seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-server/dockerfiles/init/manifests/che.env

664 lines
34 KiB
Bash
Raw Blame History

########################################################################################
##### #####
##### CHE SYSTEM #####
##### #####
#
# Parameters that affect the initial system operation.
#
# IP address, hostname, or DNS
# The IP address or DNS name of where the Che endpoint will service your users.
# If you are running this on a local system, we auto-detect this value as the IP
# address of your Docker daemon. On many systems, especially those from cloud hosters
# like DigitalOcean, you must explicitly set this to the external IP address or
# DNS entry provided by the provider. This value can be overridden on the command
# line with '-e CHE_HOST=<value>'.
#CHE_HOST=localhost
# Port
# The port on the host Che will bind itself to. This value can be overridden on the
# command line with '-e CHE_PORT=<value>'.
#CHE_PORT=8080
# Proxies
# Che's internal services such as Java & curl need system properties applied
# so they can reach the Internet. Che uses the Internet to reach DockerHub
# and to route workspace activity. Che is configured to inherit proxy
# parameters from your Docker daemon settings. Those settings are applied
# to these variables automatically during initialization, but you can override
# them here.
#
# Please be mindful of proxy URL formatting. Proxies are unforgiving if the URL is
# not typed properly, including the protocol and a trailing slash '/'.
#CHE_HTTP_PROXY=http://myproxy.com:8001/
#CHE_HTTPS_PROXY=http://myproxy.com:8001/
#CHE_NO_PROXY=<ip-or-domains-that-do-not-require-proxy-access>
# Proxies for Workspaces
# The proxy values that will be set as environment variables within each user's.
# workspace. Set these to allow users Internet access if they are behind a proxy.
#CHE_WORKSPACE_HTTP__PROXY=http://myproxy.com:8001/
#CHE_WORKSPACE_HTTPS__PROXY=http://myproxy.com:8001/
#CHE_WORKSPACE_NO__PROXY=<ip-or-domains-that-do-not-require-proxy-access>
# DNS resolving servers
# Comma separate list of IP address that point to DNS resolving servers. In
# some secure environments or those behind a proxy, custom DNS resolution
# is required to resolve DNS names. You can set internal DNS servers or external
# ones to this configuration. This applies DNS resolution to the Che server and
# to the runtimes of the workspaces created from this Che server. This value
# defaults to inheriting DNS resolver list from host running Che.
#CHE_DNS_RESOLVERS=<ip-of-dns-resolving-servers>
# JPDA
# If using Che in development mode, activate this property to enable JPDA
# mode within Che's internal Tomcat
#CHE_DEBUG_SUSPEND=false
#CHE_DEBUG_PORT=8000
# Che master logs
#
# Choose variant of Che master logs encoding and storing. Default is `plaintext`.
# Another supported value is `json` which makes Che master produce JSON encoded logs
# in system output of PID 1 process of container. Useful for storing logs in systems such as Logstash.
# CHE_LOGS_APPENDERS_IMPL=plaintext
########################################################################################
