prod-short} server with this URL.
|
||||
che.api=http://${CHE_HOST}:${CHE_PORT}/api
|
||||
|
||||
# API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL
|
||||
# API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL.
|
||||
che.api.internal=NULL
|
||||
|
||||
# {prod-short} WebSocket major endpoint. Provides basic communication endpoint
|
||||
|
|
@ -54,7 +54,7 @@ che.workspace.auto_start=true
|
|||
|
||||
# Workspace threads pool configuration. This pool is used for workspace-related
|
||||
# operations that require asynchronous execution, for example, starting and stopping.
|
||||
# Possible values are `fixed` and `cached`.
|
||||
# Possible values are: `fixed` and `cached`.
|
||||
che.workspace.pool.type=fixed
|
||||
|
||||
# This property is ignored when pool type is different from `fixed`.
|
||||
|
|
@ -63,8 +63,8 @@ che.workspace.pool.type=fixed
|
|||
# See also `che.workspace.pool.cores_multiplier`.
|
||||
che.workspace.pool.exact_size=30
|
||||
|
||||
# This property is ignored when pool type is not set to `fixed`, `che.workspace.pool.exact_size`
|
||||
# is set. When set, the pool size is `N_CORES * multiplier`.
|
||||
# This property is ignored when `che.workspace.pool.exact_size`
|
||||
# is set and pool type is not set to `fixed`. When set, the pool size is `N_CORES * multiplier`.
|
||||
che.workspace.pool.cores_multiplier=2
|
||||
|
||||
# This property specifies how many threads to use for workspace server liveness probes.
|
||||
|
|
@ -74,14 +74,14 @@ che.workspace.probe_pool_size=10
|
|||
# HTTP proxy setting for workspace JVM.
|
||||
che.workspace.http_proxy_java_options=NULL
|
||||
|
||||
# Java command-line options added to JVMs running in workspaces.
|
||||
# Java command line options added to JVMs running in workspaces.
|
||||
che.workspace.java_options=-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
|
||||
|
||||
# Maven command-line options added to JVMs running agents in workspaces.
|
||||
# Maven command line options added to JVMs running agents in workspaces.
|
||||
che.workspace.maven_options=-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
|
||||
|
||||
# RAM limit default for each machine that has no RAM settings in its environment.
|
||||
# Value less or equal to 0 is interpreted as disabling the limit.
|
||||
# Value less than or equal to `0` is interpreted as disabling the limit.
|
||||
che.workspace.default_memory_limit_mb=1024
|
||||
|
||||
# RAM request for each container that has no explicit RAM settings in its environment.
|
||||
|
|
@ -89,39 +89,36 @@ che.workspace.default_memory_limit_mb=1024
|
|||
# This property may not be supported by all infrastructure implementations.
|
||||
# Currently it is supported by {orch-name}.
|
||||
# A memory request exceeding the memory limit is ignored, and only the limit size is used.
|
||||
# Value less or equal to 0 is interpreted as disabling the limit.
|
||||
# Value less than or equal to `0` is interpreted as disabling the limit.
|
||||
che.workspace.default_memory_request_mb=200
|
||||
|
||||
# CPU limit for each container that has no CPU settings in its environment.
|
||||
# Specify either in floating point cores number, for example, `0.125`,
|
||||
# or using the Kubernetes format, integer millicores, for example, `125m`.
|
||||
# Value less or equal to 0 is interpreted as disabling the limit.
|
||||
# Specify it either in floating point cores or in integer millicores, for example: `0.125` or `125m`.
|
||||
# Value less than or equal to `0` is interpreted as disabling the limit.
|
||||
che.workspace.default_cpu_limit_cores=-1
|
||||
|
||||
# CPU request for each container that has no CPU settings in environment.
|
||||
# A CPU request exceeding the CPU limit is ignored, and only limit number is used.
|
||||
# Value less or equal to 0 is interpreted as disabling the limit.
|
||||
# CPU request for each container that has no CPU settings in its environment.
|
||||
# A CPU request exceeding the CPU limit is ignored and only the limit number is used.
|
||||
# Value less than or equal to `0` is interpreted as disabling the limit.
|
||||
che.workspace.default_cpu_request_cores=-1
|
||||
|
||||
# RAM limit for each sidecar that has no RAM settings in the {prod-short} plug-in configuration.
|
||||
# Value less or equal to 0 is interpreted as disabling the limit.
|
||||
# Value less than or equal to `0` is interpreted as disabling the limit.
|
||||
che.workspace.sidecar.default_memory_limit_mb=128
|
||||
|
||||
# RAM request for each sidecar that has no RAM settings in the {prod-short} plug-in configuration.
|
||||
che.workspace.sidecar.default_memory_request_mb=64
|
||||
|
||||
# CPU limit default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration.
|
||||
# Specify either in floating point cores number, for example, `0.125`,
|
||||
# or using the Kubernetes format, integer millicores, for example, `125m`.
|
||||
# Value less or equal to 0 is interpreted as disabling the limit.
|
||||
# Specify it either in floating point cores or in integer millicores, for example: `0.125` or `125m`.
|
||||
# Value less than or equal to `0` is interpreted as disabling the limit.
|
||||
che.workspace.sidecar.default_cpu_limit_cores=-1
|
||||
|
||||
# CPU request default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration.
|
||||
# Specify either in floating point cores number, for example, `0.125`,
|
||||
# or using the Kubernetes format, integer millicores, for example, `125m`.
|
||||
# Specify it either in floating point cores or in integer millicores, for example: `0.125` or `125m`.
|
||||
che.workspace.sidecar.default_cpu_request_cores=-1
|
||||
|
||||
# Defines image-pulling strategy for sidecars. Possible values are: `Always`,
|
||||
# Defines image pull strategy for sidecars. Possible values are: `Always`,
|
||||
# `Never`, `IfNotPresent`. For any other value, `Always` is assumed for images
|
||||
# with the `:latest` tag, or `IfNotPresent` for all other cases.
|
||||
che.workspace.sidecar.image_pull_policy=Always
|
||||
|
|
@ -130,68 +127,68 @@ che.workspace.sidecar.image_pull_policy=Always
|
|||
# Period of inactive workspaces suspend job execution.
|
||||
che.workspace.activity_check_scheduler_period_s=60
|
||||
|
||||
# The period of the cleanup of the activity table. The activity table can contain invalid or stale data
|
||||
# if some unforeseen errors happen, as a server failure at a peculiar point in time. The default is to
|
||||
# Period of cleanup of the activity table. The activity table can contain invalid or stale data
|
||||
# if an unforeseen error happens, such as a server failure at a particular point in time. The default is set to
|
||||
# run the cleanup job every hour.
|
||||
che.workspace.activity_cleanup_scheduler_period_s=3600
|
||||
|
||||
# The delay after server startup to start the first activity clean up job.
|
||||
# Delay after a server startup to start the first activity cleanup job.
|
||||
che.workspace.activity_cleanup_scheduler_initial_delay_s=60
|
||||
|
||||
|
||||
# Delay before first workspace idleness check job started to avoid
|
||||
# mass suspend if {prod-short} server was unavailable for period close to
|
||||
# Delay before the first workspace idleness check job is started to avoid
|
||||
# a mass suspend if {prod-short} server was unavailable for a period close to
|
||||
# inactivity timeout.
|
||||
che.workspace.activity_check_scheduler_delay_s=180
|
||||
|
||||
|
||||
# Time to delay the first execution of temporary workspaces cleanup job.
|
||||
# Delay before the first execution of a temporary workspaces cleanup job.
|
||||
che.workspace.cleanup_temporary_initial_delay_min=5
|
||||
|
||||
# Time to delay between the termination of one execution and the commencement
|
||||
# of the next execution of temporary workspaces cleanup job
|
||||
# Delay between the termination of one execution and the commencement
|
||||
# of the next execution of temporary workspaces cleanup job.
|
||||
che.workspace.cleanup_temporary_period_min=180
|
||||
|
||||
|
||||
# Number of sequential successful pings to server after which it is treated as available.
|
||||
# the {prod-short} Operator: the property is common for all servers, for example, workspace agent, terminal, exec.
|
||||
# Number of sequential successful pings to a server after which it is treated as available.
|
||||
# For the {prod-short} Operator, the property is common for all servers, for example: `workspace agent`, `terminal`, and `exec`.
