diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties index 5a17acc3cd..e8ea9117ae 100644 --- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties +++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/che.properties @@ -18,7 +18,7 @@ # API service. Browsers initiate REST communications to {prod-short} server with this URL. che.api=http://${CHE_HOST}:${CHE_PORT}/api -# API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL +# API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL. che.api.internal=NULL # {prod-short} WebSocket major endpoint. Provides basic communication endpoint @@ -54,7 +54,7 @@ che.workspace.auto_start=true # Workspace threads pool configuration. This pool is used for workspace-related # operations that require asynchronous execution, for example, starting and stopping. -# Possible values are `fixed` and `cached`. +# Possible values are: `fixed` and `cached`. che.workspace.pool.type=fixed # This property is ignored when pool type is different from `fixed`. @@ -63,8 +63,8 @@ che.workspace.pool.type=fixed # See also `che.workspace.pool.cores_multiplier`. che.workspace.pool.exact_size=30 -# This property is ignored when pool type is not set to `fixed`, `che.workspace.pool.exact_size` -# is set. When set, the pool size is `N_CORES * multiplier`. +# This property is ignored when `che.workspace.pool.exact_size` +# is set and pool type is not set to `fixed`. When set, the pool size is `N_CORES * multiplier`. che.workspace.pool.cores_multiplier=2 # This property specifies how many threads to use for workspace server liveness probes. @@ -74,14 +74,14 @@ che.workspace.probe_pool_size=10 # HTTP proxy setting for workspace JVM. che.workspace.http_proxy_java_options=NULL -# Java command-line options added to JVMs running in workspaces. +# Java command line options added to JVMs running in workspaces. che.workspace.java_options=-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom -# Maven command-line options added to JVMs running agents in workspaces. +# Maven command line options added to JVMs running agents in workspaces. che.workspace.maven_options=-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom # RAM limit default for each machine that has no RAM settings in its environment. -# Value less or equal to 0 is interpreted as disabling the limit. +# Value less than or equal to `0` is interpreted as disabling the limit. che.workspace.default_memory_limit_mb=1024 # RAM request for each container that has no explicit RAM settings in its environment. @@ -89,39 +89,36 @@ che.workspace.default_memory_limit_mb=1024 # This property may not be supported by all infrastructure implementations. # Currently it is supported by {orch-name}. # A memory request exceeding the memory limit is ignored, and only the limit size is used. -# Value less or equal to 0 is interpreted as disabling the limit. +# Value less than or equal to `0` is interpreted as disabling the limit. che.workspace.default_memory_request_mb=200 # CPU limit for each container that has no CPU settings in its environment. -# Specify either in floating point cores number, for example, `0.125`, -# or using the Kubernetes format, integer millicores, for example, `125m`. -# Value less or equal to 0 is interpreted as disabling the limit. +# Specify it either in floating point cores or in integer millicores, for example: `0.125` or `125m`. +# Value less than or equal to `0` is interpreted as disabling the limit. che.workspace.default_cpu_limit_cores=-1 -# CPU request for each container that has no CPU settings in environment. -# A CPU request exceeding the CPU limit is ignored, and only limit number is used. -# Value less or equal to 0 is interpreted as disabling the limit. +# CPU request for each container that has no CPU settings in its environment. +# A CPU request exceeding the CPU limit is ignored and only the limit number is used. +# Value less than or equal to `0` is interpreted as disabling the limit. che.workspace.default_cpu_request_cores=-1 # RAM limit for each sidecar that has no RAM settings in the {prod-short} plug-in configuration. -# Value less or equal to 0 is interpreted as disabling the limit. +# Value less than or equal to `0` is interpreted as disabling the limit. che.workspace.sidecar.default_memory_limit_mb=128 # RAM request for each sidecar that has no RAM settings in the {prod-short} plug-in configuration. che.workspace.sidecar.default_memory_request_mb=64 # CPU limit default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration. -# Specify either in floating point cores number, for example, `0.125`, -# or using the Kubernetes format, integer millicores, for example, `125m`. -# Value less or equal to 0 is interpreted as disabling the limit. +# Specify it either in floating point cores or in integer millicores, for example: `0.125` or `125m`. +# Value less than or equal to `0` is interpreted as disabling the limit. che.workspace.sidecar.default_cpu_limit_cores=-1 # CPU request default for each sidecar that has no CPU settings in the {prod-short} plug-in configuration. -# Specify either in floating point cores number, for example, `0.125`, -# or using the Kubernetes format, integer millicores, for example, `125m`. +# Specify it either in floating point cores or in integer millicores, for example: `0.125` or `125m`. che.workspace.sidecar.default_cpu_request_cores=-1 -# Defines image-pulling strategy for sidecars. Possible values are: `Always`, +# Defines image pull strategy for sidecars. Possible values are: `Always`, # `Never`, `IfNotPresent`. For any other value, `Always` is assumed for images # with the `:latest` tag, or `IfNotPresent` for all other cases. che.workspace.sidecar.image_pull_policy=Always @@ -130,68 +127,68 @@ che.workspace.sidecar.image_pull_policy=Always # Period of inactive workspaces suspend job execution. che.workspace.activity_check_scheduler_period_s=60 -# The period of the cleanup of the activity table. The activity table can contain invalid or stale data -# if some unforeseen errors happen, as a server failure at a peculiar point in time. The default is to +# Period of cleanup of the activity table. The activity table can contain invalid or stale data +# if an unforeseen error happens, such as a server failure at a particular point in time. The default is set to # run the cleanup job every hour. che.workspace.activity_cleanup_scheduler_period_s=3600 -# The delay after server startup to start the first activity clean up job. +# Delay after a server startup to start the first activity cleanup job. che.workspace.activity_cleanup_scheduler_initial_delay_s=60 -# Delay before first workspace idleness check job started to avoid -# mass suspend if {prod-short} server was unavailable for period close to +# Delay before the first workspace idleness check job is started to avoid +# a mass suspend if {prod-short} server was unavailable for a period close to # inactivity timeout. che.workspace.activity_check_scheduler_delay_s=180 -# Time to delay the first execution of temporary workspaces cleanup job. +# Delay before the first execution of a temporary workspaces cleanup job. che.workspace.cleanup_temporary_initial_delay_min=5 -# Time to delay between the termination of one execution and the commencement -# of the next execution of temporary workspaces cleanup job +# Delay between the termination of one execution and the commencement +# of the next execution of temporary workspaces cleanup job. che.workspace.cleanup_temporary_period_min=180 -# Number of sequential successful pings to server after which it is treated as available. -# the {prod-short} Operator: the property is common for all servers, for example, workspace agent, terminal, exec. +# Number of sequential successful pings to a server after which it is treated as available. +# For the {prod-short} Operator, the