##### #####
##### WORKSPACES #####
##### #####
#
# User workspaces have their own runtimes. Those runtimes are composed of 1..n containers.
# We call each container a 'machine' as it is a dedicated runtime. One of the machines for
# a workspace must be designated as the 'development' machine, which installs Che agents to
# provide additional services to the user. These parameters configure how Che manages user
# machines and the agents that are deployed within them.
#
# Since workspaces have their own runtimes, they have separate proxies that do not inherit
# from system proxies that you have configured for your Docker daemon.
#
# Extra Hosts for Workspaces
# Comma separated list of <HOST>:<IP> entries that will be added to the user's
# /etc/hosts file within their workspace runtimes. Configure this to give user
# access to systems within your network. This is set when DNS resolvers do not
# parse hostname entries properly.
#CHE_WORKSPACE_HOSTS=<HOST_1>:<IP_1>,<HOST_2>:<IP_2>
# Memory
# The recommended RAM size for new workspaces when created from the dashboard.
#CHE_WORKSPACE_DEFAULT__MEMORY__MB=1024
# Memory Swap
# Adjust machine swap memory by multiplication current machnine memory on provided
# value. Default is 0 which means disabled swap, if set multiplier value equal to 0.5
# machine swap will be configured with size that equal to half of current machine memory.
# It should be rare that you would configure this. See Docker memory swap online
# for background.
#CHE_DOCKER_SWAP=0
# Host Volume Mounts
# Semicolon separated list of volume mounts. Che will volume mount these host folders
# into each workspace. This is a way to allow you to provide access to NAS shared
# across many workspaces.
#CHE_WORKSPACE_VOLUME=/path/on/host:/path/in/workspace:ro,Z;/path/to/host2:/path/in/workspace2:ro,Z;
# Privileged Mode
# Set to `true` if you would like user workspaces to be started with Docker's
# privileged mode. Please be careful when setting this property. This allows
# user workspaces to gain access to the underly host with root privileges.
# However, privileged mode is needed if users want to launch their own Docker
# containers from within their Docker-powered workspace.
#CHE_DOCKER_PRIVILEGED=false
# HostConfig SecurityOpt Parameters
# This parameter allows to specify custom security options for the created docker container.
# seccomp:unconfined is the default for kubernetes, but not for docker. This is needed
# for debugging with gdbserver. See https://github.com/eclipse/che/issues/4284 for details.
# Parameters are passed as an array, so you can add multiple
# values comma seperated. Please also see https://docs.docker.com/engine/api/v1.21/#2-endpoints,
# in particular the "HostConfig":{"SecurityOpt": []} entry. If this parameter is empty,
# docker blocks certain Syscalls by default https://docs.docker.com/engine/security/seccomp/
# WARNING: if you give incorrect values, docker gives an error and doesn't start the container
# Example: che.docker.securityopt=seccomp:unconfined,apparmor:unconfined
#CHE_DOCKER_SECURITYOPT=seccomp:unconfined
# Workspace logs root
# Defines the directory inside the machine where all the workspace logs are placed.
# The value of this folder should be provided into machine e.g. like environment variable
# so agents developers can use this directory for backup agents logs.
#CHE_WORKSPACE_LOGS_ROOT__DIR=/workspace_logs
# Workspace Java Options
# Java command line options to be added to JVM's that running within workspaces.
#CHE_WORKSPACE_JAVA__OPTIONS=-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
# Workspace Agent Maven Options
# Maven command line options added to JVM's that run agents within workspaces.
#CHE_WORKSPACE_MAVEN__OPTIONS=-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
# Workspace Agent Java Options
# Default java command line options to be added to JVM that run workspace agent.
#CHE_WORKSPACE_WSAGENT__JAVA__OPTIONS=-XX:MaxRAM=600m -XX:MaxRAMFraction=1 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms50m -Dfile.encoding=UTF8 -Djava.security.egd=file:/dev/./urandom
# Workspace Maven server java Options
# Default java command line options to be added to JVM that run maven server.
#CHE_WORKSPACE_MAVEN__SERVER__JAVA__OPTIONS=XX:MaxRAM=128m -XX:MaxRAMFraction=1 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
########################################################################################