|
||||
che.workspace.server.ping_success_threshold=1
|
||||
|
||||
# Interval, in milliseconds, between successive pings to workspace server.
|
||||
# Interval (in milliseconds) between successive pings to a workspace server.
|
||||
che.workspace.server.ping_interval_milliseconds=3000
|
||||
|
||||
# List of servers names which require liveness probes
|
||||
# List of names of the servers that require liveness probes.
|
||||
che.workspace.server.liveness_probes=wsagent/http,exec-agent/http,terminal,theia,jupyter,dirigible,cloud-shell,intellij
|
||||
|
||||
# Limit size of the logs collected from single container that can be observed by che-server when
|
||||
# Limits the size of logs collected from a single container that can be observed by {prod-short} server when
|
||||
# debugging workspace startup.
|
||||
# default 10MB=10485760
|
||||
# The default is: 10MB=10485760.
|
||||
che.workspace.startup_debug_log_limit_bytes=10485760
|
||||
|
||||
# If true, 'stop-workspace' role with the edit privileges will be granted to the 'che' ServiceAccount if OpenShift OAuth is enabled.
|
||||
# If set to `true`, 'stop-workspace' role with the edit privileges is granted to the 'che' ServiceAccount if OpenShift OAuth is enabled.
|
||||
# This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled.
|
||||
che.workspace.stop.role.enabled=true
|
||||
|
||||
# Specifies whether {prod-short} is deployed with DevWorkspaces enabled.
|
||||
# This property is set by the {prod-short} Operator if it also installed the support for DevWorkspaces.
|
||||
# This property is used to advertise this fact to the {prod-short} dashboard.
|
||||
# It does not make sense to change the value of this property manually.
|
||||
# It doesn't make sense to change the value of this property manually.
|
||||
che.devworkspaces.enabled=false
|
||||
|
||||
### Authentication parameters
|
||||
|
||||
# {prod-short} has a single identity implementation, so this does not change the user experience.
|
||||
# If true, enables user creation at API level
|
||||
# If set to `true`, enables user creation at the API level.
|
||||
che.auth.user_self_creation=false
|
||||
|
||||
# Authentication error page address
|
||||
# Authentication error page address.
|
||||
che.auth.access_denied_error_page=/error-oauth
|
||||
|
||||
# Reserved user names
|
||||
# Reserved user names.
|
||||
che.auth.reserved_user_names=
|
||||
|
||||
|
||||
# Configuration of GitHub OAuth2 client. Used to obtain Personal access tokens.
|
||||
# Configuration of the GitHub OAuth2 client. Used to obtain personal access tokens.
|
||||
# Location of the file with GitHub client id.
|
||||
che.oauth2.github.clientid_filepath=NULL
|
||||
|
||||
|
|
@ -209,7 +206,7 @@ che.oauth.github.tokenuri= https://github.com/login/oauth/access_token
|
|||
che.integration.github.oauth_endpoint=NULL
|
||||
|
||||
# GitHub OAuth redirect URIs.
|
||||
# Separate multiple values with comma, for example: URI,URI,URI
|
||||
# Separate multiple values with comma, for example: URI,URI,URI.
|
||||
che.oauth.github.redirecturis= http://localhost:${CHE_PORT}/api/oauth/callback
|
||||
|
||||
# Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token.
|
||||
|
|
@ -222,12 +219,12 @@ che.oauth.openshift.oauth_endpoint= NULL
|
|||
# OpenShift OAuth verification token URL.
|
||||
che.oauth.openshift.verify_token_url= NULL
|
||||
|
||||
# Configuration of Bitbucket Server OAuth1 client. Used to obtain Personal access tokens.
|
||||
# Configuration of Bitbucket Server OAuth1 client. Used to obtain personal access tokens.
|
||||
# Location of the file with Bitbucket Server application consumer key (equivalent to a username).
|
||||
che.oauth1.bitbucket.consumerkeypath=NULL
|
||||
# Location of the file with Bitbucket Server application private key
|
||||
# Location of the file with Bitbucket Server application private key.
|
||||
che.oauth1.bitbucket.privatekeypath=NULL
|
||||
# Bitbucket Server URL. To work correctly with factories the same URL
|
||||
# Bitbucket Server URL. To work correctly with factories, the same URL
|
||||
# has to be part of `che.integration.bitbucket.server_endpoints` too.
|
||||
che.oauth1.bitbucket.endpoint=NULL
|
||||
|
||||
|
|
@ -251,16 +248,16 @@ che.oauth.bitbucket.redirecturis= http://localhost:${CHE_PORT}/api/oauth/callbac
|
|||
### Internal
|
||||
|
||||
# {prod-short} extensions can be scheduled executions on a time basis.
|
||||
# This configures the size of the thread pool allocated to extensions that are launched on
|
||||
# This value configures the size of the thread pool allocated to extensions that are launched on
|
||||
# a recurring schedule.
|
||||
schedule.core_pool_size=10
|
||||
|
||||
# DB initialization and migration configuration
|
||||
# If true, ignore scripts up to the version configured by baseline.version.
|
||||
# Database initialization and migration configuration.
|
||||
# If set to `true`, the database initialization component on {prod-short} Server side ignores scripts up to the version configured by `baseline.version`.
