diff --git a/operators/eclipse-che/7.90.0/manifests/eclipse-che.v7.90.0.clusterserviceversion.yaml b/operators/eclipse-che/7.90.0/manifests/eclipse-che.v7.90.0.clusterserviceversion.yaml new file mode 100644 index 00000000000..62d2dec4fe7 --- /dev/null +++ b/operators/eclipse-che/7.90.0/manifests/eclipse-che.v7.90.0.clusterserviceversion.yaml @@ -0,0 +1,1163 @@ +# +# Copyright (c) 2019-2024 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "org.eclipse.che/v1", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che", + "namespace": "eclipse-che" + }, + "spec": { + "auth": { + "identityProviderURL": "", + "oAuthClientName": "", + "oAuthSecret": "" + }, + "database": { + "externalDb": false + }, + "k8s": { + "ingressDomain": null, + "tlsSecretName": null + }, + "metrics": { + "enable": true + }, + "server": { + "externalDevfileRegistries": [ + { + "url": "https://registry.devfile.io" + } + ], + "externalDevfileRegistry": true, + "externalPluginRegistry": true, + "workspaceNamespaceDefault": "-che" + }, + "storage": { + "pvcStrategy": "common" + } + } + }, + { + "apiVersion": "org.eclipse.che/v2", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che", + "namespace": "eclipse-che" + }, + "spec": { + "components": { + "devfileRegistry": { + "disableInternalRegistry": true, + "externalDevfileRegistries": [ + { + "url": "https://registry.devfile.io" + } + ] + }, + "pluginRegistry": { + "disableInternalRegistry": true + } + }, + "containerRegistry": {}, + "devEnvironments": {}, + "gitServices": {}, + "networking": {} + } + } + ] + capabilities: Seamless Upgrades + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator@sha256:aa51eb6e035f1cddbe2fe04301e7980fb90031820f9b1dac1641d471fc8a5e00 + createdAt: "2024-08-14T21:47:21Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + features.operators.openshift.io/cnf: "false" + features.operators.openshift.io/cni: "false" + features.operators.openshift.io/csi: "false" + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "true" + features.operators.openshift.io/proxy-aware: "true" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" + operatorframework.io/suggested-namespace: openshift-operators + operators.operatorframework.io/builder: operator-sdk-v1.9.0+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/eclipse-che/che-operator + support: Eclipse Foundation + name: eclipse-che.v7.90.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: 'The `CheCluster` custom resource allows defining and managing + Eclipse Che server installation. Based on these settings, the Operator + automatically creates and maintains several ConfigMaps: `che`, `plugin-registry` + that will contain the appropriate environment variables of the various components + of the installation. These generated ConfigMaps must NOT be updated manually.' + displayName: Eclipse Che instance Specification + kind: CheCluster + name: checlusters.org.eclipse.che + resources: + - kind: ClusterRole + name: '' + version: v1 + - kind: ClusterRoleBinding + name: '' + version: v1 + - kind: ConfigMap + name: '' + version: v1 + - kind: Deployment + name: '' + version: apps/v1 + - kind: Ingress + name: '' + version: v1 + - kind: Role + name: '' + version: v1 + - kind: RoleBinding + name: '' + version: v1 + - kind: Route + name: '' + version: v1 + - kind: Secret + name: '' + version: v1 + - kind: Service + name: '' + version: v1 + specDescriptors: + - description: Development environment default configuration options. + displayName: Development environments + path: devEnvironments + - description: Che components configuration. + displayName: Components + path: components + - description: A configuration that allows users to work with remote Git + repositories. + displayName: Git Services + path: gitServices + - description: Networking, Che authentication, and TLS configuration. + displayName: Networking + path: networking + - description: Configuration of an alternative registry that stores Che + images. + displayName: Container registry + path: containerRegistry + - description: Enables users to work with repositories hosted on Azure DevOps + Service (dev.azure.com). + displayName: Azure + path: gitServices.azure + - description: 'Kubernetes secret, that contains Base64-encoded Azure DevOps + Service Application ID and Client Secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services' + displayName: Secret Name + path: gitServices.azure[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on Bitbucket + (bitbucket.org or self-hosted). + displayName: Bitbucket + path: gitServices.bitbucket + - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket + OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.' + displayName: Secret Name + path: gitServices.bitbucket[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitHub + (github.com or GitHub Enterprise). + displayName: GitHub + path: gitServices.github + - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth + Client id and GitHub OAuth Client secret. See the following page for + details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + displayName: Secret Name + path: gitServices.github[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitLab + (gitlab.com or self-hosted). + displayName: GitLab + path: gitServices.gitlab + - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application + id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + displayName: Secret Name + path: gitServices.gitlab[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + statusDescriptors: + - description: Specifies the current phase of the Che deployment. + displayName: ChePhase + path: chePhase + x-descriptors: + - urn:alm:descriptor:text + - description: Public URL of the Che server. + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Currently installed Che version. + displayName: 'displayName: Eclipse Che version' + path: cheVersion + x-descriptors: + - urn:alm:descriptor:text + - description: Deprecated the public URL of the internal devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Specifies the current phase of the gateway deployment. + displayName: Gateway phase + path: gatewayPhase + x-descriptors: + - urn:alm:descriptor:text + - description: A human readable message indicating details about why the + Che deployment is in the current phase. + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: The public URL of the internal plug-in registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A brief CamelCase message indicating details about why the + Che deployment is in the current phase. + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: The resolved workspace base domain. This is either the copy + of the explicitly defined property of the same name in the spec or, + if it is undefined in the spec and we're running on OpenShift, the automatically + resolved basedomain for routes. + displayName: Workspace base domain + path: workspaceBaseDomain + x-descriptors: + - urn:alm:descriptor:text + version: v2 + - description: The `CheCluster` custom resource allows defining and managing + a Che server installation + displayName: Eclipse Che instance Specification + kind: CheCluster + name: checlusters.org.eclipse.che + resources: + - kind: ClusterRole + name: '' + version: v1 + - kind: ClusterRoleBinding + name: '' + version: v1 + - kind: ConfigMap + name: '' + version: v1 + - kind: Deployment + name: '' + version: apps/v1 + - kind: Ingress + name: '' + version: v1 + - kind: Role + name: '' + version: v1 + - kind: RoleBinding + name: '' + version: v1 + - kind: Route + name: '' + version: v1 + - kind: Secret + name: '' + version: v1 + - kind: Service + name: '' + version: v1 + specDescriptors: + - description: Configuration settings related to the Authentication used + by the Che installation. + displayName: Authentication + path: auth + - description: Deprecated. The value of this flag is ignored. Sidecar functionality + is now implemented in Traefik plugin. + displayName: Gateway Header Rewrite Sidecar Image + path: auth.gatewayHeaderRewriteSidecarImage + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Configuration settings related to the User Dashboard used + by the Che installation. + displayName: User Dashboard + path: dashboard + - description: Configuration settings related to the database used by the + Che installation. + displayName: Database + path: database + - description: DevWorkspace operator configuration + displayName: Dev Workspace operator + path: devWorkspace + - description: Deploys the DevWorkspace Operator in the cluster. Does nothing + when a matching version of the Operator is already installed. Fails + when a non-matching version of the Operator is already installed. + displayName: Enable DevWorkspace operator + path: devWorkspace.enable + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: A configuration that allows users to work with remote Git + repositories. + displayName: Git Services + path: gitServices + - description: Enables users to work with repositories hosted on Bitbucket + (bitbucket.org or self-hosted). + displayName: Bitbucket + path: gitServices.bitbucket + - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket + OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.' + displayName: Secret Name + path: gitServices.bitbucket[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitHub + (github.com or GitHub Enterprise). + displayName: GitHub + path: gitServices.github + - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth + Client id and GitHub OAuth Client secret. See the following page for + details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + displayName: Secret Name + path: gitServices.github[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitLab + (gitlab.com or self-hosted). + displayName: GitLab + path: gitServices.gitlab + - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application + id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + displayName: Secret Name + path: gitServices.gitlab[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Kubernetes Image Puller configuration + displayName: Kubernetes Image Puller + path: imagePuller + - description: Configuration settings specific to Che installations made + on upstream Kubernetes. + displayName: Kubernetes + path: k8s + - description: Configuration settings related to the metrics collection + used by the Che installation. + displayName: Metrics + path: metrics + - description: General configuration settings related to the Che server, + the plugin and devfile registries + displayName: Che server + path: server + - description: Deprecated. The value of this flag is ignored. Defines that + a user is allowed to specify a Kubernetes namespace, or an OpenShift + project, which differs from the default. It's NOT RECOMMENDED to set + to `true` without OpenShift OAuth configured. The OpenShift infrastructure + also uses this property. + displayName: Allow User Defined Workspace Namespaces + path: server.allowUserDefinedWorkspaceNamespaces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated in favor of `externalDevfileRegistries` fields. + displayName: Devfile Registry Url + path: server.devfileRegistryUrl + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated. The value of this flag is ignored. The Che Operator + will automatically detect whether the router certificate is self-signed + and propagate it to other components, such as the Che server. + displayName: Self Signed Cert + path: server.selfSignedCert + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated. Instructs the Operator to deploy Che in TLS mode. + This is enabled by default. Disabling TLS sometimes cause malfunction + of some Che components. + displayName: Tls Support + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated in favor of `disableInternalClusterSVCNames`. + displayName: Use Internal Cluster SVCNames + path: server.useInternalClusterSVCNames + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Configuration settings related to the persistent storage + used by the Che installation. + displayName: Persistent storage + path: storage + statusDescriptors: + - description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Public URL to the Che server. + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Current