##### #####
##### NETWORKING FOR CHE ON DOCKER #####
##### #####
#
# Affects how the Che server connects to the Docker Daemon, how the Che server and
# workspaces establish connections to one another, and also how remote browser clients
# should discover and connect to workspaces.
#
# Che goes through a progression algorithm to establish the protocol, IP address and
# port to establish communications with it is booting or starting a workspace.
#
# Browser --> Che Server
# 1. Default is 'http://localhost:${SERVER_PORT}/api'.
# 2. Else use the value of CHE_API
#
# Che Server --> Docker Daemon Progression:
# 1. Use the value of CHE_INFRA_DOCKER_DAEMON__URL
# 2. Else, use the value of DOCKER_HOST system variable
# 3. Else, use Unix socket over unix:///var/run/docker.sock
#
# Che Server --> Workspace Connection:
# - If CHE_DOCKER_IP is set use its value
# - Else use the address of the workspace container within the docker network and exposed ports
#
# Browser --> Workspace Connection:
# - If set use the value of CHE_DOCKER_IP_EXTERNAL
# - Else, if Docker for Mac or Windows use localhost
# - Else, if set use the value of CHE_DOCKER_IP
# - Else use the address of the workspace container within the docker network and exposed ports
#
# Workspace Agent --> Che Server
# 1. Default is 'http://che-host:${SERVER_PORT}/api', where 'che-host'
# is IP of server.
# 2. Else, use value of CHE_INFRA_DOCKER_MASTER__API__ENDPOINT
# 3. Else, if 'docker0' interface is unreachable, then 'che-host' replaced with
# 172.17.42.1 or 192.168.99.1
# 4. Else, print connection exception
# Che Server API Endpoint
# The location of the API end point where dashboard and IDE clients will look for
# interacting with the Che server, which we also call the workspace master.
#CHE_API=http://${CHE_HOST}:${CHE_PORT}/api
# Che Server default websocket endpoint.
# Provides basic communication endpoint where clients can get/push statuses/output.
#CHE_WEBSOCKET_ENDPOINT=ws://${CHE_HOST}:${CHE_PORT}/api/websocket
# Docker Daemon URL
# How the Che server will discover the location of the Docker daemon. If this is
# not set, then Che will use DOCKER_HOST or the default unix:///var/run/docker.sock.
# It would be rare to need to set this as most clients set DOCKER_HOST or volume
# mount a Docker socket when starting the Che CLI.
#CHE_INFRA_DOCKER_DAEMON__URL=NULL
# Docker Host
# How Che will connect to the Docker host if CHE_INFRA_DOCKER_DAEMON__URL is not set. This
# value can be provided on the command line as well. If this value is not set, then
# Che will use the volume mount of unix:///var/run/docker.sock.
#DOCKER_HOST=tcp://localhost:2375
# Docker IP Address
# The IP address of the Docker daemon that is running on your host. The Che server
# uses this IP address to establish a connection to your workspaces when they
# first boot. This is different from how the Che server first establishes a
# connection to the Docker daemon. After a Che server has instructed a Docker
# Daemon to create a workspace, the Che server then discovers the location of the
# workspace using the value of this IP address. We use auto-discovery to determine
# this IP address. You can provide this value to override the default discovery
# which searches Unix sockets and DOCKER_HOST.
#CHE_DOCKER_IP=172.17.0.1
# External Docker IP Address
# The external IP address used by browsers to connect to workspace containers that
# are running on a Docker network. After Che has created a workspace runtime, those
# Docker containers need to be reachable by remote browsers. Browsers will default
# to using CHE_DOCKER_IP, then unix sockets, or DOCKER_HOST if this is not set.
# This will generally work if the browser and the workspace are on the same network.
# However, if the browser and the workspaces are on different networks, then you
# may need to set this value to the external IP address of your host or Docker to
# make workspaces reachable.
#CHE_DOCKER_IP_EXTERNAL=NULL
# Usage of single-port routing.
# By enabling single-port, all browser traffic to Che or any workspace will be routed
# through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this
# property will transform the launch sequence of Che to launch a Traefik reverse proxy.
# The reverse proxy will act as the traffic endpoint for all browser communications.
# When a new workspace is started or stopped, Che will update Traefik's configuration
# with rules for how browser traffic should be routed to Che or a workspace.
#
# With single-port, each service running in a workspace and exposing ports has its own hostname.
# Example : workspace agent will have a hostname like : ws-agent.workspace-id....domain.name
# By default the domain name will use nip.io which allow to provide wildcard DNS without any
# user configuration.
CHE_SINGLE_PORT=false
# Wildcard DNS host and port for the single port mode. Default is nip.io.
# Only http protocol is currently supported.
#CHE_SINGLEPORT_WILDCARD__DOMAIN_HOST=NULL
#CHE_SINGLEPORT_WILDCARD__DOMAIN_PORT=NULL
# IP-less wildcard dns in single mode. This needs a *.domain.tld DNS entry. (Use it instead of
# nip.io)
#CHE_SINGLEPORT_WILDCARD__DOMAIN_IPLESS=false
# Default rewriter for URLs in links.
# This variable is automatically overridden in single port mode.
#CHE_INFRA_DOCKER_URL__REWRITER=DEFAULT
# Time(in seconds) that limits the docker build process.
# The default value is 8 minutes, after which the build will be considered as failed.
# CHE_INFRA_DOCKER_BUILD__TIMEOUT__SEC=480
########################################################################################