|
||||
db.schema.flyway.baseline.enabled=true
|
||||
|
||||
# Scripts with version up to this are ignored.
|
||||
# Note that scripts with version equal to baseline version are also ignored.
|
||||
# Scripts with a version up to the specified one are ignored.
|
||||
# Note that scripts with a version equal to the baseline version are also ignored.
|
||||
db.schema.flyway.baseline.version=5.0.0.8.1
|
||||
|
||||
# Prefix of migration scripts.
|
||||
|
|
@ -269,221 +266,213 @@ db.schema.flyway.scripts.prefix=
|
|||
# Suffix of migration scripts.
|
||||
db.schema.flyway.scripts.suffix=.sql
|
||||
|
||||
# Separator of version from the other part of script name.
|
||||
# Separator of `version` from the other parts of script name.
|
||||
db.schema.flyway.scripts.version_separator=__
|
||||
|
||||
# Locations where to search migration scripts.
|
||||
# Locations where to search for migration scripts.
|
||||
db.schema.flyway.scripts.locations=classpath:che-schema
|
||||
|
||||
### Kubernetes Infra parameters
|
||||
### Kubernetes infrastructure parameters
|
||||
|
||||
# Configuration of Kubernetes client master URL that Infra will use.
|
||||
# Configuration of Kubernetes Client master URL that the infrastructure uses.
|
||||
che.infra.kubernetes.master_url=
|
||||
|
||||
# Boolean to configure Kubernetes client to use trusted certificates.
|
||||
# Boolean to configure Kubernetes Client to use trusted certificates.
|
||||
che.infra.kubernetes.trust_certs=false
|
||||
|
||||
# Kubernetes cluster domain. If not set, svc names will not contain information about the cluster domain.
|
||||
# Kubernetes cluster domain. If not set, svc names doesn't contain information about the cluster domain.
|
||||
che.infra.kubernetes.cluster_domain=NULL
|
||||
|
||||
# Defines the way how servers are exposed to the world in Kubernetes infra.
|
||||
# List of strategies implemented in {prod-short}: `default-host`, `multi-host`, `single-host`.
|
||||
# Defines how servers are exposed to the world in Kubernetes infra.
|
||||
# Options include: `default-host`, `multi-host`, `single-host`.
|
||||
che.infra.kubernetes.server_strategy=multi-host
|
||||
|
||||
# Defines the way in which the workspace plugins and editors are exposed in the single-host mode.
|
||||
# Defines the way in which the workspace plug-ins and editors are exposed in the single-host mode.
|
||||
# Supported exposures:
|
||||
# `native`:: Exposes servers using Kubernetes Ingresses. Works only on Kubernetes.
|
||||
# `gateway`:: Exposes servers using reverse-proxy gateway.
|
||||
che.infra.kubernetes.singlehost.workspace.exposure=native
|
||||
|
||||
# Defines the way how to expose devfile endpoints, as end-user's applications, in single-host server strategy.
|
||||
# Defines the way to expose devfile endpoints as end-user's applications, in single-host server strategy.
|
||||
# They can either follow the single-host strategy and be exposed on subpaths, or they can be exposed on subdomains.
|
||||
# `multi-host`:: expose on subdomains
|
||||
# `single-host`:: expose on subpaths
|
||||
# Supported exposures:
|
||||
# `multi-host`:: Exposes devfile endpoints on subdomains.
|
||||
# `single-host`:: Exposes devfile endpoints on subpaths.
|
||||
che.infra.kubernetes.singlehost.workspace.devfile_endpoint_exposure=multi-host
|
||||
|
||||
# Defines labels which will be set to ConfigMaps configuring single-host gateway.
|
||||
# Defines labels which are set to ConfigMaps configuring single-host gateway.
|
||||
che.infra.kubernetes.singlehost.gateway.configmap_labels=app=che,component=che-gateway-config
|
||||
|
||||
# Used to generate domain for a server in a workspace in case property `che.infra.kubernetes.server_strategy` is set to `multi-host`
|
||||
# Generates a domain for a server in a workspace in case the property `che.infra.kubernetes.server_strategy` is set to `multi-host`
|
||||
che.infra.kubernetes.ingress.domain=
|
||||
|
||||
# Indicates whether {prod-short} server is allowed to create {orch-namespace} for user
|
||||
# workspaces, or they're intended to be created manually by cluster administrator.
|
||||
# This property is also used by the OpenShift infra.
|
||||
# This property is also used by OpenShift infrastructure.
|
||||
che.infra.kubernetes.namespace.creation_allowed=true
|
||||
|
||||
# Defines Kubernetes default namespace in which user's workspaces are created
|
||||
# if user does not override it.
|
||||
# It's possible to use `<username>` and `<userid>` placeholders (for example: `che-workspace-<username>`).
|
||||
# In that case, new namespace will be created for each user.
|
||||
# Used by OpenShift infra as well to specify a Project.
|
||||
# Use placeholder variables like `<username>` and `<userid>`. For example: `che-workspace-<username>`.
|
||||
# This ensures that a new namespace is created for each user, so that their workspaces do not collide with other users.
|
||||
# Used by OpenShift infrastructure to specify a Project.
|
||||
# The `<username>` or `<userid>` placeholder is mandatory.
|
||||
che.infra.kubernetes.namespace.default=<username>-che
|
||||
|
||||
# Defines whether che-server should try to label the workspace namespaces.
|
||||
# NOTE: It is strongly recommended to keep the value of this property set to true. If false, the new workspace namespaces will not be labeled
|
||||
# automatically and therefore not recognized by the Che operator making some features of DevWorkspaces not working.
|
||||
# If false, an administrator is required to label the namespaces manually using the labels specified in che.infra.kubernetes.namespace.labels.
|
||||
# If you want to manage the namespaces yourself, make sure to follow
|
||||
# Defines whether {prod-short} server should try to label the workspace namespaces.
|
||||
# NOTE: It's strongly recommended you keep the value of this property set to `true`. If set to `false`, the new workspace namespaces will not be labeled
|
||||
# automatically, and therefore not recognized by the {prod-operator-image-name} causing some features of DevWorkspaces to not work.
|
||||
# If set to `false`, an administrator is required to label the namespaces manually using the labels specified in `che.infra.kubernetes.namespace.labels`.
|
||||
# If you want to manage the namespaces yourself, make sure to follow this guide:
|
||||
# https://www.eclipse.org/che/docs/stable/administration-guide/provisioning-namespaces-in-advance/.
|
||||
# Any additional labels present on the namespace are kept in place and do not affect the functionality.
|
||||
# Also note that the the administrator is free to pre-create and label the namespaces manually even if this property is
|
||||
# true. No updates to the namespaces are done if they already conform to the labeling requirements.
|
||||
# `true`. No updates to the namespaces are done if they already conform to the labeling requirements.
|
||||
che.infra.kubernetes.namespace.label=true
|
||||
|
||||
# Defines whether che-server should try to annotate the workspace namespaces.
|
||||
# Defines whether {prod-short} server should try to annotate the workspace namespaces.
|
||||
che.infra.kubernetes.namespace.annotate=true
|
||||
|
||||
# List of labels to find {orch-namespace} that are used for {prod-short} Workspaces.
|
||||
# They are used to:
|
||||
# - find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.annotations`.
|
||||
# - actively label {orch-namespace} with any workspace.
|
||||
# NOTE: It is strongly recommended not to change the value of this property because the Che operator relies on these labels
|
||||
# - Find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.annotations`.
|
||||
# - Actively label {orch-namespace} with any workspace.
|
||||
# NOTE: It's strongly recommended not to change the value of this property because the {prod-operator-image-name} relies on these labels
|
||||
# and their precise values when reconciling DevWorkspaces. If this configuration is changed, the namespaces will not be automatically
|
||||
# recognized by the Che operator as workspace namespaces unless manually labeled as such using the default labels and values.
|
||||
# recognized by the {prod-operator-image-name} as workspace namespaces unless manually labeled as such using the default labels and values.
|
||||
# Additional labels on the namespace do not affect the functionality.
|
||||
che.infra.kubernetes.namespace.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspaces-namespace
|
||||
|
||||
# List of annotations to find {orch-namespace} prepared for {prod-short} users workspaces.
|
||||
# Only {orch-namespace} matching the `che.infra.kubernetes.namespace.labels` will be matched against these annotations.
|
||||
# List of annotations to find {orch-namespace} prepared for {prod-short} user workspaces.
|
||||
# Only {orch-namespace} matching the `che.infra.kubernetes.namespace.labels` is matched against these annotations.
|
||||
# {orch-namespace} that matches both `che.infra.kubernetes.namespace.labels` and `che.infra.kubernetes.namespace.annotations`
|
||||
# will be preferentially used for User's workspaces.
|
||||
# is used preferentially for user workspaces.
|
||||
# It's possible to use `<username>` placeholder to specify the {orch-namespace} to concrete user.
|
||||
# They are used to:
|
||||
# - find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.labels`.
|
||||
# - actively annotate {orch-namespace} with any workspace.
|
||||
# - Find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.labels`.
|
||||
# - Actively annotate {orch-namespace} with any workspace.
|
||||
che.infra.kubernetes.namespace.annotations=che.eclipse.org/username=<username>
|
||||
|
||||
# Defines Kubernetes Service Account name which should be specified to be bound to all workspaces Pods.
|
||||
# the {prod-short} Operator that Kubernetes Infrastructure will not create the service account and it should exist.
|
||||
# OpenShift infrastructure will check if project is predefined(if `che.infra.openshift.project` is not empty):
|
||||
# - if it is predefined then service account must exist there
|
||||
# - if it is 'NULL' or empty string then infrastructure will create new OpenShift project per workspace
|
||||
# and prepare workspace service account with needed roles there
|
||||
# Defines Kubernetes Service Account name which should be specified to be bound to all workspace pods.
|
||||
# The {prod-short} Operator that Kubernetes infrastructure will not create the service account and it should exist.
|
||||
# OpenShift infrastructure checks if project exists and `che.infra.openshift.project` isn't empty:
|
||||
# - If not 'NULL', then service account must exist there.
|
||||
# - If it's 'NULL' or an empty string, then infrastructure creates new OpenShift project per workspace
|
||||
# and prepare workspace service account with needed roles there.
|
||||
che.infra.kubernetes.service_account_name=NULL
|
||||
|
||||
# Specifies optional, additional cluster roles to use with the workspace service account.
|
||||
# the {prod-short} Operator that the cluster role names must already exist, and the {prod-short} service account needs to be able to create a Role Binding
|
||||
# Specifies optional additional cluster roles to use with the workspace service account.
|
||||
# The {prod-short} Operator that the cluster role names must already exist and the {prod-short} service account needs to be able to create a Role Binding