installed Che version. + displayName: 'displayName: Eclipse Che version' + path: cheVersion + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Public URL to the devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: The ConfigMap containing certificates to propagate to the + Che components and to provide particular configuration for Git. + displayName: Git certificates + path: gitServerTLSCertificateConfigMapName + x-descriptors: + - urn:alm:descriptor:text + - description: A URL that points to some URL where to find help related + to the current Operator status. + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Public URL to the Identity Provider server, Keycloak or RH-SSO,. + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A human readable message indicating details about why the + Pod is in this condition. + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: OpenShift OAuth secret in `openshift-config` namespace that + contains user credentials for HTPasswd identity provider. + displayName: OpenShift OAuth secret in `openshift-config` namespace that + contains user credentials for HTPasswd identity provider. + path: openShiftOAuthUserCredentialsSecret + x-descriptors: + - urn:alm:descriptor:text + - description: Public URL to the plugin registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A brief CamelCase message indicating details about why the + Pod is in this state. + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers OpenShift workspaces and in-browser IDE for rapid cloud application development. + This operator installs the Plugin and Devfile registries, Dashboard, Gateway and the Eclipse Che server, and configures these services. + OpenShift OAuth is used directly for authentication. TLS mode is on. + + ## How to Install + Press the **Install** button, choose the channel and the upgrade strategy, and wait for the **Installed** Operator status. + When the operator is installed, create a new Custom Resource (CR) of Kind CheCluster (click the **Create New** button). + The CR spec contains all defaults. You can start using Eclipse Che when the CR status is set to **Available**, and you see a URL to Eclipse Che. + + ## Defaults + By default, the operator deploys Eclipse Che with: + * 10Gi storage + * Auto-generated passwords + * Bundled Plugin and Devfile registries + + Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che default installation options. + See more in the [Installation guide](https://www.eclipse.org/che/docs/stable/administration-guide/configuring-che/). + + ### Certificates + Operator uses a default router certificate to secure Eclipse Che routes. + Follow the [guide](https://www.eclipse.org/che/docs/stable/administration-guide/importing-untrusted-tls-certificates/) + to import certificates into Eclipse Che. + displayName: Eclipse Che + icon: + - base64data: iVBORw0KGgoAAAANSUhEUgAAANMAAAD0CAYAAAABrhNXAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAABmJLR0QA/wD/AP+gvaeTAAAaNklEQVR42u3de3QU9dkH8O/zm91EQK0U77dqVdTW++1V20KigUSQahLjsSSbtp4eeqqVLHILCcoiyQZEIbF61B6PVQJ6XiOkr6TlYiABr603wHotar1bBUWUYDY787x/JIGoSchmZ+c3M/t8/iS7M8+M5+vs7szz/IiZIYRIntJdgBB+IWESwiYSJiFsImESwiYSJiFsImESwiaBvv5ARLprEwB4ddaJTBQF8w/JsKbQmI0v665JAL3dUqK+7jNJmPTiNWOHWYhNB1AOILPrn+MA369MazaNe+Iz3TWmMwmTB3AEyrwwu4SIbwVwWB+v+hxEt6gg7qLs1rjumtORhMnlePUlF5hk1RFw4QDf8rrFmBLMa12tu/Z0I2FyKV53yVGWyTVgLgGQ8IknoImMQBnlNL+t+1jShYTJZXjlhKFW8KsbQJgNYP8ktxYDcI8yh95E41bt1H1sfidhcpH4mtETCHQHgONs3vTHAEXUMy33UQSW7uP0KwmTC/DqS84xyaol4Bcp3tULiqiMxrY8pfuY/UjCpBG3ZB1sxfgmgK4HYDi1WwI9SnGaTuPXv6v7HPiJhEkDfv7coPX5AdeB+RaADtRURRtAC9UB7Qvo4md26z4nfiBhcljH6qwcRbgDwKm6a+nyATNVGrkt9USQrtAkSJgcwquyT2ZlLWLQON219FofsMEghGls6ybdtXiVhCnFuOnnw62gEQHoOvTz3KM7sAVSy5RS0yln3X91V+M1EqYU4ZasgBWjawGuAnCI7noStAOM+coaUkvjVrXrLsYrJEwp0LHmkksUrFoAp+uuJSnMbzLR1EBua5PuUrxAwmSj7tYIBhfprsVOBDQTU5jyWl7RXYubSZhs0KM1YiaA/XTXkyIdAN+tMmgOZbfu0F2MG0mYksAMMtdkh4h4AYDDddfj0FF3tnrsOOROurrB1F2Nm0iYBolXjT7fVFRHwEW6a9FkkyIK09iWDboLcQsJU4KSbY3wGwKaCNZkyt34ju5adJMwDRA/fdEQa2fmZBAqARygux536Wr1+CY+m6546ivd1Wg7CxKmfUtha4TP8EeAmpuurR4Spn7w46PONi2qJdAo3bV4CROeM1iFKXf907prcfS4JUzfx82XjrDM+M0Ot0b4TWerB8yplLvxfd3FOHLAEqYeJ2NPawTmAviB7np8YheA21QG5lN26ze6i0klCVOXjtVZOUpxHZh+orsWn3qfmWYH8lqW6C4kVdI+TLwq+2Q2+HZmjNddSzogoIUsI0yXrduiuxa7pW2YuOnnw62MwEwwTwEoQ3c96aWr1SMen+qnKbRpF6a901GthQAdqrueNPcFGAvUzkMW09UNMd3FJCutwtSxenS2ItQCdIbuWsS3vMFENwbGtvxddyHJSIsw8ZpRx1hkVIM5pLsW0TcCmsk0ymjculd11zIYvg5TmrRG+E1nq4cK3kxjmr/UXUwifBkmZpD5+OiriHEbQMfqrkcMynYQ5nmp1cN3YepsjUAtgS7WXYuwA7+oGGHK2/CE7kr2WalfwsRrxxxpcWwOgN8BJEuJ+gwBTWThBrqs9T+6a+mL58PEjxRlWAd99gcw5kFaI3yO20D0JxVEFWW3fq27mu9V5+UwdbVG1AE4XnctwlEfMlOF26bQejJMvDbrLJNRS8Bo3bUIfRj8T0NRGY1pfVZ3LYDHwsSrc39o0TdzpDVC7OWeKbSeCFOP1ogIgIO0FCHcrrPVwxxSo2sKrevD1LVqRC2Anzq+c+FFW5m4IjB2Q4PTO3ZtmLj50pFsmrczcLnTJ0V4HzHWESFMua3/cmqfrgsTt2QdZHWgHIwwgEynToTwpTjA96sMqqTs1m2p3plrwiStESJ1uqbQBnEXZbfGU7YXN4SpY1VWllKoBXBmqg5UCACvW4wpwbzW1anYuNYw8d+zjrYCFJXpqMJJBDSRESijnOa37dyuljDxyglDrYyvZkBaI4Q2XVNozaE30bhVO23ZopNhktYI4UIfAxSxYwqtY2HitVnndT0C9DOHT5YQA/GCIiqjsS1PDXYDKQ8Tr/7FERapCKQ1Qrhf5xTaOE2n8evfTfjNqQrT3tYIvgWgA3WfJSEGjtsAWpjoFNqUhKmzNQK1AP1Y92kRIgkfMFPlQFs9bA0TPz7qVLbUIgbydJ8FIezChFbDojDltWzu93V2hElaI4T/dbV6cHAa5a79tNdXJBMmbskKWDG6FszVIBys+3CFcMAOMOYra0jtd1s9Bh2mjrXZlyrmWgCn6T46IRzH/CYTTQ3ktjbt/acEw8RrR53EbFQzuEj38QihGwHNxBSmvJZXEgqT9Xj2bWC+QVaNEKInjoFQpca0zvvuXwJ9vwdT5XlUIXpiC6T+Vyn1597+Gkh0c0KkIwb+YUCV0diWfwBAbx/oJExC9G/AN3MlTEL0qudE2ZYBTZSVMAnxHQQ0Udz4Y6IPwEqYhNiDX1SdU2OfHMy7pU1CCMY2EMLqy0MvGGyQALkyifTWuXKhNfQmyku+nV3CJNISAc2krMk0ZuNrdm1TwiTSzRtMdKORgtXeJUwiXXwBwtzO4ZQtKRlOKWESftc5Ntm0ZtO4Jz5L5Y4kTMK3CLyerMAUumzdFif2J2HyBu58GkwmPg3QW8w01chr/T8ndyr/cVyPX1QKoxTUBcwY9D2QNLELwFyVgdMCeS2OBgmQK5N7MbZBoUrtOPROurrBBABmjDIfH30VgRaC8SPdJboIg2ip6uAZNL71E11F9N0cuDbbNStbp5nOG4n9zMXuMb99BoAhugvWiQnPGSaX0WUbnnF0vwl12kqYHEdAE5kqTOPWvzWQ16f5yiIfMlPFQOfc2U3C5F5vMHhKIHfDqsG8mddmj7Y6B96cpftAHLAbhDvU7o5quuKpr3QVIWFynx43EpNb5W7vaox8K4DDdB9YKhDQRLAmU+7Gd3TXImFyj5TdSOSWrP2tGKYBKIdf1glmvKRIhSl3/UbdpewpScKkH4HXk+Iwjdn4cir345MxbdtBmKd2HLLnF023kDDptZWJKwJjNzQ4udOO1Vk5ilAL4Ke6T0AiZQN8t1LBm2lM85e6i+mNhEmPXQBuS3TJEjvx8+cGre0H/tYLo617DnrUXUt/JEzOcsWNxG8V5OZFF3oZQexmEiaHMPifhoWw0zcSB1zf46NOZVMtZkKu7lrQPRx/5yGL6eqGmO5iBkrClHpabyQmqnOhOqoDcLzze9/3si1u1ltu5EFXe+wGYYHKwCmBvJYlXggSAARyN6xUXx5yCghhAI7dAGVCq2J1jjG2pdSLQeqLXJmSREATWbiBLmv9j+5aksFrxxxpcWwOUru49/vMNNsrV+7+yMc8OzFeUuAyytvwhO5SbD2stVnnmcx1BLrYxq0OahFmN5Mw2cO1NxLtwgwyHx99FTFuA+jYZDZFoEdJGdNoTPN7uo/LThKm5Lj+RqLdeM3YYRZi0wHMBLBfQu8FnjeIwjS25Sndx5GScyNhGhwCmsk0ymjculd116IDrxl1jEVGNZhDA3j5xwBF1DMt91EElu7aU3ZOJEwJe4OJbgykYMaaF3WsHp3d+WgSnfH9v3IMwD39NTX6iYRp4L4AY4HXbiQ6YW+rh7UQoEOBrl80jUAZ5TS/rbs+x86DhGmf4gD/WRmBmyln3XbdxbhZ56NJ7dMtqMeDuevX667H8eOXMPWNgBayjLBTM9aEt/WWG5lO1H0jMa9lie5ChLelc5h6tEa0+OJGotArHcPUeSMR5lTK3fi+7mKEf6RVmJjwnMEqTLnrn9Zdi/CfNHlqnD8C6PfG060XSpBEqvj9ytQ1Yy2udcaaSA++DdOeGWtj9c9YE/4RiUTUlreCpQAe+O7f/BimTQqqzE0z1oQ/FBTXnL9lK2oBvhg+D5PvWyOEHr+8ZsGRgUB8DsC/Qz+/M/ghTGnXGiGcUVS0aEg8s30ywawE6IB9vd7TYdo7Y63V1TPWhPcUhqommPxNHSUwbMabYeqasWZ4ZMaa8I4rJ1afpRTqmGlUou/1Wpg6Z6xZQ2tp3Kp23cUI/ygqivzQysiYw4RBD+j0SJh6zFjL889oKKHfpEn3Bre3bbvOBEUAHJTMtlwfJia0GpYKU27LZt21CH8pLK3J2bZrey2IbFnUwM1hep+ZZgdypTVC2Cu/NDpSMW5niy+3c/FSF4ap54w1aY0Q9rnyN5GDjHiwnC2EOQULwbkpTF0z1gK+m7Em9IpEImrz1mAJxelWTuESpa4Ik99nrAl98kPR0Vu2oo6AM1O9L81h4o8ANdfw+Yw14byC4gVHA2YUjBLAzm9GfdMSprhF2PThwZvf3Tli/NU33vOhjhqEP02YFBkabAvOAMwZAIY4uW/Hw/TCB4fgL8+fgv9+NeRMAM8Vhmoip5/Qfl8kEpErk0gCU35o/lXUxgsB/EhHBY6N+vrgy/3xwPMnY/NHI3r78/NghFcsq5DvTCJhV06sOVcprgPwM6f2ubx+1vc+Oqb8yvR1ewANL5+I1a8fA4v7/Oh6HghPFJZEH1VKTWtYUi6/5ol9KiipPgJAZF+tEU5J2ZXJtAgtbx2FhzediJ3fZCTy1jaAFx4Y6Jj/wAMRuc8kvqeoKJJhZQb/YIFuIeBAHTX0dmVKSZpf/mQEZvztItz77E8SDRIADAVozs54xr/zS6pLAXbklxjhDYWhqglmZsZrDKrVFaS+2Hpl+njnUDy86UQ88+7hthXIQCugwo1Ly+XZvDRW+KvoKWxgMYA83bUAKfzO9E2HgZWvHYfGl49Hh2XvxY6ALMB6saA4uoxVcFpj/XR5ajyN9GiNuA7a74v2L6krEwN44p0jUf/CSOzYnfDHucHYwaD53wwfVrvqT5Oln8nHsrIigRHHZF7LbFUDdLDuer7L1u9M/972A1Su+h/86cnTnAoSABxE4PlDvvh6S35x9HKndiqcdVVx9aUjjs54kZnvdWOQ+pLwZXN72354+KWTsPGdw8H6fhsYSYSVBcXRZgqo8PIHy2UGhA8UldScaIGjFlCku5bBGHCY2k2Fx145Hn995TjE4oPq6rUfIYdN66XC4ujdZjA2568PRHboLkkkLhRaOGwXx6ab4HKkoDXCKfv8zsRMePa9w1D/wkh8tiuhBbcdPhJ8Tsy3qPaT7mxouFrm5nkCU35JNESgBQDs+wnYAb19Z+o3TG9tPxAPPn8yXvt0uO7aE8CvEWHK8vrKNborEX27cmLVBUoZdQBfqLuWwUjop/G7nj4NG946AuzM0+s2olOZsbowFG1SMCc31N8ks8ZdpKi06ijTVDUglPjthnyfYWp960jdtSWFGZebMMYWFkfv6cg0Zj92/0xZBUOj7umopsWzQdhfdz2poP3hwBTLYMLkQMx8vTBUMykSifj9eF2pMFQ1wcz45lUCzwf8GSTA/2HqdiQz37tla8azV5VUXay7mHRRUFJ9Tn5JdCOzegyE43TXk2qufjwjBc63oJ6UVo/Uyi+NjlAmbmbgehrkdFQvSrcwAQAxUGRa1riCkurbpNXDPt3TUdnCXCb8QHc9TkuXj3m9GQbQnJ1mxpudrR4iGYWlNTmftW3fxKBaIP2CBKTnlenbGMcQ6MGCUPQ3RBxevqRyi+6SvKSoZN7JJoxFbPE4X/3OPQgSpm6MbGZ6SVo9Bmb8xJrh+ylrpgmaAsCxJ53dTML0bQqEkOKOy/NLahYE2tsXNzREYrqLcpM901HBCxl0qO563CSdvzP1iYHhBJ5vZma8XFBSPV53PW5RMLE6e8vWjJcI9CAACdJ3yJWpfyMBaioojjYbQFnDsopXdRekwxXXVB1jGKoahJDuWtxMwjQQhBwT2FRYHL1bxdTNDQ3labEQdXdrBEAzAbi4ZcAd5GPewAWZMNnMtN4qLKkuKyp6xMc3I5nyQzVFu7jjVYDmQII0IBKmxI1gUK2ZufW5gonzE15E2O0KimvOLyiZ/yQxPwLgWN31eIl8zBu8s6GsDX5p9fjlNQuODATic9wyHdWLJExJ6mr1uLSwpPqOjoxAtddaPbqnozLMeQAdoLseL5P/A9ljCINmBmLma16aQts1HfX1rkeAJEhJkiuTvY4i0IMFJTV/ZBUta1xS8YzugnqTH1pwKlnmYmbk6q7FTyRMqXE+WXiqoDi61AgGZjQ8MOMT3QUBPaajsnk9KH1aI5wiYUodAiFkxuMFuls9Jk26N7h99+e/NdmqBuCZoY5eI9+ZUm9Y16oeL+eHahwfrlhYWpOzbdf2l7w2HdWL5MrknBOJ+ZGCkuh6Ujwl1a0ehRPnnQTDWMQWX+65AVMeJWFy3iVs0QsFJdX3G0Ga3fCXis/s3PiVv4kcZMSD5QwKg707HdWLJEx6BACaZHWgyK5Wjz2tEXG6lYHDdB9gOpLvTBp1t3rEMzO3FIai4wa7nfxQdPTLWzNe6GqNkCBpIlcmFyDwycz4W0FxtJmVMbmxfuZrA3lfQfGCowEzCkYJQ74Z6SZhchNCDrG5ubA4encbYjetWhbZ2dvLJkyKDA22BWcA5gwAQ3SXLTrJxzz3CTJh8hAK9tLq0dkaEWzL6G6NkCC5SJ+rYBSGahJeIFqkxIsKCMctalOK6wD8THdBIoULRIuUOscCNijFDPkk4WoSJm8gyA8Mrif/pxPCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWwiYRLCJhImIWzSd5iIbgcgS1AK8W2xrmx8T59hWlE/axpZ5mkENOiuXghXYDSToc5ZUT9rWm9/7rM5kGjvE/9XFVdfahHVAjhN9/EIocGbAN+4Ymnl37r/obfcDChMAJCVFQmMOCbzWmarWiaDijSxg0HzexvFllSYuu0Z/k64DtJcKPzJAmMZq+C0xvrpn/b2AlvC1K3wV9FT2MBiAHm6j1wIuzDQCqhw49Lyzf2+zs4wdSsMVU1gVrUAfqz7RAgxaIT3mXl249LKJQN5eW+5Sfo+0/L62SuN9tipBA4zsDPZ7QnhsDaA5x5oxEYONEh9SfrK1FNBSfURACIAySLDwu2YgEeVUtMalpS/l/CbU/ExrzdXTqw5V2a8CRd7HozwimUVTw12A46FqWt3lB+afxUxLwTwIyfPlBB9+JiIIqef0H5fJBKxktmQw2HqtHcuNslcbKFLjBj39De/PVFawtRtz4oNhBLIQEXhECI0waSy5Q/NetvO7WoNU7f8UHQ0MeoAnJmSHQgBAITXmWlK49JZq1Ox+ZT8NJ6oxvqKDWecGDuHwb8G8F+n9y98jvA5gcOfvx87PVVB6nPXTl+ZevrW+quQ9VdFUuIA399hZlaufHjatlTvzBUf83qTXxodqRi3M+Nyx3YqfIOBdSAON9ZX/suxfbo1TN0KS2ty2ORaEH7q+M6FB9G/mVDZWD/L8Z47V3xn6s/yJbOaDx424mwi+j3AKb9UC8/6GuC5u4cPO11HkPriqitTTz1aPa4HYCS9QeEHFhjL4hZPf+zhSq0/Xrn+Y15v8kMLTiXLXAxCru5ahEaEf8KyylYsm/2s7lIAj4apW1erRx2A43XXIhz1IYMrGpdW1APkmnWWXf+dqT9drR6nEDgM4Cvd9YiUayPwAqM9dkpna4R7gtQXz1yZevrlNQuODATic6TVw5+I0GQadMNfH5j1H9219MXTH/N6UxiqOo/ZqAP4Yt21CFu8qIDwo0srntBdyL74Lkxdh9Xd6nEbgGN1VyMGg7cRUKXaT7qzoeFqU3c1A6rYn2HqFAotHLaLY9MBmglgP931iAHpIMbddrZGOMXXYep2xTVVxxiGqgYhpLsW0Q9GMytjcmP9zNd0lzKo8tMhTN0KJlZnQ1EtgDN01yL2YtAbivjG5fUVf9ddS1LH4eWfxhO14qHKljNOjJ3d1erxadIbFEkh4AsGlQfa28/wepD6PEa/Xpl66tHqMQVAhu560owFxjIjA1Mb/lLxme5i7JJWH/N6k18aHUkWLQJ4vO5a0gKhhYjDy5dUbtFdit3SPkzdCktrciyL6wj4ie5afOo9Bt+U7FBHN0ur70z9Wb5kVvMhQ0ec1fVo0pe66/GRXQDPPTAQO9nPQepLWl6ZesovjY5QJm6WVo+kMBhLjWBgRsMDMz7RXYwjBywf8/pWWFpzNltWLUCjdNfiMc+xQlnjkopndBfiJAnTAEirx4B9xOBZbmuNcIqEaYCKihYNiWe2TyZwJYADdNfjMrsJfEdHRqD6sftnpm0rjIQpQUWlVUeZpqqRKbSdiNCkYE5uqL/pHd216CZhGqSC4przAa4D4SLdtWjyEiwVXvFQ+UbdhbiFhCkpTPkl0RCBFgA4XHc1DtlO4Hleao1wioTJBmnS6tFBjLtVTN3c0FAu9+F6IWGy0ZW/nneCYRo1DBTprsVWjGYKqPDyB8tf0V2Km0mYUiA/VHMJMS+G91s93mTG1MZlFU26C/ECeZwoBRrrZ63v0erhxaeidzCofPfw/c+QICVHrkw2Gj+xZvh+yprpkVYPC4xlrILTGuunS79XguRjnkOKSuadbMJYBGCc7lp6w0AroMKNS8s3667FqyRMDissrclhy7oDoFN119LlAwZXpusjQHaS70wOW75kVvPBQw8+0wWtHm1drREneWU6qhfJlckhmlo9mIBH2bKmr3ho9ru6z4GfyMc8FygoqT6HQbUE/CKV+yHCC2yhbMWyiqd0H7MfSZhcpDBUNYEtdQcIx9m86Y+JKHL6Ce33RSIRS/dx+pWEyWUmTIoMDbRl3kDg2QD2T3JzMWLc48XpqF4kYXKpZFs9iNAEk8qWPzTrbd3Hki4kTC535cSqC5Qy6gC+cEBvILzOTFMal85arbv2dCNh8oQBtHoQPifmW7Z/0HFXa2skrrvidCRh8pAerR7lADK7/jkO8P0dZmblyoenyWr0GkmYPKhw4ryTYBiL2EKQlTHFq6tG+E1CYRJCJEYeJxLCJhImIWwiYRLCJhImIWwiYRLCJv8P9sXhC7xE4kIAAAAldEVYdGRhdGU6Y3JlYXRlADIwMTktMDQtMTNUMDg6MTY6MDgrMDI6MDCcYZVaAAAAJXRFWHRkYXRlOm1vZGlmeQAyMDE5LTA0LTEzVDA4OjE2OjA4KzAyOjAw7Twt5gAAAABJRU5ErkJggg== + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - user.openshift.io + resources: + - groups + verbs: + - get + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - authorization.openshift.io + resources: + - rolebindings + verbs: + - get + - create + - update + - delete + - apiGroups: + - authorization.openshift.io + resources: + - roles + verbs: + - get + - create + - update + - apiGroups: + - project.openshift.io + resources: + - projectrequests + verbs: + - create + - update + - apiGroups: + - project.openshift.io + resources: + - projects + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - update + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - get + - list + - patch + - delete + - apiGroups: + - apps + resources: + - deployments + verbs: + - list + - create + - watch + - update + - get + - patch + - delete + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - che.eclipse.org + resources: + - kubernetesimagepullers + verbs: + - create + - delete + - get + - update + - list + - apiGroups: + - config.openshift.io + resourceNames: + - cluster + resources: + - consoles + verbs: + - get + - apiGroups: + - config.openshift.io + resourceNames: + - cluster + resources: + - proxies + verbs: + - get + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods/portforward + verbs: + - get + - list + - create + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - devworkspaceoperatorconfigs + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - create + - delete + - update + - use + - apiGroups: + - "" + resources: + - limitranges + verbs: + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + serviceAccountName: che-operator + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: che-operator + app.kubernetes.io/component: che-operator + app.kubernetes.io/instance: che + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: che + app.kubernetes.io/part-of: che.eclipse.org + spec: + containers: + - args: + - --leader-elect + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: 7.90.0 + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server@sha256:444219d424222c0064de545a51f05e4f06ef5f890206eea336f1642efc5fc9ef + - name: RELATED_IMAGE_dashboard + value: quay.io/eclipse/che-dashboard@sha256:4b70ab3143d1525d1f94e5ab7d68f405dece313bbdde7385890ce34d1609c79b + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry@sha256:ea684f6c6d9e9b3ae95febfe7d23ccbde8fef5466e9c8557656e38ea8b58f05b + - name: RELATED_IMAGE_che_tls_secrets_creation_job + value: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0 + - name: RELATED_IMAGE_single_host_gateway + value: quay.io/eclipse/che--traefik@sha256:8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de + - name: RELATED_IMAGE_single_host_gateway_config_sidecar + value: quay.io/che-incubator/configbump@sha256:d59a8e687c7d448ca4ca9d240f8feef78bb3326e0b72029f193377c9131c24cc + - name: RELATED_IMAGE_gateway_authentication_sidecar + value: quay.io/openshift/origin-oauth-proxy@sha256:870bfe92a4663720775c0dfe5728ecbb10a17f0644eef5f57276ec135034c6a1 + - name: RELATED_IMAGE_gateway_authorization_sidecar + value: quay.io/openshift/origin-kube-rbac-proxy@sha256:354fc75eb7a21a934381e93d03ef9d42bc2c8ae8989fdcacecfb39b863b96ced + - name: RELATED_IMAGE_gateway_authentication_sidecar_k8s + value: quay.io/oauth2-proxy/oauth2-proxy@sha256:393e63c3b924e3f78a5b592ad647417af4ea229398b7bebbbd7ef3d6181aceb5 + - name: RELATED_IMAGE_gateway_authorization_sidecar_k8s + value: quay.io/brancz/kube-rbac-proxy@sha256:738c854322f56d63ebab75de5210abcdd5e0782ce2d30c0ecd4620f63b24694d + - name: RELATED_IMAGE_gateway_header_sidecar + value: quay.io/che-incubator/header-rewrite-proxy@sha256:bd7873b8feef35f218f54c6251ea224bea2c8bf202a328230019a0ba2941245d + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: MAX_CONCURRENT_RECONCILES + value: "1" + - name: CHE_DEFAULT_SPEC_COMPONENTS_DASHBOARD_HEADERMESSAGE_TEXT + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTEDITOR + value: che-incubator/che-code/latest + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS + value: '[{"name": "universal-developer-image", "container": + {"image": "quay.io/devfile/universal-developer-image:ubi8-latest"}}]' + - name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL + value: https://open-vsx.org + - name: CHE_DEFAULT_SPEC_COMPONENTS_DEVFILEREGISTRY_EXTERNAL_DEVFILE_REGISTRIES + value: '[{"url": "https://registry.devfile.io"}]' + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES + value: "false" + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT + value: '{"allowPrivilegeEscalation": true,"capabilities": + {"add": ["SETGID", "SETUID"]}}' + - name: RELATED_IMAGE_editor_definition_che_code_latest_che_code_injector + value: quay.io/che-incubator/che-code@sha256:6f83b0121292537f1858103452b2e4cfecfafa3c5ad50b4307c0abd269b547b4 + - name: RELATED_IMAGE_editor_definition_che_code_latest_che_code_runtime_description + value: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + - name: RELATED_IMAGE_editor_definition_che_idea_next_che_idea_runtime_description + value: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + - name: RELATED_IMAGE_editor_definition_che_idea_next_che_idea_injector + value: quay.io/che-incubator/che-idea:next + - name: RELATED_IMAGE_editor_definition_che_idea_server_next_editor_injector + value: quay.io/che-incubator/che-idea-dev-server:next + - name: RELATED_IMAGE_editor_definition_che_idea_server_next_editor_runtime + value: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + - name: RELATED_IMAGE_editor_definition_che_idea_server_latest_editor_injector + value: quay.io/che-incubator/che-idea-dev-server:latest + - name: RELATED_IMAGE_editor_definition_che_idea_server_latest_editor_runtime + value: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + - name: RELATED_IMAGE_editor_definition_che_idea_latest_che_idea_runtime_description + value: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + - name: RELATED_IMAGE_editor_definition_che_idea_latest_che_idea_injector + value: quay.io/che-incubator/che-idea:latest + - name: RELATED_IMAGE_editor_definition_che_code_insiders_che_code_injector + value: quay.io/che-incubator/che-code@sha256:f2af2dd3e98ebb967ff27a2d24f91e8c03b4cafdaf0881a723c0d564633ea1eb + - name: RELATED_IMAGE_editor_definition_che_code_insiders_che_code_runtime_description + value: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + image: quay.io/eclipse/che-operator@sha256:aa51eb6e035f1cddbe2fe04301e7980fb90031820f9b1dac1641d471fc8a5e00 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: che-operator + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 60000 + name: metrics + readinessProbe: + failureThreshold: 10 + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 500m + memory: 2Gi + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + hostIPC: false + hostNetwork: false + hostPID: false + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 20 + permissions: + - rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - delete + - get + - update + - patch + - watch + - list + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - eclipse che + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: https://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse-che/che-operator + maintainers: + - email: abazko@redhat.com + name: Anatolii Bazko + maturity: stable + minKubeVersion: 1.19.0 + provider: + name: Eclipse Foundation + version: 7.90.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: che-operator + failurePolicy: Fail + generateName: vchecluster.kb.io + rules: + - apiGroups: + - org.eclipse.che + apiVersions: + - v2 + operations: + - CREATE + - UPDATE + resources: + - checlusters + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-org-eclipse-che-v2-checluster + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: che-operator + failurePolicy: Fail + generateName: mchecluster.kb.io + rules: + - apiGroups: + - org.eclipse.che + apiVersions: + - v2 + operations: + - CREATE + - UPDATE + resources: + - checlusters + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-org-eclipse-che-v2-checluster + - admissionReviewVersions: + - v1 + - v2 + containerPort: 443 + conversionCRDs: + - checlusters.org.eclipse.che + deploymentName: che-operator + generateName: ccheclusters.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + relatedImages: + - name: che-operator-7.90.0 + image: quay.io/eclipse/che-operator@sha256:aa51eb6e035f1cddbe2fe04301e7980fb90031820f9b1dac1641d471fc8a5e00 + # tag: quay.io/eclipse/che-operator:7.90.0 + - name: kube-rbac-proxy-v0.13.1 + image: quay.io/brancz/kube-rbac-proxy@sha256:738c854322f56d63ebab75de5210abcdd5e0782ce2d30c0ecd4620f63b24694d + # tag: quay.io/brancz/kube-rbac-proxy:v0.13.1 + - name: che-code-7.90.0 + image: quay.io/che-incubator/che-code@sha256:6f83b0121292537f1858103452b2e4cfecfafa3c5ad50b4307c0abd269b547b4 + # tag: quay.io/che-incubator/che-code:7.90.0 + - name: che-code-insiders + image: quay.io/che-incubator/che-code@sha256:f2af2dd3e98ebb967ff27a2d24f91e8c03b4cafdaf0881a723c0d564633ea1eb + # tag: quay.io/che-incubator/che-code:insiders + - name: configbump-7.90.0 + image: quay.io/che-incubator/configbump@sha256:d59a8e687c7d448ca4ca9d240f8feef78bb3326e0b72029f193377c9131c24cc + # tag: quay.io/che-incubator/configbump:7.90.0 + - name: header-rewrite-proxy-latest + image: quay.io/che-incubator/header-rewrite-proxy@sha256:bd7873b8feef35f218f54c6251ea224bea2c8bf202a328230019a0ba2941245d + # tag: quay.io/che-incubator/header-rewrite-proxy:latest + - name: universal-developer-image-latest + image: quay.io/devfile/universal-developer-image@sha256:8065b7ae5f00d2ee984a214e112ce09a513ae06a2a3d58cce11d3eec1137d623 + # tag: quay.io/devfile/universal-developer-image:latest + - name: che--traefik-v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de + image: quay.io/eclipse/che--traefik@sha256:8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de + # tag: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de + - name: che-dashboard-7.90.0 + image: quay.io/eclipse/che-dashboard@sha256:4b70ab3143d1525d1f94e5ab7d68f405dece313bbdde7385890ce34d1609c79b + # tag: quay.io/eclipse/che-dashboard:7.90.0 + - name: che-plugin-registry-7.90.0 + image: quay.io/eclipse/che-plugin-registry@sha256:ea684f6c6d9e9b3ae95febfe7d23ccbde8fef5466e9c8557656e38ea8b58f05b + # tag: quay.io/eclipse/che-plugin-registry:7.90.0 + - name: che-server-7.90.0 + image: quay.io/eclipse/che-server@sha256:444219d424222c0064de545a51f05e4f06ef5f890206eea336f1642efc5fc9ef + # tag: quay.io/eclipse/che-server:7.90.0 + - name: che-tls-secret-creator-alpine-01a4c34 + image: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0 + # tag: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34 + - name: oauth2-proxy-v7.4.0 + image: quay.io/oauth2-proxy/oauth2-proxy@sha256:393e63c3b924e3f78a5b592ad647417af4ea229398b7bebbbd7ef3d6181aceb5 + # tag: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 + - name: origin-kube-rbac-proxy-4.9 + image: quay.io/openshift/origin-kube-rbac-proxy@sha256:354fc75eb7a21a934381e93d03ef9d42bc2c8ae8989fdcacecfb39b863b96ced + # tag: quay.io/openshift/origin-kube-rbac-proxy:4.9 + - name: origin-oauth-proxy-4.9 + image: quay.io/openshift/origin-oauth-proxy@sha256:870bfe92a4663720775c0dfe5728ecbb10a17f0644eef5f57276ec135034c6a1 + # tag: quay.io/openshift/origin-oauth-proxy:4.9 diff --git a/operators/eclipse-che/7.90.0/manifests/org.eclipse.che_checlusters.yaml b/operators/eclipse-che/7.90.0/manifests/org.eclipse.che_checlusters.yaml new file mode 100644 index 00000000000..ec056d54647 --- /dev/null +++ b/operators/eclipse-che/7.90.0/manifests/org.eclipse.che_checlusters.yaml @@ -0,0 +1,8383 @@ +# +# Copyright (c) 2019-2024 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: che + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: che + app.kubernetes.io/part-of: che.eclipse.org + name: checlusters.org.eclipse.che +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: che-operator-service + namespace: eclipse-che + path: /convert + conversionReviewVersions: + - v1 + - v2 + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + versions: + - deprecated: true + deprecationWarning: org.eclipse.che/v1 CheCluster is deprecated and will be + removed in future releases + name: v1 + schema: + openAPIV3Schema: + description: The `CheCluster` custom resource allows defining and managing + a Che server installation + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: |- + Desired configuration of the Che