##### #####
##### DOCKER #####
##### #####
#
# Docker Registry for Workspace Snapshots
# Docker is the default machine implementation within Che. Workspaces are powered
# by machines that are constructed when the workspace is started. The images used to
# generate containers for the machines can come from DockerHub or a private
# Docker registry. You can configure this property with a URL to your
# registry to alter the location.
#CHE_DOCKER_REGISTRY=${CHE_REGISTRY_HOST}:5000
#
# Specify workspace-master container memory limit.
#CHE_MASTER_CONTAINER_RAM=750m
#
# By default, if a user accesses a workspace from its unique URL (instead of the
# dashboard interface), then the workspace is automatically started by Che.
# You can set this property to false to disable this behavior.
#CHE_WORKSPACE_AUTO__START=true
# Private Docker Images
# If pushing snap images to a registry requires authenticated access to the
# registry. Or, if your stacks reference private images which require authenticated
# access to a registry in order to pull, then you can configure 1..n registries
# with authentication access. We will perform a `docker login` with this
# credentials before performing a snap or a pull.
#CHE_DOCKER_REGISTRY_AUTH_<insert-name>_URL=https://index.docker.io/v1/
#CHE_DOCKER_REGISTRY_AUTH_<insert-name>_USERNAME=<username>
#CHE_DOCKER_REGISTRY_AUTH_<insert-name>_PASSWORD=<password>
#CHE_DOCKER_REGISTRY_AWS_REGISTRY1_ID=id1
#CHE_DOCKER_REGISTRY_AWS_REGISTRY1_REGION=region1
#CHE_DOCKER_REGISTRY_AWS_REGISTRY1_ACCESS__KEY__ID=key_id1
#CHE_DOCKER_REGISTRY_AWS_REGISTRY1_SECRET__ACCESS__KEY=secret1
# Force Image Update
# If true, then Che always pulls an image from a registry even if it is cached
# If false, Docker only pulls the image if it does not exist locally. This can
# create situations where images are not current, but a forced pull is slower.
#CHE_DOCKER_ALWAYS__PULL__IMAGE=true
# Control User Processes
# Limits the number of processes that can be forked inside a cgroup. Set -1 for
# unlimited. Requires Docker running on a 4.3 Linux kernel.
#CHE_DOCKER_PIDS__LIMIT=-1
# CPU Core Limits
# Limit the CPU cores used for running Che workspaces as containers.
# Example:
# CHE_DOCKER_CPUSET__CPUS=0-3
# CHE_DOCKER_CPUSET__CPUS=0,2
# See more at https://docs.docker.com/engine/reference/run/#/cpuset-constraint
#CHE_DOCKER_CPUSET__CPUS=NULL
# CPU Consumption Limit
# Limit the CPU utilitization given to containers powering workspaces started
# by Che. 'period' sets the amount of units for each CPU core. 'quota' sets the
# sets amount of units available per whole CPU.
# Max value of quota could be period * number of CPU cores in a system.
# Example:
# These values allows usage of 100% of 2 cores on 2+ cores system.
# Period declares that 100% is equal to 5000 units
# and container is allowed to use 2x more than 1 core.
# Although max consumption is explained in cores performance workload will be
# split between several cores.
# CHE_DOCKER_CPU__PERIOD=5000
# CHE_DOCKER_CPU__QUOTA=10000
# In this example limit is set to half of a CPU core.
# CHE_DOCKER_CPU__PERIOD=10000
# CHE_DOCKER_CPU__QUOTA=5000
# See more at https://docs.docker.com/engine/reference/run/#/cpu-period-constraint
# https://docs.docker.com/engine/reference/run/#/cpu-quota-constraint
#CHE_DOCKER_CPU__PERIOD=0
#CHE_DOCKER_CPU__QUOTA=0
# CGroup Parent
# CGroups allow admins to to configure limits on nodes in a system in a specific
# way. The value can start with a slash which means it will be absolute or
# without a slash for relative value. Docker will create this cgroup if it is missing.
# Admin can configure limits on this cgroup on all nodes in a system specific way.
# Example:
# On Ubuntu 16.04 use CHE_DOCKER_PARENT__CGROUP=/my_group. Then let container
# create cgoup by running Che. Then edit
# /sys/fs/cgroup/<resource folder>/my_group/<resource file>
# For example to limit CPU cores to 0-1 put value "0-1" into file
# /sys/fs/cgroup/cpuset/my_group/cpuset.cpus
# See more at https://docs.docker.com/engine/reference/run/#/specifying-custom-cgroups
#CHE_DOCKER_PARENT__CGROUP=NULL
# SELinux Options
# By default, your source code is mounted into a workspace into /projects folder.
# On SELinux and other OS, you may need to add additional mounting attributes.
#CHE_DOCKER_VOLUMES__PROJECTS__OPTIONS=Z
#CHE_DOCKER_VOLUMES__AGENT__OPTIONS=ro,Z
# Docker Cleanup
# Unused containers and networks from Che and workspaces need to be cleaned up
# periodically.
#CHE_DOCKER_CLEANUP__PERIOD__MIN=60
########################################################################################