|
||||
# to associate these cluster roles with the workspace service account. The names are comma separated.
|
||||
# This property deprecates `che.infra.kubernetes.cluster_role_name`.
|
||||
che.infra.kubernetes.workspace_sa_cluster_roles=NULL
|
||||
|
||||
# Cluster roles to assign to user in his namespace
|
||||
# Cluster roles to assign to user in their namespace.
|
||||
che.infra.kubernetes.user_cluster_roles=NULL
|
||||
|
||||
# Defines wait time that limits the Kubernetes workspace start time.
|
||||
che.infra.kubernetes.workspace_start_timeout_min=8
|
||||
|
||||
# Defines the timeout in minutes that limits the period for which Kubernetes Ingress become ready
|
||||
# Defines the timeout (in minutes) that limits the period for which {orch-ingress} becomes ready.
|
||||
che.infra.kubernetes.ingress_start_timeout_min=5
|
||||
|
||||
# If during workspace startup an unrecoverable event defined in the property occurs,
|
||||
# stop the workspace immediately rather than waiting until timeout.
|
||||
# the {prod-short} Operator that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable.
|
||||
# If an unrecoverable event defined in the property occurs during workspace startup,
|
||||
# this parameter stops the workspace immediately rather than waiting until timeout.
|
||||
# Do not include a simple "Failed" string, as that might catch more events than than intended.
|
||||
# A failed container startup is handled explicitly by {prod-short} server.
|
||||
che.infra.kubernetes.workspace_unrecoverable_events=FailedMount,FailedScheduling,MountVolume.SetUp failed,Failed to pull image,FailedCreate,ReplicaSetCreateError
|
||||
|
||||
# Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingress
|
||||
# controller.
|
||||
#
|
||||
# OpenShift infrastructure ignores this property because it uses Routes rather than Ingresses.
|
||||
#
|
||||
# the {prod-short} Operator that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be
|
||||
# used (so that URLs can point to different servers while the servers do not need to support changing the app root).
|
||||
# The `che.infra.kubernetes.ingress.path.rewrite_transform` property defines how the path of the ingress should be
|
||||
# transformed to support the URL rewriting and this property defines the set of annotations on the ingress itself
|
||||
# that instruct the chosen ingress controller to actually do the URL rewriting, potentially building on the path
|
||||
# used so that URLs can point to different servers while the servers do not need to support changing the app root.
|
||||
# The `che.infra.kubernetes.ingress.path.rewrite_transform` property defines how the path of the Ingress should be
|
||||
# transformed to support the URL rewriting.
|
||||
# This property defines the set of annotations on the Ingress itself
|
||||
# that instruct the chosen Ingress Controller to actually do the URL rewriting, potentially building on the path
|
||||
# transformation (if required by the chosen ingress controller).
|
||||
#
|
||||
# For example for Nginx ingress controller 0.22.0 and later the following value is recommended:
|
||||
# For example, for Nginx Ingress Controller 0.22.0 and later, the following value is recommended:
|
||||
# `{"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\
|
||||
# "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600",
|
||||
# "nginx.org/websocket-services": "<service-name>"}`
|
||||
# and the `che.infra.kubernetes.ingress.path.rewrite_transform` should be set to `"%s(.*)"`.
|
||||
#
|
||||
# For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely `/` and the path transform
|
||||
# For Nginx Ingress Controller older than 0.22.0, the rewrite-target should be set to `/` and the path transformed
|
||||
# to `%s` (see the `che.infra.kubernetes.ingress.path.rewrite_transform` property).
|
||||
#
|
||||
# See the Nginx ingress controller documentation for the explanation of how the ingress controller uses
|
||||
# the regular expression available in the ingress path and how it achieves the URL rewriting.
|
||||
# See the Nginx Ingress Controller documentation for the explanation on how the Ingress Controller uses
|
||||
# the regular expression available in the Ingress path and how it achieves the rewriting of URL.
|
||||
che.infra.kubernetes.ingress.annotations_json=NULL
|
||||
|
||||
# Defines a recipe on how to declare the path of the ingress that should expose a server.
|
||||
# Defines a recipe on how to declare the path of the Ingress that should expose a server.
|
||||
# The `%s` represents the base public URL of the server and is guaranteed to end with a forward slash. This property
|
||||
# must be a valid input to the `String.format()` method and contain exactly one reference to `%s`.
|
||||
#
|
||||
# See the description of the `che.infra.kubernetes.ingress.annotations_json` property to see how these two
|
||||
# properties interplay when specifying the ingress annotations and path.
|
||||
#
|
||||
# If not defined, this property defaults to `%s` (without the quotes) which means that the path is not transformed in
|
||||
# any way for use with the ingress controller.
|
||||
# properties interplay when specifying the Ingress annotations and path.
|
||||
# If not defined, this property defaults to `%s` (without the quotes) which means that the path is not transformed
|
||||
# for use with the Ingress Controller.
|
||||
che.infra.kubernetes.ingress.path_transform=NULL
|
||||
|
||||
# Additional labels to add into every Ingress created by {prod-short} server
|
||||
# to allow clear identification.
|
||||
che.infra.kubernetes.ingress.labels=NULL
|
||||
|
||||
# Defines security context for Pods that will be created by Kubernetes Infra
|
||||
#
|
||||
# This is ignored by OpenShift infra
|
||||
# Defines security context for pods that is created by Kubernetes infrastructure.
|
||||
# This property is ignored by OpenShift infrastructure.
|
||||
che.infra.kubernetes.pod.security_context.run_as_user=NULL
|
||||
|
||||
# Defines security context for Pods that will be created by Kubernetes Infra.
|
||||
# A special supplemental group that applies to all containers in a Pod.
|
||||
# This is ignored by OpenShift infra.
|
||||
# Defines security context for pods that are created by Kubernetes infrastructure.
|
||||
# A special supplemental group that applies to all containers in a pod.
|
||||
# This property is ignored by OpenShift infrastructure.
|
||||
che.infra.kubernetes.pod.security_context.fs_group=NULL
|
||||
|
||||
# Defines grace termination period for Pods that will be created by {orch-name} infrastructures.
|
||||
#
|
||||
# Default value: `0`. It allows to stop Pods quickly and significantly decrease the time required for stopping a workspace.
|
||||
# the {prod-short} Operator: if `terminationGracePeriodSeconds` have been explicitly set in {orch-name} recipe it will not be overridden.
|
||||
# Defines the grace termination period for pods that are created by {orch-name} infrastructures.
|
||||
# The default value is `0`. It allows to stop pods quickly and significantly decreases the time required for stopping a workspace.
|
||||
# In the case of the {prod-short} Operator, if `terminationGracePeriodSeconds` have been explicitly set in {orch-name} recipe, it isn't overridden.