property is common for all servers, for example: `workspace agent`, `terminal`, and `exec`. che.workspace.server.ping_success_threshold=1 -# Interval, in milliseconds, between successive pings to workspace server. +# Interval (in milliseconds) between successive pings to a workspace server. che.workspace.server.ping_interval_milliseconds=3000 -# List of servers names which require liveness probes +# List of names of the servers that require liveness probes. che.workspace.server.liveness_probes=wsagent/http,exec-agent/http,terminal,theia,jupyter,dirigible,cloud-shell,intellij -# Limit size of the logs collected from single container that can be observed by che-server when +# Limits the size of logs collected from a single container that can be observed by {prod-short} server when # debugging workspace startup. -# default 10MB=10485760 +# The default is: 10MB=10485760. che.workspace.startup_debug_log_limit_bytes=10485760 -# If true, 'stop-workspace' role with the edit privileges will be granted to the 'che' ServiceAccount if OpenShift OAuth is enabled. +# If set to `true`, 'stop-workspace' role with the edit privileges is granted to the 'che' ServiceAccount if OpenShift OAuth is enabled. # This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled. che.workspace.stop.role.enabled=true # Specifies whether {prod-short} is deployed with DevWorkspaces enabled. # This property is set by the {prod-short} Operator if it also installed the support for DevWorkspaces. # This property is used to advertise this fact to the {prod-short} dashboard. -# It does not make sense to change the value of this property manually. +# It doesn't make sense to change the value of this property manually. che.devworkspaces.enabled=false ### Authentication parameters # {prod-short} has a single identity implementation, so this does not change the user experience. -# If true, enables user creation at API level +# If set to `true`, enables user creation at the API level. che.auth.user_self_creation=false -# Authentication error page address +# Authentication error page address. che.auth.access_denied_error_page=/error-oauth -# Reserved user names +# Reserved user names. che.auth.reserved_user_names= -# Configuration of GitHub OAuth2 client. Used to obtain Personal access tokens. +# Configuration of the GitHub OAuth2 client. Used to obtain personal access tokens. # Location of the file with GitHub client id. che.oauth2.github.clientid_filepath=NULL @@ -209,7 +206,7 @@ che.oauth.github.tokenuri= https://github.com/login/oauth/access_token che.integration.github.oauth_endpoint=NULL # GitHub OAuth redirect URIs. -# Separate multiple values with comma, for example: URI,URI,URI +# Separate multiple values with comma, for example: URI,URI,URI. che.oauth.github.redirecturis= http://localhost:${CHE_PORT}/api/oauth/callback # Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token. @@ -222,12 +219,12 @@ che.oauth.openshift.oauth_endpoint= NULL # OpenShift OAuth verification token URL. che.oauth.openshift.verify_token_url= NULL -# Configuration of Bitbucket Server OAuth1 client. Used to obtain Personal access tokens. +# Configuration of Bitbucket Server OAuth1 client. Used to obtain personal access tokens. # Location of the file with Bitbucket Server application consumer key (equivalent to a username). che.oauth1.bitbucket.consumerkeypath=NULL -# Location of the file with Bitbucket Server application private key +# Location of the file with Bitbucket Server application private key. che.oauth1.bitbucket.privatekeypath=NULL -# Bitbucket Server URL. To work correctly with factories the same URL +# Bitbucket Server URL. To work correctly with factories, the same URL # has to be part of `che.integration.bitbucket.server_endpoints` too. che.oauth1.bitbucket.endpoint=NULL @@ -251,16 +248,16 @@ che.oauth.bitbucket.redirecturis= http://localhost:${CHE_PORT}/api/oauth/callbac ### Internal # {prod-short} extensions can be scheduled executions on a time basis. -# This configures the size of the thread pool allocated to extensions that are launched on +# This value configures the size of the thread pool allocated to extensions that are launched on # a recurring schedule. schedule.core_pool_size=10 -# DB initialization and migration configuration -# If true, ignore scripts up to the version configured by baseline.version. +# Database initialization and migration configuration. +# If set to `true`, the database initialization component on {prod-short} Server side ignores scripts up to the version configured by `baseline.version`. db.schema.flyway.baseline.enabled=true -# Scripts with version up to this are ignored. -# Note that scripts with version equal to baseline version are also ignored. +# Scripts with a version up to the specified one are ignored. +# Note that scripts with a version equal to the baseline version are also ignored. db.schema.flyway.baseline.version=5.0.0.8.1 # Prefix of migration scripts. @@ -269,221 +266,213 @@ db.schema.flyway.scripts.prefix= # Suffix of migration scripts. db.schema.flyway.scripts.suffix=.sql -# Separator of version from the other part of script name. +# Separator of `version` from the other parts of script name. db.schema.flyway.scripts.version_separator=__ -# Locations where to search migration scripts. +# Locations where to search for migration scripts. db.schema.flyway.scripts.locations=classpath:che-schema -### Kubernetes Infra parameters +### Kubernetes infrastructure parameters -# Configuration of Kubernetes client master URL that Infra will use. +# Configuration of Kubernetes Client master URL that the infrastructure uses. che.infra.kubernetes.master_url= -# Boolean to configure Kubernetes client to use trusted certificates. +# Boolean to configure Kubernetes Client to use trusted certificates. che.infra.kubernetes.trust_certs=false -# Kubernetes cluster domain. If not set, svc names will not contain information about the cluster domain. +# Kubernetes cluster domain. If not set, svc names doesn't contain information about the cluster domain. che.infra.kubernetes.cluster_domain=NULL -# Defines the way how servers are exposed to the world in Kubernetes infra. -# List of strategies implemented in {prod-short}: `default-host`, `multi-host`, `single-host`. +# Defines how servers are exposed to the world in Kubernetes infra. +# Options include: `default-host`, `multi-host`, `single-host`. che.infra.kubernetes.server_strategy=multi-host -# Defines the way in which the workspace plugins and editors are exposed in the single-host mode. +# Defines the way in which the workspace plug-ins and editors are exposed in the single-host mode. # Supported exposures: # `native`:: Exposes servers using Kubernetes Ingresses. Works only on Kubernetes. # `gateway`:: Exposes servers using reverse-proxy gateway. che.infra.kubernetes.singlehost.workspace.exposure=native -# Defines the way how to expose devfile endpoints, as end-user's applications, in single-host server strategy. +# Defines the way to expose devfile endpoints as end-user's applications, in single-host server strategy. # They can either follow the single-host strategy and be exposed on subpaths, or they can be exposed on subdomains. -# `multi-host`:: expose on subdomains -# `single-host`:: expose on subpaths +# Supported exposures: +# `multi-host`:: Exposes devfile endpoints on subdomains. +# `single-host`:: Exposes devfile endpoints on subpaths. che.infra.kubernetes.singlehost.workspace.devfile_endpoint_exposure=multi-host -# Defines labels which will be set to ConfigMaps configuring single-host gateway. +# Defines labels which are set to ConfigMaps configuring single-host gateway. che.infra.kubernetes.singlehost.gateway.configmap_labels=app=che,component=che-gateway-config -# Used to generate domain for a server in a workspace in case