che-server/deploy/openshift/templates/che-server-template.yaml

# Copyright (c) 2012-2018 Red Hat, Inc
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Eclipse Public License v1.0
# which accompanies this distribution, and is available at
# http://www.eclipse.org/legal/epl-v10.html
#
---
kind: Template
apiVersion: v1
metadata:
  name: che
  annotations:
    description: Che
objects:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: che
- apiVersion: v1
  kind: RoleBinding
  metadata:
    name: che
  roleRef:
    name: admin
  subjects:
  - kind: ServiceAccount
    name: che
- apiVersion: v1
  kind: Service
  metadata:
    name: che-host
  spec:
    ports:
    - name: http
      port: 8080
      protocol: TCP
      targetPort: 8080
    selector:
      app: che
- apiVersion: v1
  kind: Route
  metadata:
    name: che
  spec:
    to:
      kind: Service
      name: che-host
- apiVersion: v1
  kind: DeploymentConfig
  metadata:
    name: che
  spec:
    replicas: 1
    revisionHistoryLimit: 2
    selector:
      app: che
    strategy:
      type: ${STRATEGY}
    template:
      metadata:
        labels:
          app: che
      spec:
        containers:
        - env:
          - name: OPENSHIFT_KUBE_PING_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: CHE_MULTIUSER
            value: "${CHE_MULTIUSER}"
          - name: CHE_HOST
            value: "che-${NAMESPACE}.${ROUTING_SUFFIX}"
          - name: CHE_PORT
            value: "8080"
          - name: CHE_API
            value: "${PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/api"
          - name: CHE_WEBSOCKET_ENDPOINT
            value: "${WS_PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/api/websocket"
          - name: CHE_DEBUG_SERVER
            value: "false"
          - name: CHE_INFRASTRUCTURE_ACTIVE
            value: "openshift"
          - name: CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL
            value: "${PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/agent-binaries/linux_amd64/bootstrapper/bootstrapper"
          - name: CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN
            value: "5"
          - name: CHE_INFRA_KUBERNETES_MASTER__URL
            value: "${CHE_INFRA_KUBERNETES_MASTER__URL}"
          - name: CHE_INFRA_KUBERNETES_OAUTH__TOKEN
            value: "${OPENSHIFT_TOKEN}"
          - name: CHE_INFRA_KUBERNETES_USERNAME
            value: "${OPENSHIFT_USERNAME}"
          - name: CHE_INFRA_KUBERNETES_PASSWORD
            value: "${OPENSHIFT_PASSWORD}"
          - name: CHE_INFRA_OPENSHIFT_PROJECT
            value: "${CHE_INFRA_OPENSHIFT_PROJECT}"
          - name: CHE_INFRA_KUBERNETES_PVC_STRATEGY
            value: "${CHE_INFRA_KUBERNETES_PVC_STRATEGY}"
          - name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
            value: "${CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS}"
          - name: CHE_INFRA_OPENSHIFT_TLS__ENABLED
            value: "${TLS}"
          - name: CHE_INFRA_KUBERNETES_TRUST__CERTS
            value: "${TLS}"
          - name: CHE_LOCAL_CONF_DIR
            value: "/etc/conf"
          - name: CHE_LOGS_DIR
            value: "/data/logs"
          - name: CHE_LOG_LEVEL
            value: "INFO"
          - name: CHE_KEYCLOAK_AUTH__SERVER__URL
            value: "${CHE_KEYCLOAK_AUTH__SERVER__URL}"
          - name: CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER
            value: "${CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER}"
          - name: CHE_OAUTH_GITHUB_CLIENTID
            value: "${CHE_OAUTH_GITHUB_CLIENTID}"
          - name: CHE_OAUTH_GITHUB_CLIENTSECRET
            value: "${CHE_OAUTH_GITHUB_CLIENTSECRET}"
          - name: CHE_PREDEFINED_STACKS_RELOAD__ON__START
            value: 'true'
          - name: JAVA_OPTS
            value: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10
              -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90
              -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true
              -Xms20m "
          - name: CHE_WORKSPACE_AUTO_START
            value: "false"
          - name: CHE_INFRA_KUBERNETES_PVC_QUANTITY
            value: "${CHE_INFRA_KUBERNETES_PVC_QUANTITY}"
          - name: PROTOCOL
            value: "${PROTOCOL}"
          - name: ROUTING_SUFFIX
            value: "${ROUTING_SUFFIX}"
          - name: OPENSHIFT_IDENTITY_PROVIDER_CERTIFICATE
            valueFrom:
              secretKeyRef:
                key: ca.crt
                name: openshift-identity-provider
                optional: true
          image: ${IMAGE_CHE}:${CHE_VERSION}
          imagePullPolicy: "${PULL_POLICY}"
          livenessProbe:
            httpGet:
              path: /api/system/state
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 50
            failureThreshold: 3
            timeoutSeconds: 2
          name: che
          readinessProbe:
            httpGet:
              path: /api/system/state
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 25
            timeoutSeconds: 5
            failureThreshold: 5
          name: che
          ports:
          - containerPort: 8080
            name: http
            protocol: TCP
          - containerPort: 8000
            name: http-debug
          - containerPort: 8888
            name: jgroups-ping
            protocol: TCP
          resources:
            limits:
              memory: 1Gi
            requests:
              memory: 256Mi
          terminationMessagePath: "/dev/termination-log"
          terminationMessagePolicy: File
        restartPolicy: Always
        serviceAccountName: che
        terminationGracePeriodSeconds: 360
    triggers:
    - type: ConfigChange

parameters:
- name: ROUTING_SUFFIX
  displayName: Routing suffix of your OpenShift cluster
  description: This is the suffix appended to routes in your OpenShift cluster <route>-<project>.<routing_suffix>
- name: CHE_VERSION
  displayName: Eclipse Che version
  description: Eclipse Che version which defaults to nightly
  value: nightly
- name: IMAGE_CHE
  displayName: Eclipse Che server image
  description: Che server Docker image. Defaults to docker.io/eclipse/che-server
  value: docker.io/eclipse/che-server
- name: CHE_MULTIUSER
  displayName: Che Multi-user flavor
  description: False i.e. single user by default
  value: 'false'
- name: OPENSHIFT_USERNAME
  displayName: OpenShift Username
  description: OpenShift username that will be used to create workspace objects
- name: OPENSHIFT_PASSWORD
  displayName: OpenShift Password
  description: OpenShift Password that will be used to create workspace objects
- name: OPENSHIFT_TOKEN
  displayName: OpenShift token
  description: OpenShift token to be used to create workspace objects. Must be set if username/password are impossible to use. Do not set if username/pass are provided!
- name: PROTOCOL
  displayName: HTTP protocol
  description: Protocol to be used in Che communications
  value: http
- name: WS_PROTOCOL
  displayName: Websocket protocol
  description: Websocket protocol to be used in Che communications. Defaults to ws. Set to wss only if TLS is true and https protocol is defined
  value: ws
- name: TLS
  displayName: HTTPS support
  description: HTTPS support in Che
  value: 'false'
- name: CHE_INFRA_OPENSHIFT_PROJECT
  displayName: OpenShift namespace to create workspace objects
  description: Che server namespace by default. When empty, each workspace gets own namespace. In this case a privileged sa or credentials/token need to be used.
  value: '${NAMESPACE}'
- name: CHE_INFRA_KUBERNETES_PVC_QUANTITY
  displayName: Default PVC claim
  description: Default PVC claim for storage. Defaults to 1Gi
  value: '1Gi'
- name: CHE_INFRA_KUBERNETES_PVC_STRATEGY
  displayName: PVC strategy
  description: PVC strategy. Unique implies creating PVC per workspace. Common uses one PVC with subpaths in PV. Defaults to unique
  value: 'unique'
- name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD
  displayName: Admin password update
  description: Force an admin to update password after 1st login. True by default
  value: 'true'
- name: CHE_KEYCLOAK_AUTH__SERVER__URL
  displayName: Identity provider URL
  description: URL of a remote identity provider. Defaults to Keycloak bundled with Che multi user
  value: '${PROTOCOL}://keycloak-${NAMESPACE}.${ROUTING_SUFFIX}/auth'
- name: CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER
  displayName: Alias of the Openshift identity provider in Keycloak
  description: Alias of the Openshift identity provider registered in Keycloak, that should be used to create workspace OpenShift resources in Openshift namespaces owned by the current Che user.
  value: 'NULL'
- name: STRATEGY
  displayName: Update Strategy
  description: Che server update strategy. Defaults to Recreate. Use Rolling only if Che deployment does not use PVC
  value: 'Recreate'
- name: PULL_POLICY
  displayName: Che server image pull policy
  description: Always pull by default. Can be IfNotPresent
  value: 'Always'
- name: CHE_INFRA_KUBERNETES_MASTER__URL
  displayName: OpenShift master URL
  description: Required only in case of multi-cluster setup. Empty string by default.
  value: ''
- name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
  displayName: Pre-create subpaths in PV
  description: Applied only if a common strategy is used. Required for Kubernetes versions before 1.6
  value: 'false'
- name: CHE_OAUTH_GITHUB_CLIENTID
  displayName: GitHub Client ID
  description: GitHub oAuth app client ID. Applicable to Che single user only!
  value: ''
- name: CHE_OAUTH_GITHUB_CLIENTSECRET
  displayName: GitHub Client Secret
  description: GitHub oAuth app client servet. Applicable to Che single user only!
  value: ''
labels:
  app: che
  template: che