|
||||
che.infra.kubernetes.pod.termination_grace_period_sec=0
|
||||
|
||||
# Creates Ingresses with Transport Layer Security (TLS) enabled.
|
||||
# In OpenShift infrastructure, Routes will be TLS-enabled.
|
||||
# In OpenShift infrastructure, Routes are TLS-enabled.
|
||||
che.infra.kubernetes.tls_enabled=false
|
||||
|
||||
# Name of a secret that should be used when creating workspace ingresses with TLS.
|
||||
# The name of a secret that should be used when creating workspace Ingresses with TLS.
|
||||
# This property is ignored by OpenShift infrastructure.
|
||||
che.infra.kubernetes.tls_secret=
|
||||
|
||||
# Data for TLS Secret that should be used for workspaces Ingresses.
|
||||
# `cert` and `key` should be encoded with Base64 algorithm.
|
||||
# Data for TLS Secret that should be used for workspace Ingresses.
|
||||
# The `cert` and `key` values should be encoded with Base64 algorithm.
|
||||
# These properties are ignored by OpenShift infrastructure.
|
||||
che.infra.kubernetes.tls_key=NULL
|
||||
|
||||
# Certificate data for TLS Secret that should be used for workspaces Ingresses.
|
||||
# Certificate should be encoded with Base64 algorithm.
|
||||
# Certificate data for TLS secret that should be used for workspace Ingresses.
|
||||
# The certificate should be encoded with Base64 algorithm.
|
||||
# This property is ignored by OpenShift infrastructure.
|
||||
che.infra.kubernetes.tls_cert=NULL
|
||||
|
||||
# Defines the period with which runtimes consistency checks will be performed.
|
||||
# If runtime has inconsistent state then runtime will be stopped automatically.
|
||||
# Value must be more than 0 or `-1`, where `-1` means that checks won't be performed at all.
|
||||
# Defines the period with which runtimes consistency checks are performed.
|
||||
# If the runtime has an inconsistent state, it's stopped automatically.
|
||||
# The value must be more than 0 or `-1`, where `-1` means that checks aren't performed at all.
|
||||
# It's disabled by default because there is a possible {prod-short} server configuration when {prod-short} server
|
||||
# doesn't have the ability to interact with Kubernetes API when operation is not invoked by the user.
|
||||
#
|
||||
# It is disabled by default because there is possible {prod-short} Server configuration when {prod-short} Server
|
||||
# doesn't have an ability to interact with Kubernetes API when operation is not invoked by user.
|
||||
# It works with the following configurations:
|
||||
# - Workspaces objects are created in the same namespace where {prod-short} server is located.
|
||||
# - The `cluster-admin` service account token is mounted to {prod-short} server pod.
|
||||
#
|
||||
# It DOES work on the following configurations:
|
||||
# - workspaces objects are created in the same namespace where {prod-short} Server is located;
|
||||
# - `cluster-admin` service account token is mounted to {prod-short} Server Pod.
|
||||
#
|
||||
# It DOES NOT work on the following configurations:
|
||||
# - {prod-short} Server communicates with Kubernetes API using token from OAuth provider.
|
||||
# It doesn't work with the following configuration:
|
||||
# - {prod-short} server communicates with Kubernetes API using the token from OAuth provider.
|
||||
che.infra.kubernetes.runtimes_consistency_check_period_min=-1
|
||||
|
||||
|
||||
# Name of the ConfigMap in {prod-short} server namespace with additional CA TLS certificates to be propagated into all user's workspaces.
|
||||
# If the property is set on OpenShift 4 infrastructure, and `che.infra.openshift.trusted_ca.dest_configmap_labels` includes the `config.openshift.io/inject-trusted-cabundle=true` label, then cluster CA bundle will be propagated too.
|
||||
# Name of the ConfigMap in {prod-short} server namespace with additional CA TLS certificates to be propagated into all user workspaces.
|
||||
# If the property is set on OpenShift 4 infrastructure, and `che.infra.openshift.trusted_ca.dest_configmap_labels` includes the `config.openshift.io/inject-trusted-cabundle=true` label, then cluster CA bundle is propagated too.
|
||||
che.infra.kubernetes.trusted_ca.src_configmap=NULL
|
||||
|
||||
# Name of the ConfigMap in a workspace namespace with additional CA TLS certificates.
|
||||
# Holds the copy of `che.infra.kubernetes.trusted_ca.src_configmap` but in a workspace namespace.
|
||||
# Content of this ConfigMap is mounted into all workspace containers including plugin brokers.
|
||||
# Do not change the ConfigMap name unless it conflicts with the already existing ConfigMap.
|
||||
# the {prod-short} Operator that the resulting ConfigMap name can be adjusted eventually to make it unique in {orch-namespace}.
|
||||
# The original name would be stored in `che.original_name` label.
|
||||
# Content of this ConfigMap is mounted into all workspace containers including plug-in brokers.
|
||||
# Do not change the ConfigMap name unless it conflicts with an already existing ConfigMap.
|
||||
# The {prod-short} Operator that the resulting ConfigMap names can be adjusted eventually to make it unique in {orch-namespace}.
|
||||
# The original name is stored in `che.original_name` label.
|
||||
che.infra.kubernetes.trusted_ca.dest_configmap=ca-certs
|
||||
|
||||
# Configures path on workspace containers where the CA bundle should be mounted.
|
||||
|
|
@ -495,7 +484,7 @@ che.infra.kubernetes.trusted_ca.mount_path=/public-certs
|
|||
che.infra.kubernetes.trusted_ca.dest_configmap_labels=
|
||||
|
||||
|
||||
### OpenShift Infra parameters
|
||||
### OpenShift infrastructure parameters
|
||||
|
||||
# Comma separated list of labels to add to the CA certificates ConfigMap in user workspace.
|
||||
# See `che.infra.kubernetes.trusted_ca.dest_configmap` property.
|
||||
|
|
@ -507,7 +496,7 @@ che.infra.openshift.route.labels=NULL
|
|||
|
||||
# The hostname that should be used as a suffix for the workspace routes.
|
||||
# For example: Using `domain_suffix=__<{che-host}>__`, the route resembles: `routed3qrtk.__<{che-host}>__`.
|
||||
# It has to be a valid DNS name.
|
||||
# It must be a valid DNS name.
|
||||
che.infra.openshift.route.host.domain_suffix=NULL
|
||||
|
||||
# Initialize OpenShift project with {prod-short} server's service account
|
||||
|
|
@ -516,75 +505,75 @@ che.infra.openshift.project.init_with_server_sa=true
|
|||
|
||||
### Experimental properties
|
||||
|
||||
# Next properties are subject to changes and removal, so do not rely on them in a stable {prod-short} instance.
|
||||
# The following properties are subject to changes and removal, do not rely on them in a stable {prod-short} instance.
|
||||
|
||||
# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies plugins dependencies to a workspace.
|
||||
# The {prod-short} Operator overrides these images by default. Changing the images here will not
|
||||
# Docker image of {prod-short} plug-in broker app that resolves workspace tools configuration and copies plug-in dependencies to a workspace.
|
||||
# The {prod-short} Operator overrides these images by default. Changing the images here doesn't
|
||||
# have an effect if {prod-short} is installed using the Operator.
|
||||
che.workspace.plugin_broker.metadata.image=quay.io/eclipse/che-plugin-metadata-broker:v3.4.0
|
||||
|
||||
# Docker image of Che plugin artifacts broker.
|
||||
# This broker runs as an init container on the workspace Pod. Its job is to take in a list of plugin identifiers
|
||||
# (either references to a plugin in the registry or a link to a plugin meta.yaml) and ensure that the correct .vsix
|
||||
# and .theia extensions are downloaded into the /plugins directory, for each plugin requested for the workspace.
|
||||
# Docker image of Che plug-in artifacts broker.
|
||||
# This broker runs as an init container on the workspace pod. Its job is to take in a list of plug-in identifiers
|
||||
# (either references to a plug-in in the registry or a link to a plug-in `meta.yaml`) and ensure that the correct `.vsix`
|
||||
# and `.theia` extensions are downloaded into the `/plugins directory`, for each plug-in requested for the workspace.
|
||||
che.workspace.plugin_broker.artifacts.image=quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0
|
||||
|
||||
# Configures the default behavior of the plugin brokers when provisioning plugins into a workspace.
|
||||
# If set to true, the plugin brokers will attempt to merge plugins when possible: they run in
|
||||
# Configures the default behavior of the plug-in brokers when provisioning plug-ins for a workspace.
|
||||
# If set to `true`, the plug-in brokers attempt to merge plug-ins when possible: they run in
|
||||
# the same sidecar image and do not have conflicting settings. This value is the default setting
|
||||
# used when the devfile does not specify the `mergePlugins` attribute.
|
||||
# used when the devfile doesn't specify the `mergePlugins` attribute.
|
||||
che.workspace.plugin_broker.default_merge_plugins=false
|
||||
|
||||
# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies
|
||||
# plugins dependencies to a workspace
|
||||
# Docker image of {prod-short} plug-in broker app that resolves workspace tools configuration and copies
|
||||
# plug-in dependencies to a workspace.
|
||||
che.workspace.plugin_broker.pull_policy=Always
|
||||
|
||||
# Defines the timeout in minutes that limits the max period of result waiting for plugin broker.
|
||||
# Defines the timeout in minutes that limits the max period of result waiting for plug-in broker.
|
||||
che.workspace.plugin_broker.wait_timeout_min=3
|
||||
|
||||
# Workspace plug-ins registry endpoint. Should be a valid HTTP URL.
|
||||
# Example: ++http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io++
|
||||
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
|
||||
# Workspace plug-in registry endpoint. Should be a valid HTTP URL.
|
||||
# Example: `++http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io++`
|
||||
# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'.
|
||||
che.workspace.plugin_registry_url=https://che-plugin-registry.prod-preview.openshift.io/v3
|
||||
|
||||
# Workspace plugins registry internal endpoint. Should be a valid HTTP URL.
|
||||
# Example: ++http://devfile-registry.che.svc.cluster.local:8080++
|
||||
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
|
||||
# Workspace plug-in registry internal endpoint. Should be a valid HTTP URL.
|
||||
# Example: `++http://devfile-registry.che.svc.cluster.local:8080++`
|
||||
# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'.