property `che.infra.kubernetes.server_strategy` is set to `multi-host` +# Generates a domain for a server in a workspace in case the property `che.infra.kubernetes.server_strategy` is set to `multi-host` che.infra.kubernetes.ingress.domain= # Indicates whether {prod-short} server is allowed to create {orch-namespace} for user # workspaces, or they're intended to be created manually by cluster administrator. -# This property is also used by the OpenShift infra. +# This property is also used by OpenShift infrastructure. che.infra.kubernetes.namespace.creation_allowed=true # Defines Kubernetes default namespace in which user's workspaces are created # if user does not override it. -# It's possible to use `` and `` placeholders (for example: `che-workspace-`). -# In that case, new namespace will be created for each user. -# Used by OpenShift infra as well to specify a Project. +# Use placeholder variables like `` and ``. For example: `che-workspace-`. +# This ensures that a new namespace is created for each user, so that their workspaces do not collide with other users. +# Used by OpenShift infrastructure to specify a Project. # The `` or `` placeholder is mandatory. che.infra.kubernetes.namespace.default=-che -# Defines whether che-server should try to label the workspace namespaces. -# NOTE: It is strongly recommended to keep the value of this property set to true. If false, the new workspace namespaces will not be labeled -# automatically and therefore not recognized by the Che operator making some features of DevWorkspaces not working. -# If false, an administrator is required to label the namespaces manually using the labels specified in che.infra.kubernetes.namespace.labels. -# If you want to manage the namespaces yourself, make sure to follow +# Defines whether {prod-short} server should try to label the workspace namespaces. +# NOTE: It's strongly recommended you keep the value of this property set to `true`. If set to `false`, the new workspace namespaces will not be labeled +# automatically, and therefore not recognized by the {prod-operator-image-name} causing some features of DevWorkspaces to not work. +# If set to `false`, an administrator is required to label the namespaces manually using the labels specified in `che.infra.kubernetes.namespace.labels`. +# If you want to manage the namespaces yourself, make sure to follow this guide: # https://www.eclipse.org/che/docs/stable/administration-guide/provisioning-namespaces-in-advance/. # Any additional labels present on the namespace are kept in place and do not affect the functionality. # Also note that the the administrator is free to pre-create and label the namespaces manually even if this property is -# true. No updates to the namespaces are done if they already conform to the labeling requirements. +# `true`. No updates to the namespaces are done if they already conform to the labeling requirements. che.infra.kubernetes.namespace.label=true -# Defines whether che-server should try to annotate the workspace namespaces. +# Defines whether {prod-short} server should try to annotate the workspace namespaces. che.infra.kubernetes.namespace.annotate=true # List of labels to find {orch-namespace} that are used for {prod-short} Workspaces. # They are used to: -# - find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.annotations`. -# - actively label {orch-namespace} with any workspace. -# NOTE: It is strongly recommended not to change the value of this property because the Che operator relies on these labels +# - Find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.annotations`. +# - Actively label {orch-namespace} with any workspace. +# NOTE: It's strongly recommended not to change the value of this property because the {prod-operator-image-name} relies on these labels # and their precise values when reconciling DevWorkspaces. If this configuration is changed, the namespaces will not be automatically -# recognized by the Che operator as workspace namespaces unless manually labeled as such using the default labels and values. +# recognized by the {prod-operator-image-name} as workspace namespaces unless manually labeled as such using the default labels and values. # Additional labels on the namespace do not affect the functionality. che.infra.kubernetes.namespace.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspaces-namespace -# List of annotations to find {orch-namespace} prepared for {prod-short} users workspaces. -# Only {orch-namespace} matching the `che.infra.kubernetes.namespace.labels` will be matched against these annotations. +# List of annotations to find {orch-namespace} prepared for {prod-short} user workspaces. +# Only {orch-namespace} matching the `che.infra.kubernetes.namespace.labels` is matched against these annotations. # {orch-namespace} that matches both `che.infra.kubernetes.namespace.labels` and `che.infra.kubernetes.namespace.annotations` -# will be preferentially used for User's workspaces. +# is used preferentially for user workspaces. # It's possible to use `` placeholder to specify the {orch-namespace} to concrete user. # They are used to: -# - find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.labels`. -# - actively annotate {orch-namespace} with any workspace. +# - Find prepared {orch-namespace} for users in combination with `che.infra.kubernetes.namespace.labels`. +# - Actively annotate {orch-namespace} with any workspace. che.infra.kubernetes.namespace.annotations=che.eclipse.org/username= -# Defines Kubernetes Service Account name which should be specified to be bound to all workspaces Pods. -# the {prod-short} Operator that Kubernetes Infrastructure will not create the service account and it should exist. -# OpenShift infrastructure will check if project is predefined(if `che.infra.openshift.project` is not empty): -# - if it is predefined then service account must exist there -# - if it is 'NULL' or empty string then infrastructure will create new OpenShift project per workspace -# and prepare workspace service account with needed roles there +# Defines Kubernetes Service Account name which should be specified to be bound to all workspace pods. +# The {prod-short} Operator that Kubernetes infrastructure will not create the service account and it should exist. +# OpenShift infrastructure checks if project exists and `che.infra.openshift.project` isn't empty: +# - If not 'NULL', then service account must exist there. +# - If it's 'NULL' or an empty string, then infrastructure creates new OpenShift project per workspace +# and prepare workspace service account with needed roles there. che.infra.kubernetes.service_account_name=NULL -# Specifies optional, additional cluster roles to use with the workspace service account. -# the {prod-short} Operator that the cluster role names must already exist, and the {prod-short} service account needs to be able to create a Role Binding +# Specifies optional additional cluster roles to use with the workspace service account. +# The {prod-short} Operator that the cluster role names must already exist and the {prod-short} service account needs to be able to create a Role Binding # to associate these cluster roles with the workspace service account. The names are comma separated. # This property deprecates `che.infra.kubernetes.cluster_role_name`. che.infra.kubernetes.workspace_sa_cluster_roles=NULL -# Cluster roles to assign to user in his namespace +# Cluster roles to assign to user in their namespace. che.infra.kubernetes.user_cluster_roles=NULL # Defines wait time that limits the Kubernetes workspace start time. che.infra.kubernetes.workspace_start_timeout_min=8 -# Defines the timeout in minutes that limits the period for which Kubernetes Ingress become ready +# Defines the timeout (in minutes) that limits the period for which {orch-ingress} becomes