Enable single-level DNS domains (*.domain.tld) in SINGLE_PORT mode to simplify HTTPS setup.
Use whole folder for traefik conf to inject SSL certificates and custom configuration.
CHE_SINGLEPORT_WILDCARD__DOMAIN_IPLESS to che.env.
Signed-off-by: Hanno Kolvenbach <kolvenbach@silexica.com>
Optimize che-server ram usage on Docker
Proposal is to set container limit to 750M for both Docker and OpenShift and tune a bit GC
-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m
Important parts
-XX:MaxRAMFraction=2 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap - tels jvm to use ~ CHE_MASTER_CONTAINER_RAM/MaxRAMFraction for heap
We need some space for off-heap activity. During test I saw VmRSS of jvm ~330_000k - 350_000k.
-XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 ask GC to keep heap compact in cost of some CPU.
You can see changes in heap usage pattern in images below.
* Allow deploying the Keycloak and Postgres servers to Minishift and Openshift Online.
This is related to https://github.com/redhat-developer/rh-che/issues/303
and https://github.com/redhat-developer/rh-che/issues/302
* Make the Che directory readble for any users
* Modify `deploy_che.sh` to support `multi-user` images
* Move the scripts to `che-init` and enhance `deploy-che.sh` to start the secondary server if necessary and wait for postgres to be available.
* Wait for Postgres to be available before starting Keycloak
* Clean scripts through spellcheck and add missing licenses
* Change the health check to `/api` instead of `/api/system/state` since, with the new permission work, accessing `/api/system/*` requires the user to have specific system rights.
* Fixes after comments on PR
* Use the new official `keycloak-openshift` image and manage web-origins
* Make Keycloak memory limits consistent with official requirements defined
[here](http://www.keycloak.org/docs/latest/server_installation/topics/installation/system-requirements.html)
Signed-off-by: David Festal <dfestal@redhat.com>
* Toggle Che single port by enabling CHE_SINGLE_PORT in the che.env file. (CHE_SINGLE_PORT=true, default is false)
By enabling single-port, all browser traffic to Che or any workspace will be routed through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this property will transform the launch sequence of Che to launch a Traefik reverse proxy. The reverse proxy will act as the traffic endpoint for all browser communications. When a new workspace is started or stopped, Che will update Traefik's configuration
with rules for how browser traffic should be routed to Che or a workspace.
It’s now using an official Traefik image (before I was using a custom made image)
There is an interceptor with a kill switch. It means interceptor is applied only if plug-in is enabled (not only if plug-in is added at compilation)
It is automatically enabled when CHE_SINGLE_PORT is turned on
docker-compose file is handling if the single_port is turned on or off and then add the traefik container and redirect port only if the property is enabled. (not enabled by default)
using —debug flag when launching che is also turning on the traffic web console to view traefik routes
It is not enabled by default, so it means that without user change, there is no overhead, no useless container started, etc.
Change-Id: I12644d9202dadc0b10104f78bb055425ca6611ac
Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
Hanno Kolvenbach