##### #####
##### OAUTH #####
##### #####
#
# You can configure a 3rd party provider's oAuth, which will be used for your users when
# they initiate Git actions from within Che.
#
# GitHub
#CHE_OAUTH_GITHUB_CLIENTID=your_github_client_id
#CHE_OAUTH_GITHUB_CLIENTSECRET=your_github_client_secret
#CHE_OAUTH_GITHUB_AUTHURI=https://github.com/login/oauth/authorize
#CHE_OAUTH_GITHUB_TOKENURI=https://github.com/login/oauth/access_token
#CHE_OAUTH_GITHUB_REDIRECTURIS=http://localhost:${CHE_PORT}/api/oauth/callback
########################################################################################
##### #####
##### JMX #####
##### #####
#
# JMX provides a management interface point to within the Che container. JMX is not
# use by other containers such as haproxy or nginx. While Che is running, grab the
# IP address of the Che container and you can connect to its embedded JMX server.
# JMX is disabled by default, uncomment CHE_JMX_ENABLED=true to enable it.
#
#CHE_JMX_ENABLED=true
#CHE_JMX_USERNAME=admin
#CHE_JMX_PASSWORD=Che
########################################################################################
##### #####
##### CUSTOM #####
##### #####
# Custom che.properties Property
# Che's server loads name=value properties in a .properties file. Those values can
# be seen by custom extensions that are packaged within a Che server. There are
# also Che properties that are rarely configured that are shown in documentation
# that can be added with a custom format here. You can add as many as you would like.
#
# Add a new property in the format of CHE_<PROPERTY_NAME>=value. If in your
# <PROPERTY_NAME> you have a single underscore '_', that will be replaced with a
# dot '.'. A double underscore '__' will be replaced with a single underscore '_'.
#
# System Super Privileged Mode
# Grants users with the manageSystem permission additional permissions for
# getByKey, getByNameSpace, stopWorkspaces, and getResourcesInformation.
# These are not given to admins by default and these permissions allow
# admins gain visibility to any workspace along with naming themselves
# with admin privileges to those workspaces.
#SYSTEM_SUPER__PRIVILEGED__MODE=false
# A complete list of internal properties used by Che are available in the default
# properties file that is embedded in the server's runtime. You can view it in our
# GitHub repository: https://github.com/eclipse/che/blob/master/assembly/assembly-wsmaster-war/src/main/webapp/WEB-INF/classes/codenvy/che.properties
########################################################################################
##### #####
##### STACKS #####
##### #####
#
# Defines whether stacks loaded once or each time server starts.
# If value is 'false' stacks will be loaded once after database is initialized,
# otherwise stacks will be loaded each time server starts.
# Stacks loading overrides existing predefined stacks with new data
# defined in stacks.json.
# - 'default' : false
# Note that this property is needed for backward compatibility and will be removed soon.
#CHE_PREDEFINED_STACKS_RELOAD__ON__START=false
########################################################################################
##### #####
##### Kubernetes Infrastructure #####
##### #####
#
#Configuration of Kubernetes client that Infra will use
#CHE_INFRA_KUBERNETES_MASTER__URL=
#CHE_INFRA_KUBERNETES_USERNAME=
#CHE_INFRA_KUBERNETES_PASSWORD=
#CHE_INFRA_KUBERNETES_OAUTH__TOKEN=
#CHE_INFRA_KUBERNETES_TRUST__CERTS=
# Defines Kubernetes namespace in which all workspaces will be created.
# If not set, every workspace will be created in a new namespace, where namespace = workspace id
#
# Ignored for OpenShift infra. Use `CHE_INFRA_OPENSHIFT_PROJECT` instead
#CHE_INFRA_KUBERNETES_NAMESPACE=
#CHE_INFRA_KUBERNETES_MACHINE__START__TIMEOUT__MIN=5
# Defines whether use the Persistent Volume Claim for che workspace needs
# e.g backup projects, logs etc or disable it.
#CHE_INFRA_KUBERNETES_PVC_ENABLED=true
# Defined which strategy will be used while choosing PVC for workspaces.
#
# Supported strategies:
# - 'common'
# PVC with name that is configured by 'che.infra.kubernetes.pvc.name'
# the property will be used for storing workspaces data of each workspace
# in an OpenShift project.
# Existing PVC will be used or new one will be created if it doesn't exist.
#
# - 'unique'
# PVC with name that is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + {generated_8_chars}'
# will be used for storing of workspaces data.
# Existing PVC will be used or a new one will be created if it doesn't exist.
#CHE_INFRA_KUBERNETES_PVC_STRATEGY=common
# Defines whether to run a job that creates workspace's subpath directories in persistent volume for the 'common' strategy before launching a workspace.