ready. che.infra.kubernetes.ingress_start_timeout_min=5 -# If during workspace startup an unrecoverable event defined in the property occurs, -# stop the workspace immediately rather than waiting until timeout. -# the {prod-short} Operator that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable. +# If an unrecoverable event defined in the property occurs during workspace startup, +# this parameter stops the workspace immediately rather than waiting until timeout. +# Do not include a simple "Failed" string, as that might catch more events than than intended. # A failed container startup is handled explicitly by {prod-short} server. che.infra.kubernetes.workspace_unrecoverable_events=FailedMount,FailedScheduling,MountVolume.SetUp failed,Failed to pull image,FailedCreate,ReplicaSetCreateError # Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingress # controller. -# # OpenShift infrastructure ignores this property because it uses Routes rather than Ingresses. -# # the {prod-short} Operator that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be -# used (so that URLs can point to different servers while the servers do not need to support changing the app root). -# The `che.infra.kubernetes.ingress.path.rewrite_transform` property defines how the path of the ingress should be -# transformed to support the URL rewriting and this property defines the set of annotations on the ingress itself -# that instruct the chosen ingress controller to actually do the URL rewriting, potentially building on the path +# used so that URLs can point to different servers while the servers do not need to support changing the app root. +# The `che.infra.kubernetes.ingress.path.rewrite_transform` property defines how the path of the Ingress should be +# transformed to support the URL rewriting. +# This property defines the set of annotations on the Ingress itself +# that instruct the chosen Ingress Controller to actually do the URL rewriting, potentially building on the path # transformation (if required by the chosen ingress controller). -# -# For example for Nginx ingress controller 0.22.0 and later the following value is recommended: +# For example, for Nginx Ingress Controller 0.22.0 and later, the following value is recommended: # `{"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\ # "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600", # "nginx.org/websocket-services": ""}` # and the `che.infra.kubernetes.ingress.path.rewrite_transform` should be set to `"%s(.*)"`. -# -# For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely `/` and the path transform +# For Nginx Ingress Controller older than 0.22.0, the rewrite-target should be set to `/` and the path transformed # to `%s` (see the `che.infra.kubernetes.ingress.path.rewrite_transform` property). -# -# See the Nginx ingress controller documentation for the explanation of how the ingress controller uses -# the regular expression available in the ingress path and how it achieves the URL rewriting. +# See the Nginx Ingress Controller documentation for the explanation on how the Ingress Controller uses +# the regular expression available in the Ingress path and how it achieves the rewriting of URL. che.infra.kubernetes.ingress.annotations_json=NULL -# Defines a recipe on how to declare the path of the ingress that should expose a server. +# Defines a recipe on how to declare the path of the Ingress that should expose a server. # The `%s` represents the base public URL of the server and is guaranteed to end with a forward slash. This property # must be a valid input to the `String.format()` method and contain exactly one reference to `%s`. -# # See the description of the `che.infra.kubernetes.ingress.annotations_json` property to see how these two -# properties interplay when specifying the ingress annotations and path. -# -# If not defined, this property defaults to `%s` (without the quotes) which means that the path is not transformed in -# any way for use with the ingress controller. +# properties interplay when specifying the Ingress annotations and path. +# If not defined, this property defaults to `%s` (without the quotes) which means that the path is not transformed +# for use with the Ingress Controller. che.infra.kubernetes.ingress.path_transform=NULL # Additional labels to add into every Ingress created by {prod-short} server # to allow clear identification. che.infra.kubernetes.ingress.labels=NULL -# Defines security context for Pods that will be created by Kubernetes Infra -# -# This is ignored by OpenShift infra +# Defines security context for pods that is created by Kubernetes infrastructure. +# This property is ignored by OpenShift infrastructure. che.infra.kubernetes.pod.security_context.run_as_user=NULL -# Defines security context for Pods that will be created by Kubernetes Infra. -# A special supplemental group that applies to all containers in a Pod. -# This is ignored by OpenShift infra. +# Defines security context for pods that are created by Kubernetes infrastructure. +# A special supplemental group that applies to all containers in a pod. +# This property is ignored by OpenShift infrastructure. che.infra.kubernetes.pod.security_context.fs_group=NULL -# Defines grace termination period for Pods that will be created by {orch-name} infrastructures. -# -# Default value: `0`. It allows to stop Pods quickly and significantly decrease the time required for stopping a workspace. -# the {prod-short} Operator: if `terminationGracePeriodSeconds` have been explicitly set in {orch-name} recipe it will not be overridden. +# Defines the grace termination period for pods that are created by {orch-name} infrastructures. +# The default value is `0`. It allows to stop pods quickly and significantly decreases the time required for stopping a workspace. +# In the case of the {prod-short} Operator, if `terminationGracePeriodSeconds` have been explicitly set in {orch-name} recipe, it isn't overridden. che.infra.kubernetes.pod.termination_grace_period_sec=0 # Creates Ingresses with Transport Layer Security (TLS) enabled. -# In OpenShift infrastructure, Routes will be TLS-enabled. +# In OpenShift infrastructure, Routes are TLS-enabled. che.infra.kubernetes.tls_enabled=false -# Name of a secret that should be used when creating workspace ingresses with TLS. +# The name of a secret that should be used when creating workspace Ingresses with TLS. # This property is ignored by OpenShift infrastructure. che.infra.kubernetes.tls_secret= -# Data for TLS Secret that should be used for workspaces Ingresses. -# `cert` and `key` should be encoded with Base64 algorithm. +# Data for TLS Secret that should be used for workspace Ingresses. +# The `cert` and `key` values should be encoded with Base64 algorithm. # These properties are ignored by OpenShift infrastructure. che.infra.kubernetes.tls_key=NULL -# Certificate data for TLS Secret that should be used for workspaces Ingresses. -# Certificate should be encoded with Base64 algorithm. +# Certificate data for TLS secret that should be used for workspace Ingresses. +# The certificate should be encoded with Base64 algorithm. # This property is ignored by OpenShift infrastructure. che.infra.kubernetes.tls_cert=NULL -# Defines the period with which runtimes consistency checks will be performed. -# If runtime has inconsistent state then runtime will be stopped automatically. -# Value must be more than 0 or `-1`, where `-1` means that checks won't be performed at all. +# Defines the period with which runtimes consistency checks are performed. +# If the runtime has an inconsistent state, it's stopped automatically. +# The value must be more than 0 or `-1`, where `-1` means that checks aren't performed at all. +# It's disabled by default because there is a possible {prod-short} server