|
||||
che.workspace.plugin_registry_internal_url=NULL
|
||||
|
||||
# Devfile Registry endpoint. Should be a valid HTTP URL.
|
||||
# Example: ++http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io++
|
||||
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
|
||||
# Devfile registry endpoint. Should be a valid HTTP URL.
|
||||
# Example: `++http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io++`
|
||||
# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'.
|
||||
che.workspace.devfile_registry_url=https://che-devfile-registry.prod-preview.openshift.io/
|
||||
|
||||
# Devfile Registry "internal" endpoint. Should be a valid HTTP URL.
|
||||
# Example: ++http://plugin-registry.che.svc.cluster.local:8080++
|
||||
# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used
|
||||
# Devfile registry "internal" endpoint. Should be a valid HTTP URL.
|
||||
# Example: `++http://plugin-registry.che.svc.cluster.local:8080++`
|
||||
# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'.
|
||||
che.workspace.devfile_registry_internal_url=NULL
|
||||
|
||||
# The configuration property that defines available values for storage types that clients such as the Dashboard should propose to users during workspace creation and update.
|
||||
# Available values:
|
||||
# Following values are available:
|
||||
# - `persistent`: Persistent Storage slow I/O but persistent.
|
||||
# - `ephemeral`: Ephemeral Storage allows for faster I/O but may have limited storage
|
||||
# and is not persistent.
|
||||
# - `async`: Experimental feature: Asynchronous storage is combination of Ephemeral
|
||||
# and Persistent storage. Allows for faster I/O and keep your changes, will backup on stop
|
||||
# and restore on start workspace.
|
||||
# Will work only if:
|
||||
# - `async`: Experimental feature: Asynchronous storage is a combination of Ephemeral
|
||||
# and Persistent storage. Allows for faster I/O and keep your changes, backs up on stop
|
||||
# and restores on start workspace.
|
||||
# Works only with following values:
|
||||
# - `che.infra.kubernetes.pvc.strategy='common'`
|
||||
# - `che.limits.user.workspaces.run.count=1`
|
||||
# - `che.infra.kubernetes.namespace.default` contains `<username>`
|
||||
# - `che.infra.kubernetes.namespace.default` contains `<username>`,
|
||||
# in other cases remove `async` from the list.
|
||||
che.workspace.storage.available_types=persistent,ephemeral,async
|
||||
|
||||
# The configuration property that defines a default value for storage type that clients such as the Dashboard should propose to users during workspace creation and update.
|
||||
# The `async` value is an experimental feature, not recommended as default type.
|
||||
# The configuration property that defines a default value for storage type that clients, such as the Dashboard, should propose to users during workspace creation and update.
|
||||
# The `async` value is an experimental feature not recommended as the default type.
|
||||
che.workspace.storage.preferred_type=persistent
|
||||
|
||||
# Configures in which way secure servers will be protected with authentication.
|
||||
# Configures in which way secure servers are protected with authentication.
|
||||
# Suitable values:
|
||||
# - `default`: `jwtproxy` is configured in a pass-through mode. Servers should authenticate requests themselves.
|
||||
# - `jwtproxy`: `jwtproxy` will authenticate requests. Servers will receive only authenticated requests.
|
||||
# - `jwtproxy`: `jwtproxy` authenticates requests. Servers only receive authenticated requests.
|
||||
che.server.secure_exposer=jwtproxy
|
||||
|
||||
# `Jwtproxy` issuer string, token lifetime, and optional auth page path to route unsigned requests to.
|
||||
|
|
@ -613,14 +602,14 @@ che.server.secure_exposer.jwtproxy.cpu_limit=0.5
|
|||
|
||||
### Configuration of the major WebSocket endpoint
|
||||
|
||||
# Maximum size of the JSON RPC processing pool
|
||||
# in case if pool size would be exceeded message execution will be rejected
|
||||
# Maximum size of the JSON RPC processing pool.
|
||||
# If pool size is exceeded, the message execution is rejected.
|
||||
che.core.jsonrpc.processor_max_pool_size=50
|
||||
|
||||
# Initial JSON processing pool. Minimum number of threads that used to process major JSON RPC messages.
|
||||
# Initial JSON processing pool. Minimum number of threads used to process major JSON RPC messages.
|
||||
che.core.jsonrpc.processor_core_pool_size=5
|
||||
|
||||
# Configuration of queue used to process JSON RPC messages.
|
||||
# Configuration of the queue used to process JSON RPC messages.
|
||||
che.core.jsonrpc.processor_queue_capacity=100000
|
||||
|
||||
|
||||
|
|
@ -631,82 +620,82 @@ che.metrics.port=8087
|
|||
|
||||
# Indicates which request origins are allowed.
|
||||
# CORS filter on WS Master is turned off by default.
|
||||
# Use environment variable "CHE_CORS_ENABLED=true" to turn it on.
|
||||
# Use the environment variable "CHE_CORS_ENABLED=true" to turn it on.
|
||||
che.cors.allowed_origins=*
|
||||
|
||||
# Indicates if it allows processing of requests with credentials (in cookies, headers, TLS client certificates).
|
||||
# Indicates if CORS allows processing of requests with credentials located in cookies, headers, and TLS client certificates.
|
||||
che.cors.allow_credentials=false
|
||||
|
||||
### Factory defaults
|
||||
|
||||
# Editor and plugin which will be used for factories that are created from a remote Git repository
|
||||
# which does not contain any {prod-short}-specific workspace descriptor
|
||||
# Multiple plugins must be comma-separated, for example:
|
||||
# Editor and plug-in used for factories that are created from a remote Git repository
|
||||
# which doesn't contain any {prod-short}-specific workspace descriptor.
|
||||
# Multiple plug-ins must be comma-separated, for example:
|
||||
# `pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion`
|
||||
che.factory.default_plugins=redhat/vscode-commons/latest
|
||||
|
||||
# Devfile filenames to look on repository-based factories (for example GitHub).
|
||||
# Factory will try to locate those files in the order they enumerated in the property.
|
||||
# Devfile filenames to look on repository-based factories, for example GitHub.
|
||||
# Factory tries to locate those files in the order they're enumerated in the property.
|
||||
che.factory.default_devfile_filenames=devfile.yaml,.devfile.yaml
|
||||
|
||||
### Devfile defaults
|
||||
# Editor that will be used for factories that are created from a remote Git repository
|
||||
# which does not contain any {prod-short}-specific workspace descriptor.
|
||||
# Editor used for factories that are created from a remote Git repository
|
||||
# which doesn't contain any {prod-short}-specific workspace descriptor.
|
||||
che.factory.default_editor=eclipse/che-theia/next
|
||||
|
||||
# File size limit for the URL fetcher which fetch files from the SCM repository.
|
||||
# File size limit for the URL fetcher which fetches files from the SCM repository.
|
||||
che.factory.scm_file_fetcher_limit_bytes=102400
|
||||
|
||||
# Additional files which may be present in repository to complement devfile v2,
|
||||
# and should be referenced as links to SCM resolver service in factory to retrieve them.
|
||||
# Additional files which may be present in the repository to complement devfile v2.
|
||||
# To retrieve them in a factory, they should be referenced as links to SCM resolver service.
|
||||
che.factory.devfile2_files_resolution_list=.che/che-editor.yaml,.che/che-theia-plugins.yaml,.vscode/extensions.json