# Necessary in some versions of OpenShift/Kubernetes as workspace subpath volume mounts are created with root permissions,
# and thus cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in Che).
# The default is "true", but should be set to false if the version of Kubernetes/Kubernetes creates subdirectories with user permissions.
# Relevant issue: https://github.com/kubernetes/kubernetes/issues/41638
# Note that this property has effect only if the 'common' PVC strategy used.
#CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS=true
# Defines the name of Persistent Volume Claim for che workspace.
#CHE_INFRA_KUBERNETES_PVC_NAME=claim-che-workspace
# Defines the size of Persistent Volume Claim of che workspace.
# Format described here:
# https://docs.kubernetes.com/container-platform/latest/dev_guide/compute_resources.html#dev-compute-resources
#CHE_INFRA_KUBERNETES_PVC_QUANTITY=10Gi
# Defines Persistent Volume Claim access mode.
# Note that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces.
# If OpenShift flavor where che running is using PVs with RWX access mode then a limit of running workspaces at the same time
# bounded only by che limits configuration like(RAM, CPU etc).
# Detailed information about access mode is described here:
# https://docs.kubernetes.com/container-platform/latest/architecture/additional_concepts/storage.html#pv-access-modes
#CHE_INFRA_KUBERNETES_PVC_ACCESS__MODE=ReadWriteOnce
# Defines annotations for ingresses which are used for servers exposing. Value depends on ingress controller.
# For example for nginx ingress controller 0.9.0-beta17 the following value is recommended:
# {"ingress.kubernetes.io/rewrite-target": "/","ingress.kubernetes.io/ssl-redirect": "false",\
# "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600"}
#
# OpenShift infrastructure ignores this property because it uses Routes instead of ingresses.
#CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON=NULL
# Creates Ingresses with Transport Layer Security (TLS) enabled
# In OpenShift infrastructure, Routes will be TLS-enabled
#CHE_INFRA_KUBERNETES_TLS_ENABLED=false
# Name of a secret that should be used when creating workspace ingresses with TLS
# Ignored by OpenShift infrastructure
#CHE_INFRA_KUBERNETES_TLS_SECRET=
########################################################################################
##### #####
##### Openshift Infrastructure #####
##### #####
#
# Since OpenShift infrastructure reuse Kubernetes infrastructure components
# OpenShift infrastructure reuse most of the Kubernetes configuration attributes.
# Defines OpenShift namespace in which all workspaces will be created.
# If not set, every workspace will be created in a new project, where project name = workspace id
#CHE_INFRA_OPENSHIFT_PROJECT=
########################################################################################
##### #####
##### MAIL SERVER #####
##### #####
#
# CHE uses email to notify admins and users of events in the system such as error
# reports invitations, or workspace unusual activity.
#
#CHE_MAIL_HOST=smtp.example.com
#CHE_MAIL_HOST_PORT=465
#CHE_MAIL_USE_SSL=true
#CHE_MAIL_TRANSPORT_PROTOCOL=smtp
#CHE_MAIL_SMTP_AUTH=true
#CHE_MAIL_SMTP_SOCKETFACTORY_CLASS=javax.net.ssl.SSLSocketFactory
#CHE_MAIL_SMTP_SOCKETFACTORY_FALLBACK=false
#CHE_MAIL_SMTP_SOCKETFACTORY_PORT=465
#CHE_MAIL_SMTP_AUTH_USERNAME=smtp_username
#CHE_MAIL_SMTP_AUTH_PASSWORD=smtp_password
########################################################################################