configuration when {prod-short} server +# doesn't have the ability to interact with Kubernetes API when operation is not invoked by the user. # -# It is disabled by default because there is possible {prod-short} Server configuration when {prod-short} Server -# doesn't have an ability to interact with Kubernetes API when operation is not invoked by user. +# It works with the following configurations: +# - Workspaces objects are created in the same namespace where {prod-short} server is located. +# - The `cluster-admin` service account token is mounted to {prod-short} server pod. # -# It DOES work on the following configurations: -# - workspaces objects are created in the same namespace where {prod-short} Server is located; -# - `cluster-admin` service account token is mounted to {prod-short} Server Pod. -# -# It DOES NOT work on the following configurations: -# - {prod-short} Server communicates with Kubernetes API using token from OAuth provider. +# It doesn't work with the following configuration: +# - {prod-short} server communicates with Kubernetes API using the token from OAuth provider. che.infra.kubernetes.runtimes_consistency_check_period_min=-1 -# Name of the ConfigMap in {prod-short} server namespace with additional CA TLS certificates to be propagated into all user's workspaces. -# If the property is set on OpenShift 4 infrastructure, and `che.infra.openshift.trusted_ca.dest_configmap_labels` includes the `config.openshift.io/inject-trusted-cabundle=true` label, then cluster CA bundle will be propagated too. +# Name of the ConfigMap in {prod-short} server namespace with additional CA TLS certificates to be propagated into all user workspaces. +# If the property is set on OpenShift 4 infrastructure, and `che.infra.openshift.trusted_ca.dest_configmap_labels` includes the `config.openshift.io/inject-trusted-cabundle=true` label, then cluster CA bundle is propagated too. che.infra.kubernetes.trusted_ca.src_configmap=NULL # Name of the ConfigMap in a workspace namespace with additional CA TLS certificates. # Holds the copy of `che.infra.kubernetes.trusted_ca.src_configmap` but in a workspace namespace. -# Content of this ConfigMap is mounted into all workspace containers including plugin brokers. -# Do not change the ConfigMap name unless it conflicts with the already existing ConfigMap. -# the {prod-short} Operator that the resulting ConfigMap name can be adjusted eventually to make it unique in {orch-namespace}. -# The original name would be stored in `che.original_name` label. +# Content of this ConfigMap is mounted into all workspace containers including plug-in brokers. +# Do not change the ConfigMap name unless it conflicts with an already existing ConfigMap. +# The {prod-short} Operator that the resulting ConfigMap names can be adjusted eventually to make it unique in {orch-namespace}. +# The original name is stored in `che.original_name` label. che.infra.kubernetes.trusted_ca.dest_configmap=ca-certs # Configures path on workspace containers where the CA bundle should be mounted. @@ -495,7 +484,7 @@ che.infra.kubernetes.trusted_ca.mount_path=/public-certs che.infra.kubernetes.trusted_ca.dest_configmap_labels= -### OpenShift Infra parameters +### OpenShift infrastructure parameters # Comma separated list of labels to add to the CA certificates ConfigMap in user workspace. # See `che.infra.kubernetes.trusted_ca.dest_configmap` property. @@ -507,7 +496,7 @@ che.infra.openshift.route.labels=NULL # The hostname that should be used as a suffix for the workspace routes. # For example: Using `domain_suffix=__<{che-host}>__`, the route resembles: `routed3qrtk.__<{che-host}>__`. -# It has to be a valid DNS name. +# It must be a valid DNS name. che.infra.openshift.route.host.domain_suffix=NULL # Initialize OpenShift project with {prod-short} server's service account @@ -516,75 +505,75 @@ che.infra.openshift.project.init_with_server_sa=true ### Experimental properties -# Next properties are subject to changes and removal, so do not rely on them in a stable {prod-short} instance. +# The following properties are subject to changes and removal, do not rely on them in a stable {prod-short} instance. -# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies plugins dependencies to a workspace. -# The {prod-short} Operator overrides these images by default. Changing the images here will not +# Docker image of {prod-short} plug-in broker app that resolves workspace tools configuration and copies plug-in dependencies to a workspace. +# The {prod-short} Operator overrides these images by default. Changing the images here doesn't # have an effect if {prod-short} is installed using the Operator. che.workspace.plugin_broker.metadata.image=quay.io/eclipse/che-plugin-metadata-broker:v3.4.0 -# Docker image of Che plugin artifacts broker. -# This broker runs as an init container on the workspace Pod. Its job is to take in a list of plugin identifiers -# (either references to a plugin in the registry or a link to a plugin meta.yaml) and ensure that the correct .vsix -# and .theia extensions are downloaded into the /plugins directory, for each plugin requested for the workspace. +# Docker image of Che plug-in artifacts broker. +# This broker runs as an init container on the workspace pod. Its job is to take in a list of plug-in identifiers +# (either references to a plug-in in the registry or a link to a plug-in `meta.yaml`) and ensure that the correct `.vsix` +# and `.theia` extensions are downloaded into the `/plugins directory`, for each plug-in requested for the workspace. che.workspace.plugin_broker.artifacts.image=quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0 -# Configures the default behavior of the plugin brokers when provisioning plugins into a workspace. -# If set to true, the plugin brokers will attempt to merge plugins when possible: they run in +# Configures the default behavior of the plug-in brokers when provisioning plug-ins for a workspace. +# If set to `true`, the plug-in brokers attempt to merge plug-ins when possible: they run in # the same sidecar image and do not have conflicting settings. This value is the default setting -# used when the devfile does not specify the `mergePlugins` attribute. +# used when the devfile doesn't specify the `mergePlugins` attribute. che.workspace.plugin_broker.default_merge_plugins=false -# Docker image of {prod-short} plugin broker app that resolves workspace tools configuration and copies -# plugins dependencies to a workspace +# Docker image of {prod-short} plug-in broker app that resolves workspace tools configuration and copies +# plug-in dependencies to a workspace. che.workspace.plugin_broker.pull_policy=Always -# Defines the timeout in minutes that limits the max period of result waiting for plugin broker. +# Defines the timeout in minutes that limits the max period of result waiting for plug-in broker. che.workspace.plugin_broker.wait_timeout_min=3 -# Workspace plug-ins registry endpoint. Should be a valid HTTP URL. -# Example: ++http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io++ -# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used +# Workspace plug-in registry endpoint. Should be a valid HTTP URL. +# Example: `++http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io++` +# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'. che.workspace.plugin_registry_url=https://che-plugin-registry.prod-preview.openshift.io/v3 -# Workspace plugins registry internal endpoint. Should be a valid HTTP URL. -# Example: ++http://devfile-registry.che.svc.cluster.local:8080++ -# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used +# Workspace plug-in registry internal endpoint. Should be a valid HTTP URL. +# Example: `++http://devfile-registry.che.svc.cluster.local:8080++` +# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'. che.workspace.plugin_registry_internal_url=NULL -# Devfile Registry endpoint. Should be a valid HTTP URL. -# Example: ++http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io++ -# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used +# Devfile registry endpoint. Should be a valid HTTP URL. +# Example: `++http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io++` +# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'. che.workspace.devfile_registry_url=https://che-devfile-registry.prod-preview.openshift.io/ -# Devfile Registry "internal" endpoint. Should be a valid HTTP URL. -# Example: ++http://plugin-registry.che.svc.cluster.local:8080++ -# In case {prod-short} plug-ins registry is not needed value 'NULL' should be used +# Devfile registry "internal" endpoint. Should be a valid HTTP URL. +# Example: `++http://plugin-registry.che.svc.cluster.local:8080++` +# In case the {prod-short} plug-in registry isn't needed, use the value 'NULL'. che.workspace.devfile_registry_internal_url=NULL # The configuration property that defines available values for storage types that clients such as the Dashboard should propose to users during workspace creation and update. -# Available values: +# Following values are available: # - `persistent`: Persistent Storage slow I/O but persistent. # - `ephemeral`: Ephemeral Storage allows for faster I/O but may have limited storage # and is not persistent. -# - `async`: Experimental feature: Asynchronous storage is combination of Ephemeral -# and Persistent storage. Allows for faster I/O and keep your changes, will backup on stop -# and restore on start workspace. -# Will work only if: +# - `async`: Experimental feature: Asynchronous storage is a combination of Ephemeral +# and Persistent storage. Allows for faster I/O and keep your changes, backs up on stop +# and restores on start workspace. +# Works only with following values: # - `che.infra.kubernetes.pvc.strategy='common'` # - `che.limits.user.workspaces.run.count=1` -# - `che.infra.kubernetes.namespace.default` contains `` +# - `che.infra.kubernetes.namespace.default` contains ``, # in other cases remove `async` from the list. che.workspace.storage.available_types=persistent,ephemeral,async -# The configuration property that defines a default value for storage type that clients such as the Dashboard should propose to users during workspace creation and update. -# The `async` value is an experimental feature, not recommended as default type. +# The configuration property that defines a default value for storage type that clients, such as the Dashboard, should propose to users during workspace creation and update. +# The `async` value is an experimental feature not recommended as the default type. che.workspace.storage.preferred_type=persistent -# Configures in which way secure servers will be protected with authentication. +# Configures in which way secure servers are protected with authentication. # Suitable values: # - `default`: `jwtproxy` is configured in a pass-through mode. Servers should authenticate requests themselves. -# - `jwtproxy`: `jwtproxy` will authenticate requests. Servers will receive only authenticated requests. +# - `jwtproxy`: `jwtproxy` authenticates requests. Servers only receive authenticated requests. che.server.secure_exposer=jwtproxy # `Jwtproxy` issuer string, token lifetime, and optional auth page path to route unsigned requests to. @@ -613,14 +602,14 @@ che.server.secure_exposer.jwtproxy.cpu_limit=0.5 ### Configuration of the major WebSocket endpoint -# Maximum size of the JSON RPC processing pool -# in case if pool size would be exceeded message execution will be rejected +# Maximum size of the JSON RPC processing pool. +# If pool size is exceeded, the message execution is rejected. che.core.jsonrpc.processor_max_pool_size=50 -# Initial JSON processing pool. Minimum number of threads that used to process major JSON RPC messages. +# Initial JSON processing pool. Minimum number of threads used to process major JSON RPC messages. che.core.jsonrpc.processor_core_pool_size=5 -# Configuration of queue used to process JSON RPC messages. +# Configuration of the queue used to process JSON RPC messages. che.core.jsonrpc.processor_queue_capacity=100000 @@ -631,82 +620,82 @@ che.metrics.port=8087 # Indicates which request origins are allowed. # CORS filter on WS Master is turned off by default. -# Use environment variable "CHE_CORS_ENABLED=true" to turn it on. +# Use the environment variable "CHE_CORS_ENABLED=true" to turn it on. che.cors.allowed_origins=* -# Indicates if it allows processing of requests with credentials (in cookies, headers, TLS client certificates). +# Indicates if CORS allows processing of requests with credentials located in cookies, headers, and TLS client certificates. che.cors.allow_credentials=false ### Factory defaults -# Editor and plugin which will be used for factories that are created from a remote Git repository -# which does not contain any {prod-short}-specific workspace descriptor -# Multiple plugins must be comma-separated, for example: +# Editor and plug-in used for factories that are created from a remote Git repository +# which doesn't contain any {prod-short}-specific workspace descriptor. +# Multiple plug-ins must be comma-separated, for example: # `pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion` che.factory.default_plugins=redhat/vscode-commons/latest -# Devfile filenames to look on repository-based factories (for example GitHub). -# Factory will try to locate those files in the order they enumerated in the property. +# Devfile filenames to look on repository-based factories, for example GitHub. +# Factory tries to locate those files in the order they're enumerated in the property. che.factory.default_devfile_filenames=devfile.yaml,.devfile.yaml ### Devfile defaults -# Editor that will be used for factories that are created from a remote Git repository -# which does not contain any {prod-short}-specific workspace descriptor. +# Editor used for factories that are created from a remote Git repository +# which doesn't contain any {prod-short}-specific workspace descriptor. che.factory.default_editor=eclipse/che-theia/next -# File size limit for the URL fetcher which fetch files from the SCM repository. +# File size limit for the URL fetcher which fetches files from the SCM repository. che.factory.scm_file_fetcher_limit_bytes=102400 -# Additional files which may be present in repository to complement devfile v2, -# and should be referenced as links to SCM resolver service in factory to retrieve them. +# Additional files which may be present in the repository to complement devfile v2. +# To retrieve them in a factory, they should be referenced as links to SCM resolver service. che.factory.devfile2_files_resolution_list=.che/che-editor.yaml,.che/che-theia-plugins.yaml,.vscode/extensions.json -# Default Editor that should be provisioned into Devfile if there is no specified Editor -# Format is `editorPublisher/editorName/editorVersion` value. -# `NULL` or absence of value means that default editor should not be provisioned. +# Default editor that should be provisioned into Devfile if there is no specified editor. +# The format is `editorPublisher/editorName/editorVersion` value. +# A `NULL` or absence of value means that default editor should not be provisioned. che.workspace.devfile.default_editor=eclipse/che-theia/next -# Default Plug-ins which should be provisioned for Default Editor. -# All the plugins from this list that are not explicitly mentioned in the user-defined devfile -# will be provisioned but only when the default editor is used or if the user-defined editor is +# Default plug-ins which should be provisioned for the default editor. +# All plug-ins from this list that aren't explicitly mentioned in