|
||||
|
||||
# Default Editor that should be provisioned into Devfile if there is no specified Editor
|
||||
# Format is `editorPublisher/editorName/editorVersion` value.
|
||||
# `NULL` or absence of value means that default editor should not be provisioned.
|
||||
# Default editor that should be provisioned into Devfile if there is no specified editor.
|
||||
# The format is `editorPublisher/editorName/editorVersion` value.
|
||||
# A `NULL` or absence of value means that default editor should not be provisioned.
|
||||
che.workspace.devfile.default_editor=eclipse/che-theia/next
|
||||
|
||||
# Default Plug-ins which should be provisioned for Default Editor.
|
||||
# All the plugins from this list that are not explicitly mentioned in the user-defined devfile
|
||||
# will be provisioned but only when the default editor is used or if the user-defined editor is
|
||||
# Default plug-ins which should be provisioned for the default editor.
|
||||
# All plug-ins from this list that aren't explicitly mentioned in the user-defined devfile
|
||||
# are provisioned but only when the default editor is used or if the user-defined editor is
|
||||
# the same as the default one (even if in different version).
|
||||
# Format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs. For example:
|
||||
# `eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml`
|
||||
# If the plugin is a URL, the plugin's `meta.yaml` is retrieved from that URL.
|
||||
# The format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs.
|
||||
# For example: `eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml`
|
||||
# If the plug-in is a URL, the plug-in's `meta.yaml` is retrieved from that URL.
|
||||
che.workspace.devfile.default_editor.plugins=NULL
|
||||
|
||||
# Defines comma-separated list of labels for selecting secrets from a user namespace,
|
||||
# which will be mount into workspace containers as a files or environment variables.
|
||||
# Only secrets that match ALL given labels will be selected.
|
||||
# Defines comma-separated list of labels for selecting secrets from a user namespace
|
||||
# which are mounted into workspace containers as files or environment variables.
|
||||
# Only secrets that match ALL given labels are selected.
|
||||
che.workspace.provision.secret.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspace-secret
|
||||
|
||||
# Plugin is added in case asynchronous storage feature will be enabled in workspace configuration
|
||||
# and supported by environment
|
||||
# Plug-in is added in case the asynchronous storage feature is enabled in workspace configuration
|
||||
# and supported by the environment.
|
||||
che.workspace.devfile.async.storage.plugin=eclipse/che-async-pv-plugin/latest
|
||||
|
||||
# Optionally configures node selector for workspace Pod. Format is comma-separated
|
||||
# key=value pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar`
|
||||
# Optionally configures node selector for workspace pod. The format is comma-separated
|
||||
# `key=value` pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar`
|
||||
che.workspace.pod.node_selector=NULL
|
||||
|
||||
# Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations,
|
||||
# Optionally configures tolerations for workspace pod. The format is a string representing a JSON Array of taint tolerations,