##### #####
##### CHE MULTIUSER #####
##### #####
#
# Enable multiuser CHE
# - 'default' : false
#CHE_MULTIUSER=false
#
# Postgres config
# Value NULL is treated in the same way as when environment variable is unset
#CHE_JDBC_USERNAME=pgche
#CHE_JDBC_PASSWORD=pgchepassword
#CHE_JDBC_DATABASE=dbche
#CHE_JDBC_URL=jdbc:postgresql://postgres:5432/dbche
#CHE_JDBC_DRIVER__CLASS__NAME=org.postgresql.Driver
#CHE_JDBC_MAX__TOTAL=20
#CHE_JDBC_MAX__IDLE=10
#CHE_JDBC_MAX__WAIT__MILLIS=-1
# Grant system permission for 'che.system.admin_name' user. If the user already exists it'll happen on
# component startup, if not - during the first login when user is persisted in the database.
#CHE_SYSTEM_ADMIN__NAME=admin
#
#CHE_KEYCLOAK_OSO_ENDPOINT=NULL
#CHE_KEYCLOAK_GITHUB_ENDPOINT=NULL
#CHE_KEYCLOAK_ALLOWED__CLOCK__SKEW__SEC=3
#CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD=true
#
# Url to keycloak identity provider server
# Can be set to NULL only if `CHE_KEYCLOAK_OIDC__PROVIDER`
# is used
#CHE_KEYCLOAK_AUTH__SERVER__URL=http://172.17.0.1:5050/auth
# Keycloak realm is used to authenticate users
# Can be set to NULL only if `CHE_KEYCLOAK_OIDC__PROVIDER`
# is used
#CHE_KEYCLOAK_REALM=che
# Keycloak or OIDC client id used by dashboard,
# ide and cli to authenticate users
#CHE_KEYCLOAK_CLIENT__ID=che-public
# Use the OIDC optional `nonce` feature to increase security.
#CHE_KEYCLOAK_USE__NONCE=true
# URL to the Keycloak Javascript adapter we want to use.
# if set to NULL, then the default used value is
# `${CHE_KEYCLOAK_AUTH__SERVER__URL}/js/keycloak.js`,
# or `<che-server>/api/keycloak/OIDCKeycloak.js`
# if an alternate `oidc_provider` is used
#CHE_KEYCLOAK_JS__ADAPTER__URL=NULL
# Base URL of an alternate OIDC provider that provides
# a discovery endpoint as detailed in the following specification
# https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
#CHE_KEYCLOAK_OIDC__PROVIDER=NULL
########################################################################################
##### #####
##### WORKSPACE LIMITS #####
##### #####
#
# Workspaces are the fundamental runtime for users when doing development. You can set
# parameters that limit how workspaces are created and the resources that are consumed.
#
# The maximum number of workspaces that a user is allowed to create. The user will
# be presented with an error message if they try to create additional workspaces.
# This applies to the total number of both running and stopped workspaces.
#CHE_LIMITS_USER_WORKSPACES_COUNT=-1
# The maximum number of running workspaces that a single user is allowed to have.
# If the user has reached this threshold and they try to start an additional
# workspace, they will be prompted with an error message. The user will need to
# stop a running workspace to activate another.
#CHE_LIMITS_USER_WORKSPACES_RUN_COUNT=-1
# The total amount of RAM that a single user is allowed to allocate to running
# workspaces. A user can allocate this RAM to a single workspace or spread it
# across multiple workspaces.
#CHE_LIMITS_USER_WORKSPACES_RAM=-1
# The total amount of RAM that a single organization (team) is allowed to allocate
# to running workspaces. An organization owner can allocate this RAM however they
# see fit across the team's workspaces.
#CHE_LIMITS_ORGANIZATION_WORKSPACES_RAM=-1
# The maximum number of workspaces that a organization is allowed to own. The
# organization will be presented an error message if they try to create
# additional workspaces. This applies to the total number of both running
# and stopped workspaces.
#CHE_LIMITS_ORGANIZATION_WORKSPACES_COUNT=-1
# The maximum number of running workspaces that a single organization is allowed.
# If the organization has reached this threshold and they try to start an
# additional workspace, they will be prompted with an error message. The
# organization will need to stop a running workspace to activate another.
#CHE_LIMITS_ORGANIZATION_WORKSPACES_RUN_COUNT=-1
# The length of time that a user is idle with their workspace when the system will
# suspend the workspace and then stopping it. Idleness is the
# length of time that the user has not interacted with the workspace, meaning that
# one of our agents has not received interaction. Leaving a browser window open
# counts toward idleness. Value is provided in milliseconds
#CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT=-1
# The maximum amount of RAM that a user can allocate to a workspace when they
# create a new workspace. The RAM slider is adjusted to this maximum value.
#CHE_LIMITS_WORKSPACE_ENV_RAM=16gb
Reference in New Issue View Git Blame Copy Permalink