the user-defined devfile +# are provisioned but only when the default editor is used or if the user-defined editor is # the same as the default one (even if in different version). -# Format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs. For example: -# `eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml` -# If the plugin is a URL, the plugin's `meta.yaml` is retrieved from that URL. +# The format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs. +# For example: `eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml` +# If the plug-in is a URL, the plug-in's `meta.yaml` is retrieved from that URL. che.workspace.devfile.default_editor.plugins=NULL -# Defines comma-separated list of labels for selecting secrets from a user namespace, -# which will be mount into workspace containers as a files or environment variables. -# Only secrets that match ALL given labels will be selected. +# Defines comma-separated list of labels for selecting secrets from a user namespace +# which are mounted into workspace containers as files or environment variables. +# Only secrets that match ALL given labels are selected. che.workspace.provision.secret.labels=app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspace-secret -# Plugin is added in case asynchronous storage feature will be enabled in workspace configuration -# and supported by environment +# Plug-in is added in case the asynchronous storage feature is enabled in workspace configuration +# and supported by the environment. che.workspace.devfile.async.storage.plugin=eclipse/che-async-pv-plugin/latest -# Optionally configures node selector for workspace Pod. Format is comma-separated -# key=value pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar` +# Optionally configures node selector for workspace pod. The format is comma-separated +# `key=value` pairs, for example: `disktype=ssd,cpu=xlarge,foo=bar` che.workspace.pod.node_selector=NULL -# Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations, +# Optionally configures tolerations for workspace pod. The format is a string representing a JSON Array of taint tolerations, # or `NULL` to disable it. The objects contained in the array have to follow the # link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core[toleration v1 core specifications]. -# Example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]` +# For example: `[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]` che.workspace.pod.tolerations_json=NULL # Bitbucket endpoints used for factory integrations. -# Comma separated list of Bitbucket server URLs or NULL if no integration expected. +# A comma separated list of Bitbucket server URLs or `NULL` if no integration is expected. che.integration.bitbucket.server_endpoints=NULL # GitLab endpoints used for factory integrations. -# Comma separated list of GitLab server URLs or NULL if no integration expected. +# A comma separated list of GitLab server URLs or `NULL` if no integration is expected. che.integration.gitlab.server_endpoints=NULL -# Address of the GitLab server with configured OAuth 2 integration +# The address of the GitLab server with configured OAuth 2 integration. che.integration.gitlab.oauth_endpoint=NULL -# Configuration of GitLab OAuth2 client. Used to obtain Personal access tokens. -# Location of the file with GitLab client id. +# Configuration of GitLab OAuth2 client. Used to obtain personal access tokens. +# Location of the file with GitLab client ID. che.oauth2.gitlab.clientid_filepath=NULL # Location of the file with GitLab client secret. diff --git a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties index 6ba727342c..89d41e8393 100644 --- a/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties +++ b/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/che/multiuser.properties @@ -14,35 +14,35 @@ ### Che system # System Super Privileged Mode. -# Grants users with the manageSystem permission additional permissions for -# getByKey, getByNameSpace, stopWorkspaces, and getResourcesInformation. -# These are not given to admins by default and these permissions allow -# admins gain visibility to any workspace along with naming themselves +# Grants users with the `manageSystem` permission additional permissions for +# `getByKey`, `getByNameSpace`, `stopWorkspaces`, and `getResourcesInformation`. +# These are not given to admins by default. They allow +# admins to gain visibility to any workspace along with naming themselves # with administrator privileges to those workspaces. che.system.super_privileged_mode=false -# Grant system permission for `che.admin.name` user. If the user already exists it'll happen on -# component startup, if not - during the first login when user is persisted in the database. +# Grants system permission for `che.admin.name` user. If the user already exists, it will happen on +# component startup. If not, it will happen during the first login when user is persisted in the database. che.system.admin_name=admin ### Workspace limits # Workspaces are the fundamental runtime for users when doing development. You can set # parameters that limit how workspaces are created and the resources that are consumed. -# The maximum amount of RAM that a user can allocate to a workspace when they +# Sets the maximum amount of RAM that a user can allocate to a workspace when they # create a new workspace. The RAM slider is adjusted to this maximum value. che.limits.workspace.env.ram=16gb -# The length of time in milliseconds that a user is idle with their workspace when the system will -# suspend the workspace and then stopping it. Idleness is the +# The length of time (in milliseconds) that a user is idle within their workspace, after which the system will +# suspend the workspace, and then stop it. Idleness is the # length of time that the user has not interacted with the workspace, meaning that # one of the agents has not received interaction. Leaving a browser window open # counts toward idleness. che.limits.workspace.idle.timeout=1800000 -# The length of time in milliseconds that a workspace will run, regardless of activity, before +# The length of time (in milliseconds) that a workspace will run, regardless of activity, before # the system will suspend it. Set this property if you want to automatically stop -# workspaces after a period of time. The default is zero, meaning that there is no +# workspaces after a period of time. The default is `0`, meaning that there is no # run timeout. che.limits.workspace.run.timeout=0 @@ -59,8 +59,8 @@ che.limits.user.workspaces.ram=-1 che.limits.user.workspaces.count=-1 # The maximum number of running workspaces that a single user is allowed to have. -# If the user has reached this threshold and they try to start an additional -# workspace, they will be prompted with an error message. The user will need to +# If the user has reached this threshold, and they try to start an additional +# workspace, they will be presented with an error message. The user will need to # stop a running workspace to activate another. che.limits.user.workspaces.run.count=1 @@ -71,42 +71,42 @@ che.limits.user.workspaces.run.count=1 # see fit across the team's workspaces. che.limits.organization.workspaces.ram=-1 -# The maximum number of workspaces that a organization is allowed to own. The -# organization will be presented an error message if they try to create +# The maximum number of workspaces that an organization is allowed to own. The +# organization will be presented with an error message if they try to create # additional workspaces. This applies to the total number of both running # and stopped workspaces. che.limits.organization.workspaces.count=-1 -# The maximum number of running workspaces that a single organization is allowed. -# If the organization has reached this threshold and they