|
||||
# or `NULL` to disable it. The objects contained in the array have to follow the
|
||||
# link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core[toleration v1 core specifications].
|
||||
# Example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]`
|
||||
# For example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]`
|
||||
che.workspace.pod.tolerations_json=NULL
|
||||
|
||||
# Bitbucket endpoints used for factory integrations.
|
||||
# Comma separated list of Bitbucket server URLs or NULL if no integration expected.
|
||||
# A comma separated list of Bitbucket server URLs or `NULL` if no integration is expected.
|
||||
che.integration.bitbucket.server_endpoints=NULL
|
||||
|
||||
# GitLab endpoints used for factory integrations.
|
||||
# Comma separated list of GitLab server URLs or NULL if no integration expected.
|
||||
# A comma separated list of GitLab server URLs or `NULL` if no integration is expected.
|
||||
che.integration.gitlab.server_endpoints=NULL
|
||||
|
||||
# Address of the GitLab server with configured OAuth 2 integration
|
||||
# The address of the GitLab server with configured OAuth 2 integration.
|
||||
che.integration.gitlab.oauth_endpoint=NULL
|
||||
|
||||
# Configuration of GitLab OAuth2 client. Used to obtain Personal access tokens.
|
||||
# Location of the file with GitLab client id.
|
||||
# Configuration of GitLab OAuth2 client. Used to obtain personal access tokens.
|
||||
# Location of the file with GitLab client ID.
|
||||
che.oauth2.gitlab.clientid_filepath=NULL
|
||||
|
||||
# Location of the file with GitLab client secret.
|
||||
|
|
|
|||
|
|
@ -14,35 +14,35 @@
|
|||
### Che system
|
||||
|
||||
# System Super Privileged Mode.
|
||||
# Grants users with the manageSystem permission additional permissions for
|
||||
# getByKey, getByNameSpace, stopWorkspaces, and getResourcesInformation.
|
||||
# These are not given to admins by default and these permissions allow
|
||||
# admins gain visibility to any workspace along with naming themselves
|
||||
# Grants users with the `manageSystem` permission additional permissions for
|
||||
# `getByKey`, `getByNameSpace`, `stopWorkspaces`, and `getResourcesInformation`.
|
||||
# These are not given to admins by default. They allow
|
||||
# admins to gain visibility to any workspace along with naming themselves
|
||||
# with administrator privileges to those workspaces.
|
||||
che.system.super_privileged_mode=false
|
||||
|
||||
# Grant system permission for `che.admin.name` user. If the user already exists it'll happen on
|
||||
# component startup, if not - during the first login when user is persisted in the database.
|
||||
# Grants system permission for `che.admin.name` user. If the user already exists, it will happen on
|
||||
# component startup. If not, it will happen during the first login when user is persisted in the database.
|
||||
che.system.admin_name=admin
|
||||
|
||||
### Workspace limits
|
||||
|
||||
# Workspaces are the fundamental runtime for users when doing development. You can set
|
||||
# parameters that limit how workspaces are created and the resources that are consumed.
|
||||
# The maximum amount of RAM that a user can allocate to a workspace when they
|
||||
# Sets the maximum amount of RAM that a user can allocate to a workspace when they
|
||||
# create a new workspace. The RAM slider is adjusted to this maximum value.
|
||||
che.limits.workspace.env.ram=16gb
|
||||
|
||||
# The length of time in milliseconds that a user is idle with their workspace when the system will
|
||||
# suspend the workspace and then stopping it. Idleness is the
|
||||
# The length of time (in milliseconds) that a user is idle within their workspace, after which the system will
|
||||
# suspend the workspace, and then stop it. Idleness is the
|
||||
# length of time that the user has not interacted with the workspace, meaning that
|
||||
# one of the agents has not received interaction. Leaving a browser window open
|
||||
# counts toward idleness.
|
||||
che.limits.workspace.idle.timeout=1800000
|
||||
|
||||
# The length of time in milliseconds that a workspace will run, regardless of activity, before
|
||||
# The length of time (in milliseconds) that a workspace will run, regardless of activity, before
|
||||
# the system will suspend it. Set this property if you want to automatically stop
|
||||
# workspaces after a period of time. The default is zero, meaning that there is no
|
||||
# workspaces after a period of time. The default is `0`, meaning that there is no
|
||||
# run timeout.
|
||||
che.limits.workspace.run.timeout=0
|
||||
|
||||
|
|
@ -59,8 +59,8 @@ che.limits.user.workspaces.ram=-1
|
|||
che.limits.user.workspaces.count=-1
|
||||
|
||||
# The maximum number of running workspaces that a single user is allowed to have.
|
||||
# If the user has reached this threshold and they try to start an additional
|
||||
# workspace, they will be prompted with an error message. The user will need to
|
||||
# If the user has reached this threshold, and they try to start an additional
|
||||
# workspace, they will be presented with an error message. The user will need to
|
||||
# stop a running workspace to activate another.
|
||||
che.limits.user.workspaces.run.count=1
|
||||
|
||||
|
|
@ -71,42 +71,42 @@ che.limits.user.workspaces.run.count=1
|
|||
# see fit across the team's workspaces.
|
||||
che.limits.organization.workspaces.ram=-1
|
||||
|
||||
# The maximum number of workspaces that a organization is allowed to own. The
|
||||
# organization will be presented an error message if they try to create
|
||||
# The maximum number of workspaces that an organization is allowed to own. The
|
||||
# organization will be presented with an error message if they try to create
|
||||
# additional workspaces. This applies to the total number of both running
|
||||
# and stopped workspaces.
|
||||
che.limits.organization.workspaces.count=-1
|
||||
|
||||
# The maximum number of running workspaces that a single organization is allowed.
|
||||
# If the organization has reached this threshold and they try to start an
|
||||
# additional workspace, they will be prompted with an error message. The
|
||||
# The maximum number of running workspaces that a single organization is allowed to have.
|
||||
# If the organization has reached this threshold, and they try to start an
|
||||
# additional workspace, they will be presented with an error message. The
|
||||
# organization will need to stop a running workspace to activate another.
|
||||
che.limits.organization.workspaces.run.count=-1
|
||||
|
||||
### Multi-user-specific OpenShift infrastructure configuration
|
||||
|
||||
# Alias of the OpenShift identity provider registered in Keycloak,
|
||||
# Alias of the OpenShift identity provider registered in Keycloak
|
||||
# that should be used to create workspace OpenShift resources in
|
||||
# OpenShift namespaces owned by the current Che user.
|
||||
# Should be set to NULL if `che.infra.openshift.project`
|
||||
# Set it to `NULL` if `che.infra.openshift.project`
|
||||
# is set to a non-empty value.
|
||||
# See: link:https://www.keycloak.org/docs/latest/server_admin/#openshift-4[OpenShift identity provider]
|
||||
che.infra.openshift.oauth_identity_provider=NULL
|
||||
|
||||
### OIDC configuration
|
||||
|
||||
# Url to OIDC identity provider server
|
||||
# Can be set to NULL only if `che.oidc.oidcProvider` is used
|
||||
# Url to OIDC identity provider server.
|
||||
# You can set it to `NULL` only if `che.oidc.oidcProvider` is used.
|
||||
che.oidc.auth_server_url=http://${CHE_HOST}:5050/auth
|
||||
|
||||
# Internal network service Url to OIDC identity provider server
|
||||
# Internal network service URL to OIDC identity provider server.
|
||||
che.oidc.auth_internal_server_url=NULL
|
||||
|
||||
# The number of seconds to tolerate for clock skew when verifying `exp` or `nbf` claims.
|
||||
che.oidc.allowed_clock_skew_sec=3
|
||||
|
||||
# Username claim to be used as user display name when parsing JWT token
|
||||
# if not defined the fallback value is 'preferred_username' in Keycloak installations and
|
||||
# Username claim to be used as user display name when parsing JWT token.
|
||||
# If not defined, the fallback value is 'preferred_username' in Keycloak installations and
|
||||
# `name` in Dex installations.
|
||||
che.oidc.username_claim=NULL
|
||||
|
||||
|
|
@ -116,72 +116,72 @@ che.oidc.email_claim=NULL
|
|||
|
||||
# Base URL of an alternate OIDC provider that provides
|
||||
# a discovery endpoint as detailed in the following specification
|
||||
# link:https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Obtaining OpenID Provider Configuration Information]
|
||||
# Deprecated, use `che.oidc.auth_server_url` and `che.oidc.auth_internal_server_url` instead.
|
||||
# link:https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Obtaining OpenID Provider Configuration Information].
|
||||
# If deprecated, use `che.oidc.auth_server_url` and `che.oidc.auth_internal_server_url` instead.
|
||||
che.oidc.oidc_provider=NULL
|
||||
|
||||
### Keycloak configuration
|
||||
|
||||
# Keycloak realm is used to authenticate users
|
||||
# Can be set to NULL only if `che.keycloak.oidcProvider`
|
||||
# is used
|
||||
# Keycloak realm is used to authenticate users.
|
||||
# You can set it to `NULL` only if `che.keycloak.oidcProvider`
|
||||
# is used.
|
||||
che.keycloak.realm=che
|
||||
|
||||
# Keycloak client identifier in `che.keycloak.realm` to authenticate users in the dashboard, the IDE, and the CLI.
|
||||
che.keycloak.client_id=che-public
|
||||
|
||||
# URL to access OSO OAuth tokens
|
||||
# URL to access OSO OAuth tokens.
|
||||
che.keycloak.oso.endpoint=NULL
|
||||
|
||||
# URL to access Github OAuth tokens
|
||||
# URL to access Github OAuth tokens.
|
||||
che.keycloak.github.endpoint=NULL
|
||||
|
||||
# Use the OIDC optional `nonce` feature to increase security.
|
||||
che.keycloak.use_nonce=true
|
||||
|
||||
# URL to the Keycloak Javascript adapter to use.
|
||||
# if set to NULL, then the default used value is
|
||||
# If you set it to `NULL`, the default used value is
|
||||
# `${che.keycloak.auth_server_url}/js/keycloak.js`,
|
||||
# or `<che-server>/api/keycloak/OIDCKeycloak.js`
|
||||
# if an alternate `oidc_provider` is used
|
||||
# if an alternate `oidc_provider` is used.
|
||||
che.keycloak.js_adapter_url=NULL
|
||||
|
||||
# Set to true when using an alternate OIDC provider that
|
||||
# only supports fixed redirect Urls
|
||||
# This property is ignored when `che.keycloak.oidc_provider` is NULL
|
||||
# Set it to `true` when using an alternate OIDC provider that
|
||||
# only supports fixed redirect URLs.
|
||||
# This property is ignored when `che.keycloak.oidc_provider` is set to`NULL`.
|
||||
che.keycloak.use_fixed_redirect_urls=false
|
||||
|
||||
# Configuration of OAuth Authentication Service that can be used in "embedded" or "delegated" mode.
|
||||
# If set to "embedded", then the service work as a wrapper to Che's OAuthAuthenticator ( as in Single User mode).
|
||||
# If set to "delegated", then the service will use Keycloak IdentityProvider mechanism.
|
||||
# Runtime Exception `wii` be thrown, in case if this property is not set properly.
|
||||
# Configuration of OAuth Authentication Service that can be used in `embedded` or `delegated` mode.
|
||||
# If you set it to `embedded`, the service works as a wrapper to Che's OAuthAuthenticator (as in Single User mode).
|
||||
# If you set it to `delegated`, the service will use Keycloak IdentityProvider mechanism.
|
||||
# Runtime Exception `wii` will be thrown, if this property isn't set properly.
|
||||
che.oauth.service_mode=delegated
|
||||
|
||||
# Configuration for enabling removing user from Keycloak server on removing user from Che database.
|
||||
# By default it's disabled. Can be enabled in some special cases when deleting a user in Che database
|
||||
# It's disabled by default. You can enable it in special cases when deleting a user in Che database
|
||||
# should execute removing related-user from Keycloak.
|
||||
# For correct work need to set administrator username ${che.keycloak.admin_username} and password
|
||||
# For it to work correctly, you need to set an administrator username ${che.keycloak.admin_username} and password
|
||||
# ${che.keycloak.admin_password}.
|
||||
che.keycloak.cascade_user_removal_enabled=false
|
||||
|
||||
# Keycloak administrator username. Will be used for deleting user from Keycloak on removing user
|
||||
# from Che database. Make sense only in case ${che.keycloak.cascade_user_removal_enabled}
|
||||
# set to 'true'
|
||||
# Keycloak administrator username. It will be used for deleting user from Keycloak on removing user
|
||||
# from Che database. Using it makes sense only if ${che.keycloak.cascade_user_removal_enabled} is
|
||||
# set to 'true'.
|
||||
che.keycloak.admin_username=NULL
|
||||
|
||||
# Keycloak administrator password. Will be used for deleting user from Keycloak on removing user
|
||||
# from Che database. Make sense only in case ${che.keycloak.cascade_user_removal_enabled}
|
||||
# from Che database. Using it makes sense only if ${che.keycloak.cascade_user_removal_enabled} is
|
||||
# set to 'true'
|
||||
che.keycloak.admin_password=NULL
|
||||
|
||||
# User name adjustment configuration. Che needs to use the usernames as part of Kubernetes object names and labels and
|
||||
# therefore has stricter requirements on their format than the identity providers usually
|
||||
# User name adjustment configuration. Che needs to use the usernames as part of Kubernetes object names and labels.
|
||||
# Therefore there are stricter requirements on their format than the identity providers usually
|
||||
# allow (it needs them to be DNS-compliant). The adjustment is represented by comma-separated key-value pairs.
|
||||
# These are sequentially used as arguments to the String.replaceAll function on the original username.
|
||||
# These are sequentially used as arguments to the `String.replaceAll` function on the original username.
|
||||
# The keys are regular expressions, values are replacement strings that replace the characters in the username
|
||||
# that match the regular expression. The modified username will only be stored in the Che database
|
||||
# and will not be advertised back to the identity provider.
|
||||
# It is recommended to use DNS-compliant characters as replacement strings (values in the key-value pairs).
|
||||
# It is recommended that you use DNS-compliant characters as replacement strings (values in the key-value pairs).
|
||||
# Example: `\\=-,@=-at-` changes `\` to `-` and `@` to `-at-`
|
||||
# so the username `org\user@com` becomes `org-user-at-com.`
|
||||
che.keycloak.username.replacement_patterns=NULL
|
||||
|
|
|
|||
Loading…
Reference in New Issue