try to start an -# additional workspace, they will be prompted with an error message. The +# The maximum number of running workspaces that a single organization is allowed to have. +# If the organization has reached this threshold, and they try to start an +# additional workspace, they will be presented with an error message. The # organization will need to stop a running workspace to activate another. che.limits.organization.workspaces.run.count=-1 ### Multi-user-specific OpenShift infrastructure configuration -# Alias of the OpenShift identity provider registered in Keycloak, +# Alias of the OpenShift identity provider registered in Keycloak # that should be used to create workspace OpenShift resources in # OpenShift namespaces owned by the current Che user. -# Should be set to NULL if `che.infra.openshift.project` +# Set it to `NULL` if `che.infra.openshift.project` # is set to a non-empty value. # See: link:https://www.keycloak.org/docs/latest/server_admin/#openshift-4[OpenShift identity provider] che.infra.openshift.oauth_identity_provider=NULL ### OIDC configuration -# Url to OIDC identity provider server -# Can be set to NULL only if `che.oidc.oidcProvider` is used +# Url to OIDC identity provider server. +# You can set it to `NULL` only if `che.oidc.oidcProvider` is used. che.oidc.auth_server_url=http://${CHE_HOST}:5050/auth -# Internal network service Url to OIDC identity provider server +# Internal network service URL to OIDC identity provider server. che.oidc.auth_internal_server_url=NULL # The number of seconds to tolerate for clock skew when verifying `exp` or `nbf` claims. che.oidc.allowed_clock_skew_sec=3 -# Username claim to be used as user display name when parsing JWT token -# if not defined the fallback value is 'preferred_username' in Keycloak installations and +# Username claim to be used as user display name when parsing JWT token. +# If not defined, the fallback value is 'preferred_username' in Keycloak installations and # `name` in Dex installations. che.oidc.username_claim=NULL @@ -116,72 +116,72 @@ che.oidc.email_claim=NULL # Base URL of an alternate OIDC provider that provides # a discovery endpoint as detailed in the following specification -# link:https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Obtaining OpenID Provider Configuration Information] -# Deprecated, use `che.oidc.auth_server_url` and `che.oidc.auth_internal_server_url` instead. +# link:https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig[Obtaining OpenID Provider Configuration Information]. +# If deprecated, use `che.oidc.auth_server_url` and `che.oidc.auth_internal_server_url` instead. che.oidc.oidc_provider=NULL ### Keycloak configuration -# Keycloak realm is used to authenticate users -# Can be set to NULL only if `che.keycloak.oidcProvider` -# is used +# Keycloak realm is used to authenticate users. +# You can set it to `NULL` only if `che.keycloak.oidcProvider` +# is used. che.keycloak.realm=che # Keycloak client identifier in `che.keycloak.realm` to authenticate users in the dashboard, the IDE, and the CLI. che.keycloak.client_id=che-public -# URL to access OSO OAuth tokens +# URL to access OSO OAuth tokens. che.keycloak.oso.endpoint=NULL -# URL to access Github OAuth tokens +# URL to access Github OAuth tokens. che.keycloak.github.endpoint=NULL # Use the OIDC optional `nonce` feature to increase security. che.keycloak.use_nonce=true # URL to the Keycloak Javascript adapter to use. -# if set to NULL, then the default used value is +# If you set it to `NULL`, the default used value is # `${che.keycloak.auth_server_url}/js/keycloak.js`, # or `/api/keycloak/OIDCKeycloak.js` -# if an alternate `oidc_provider` is used +# if an alternate `oidc_provider` is used. che.keycloak.js_adapter_url=NULL -# Set to true when using an alternate OIDC provider that -# only supports fixed redirect Urls -# This property is ignored when `che.keycloak.oidc_provider` is NULL +# Set it to `true` when using an alternate OIDC provider that +# only supports fixed redirect URLs. +# This property is ignored when `che.keycloak.oidc_provider` is set to`NULL`. che.keycloak.use_fixed_redirect_urls=false -# Configuration of OAuth Authentication Service that can be used in "embedded" or "delegated" mode. -# If set to "embedded", then the service work as a wrapper to Che's OAuthAuthenticator ( as in Single User mode). -# If set to "delegated", then the service will use Keycloak IdentityProvider mechanism. -# Runtime Exception `wii` be thrown, in case if this property is not set properly. +# Configuration of OAuth Authentication Service that can be used in `embedded` or `delegated` mode. +# If you set it to `embedded`, the service works as a wrapper to Che's OAuthAuthenticator (as in Single User mode). +# If you set it to `delegated`, the service will use Keycloak IdentityProvider mechanism. +# Runtime Exception `wii` will be thrown, if this property isn't set properly. che.oauth.service_mode=delegated # Configuration for enabling removing user from Keycloak server on removing user from Che database. -# By default it's disabled. Can be enabled in some special cases when deleting a user in Che database +# It's disabled by default. You can enable it in special cases when deleting a user in Che database # should execute removing related-user from Keycloak. -# For correct work need to set administrator username ${che.keycloak.admin_username} and password +# For it to work correctly, you need to set an administrator username ${che.keycloak.admin_username} and password # ${che.keycloak.admin_password}. che.keycloak.cascade_user_removal_enabled=false -# Keycloak administrator username. Will be used for deleting user from Keycloak on removing user -# from Che database. Make sense only in case ${che.keycloak.cascade_user_removal_enabled} -# set to 'true' +# Keycloak administrator username. It will be used for deleting user from Keycloak on removing user +# from Che database. Using it makes sense only if ${che.keycloak.cascade_user_removal_enabled} is +# set to 'true'. che.keycloak.admin_username=NULL # Keycloak administrator password. Will be used for deleting user from Keycloak on removing user -# from Che database. Make sense only in case ${che.keycloak.cascade_user_removal_enabled} +# from Che database. Using it makes sense only if ${che.keycloak.cascade_user_removal_enabled} is # set to 'true' che.keycloak.admin_password=NULL -# User name adjustment configuration. Che needs to use the usernames as part of Kubernetes object names and labels and -# therefore has stricter requirements on their format than the identity providers usually +# User name adjustment configuration. Che needs to use the usernames as part of Kubernetes object names and labels. +# Therefore there are stricter requirements on their format than the identity providers usually # allow (it needs them to be DNS-compliant). The adjustment is represented by comma-separated key-value pairs. -# These are sequentially used as arguments to the String.replaceAll function on the original username. +# These are sequentially used as arguments to the `String.replaceAll` function on the original username. # The keys are regular expressions, values are replacement strings that replace the characters in the username # that match the regular expression. The modified username will only be stored in the Che database # and will not be advertised back to the identity provider. -# It is recommended to use DNS-compliant characters as replacement strings (values in the key-value pairs). +# It is recommended that you use DNS-compliant characters as replacement strings (values in the key-value pairs). # Example: `\\=-,@=-at-` changes `\` to `-` and `@` to `-at-` # so the username `org\user@com` becomes `org-user-at-com.` che.keycloak.username.replacement_patterns=NULL