installation. + Based on these settings, the Operator automatically creates and maintains + several ConfigMaps that will contain the appropriate environment variables + the various components of the Che installation. + These generated ConfigMaps must NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication + used by the Che installation. + properties: + debug: + description: |- + Deprecated. The value of this flag is ignored. + Debug internal identity provider. + type: boolean + externalIdentityProvider: + description: |- + Deprecated. The value of this flag is ignored. + Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). + Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). + By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, + no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. + See also all the other fields starting with: `identityProvider`. + type: boolean + gatewayAuthenticationSidecarImage: + description: |- + Gateway sidecar responsible for authentication when NativeUserMode is enabled. + See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. + type: string + gatewayAuthorizationSidecarImage: + description: |- + Gateway sidecar responsible for authorization when NativeUserMode is enabled. + See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] + type: string + gatewayConfigBumpEnv: + description: List of environment variables to set in the Configbump + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + gatewayEnv: + description: List of environment variables to set in the Gateway + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + gatewayHeaderRewriteSidecarImage: + description: Deprecated. The value of this flag is ignored. + Sidecar functionality is now implemented in Traefik plugin. + type: string + gatewayKubeRbacProxyEnv: + description: List of environment variables to set in the Kube + rbac proxy container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + gatewayOAuthProxyEnv: + description: List of environment variables to set in the OAuth + proxy container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + identityProviderAdminUserName: + description: |- + Deprecated. The value of this flag is ignored. + Overrides the name of the Identity Provider administrator user. Defaults to `admin`. + type: string + identityProviderClientId: + description: |- + Deprecated. The value of this flag is ignored. + Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. + Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. + type: string + identityProviderContainerResources: + description: |- + Deprecated. The value of this flag is ignored. + Identity provider container custom settings. + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + identityProviderImage: + description: |- + Deprecated. The value of this flag is ignored. + Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. + This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + type: string + identityProviderImagePullPolicy: + description: |- + Deprecated. The value of this flag is ignored. + Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. + Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + identityProviderIngress: + description: |- + Deprecated. The value of this flag is ignored. + Ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderPassword: + description: |- + Deprecated. The value of this flag is ignored. + Overrides the password of Keycloak administrator user. + Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + When omitted or left blank, it is set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: |- + Deprecated. The value of this flag is ignored. + Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. + Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + When omitted or left blank, it is set to an auto-generated password. + type: string + identityProviderPostgresSecret: + description: |- + Deprecated. The value of this flag is ignored. + The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. + When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: + 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. + 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + identityProviderRealm: + description: |- + Deprecated. The value of this flag is ignored. + Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. + Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + When omitted or left blank, it is set to the value of the `flavour` field. + type: string + identityProviderRoute: + description: |- + Deprecated. The value of this flag is ignored. + Route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: |- + Operator uses the domain to generate a hostname for a route. + In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`. + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderSecret: + description: |- + Deprecated. The value of this flag is ignored. + The secret that contains `user` and `password` for Identity Provider. + When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. + When the value is omitted or left blank, the one of following scenarios applies: + 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. + 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name + `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + identityProviderURL: + description: |- + Public URL of the Identity Provider server (Keycloak / RH-SSO server). + Set this ONLY when a use of an external Identity Provider is needed. + See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. + type: string + identityToken: + description: |- + Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. + Default value is `id_token`. + This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + type: string + initialOpenShiftOAuthUser: + description: |- + Deprecated. The value of this flag is ignored. + For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used. + If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider. + If the value is false and the user has already been created, then it will be removed. + If value is an empty, then do nothing. + The user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator. + Note that this solution is Openshift 4 platform-specific. + type: boolean + nativeUserMode: + description: |- + Deprecated. The value of this flag is ignored. + Enables native user mode. Currently works only on OpenShift and DevWorkspace engine. + Native User mode uses OpenShift OAuth directly as identity provider, without Keycloak. + type: boolean + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used + to setup identity federation on the OpenShift side. Auto-generated + when left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthScope: + description: |- + Access Token Scope. + This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift + side. Auto-generated when left blank. See also the `OAuthClientName` + field. + type: string + openShiftoAuth: + description: |- + Deprecated. The value of this flag is ignored. + Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. + Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, + and have their workspaces created under personal OpenShift namespaces. + WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. + type: boolean + updateAdminPassword: + description: |- + Deprecated. The value of this flag is ignored. + Forces the default `admin` Che user to update password on first login. Defaults to `false`. + type: boolean + type: object + dashboard: + description: Configuration settings related to the User Dashboard + used by the Che installation. + properties: + warning: + description: Warning message that will be displayed on the User + Dashboard + type: string + type: object + database: + description: Configuration settings related to the database used + by the Che installation. + properties: + chePostgresContainerResources: + description: PostgreSQL container custom settings + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + chePostgresDb: + description: PostgreSQL database name that the Che server uses + to connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: |- + PostgreSQL Database host name that the Che server uses to connect to. + Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. + In the default case it will be automatically set by the Operator. + type: string + chePostgresPassword: + description: PostgreSQL password that the Che server uses to + connect to the DB. When omitted or left blank, it will be + set to an automatically generated value. + type: string + chePostgresPort: + description: |- + PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. + Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. + type: string + chePostgresSecret: + description: |- + The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. + When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. + When the value is omitted or left blank, the one of following scenarios applies: + 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. + 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `postgres-credentials` + will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + chePostgresUser: + description: PostgreSQL user that the Che server uses to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: |- + Instructs the Operator on whether to deploy a dedicated database. + By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the + Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`. + type: boolean + postgresEnv: + description: List of environment variables to set in the PostgreSQL + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + postgresImage: + description: Overrides the container image used in the PostgreSQL + database deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the PostgreSQL + database deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + postgresVersion: + description: |- + Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`. + Migrate your PostgreSQL database to switch from one version to another. + type: string + pvcClaimSize: + description: |- + Size of the persistent volume claim for database. Defaults to `1Gi`. + To update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed. + type: string + type: object + devWorkspace: + description: DevWorkspace operator configuration + properties: + controllerImage: + description: |- + Overrides the container image used in the DevWorkspace controller deployment. + This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + type: string + enable: + description: |- + Deploys the DevWorkspace Operator in the cluster. + Does nothing when a matching version of the Operator is already installed. + Fails when a non-matching version of the Operator is already installed. + type: boolean + env: + description: List of environment variables to set in the DevWorkspace + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + runningLimit: + description: Maximum number of the running workspaces per user. + type: string + secondsOfInactivityBeforeIdling: + default: 1800 + description: |- + Idle timeout for workspaces in seconds. + This timeout is the duration after which a workspace will be idled if there is no activity. + To disable workspace idling due to inactivity, set this value to -1. + format: int32 + type: integer + secondsOfRunBeforeIdling: + default: -1 + description: |- + Run timeout for workspaces in seconds. + This timeout is the maximum duration a workspace runs. + To disable workspace run timeout, set this value to -1. + format: int32 + type: integer + required: + - enable + type: object + gitServices: + description: A configuration that allows users to work with remote + Git repositories. + properties: + bitbucket: + description: Enables users to work with repositories hosted + on Bitbucket (bitbucket.org or self-hosted). + items: + description: BitBucketService enables users to work with repositories + hosted on Bitbucket (bitbucket.org or self-hosted). + properties: + endpoint: + description: |- + Bitbucket server endpoint URL. + Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/. + type: string + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. + See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/. + type: string + required: + - secretName + type: object + type: array + github: + description: Enables users to work with repositories hosted + on GitHub (github.com or GitHub Enterprise). + items: + description: GitHubService enables users to work with repositories + hosted on GitHub (GitHub.com or GitHub Enterprise). + properties: + endpoint: + description: |- + GitHub server endpoint URL. + Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + type: string + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + type: string + required: + - secretName + type: object + type: array + gitlab: + description: Enables users to work with repositories hosted + on GitLab (gitlab.com or self-hosted). + items: + description: GitLabService enables users to work with repositories + hosted on GitLab (gitlab.com or self-hosted). + properties: + endpoint: + description: |- + GitLab server endpoint URL. + Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + type: string + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + type: string + required: + - secretName + type: object + type: array + type: object + imagePuller: + description: Kubernetes Image Puller configuration + properties: + enable: + description: |- + Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided, + it will create a default KubernetesImagePuller object to be managed by the Operator. + When set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled, + regardless of whether a spec is provided. + If the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and + pre-pulled after installation. + Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported + for pulling commercially-supported images. + type: boolean + spec: + description: A KubernetesImagePullerSpec to configure the image + puller in the CheCluster + properties: + affinity: + type: string + cachingCPULimit: + type: string + cachingCPURequest: + type: string + cachingIntervalHours: + type: string + cachingMemoryLimit: + type: string + cachingMemoryRequest: + type: string + configMapName: + type: string + daemonsetName: + type: string + deploymentName: + type: string + imagePullSecrets: + type: string + imagePullerImage: + type: string + images: + type: string + nodeSelector: + type: string + type: object + required: + - enable + type: object + k8s: + description: Configuration settings specific to Che installations + made on upstream Kubernetes. + properties: + ingressClass: + description: |- + Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. + NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. + type: string + ingressDomain: + description: 'Global ingress domain for a Kubernetes cluster. + This MUST be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: |- + Deprecated. The value of this flag is ignored. + Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress), + `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). + Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, + which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. + type: string + securityContextFsGroup: + description: The FSGroup in which the Che Pod and workspace + Pods containers runs in. Default value is `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che Pod and workspace Pods containers + run as. Default value is `1724`. + type: string + singleHostExposureType: + description: |- + Deprecated. The value of this flag is ignored. + When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. + The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s + or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. + All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. + type: string + tlsSecretName: + description: |- + Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. + When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` the Che server endpoint. Default + to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server, + the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: |- + Optional host name, or URL, to an alternate container registry to pull images from. + This value overrides the container registry host name defined in all the default container images involved in a Che deployment. + This is particularly useful to install Che in a restricted environment. + type: string + airGapContainerRegistryOrganization: + description: |- + Optional repository name of an alternate container registry to pull images from. + This value overrides the container registry organization defined in all the default container images involved in a Che deployment. + This is particularly useful to install Eclipse Che in a restricted environment. + type: string + allowAutoProvisionUserNamespace: + description: |- + Indicates if is allowed to automatically create a user namespace. + If it set to false, then user namespace must be pre-created by a cluster administrator. + type: boolean + allowUserDefinedWorkspaceNamespaces: + description: |- + Deprecated. The value of this flag is ignored. + Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. + It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. + type: boolean + cheClusterRoles: + description: |- + A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. + Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label. + Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults + to `false`. + type: string + cheFlavor: + description: |- + Deprecated. The value of this flag is ignored. + Specifies a variation of the installation. The options are `che` for upstream Che installations or + `devspaces` for Red Hat OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) installation + type: string + cheHost: + description: |- + Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. + See the `cheHostTLSSecret` field. + type: string + cheHostTLSSecret: + description: |- + Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + See the `cheHost` field. + type: string + cheImage: + description: |- + Overrides the container image used in Che deployment. This does NOT include the container image tag. + Omit it or leave it empty to use the default container image provided by the Operator. + type: string + cheImagePullPolicy: + description: |- + Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + cheImageTag: + description: |- + Overrides the tag of the container image used in Che deployment. + Omit it or leave it empty to use the default image tag provided by the Operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. + Defaults to `INFO`.' + type: string + cheServerEnv: + description: List of environment variables to set in the Che + server container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + cheServerIngress: + description: The Che server ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheServerRoute: + description: The Che server route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: |- + Operator uses the domain to generate a hostname for a route. + In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`. + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheWorkspaceClusterRole: + description: |- + Custom cluster role bound to the user for the Che workspaces. + The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. + The default roles are used when omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: |- + Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, + in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). + When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, + the value defined in the `customCheProperties` is used instead. + type: object + dashboardCpuLimit: + description: |- + Overrides the CPU limit used in the dashboard deployment. + In cores. (500m = .5 cores). Default to 500m. + type: string + dashboardCpuRequest: + description: |- + Overrides the CPU request used in the dashboard deployment. + In cores. (500m = .5 cores). Default to 100m. + type: string + dashboardEnv: + description: List of environment variables to set in the dashboard + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + dashboardImage: + description: |- + Overrides the container image used in the dashboard deployment. + This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + type: string + dashboardImagePullPolicy: + description: |- + Overrides the image pull policy used in the dashboard deployment. + Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + dashboardIngress: + description: |- + Deprecated. The value of this flag is ignored. + Dashboard ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + dashboardMemoryLimit: + description: Overrides the memory limit used in the dashboard + deployment. Defaults to 256Mi. + type: string + dashboardMemoryRequest: + description: Overrides the memory request used in the dashboard + deployment. Defaults to 16Mi. + type: string + dashboardRoute: + description: |- + Deprecated. The value of this flag is ignored. + Dashboard route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: |- + Operator uses the domain to generate a hostname for a route. + In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`. + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryCpuLimit: + description: |- + Overrides the CPU limit used in the devfile registry deployment. + In cores. (500m = .5 cores). Default to 500m. + type: string + devfileRegistryCpuRequest: + description: |- + Overrides the CPU request used in the devfile registry deployment. + In cores. (500m = .5 cores). Default to 100m. + type: string + devfileRegistryEnv: + description: List of environment variables to set in the plugin + registry container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + devfileRegistryImage: + description: |- + Overrides the container image used in the devfile registry deployment. + This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + type: string + devfileRegistryIngress: + description: |- + Deprecated. The value of this flag is ignored. + The devfile registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the devfile + registry deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the devfile + registry deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: |- + Overrides the image pull policy used in the devfile registry deployment. + Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryRoute: + description: |- + Deprecated. The value of this flag is ignored. + The devfile registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: |- + Operator uses the domain to generate a hostname for a route. + In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`. + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryUrl: + description: Deprecated in favor of `externalDevfileRegistries` + fields. + type: string + disableInternalClusterSVCNames: + description: |- + Deprecated. The value of this flag is ignored. + Disable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues. + type: boolean + externalDevfileRegistries: + description: |- + External devfile registries, that serves sample, ready-to-use devfiles. + Configure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`) + or instead of it (when `externalDevfileRegistry` is `true`) + items: + description: Settings for a configuration of the external + devfile registries. + properties: + url: + description: Public URL of the devfile registry. + type: string + type: object + type: array + externalDevfileRegistry: + description: |- + Instructs the Operator on whether to deploy a dedicated devfile registry server. + By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, + no such dedicated server will be started by the Operator and configure at least one + devfile registry with `externalDevfileRegistries` field. + type: boolean + externalPluginRegistry: + description: |- + Instructs the Operator on whether to deploy a dedicated plugin registry server. + By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server + will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: |- + When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. + Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label. + type: boolean + nonProxyHosts: + description: |- + List of hosts that will be reached directly, bypassing the proxy. + Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, + but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. + See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields. + type: string + openVSXRegistryURL: + description: Open VSX registry URL. If omitted an embedded instance + will be used. + type: string + pluginRegistryCpuLimit: + description: |- + Overrides the CPU limit used in the plugin registry deployment. + In cores. (500m = .5 cores). Default to 500m. + type: string + pluginRegistryCpuRequest: + description: |- + Overrides the CPU request used in the plugin registry deployment. + In cores. (500m = .5 cores). Default to 100m. + type: string + pluginRegistryEnv: + description: List of environment variables to set in the devfile + registry container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + pluginRegistryImage: + description: |- + Overrides the container image used in the plugin registry deployment. + This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. + type: string + pluginRegistryIngress: + description: |- + Deprecated. The value of this flag is ignored. + Plugin registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the plugin registry + deployment. Defaults to 1536Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the plugin + registry deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: |- + Overrides the image pull policy used in the plugin registry deployment. + Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryRoute: + description: |- + Deprecated. The value of this flag is ignored. + Plugin registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: |- + Operator uses the domain to generate a hostname for a route. + In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`. + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryUrl: + description: |- + Public URL of the plugin registry that serves sample ready-to-use devfiles. + Set this ONLY when a use of an external devfile registry is needed. + See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. + type: string + proxyPassword: + description: |- + Password of the proxy server. + Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL` and `nonProxyHosts` + fields. + type: string + proxySecret: + description: |- + The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + proxyURL: + description: |- + URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables + in the Che server and workspaces containers. + Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration + and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration + with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL`, `proxyPassword` + and `proxySecret` fields. + type: string + selfSignedCert: + description: |- + Deprecated. The value of this flag is ignored. + The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server. + type: boolean + serverCpuLimit: + description: |- + Overrides the CPU limit used in the Che server deployment + In cores. (500m = .5 cores). Default to 1. + type: string + serverCpuRequest: + description: |- + Overrides the CPU request used in the Che server deployment + In cores. (500m = .5 cores). Default to 100m. + type: string + serverExposureStrategy: + description: |- + Deprecated. The value of this flag is ignored. + Sets the server and workspaces exposure type. + Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. + `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. + Read the docs to learn about the limitations of this approach. + Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. + `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. + type: string + serverMemoryLimit: + description: Overrides the memory limit used in the Che server + deployment. Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: |- + Name of the ConfigMap with public certificates to add to Java trust store of the Che server. + This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. + The Che server must be aware of its CA cert to be able to request it. This is disabled by default. + The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + singleHostGatewayConfigMapLabels: + additionalProperties: + type: string + description: The labels that need to be present in the ConfigMaps + representing the gateway configuration. + type: object + singleHostGatewayConfigSidecarImage: + description: The image used for the gateway sidecar that provides + configuration to the gateway. Omit it or leave it empty to + use the default container image provided by the Operator. + type: string + singleHostGatewayImage: + description: The image used for the gateway in the single host + mode. Omit it or leave it empty to use the default container + image provided by the Operator. + type: string + tlsSupport: + description: Deprecated. Instructs the Operator to deploy Che + in TLS mode. This is enabled by default. Disabling TLS sometimes + cause malfunction of some Che components. + type: boolean + useInternalClusterSVCNames: + description: Deprecated in favor of `disableInternalClusterSVCNames`. + type: boolean + workspaceDefaultComponents: + description: |- + Default components applied to DevWorkspaces. + These default components are meant to be used when a Devfile does not contain any components. + items: + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + - Plugin + - Custom + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: |- + The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + command: + description: |- + The command to run in the dockerimage component instead of the default one provided in the image. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: |- + Specify if a container should run in its own separated pod, + instead of running as part of the main development environment pod. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + env: + description: |- + Environment variables used in this container. + + + The following variables are reserved and cannot be overridden via env: + + + - `$PROJECTS_ROOT` + + + - `$PROJECT_SOURCE` + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: |- + Toggles whether or not the project source code should + be mounted in the component. + + + Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + type: boolean + sourceMapping: + default: /projects + description: |- + Optional specification of the path in the container where + project sources should be transferred/mounted when `mountSources` is `true`. + When omitted, the default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: |- + The volume mount name is the name of an existing `Volume` component. + If several containers mount the same volume name + then they will reuse the same volume and will be able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: |- + The path in the component container where the volume should be mounted. + If not path is mentioned, default path is the is `/`. + type: string + required: + - name + type: object + type: array + required: + - image + type: object + custom: + description: |- + Custom component whose logic is implementation-dependant + and should be provided by the user + possibly through some dedicated controller + properties: + componentClass: + description: |- + Class of component that the associated implementation controller + should use to process this command with the appropriate logic + type: string + embeddedResource: + description: |- + Additional free-form configuration for this custom component + that the implementation controller will know how to use + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + required: + - componentClass + - embeddedResource + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + properties: + autoBuild: + description: |- + Defines if the image should be built during startup. + + + Default value is `false` + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: |- + Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + required for the Dockerfile build will be downloaded for building the image. + type: string + registryUrl: + description: |- + Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + To ensure the Dockerfile gets resolved consistently in different environments, + it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + type: string + required: + - id + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: |- + The revision to checkout from. Should be branch name, tag or commit id. + Default branch is used if missing or specified revision is not found. + type: string + type: object + fileLocation: + description: |- + Location of the Dockerfile in the Git repository when using git as Dockerfile src. + Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: |- + The remotes map which should be initialized in the git project. + Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + type: object + required: + - remotes + type: object + rootRequired: + description: |- + Specify if a privileged builder pod is required. + + + Default value is `false` + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: |- + URI Reference of a Dockerfile. + It can be a full URL or a relative URI from the current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + type: string + required: + - imageName + type: object + kubernetes: + description: |- + Allows importing into the devworkspace the Kubernetes resources + defined in a given manifest. For example this allows reusing the Kubernetes + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: |- + Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: |- + Allows importing into the devworkspace the OpenShift resources + defined in a given manifest. For example this allows reusing the OpenShift + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + plugin: + description: |- + Allows importing a plugin. + + + Plugins are mainly imported devfiles that contribute components, commands + and events as a consistent single unit. They are defined in either YAML files + following the devfile syntax, + or as `DevWorkspaceTemplate` Kubernetes Custom Resources + properties: + commands: + description: |- + Overrides of commands encapsulated in a parent devfile or a plugin. + Overriding is done according to K8S strategic merge patch standard rules. + items: + properties: + apply: + description: |- + Command that consists in applying a given component definition, + typically bound to a devworkspace event. + + + For example, when an `apply` command is bound to a `preStart` event, + and references a `container` component, it will start the container as a + K8S initContainer in the devworkspace POD, unless the component has its + `dedicatedPod` field set to `true`. + + + When no `apply` command exist for a given component, + it is assumed the component will be applied at devworkspace start + by default, unless `deployByDefault` for that component is set to false. + properties: + component: + description: Describes component that will + be applied + type: string + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: |- + Optional label that provides a label for this command + to be used in Editor UI menus for example + type: string + type: object + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: |- + Composite command that allows executing several sub-commands + either sequentially or concurrently + properties: + commands: + description: The commands that comprise + this composite command + items: + type: string + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: |- + Optional label that provides a label for this command + to be used in Editor UI menus for example + type: string + parallel: + description: Indicates if the sub-commands + should be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing + component container + properties: + commandLine: + description: |- + The actual command-line string + + + Special variables that can be used: + + + - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + + + - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + type: string + component: + description: Describes component to which + given action relates + type: string + env: + description: |- + Optional list of environment variables that have to be set + before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: |- + Specify whether the command is restarted or not when the source code changes. + If set to `true` the command won't be restarted. + A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. + A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. + This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. + + + Default value is `false` + type: boolean + label: + description: |- + Optional label that provides a label for this command + to be used in Editor UI menus for example + type: string + workingDir: + description: |- + Working directory where the command should be executed + + + Special variables that can be used: + + + - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + + + - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + type: string + type: object + id: + description: |- + Mandatory identifier that allows referencing + this command in composite commands, from + a parent, or in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: |- + Overrides of components encapsulated in a parent devfile or a plugin. + Overriding is done according to K8S strategic merge patch standard rules. + items: + properties: + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be + added to specific resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added + to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added + to service + type: object + type: object + args: + description: |- + The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + command: + description: |- + The command to run in the dockerimage component instead of the default one provided in the image. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: |- + Specify if a container should run in its own separated pod, + instead of running as part of the main development environment pod. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: |- + Environment variables used in this container. + + + The following variables are reserved and cannot be overridden via env: + + + - `$PROJECTS_ROOT` + + + - `$PROJECT_SOURCE` + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: |- + Toggles whether or not the project source code should + be mounted in the component. + + + Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + type: boolean + sourceMapping: + description: |- + Optional specification of the path in the container where + project sources should be transferred/mounted when `mountSources` is `true`. + When omitted, the default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that + should be mounted is this container. + items: + description: Volume that should be mounted + to a component container + properties: + name: + description: |- + The volume mount name is the name of an existing `Volume` component. + If several containers mount the same volume name + then they will reuse the same volume and will be able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: |- + The path in the component container where the volume should be mounted. + If not path is mentioned, default path is the is `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition + of an image for outer loop builds + properties: + autoBuild: + description: |- + Defines if the image should be built during startup. + + + Default value is `false` + type: boolean + dockerfile: + description: Allows specifying dockerfile + type build + properties: + args: + description: The arguments to supply + to the dockerfile build. + items: + type: string + type: array + buildContext: + description: Path of source directory + to establish build context. Defaults + to ${PROJECT_SOURCE} in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry + source + properties: + id: + description: |- + Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + required for the Dockerfile build will be downloaded for building the image. + type: string + registryUrl: + description: |- + Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + To ensure the Dockerfile gets resolved consistently in different environments, + it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the + project should be checked out. + Required if there are more than + one remote configured + properties: + remote: + description: The remote name + should be used as init. Required + if there are more than one + remote configured + type: string + revision: + description: |- + The revision to checkout from. Should be branch name, tag or commit id. + Default branch is used if missing or specified revision is not found. + type: string + type: object + fileLocation: + description: |- + Location of the Dockerfile in the Git repository when using git as Dockerfile src. + Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: |- + The remotes map which should be initialized in the git project. + Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + type: object + type: object + rootRequired: + description: |- + Specify if a privileged builder pod is required. + + + Default value is `false` + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: |- + URI Reference of a Dockerfile. + It can be a full URL or a relative URI from the current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting + outerloop build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: |- + Allows importing into the devworkspace the Kubernetes resources + defined in a given manifest. For example this allows reusing the Kubernetes + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + name: + description: |- + Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: |- + Allows importing into the devworkspace the OpenShift resources + defined in a given manifest. For example this allows reusing the OpenShift + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + volume: + description: |- + Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: |- + Ephemeral volumes are not stored persistently across restarts. Defaults + to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile + yaml file + type: string + importReferenceType: + description: type of location from where the referenced + template structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type + DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + registryUrl: + description: |- + Registry URL to pull the parent devfile from when using id in the parent reference. + To ensure the parent devfile gets resolved consistently in different environments, + it is recommended to always specify the `registryUrl` when `id` is used. + type: string + uri: + description: |- + URI Reference of a parent devfile YAML file. + It can be a full URL or a relative URI with the current devfile as the base URI. + type: string + version: + description: |- + Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. + To specify `version`, `id` must be defined and used as the import reference source. + `version` can be either a specific stack version, or `latest`. + If no `version` specified, default version will be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + type: object + volume: + description: |- + Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: |- + Ephemeral volumes are not stored persistently across restarts. Defaults + to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + workspaceDefaultEditor: + default: che-incubator/che-code/latest + description: |- + The default editor to workspace create with. It could be a plugin ID or a URI. + The plugin ID must have `publisher/plugin/version`. + The URI must start from `http`. + type: string + workspaceNamespaceDefault: + description: |- + Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. + It's possible to use ``, `` and `` placeholders, such as che-workspace-. + In that case, a new namespace will be created for each user or workspace. + type: string + workspacePodNodeSelector: + additionalProperties: + type: string + description: The node selector that limits the nodes that can + run the workspace pods. + type: object + workspacePodTolerations: + description: The pod tolerations put on the workspace pods to + limit where the workspace pods can run. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + workspacesDefaultPlugins: + description: Default plug-ins applied to Devworkspaces. + items: + properties: + editor: + description: The editor id to specify default plug-ins + for. + type: string + plugins: + description: Default plug-in uris for the specified editor. + items: + type: string + type: array + type: object + type: array + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + perWorkspaceStrategyPVCStorageClassName: + description: Storage class for the Persistent Volume Claims + dedicated to the Che workspaces. When omitted or left blank, + a default storage class is used. + type: string + perWorkspaceStrategyPvcClaimSize: + description: Size of the persistent volume claim for workspaces. + type: string + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the PostgreSQL database. When omitted or left blank, a + default storage class is used. + type: string + preCreateSubPaths: + description: |- + Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. + Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `10Gi`. + type: string + pvcJobsImage: + description: |- + Overrides the container image used to create sub-paths in the Persistent Volumes. + This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: |- + Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), + `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims + dedicated to the Che workspaces. When omitted or left blank, + a default storage class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + type: string + cheURL: + description: Public URL to the Che server. + type: string + cheVersion: + description: Current installed Che version. + type: string + dbProvisioned: + description: Indicates that a PostgreSQL instance has been correctly + provisioned or not. + type: boolean + devfileRegistryURL: + description: Public URL to the devfile registry. + type: string + devworkspaceStatus: + description: The status of the Devworkspace subsystem + properties: + gatewayHost: + description: |- + GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec + on Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift. + type: string + gatewayPhase: + description: |- + GatewayPhase specifies the phase in which the gateway deployment currently is. + If the gateway is disabled, the phase is "Inactive". + type: string + message: + description: Message contains further human-readable info for + why the Che cluster is in the phase it currently is. + type: string + phase: + description: Phase is the phase in which the Che cluster as + a whole finds itself in. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Che cluster is in this state. + type: string + workspaceBaseDomain: + description: |- + The resolved workspace base domain. This is either the copy of the explicitly defined property of the + same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically + resolved basedomain for routes. + type: string + type: object + gitHubOAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the GitHub OAuth. + type: boolean + gitServerTLSCertificateConfigMapName: + description: The ConfigMap containing certificates to propagate + to the Che components and to provide particular configuration + for Git. + type: string + helpLink: + description: A URL that points to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been provisioned with realm, client and user. + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server, Keycloak + or RH-SSO,. + type: string + message: + description: A human readable message indicating details about why + the Pod is in this condition. + type: string + openShiftOAuthUserCredentialsSecret: + description: OpenShift OAuth secret in `openshift-config` namespace + that contains user credentials for HTPasswd identity provider. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the OpenShift + OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the plugin registry. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Pod is in this state. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v2 + schema: + openAPIV3Schema: + description: |- + The `CheCluster` custom resource allows defining and managing Eclipse Che server installation. + Based on these settings, the Operator automatically creates and maintains several ConfigMaps: + `che`, `plugin-registry` that will contain the appropriate environment variables + of the various components of the installation. These generated ConfigMaps must NOT be updated manually. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Desired configuration of Eclipse Che installation. + properties: + components: + default: + cheServer: + debug: false + logLevel: INFO + metrics: + enable: true + description: Che components configuration. + properties: + cheServer: + default: + debug: false + logLevel: INFO + description: General configuration settings related to the Che + server. + properties: + clusterRoles: + description: |- + Additional ClusterRoles assigned to Che ServiceAccount. + Each role must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + The defaults roles are: + - `-cheworkspaces-clusterrole` + - `-cheworkspaces-namespaces-clusterrole` + - `-cheworkspaces-devworkspace-clusterrole` + where the is the namespace where the CheCluster CR is created. + The Che Operator must already have all permissions in these ClusterRoles to grant them. + items: + type: string + type: array + debug: + default: false + description: Enables the debug mode for Che server. + type: boolean + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + extraProperties: + additionalProperties: + type: string + description: |- + A map of additional environment variables applied in the generated `che` ConfigMap to be used by the Che server + in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). + If the `extraProperties` field contains a property normally generated in `che` ConfigMap from other CR fields, + the value defined in the `extraProperties` is used instead. + type: object + logLevel: + default: INFO + description: 'The log level for the Che server: `INFO` or + `DEBUG`.' + type: string + proxy: + description: |- + Proxy server settings for Kubernetes cluster. No additional configuration is required for OpenShift cluster. + By specifying these settings for the OpenShift cluster, you override the OpenShift proxy configuration. + properties: + credentialsSecretName: + description: |- + The secret name that contains `user` and `password` for a proxy server. + The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + nonProxyHosts: + description: |- + A list of hosts that can be reached directly, bypassing the proxy. + Specify wild card domain use the following form `.`, for example: + - localhost + - my.host.com + - 123.42.12.32 + Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, + defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources. + See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html. + items: + type: string + type: array + port: + description: Proxy server port. + type: string + url: + description: |- + URL (protocol+hostname) of the proxy server. + Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration, + defining `url` in a custom resource leads to overriding the cluster proxy configuration. + See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html. + type: string + type: object + type: object + dashboard: + description: Configuration settings related to the dashboard + used by the Che installation. + properties: + branding: + description: Dashboard branding resources. + properties: + logo: + description: Dashboard logo. + properties: + base64data: + type: string + mediatype: + type: string + required: + - base64data + - mediatype + type: object + type: object + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + headerMessage: + description: Dashboard header message. + properties: + show: + description: Instructs dashboard to show the message. + type: boolean + text: + description: Warning message displayed on the user dashboard. + type: string + type: object + logLevel: + default: ERROR + description: The log level for the Dashboard. + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - TRACE + - SILENT + type: string + type: object + devWorkspace: + description: DevWorkspace Operator configuration. + properties: + runningLimit: + description: |- + Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser` + The maximum number of running workspaces per user. + type: string + type: object + devfileRegistry: + description: Configuration settings related to the devfile registry + used by the Che installation. + properties: + deployment: + description: Deprecated deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + disableInternalRegistry: + description: Disables internal devfile registry. + type: boolean + externalDevfileRegistries: + description: External devfile registries serving sample + ready-to-use devfiles. + items: + description: External devfile registries configuration. + properties: + url: + description: The public UR of the devfile registry + that serves sample ready-to-use devfiles. + type: string + type: object + type: array + type: object + imagePuller: + description: Kubernetes Image Puller configuration. + properties: + enable: + description: |- + Install and configure the community supported Kubernetes Image Puller Operator. When you set the value to `true` without providing any specs, + it creates a default Kubernetes Image Puller object managed by the Operator. + When you set the value to `false`, the Kubernetes Image Puller object is deleted, and the Operator uninstalled, + regardless of whether a spec is provided. + If you leave the `spec.images` field empty, a set of recommended workspace-related images is automatically detected and + pre-pulled after installation. + Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported + for pulling commercially-supported images. + type: boolean + spec: + description: A Kubernetes Image Puller spec to configure + the image puller in the CheCluster. + properties: + affinity: + type: string + cachingCPULimit: + type: string + cachingCPURequest: + type: string + cachingIntervalHours: + type: string + cachingMemoryLimit: + type: string + cachingMemoryRequest: + type: string + configMapName: + type: string + daemonsetName: + type: string + deploymentName: + type: string + imagePullSecrets: + type: string + imagePullerImage: + type: string + images: + type: string + nodeSelector: + type: string + type: object + type: object + metrics: + default: + enable: true + description: Che server metrics configuration. + properties: + enable: + default: true + description: Enables `metrics` for the Che server endpoint. + type: boolean + type: object + pluginRegistry: + description: Configuration settings related to the plug-in registry + used by the Che installation. + properties: + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + disableInternalRegistry: + description: Disables internal plug-in registry. + type: boolean + externalPluginRegistries: + description: External plugin registries. + items: + description: External plug-in registries configuration. + properties: + url: + description: Public URL of the plug-in registry. + type: string + type: object + type: array + openVSXURL: + description: Open VSX registry URL. If omitted an embedded + instance will be used. + type: string + type: object + type: object + containerRegistry: + description: Configuration of an alternative registry that stores + Che images. + properties: + hostname: + description: |- + An optional hostname or URL of an alternative container registry to pull images from. + This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. + This is particularly useful for installing Che in a restricted environment. + type: string + organization: + description: |- + An optional repository name of an alternative registry to pull images from. + This value overrides the container registry organization defined in all the default container images involved in a Che deployment. + This is particularly useful for installing Eclipse Che in a restricted environment. + type: string + type: object + devEnvironments: + default: + defaultNamespace: + autoProvision: true + template: -che + maxNumberOfWorkspacesPerUser: -1 + secondsOfInactivityBeforeIdling: 1800 + secondsOfRunBeforeIdling: -1 + startTimeoutSeconds: 300 + storage: + pvcStrategy: per-user + description: Development environment default configuration options. + properties: + containerBuildConfiguration: + description: Container build configuration. + properties: + openShiftSecurityContextConstraint: + default: container-build + description: OpenShift security context constraint to build + containers. + type: string + type: object + defaultComponents: + description: |- + Default components applied to DevWorkspaces. + These default components are meant to be used when a Devfile, that does not contain any components. + items: + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + - Plugin + - Custom + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: |- + The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + command: + description: |- + The command to run in the dockerimage component instead of the default one provided in the image. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: |- + Specify if a container should run in its own separated pod, + instead of running as part of the main development environment pod. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + env: + description: |- + Environment variables used in this container. + + + The following variables are reserved and cannot be overridden via env: + + + - `$PROJECTS_ROOT` + + + - `$PROJECT_SOURCE` + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: |- + Toggles whether or not the project source code should + be mounted in the component. + + + Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + type: boolean + sourceMapping: + default: /projects + description: |- + Optional specification of the path in the container where + project sources should be transferred/mounted when `mountSources` is `true`. + When omitted, the default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: |- + The volume mount name is the name of an existing `Volume` component. + If several containers mount the same volume name + then they will reuse the same volume and will be able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: |- + The path in the component container where the volume should be mounted. + If not path is mentioned, default path is the is `/`. + type: string + required: + - name + type: object + type: array + required: + - image + type: object + custom: + description: |- + Custom component whose logic is implementation-dependant + and should be provided by the user + possibly through some dedicated controller + properties: + componentClass: + description: |- + Class of component that the associated implementation controller + should use to process this command with the appropriate logic + type: string + embeddedResource: + description: |- + Additional free-form configuration for this custom component + that the implementation controller will know how to use + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + required: + - componentClass + - embeddedResource + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + properties: + autoBuild: + description: |- + Defines if the image should be built during startup. + + + Default value is `false` + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: |- + Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + required for the Dockerfile build will be downloaded for building the image. + type: string + registryUrl: + description: |- + Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + To ensure the Dockerfile gets resolved consistently in different environments, + it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + type: string + required: + - id + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: |- + The revision to checkout from. Should be branch name, tag or commit id. + Default branch is used if missing or specified revision is not found. + type: string + type: object + fileLocation: + description: |- + Location of the Dockerfile in the Git repository when using git as Dockerfile src. + Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: |- + The remotes map which should be initialized in the git project. + Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + type: object + required: + - remotes + type: object + rootRequired: + description: |- + Specify if a privileged builder pod is required. + + + Default value is `false` + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: |- + URI Reference of a Dockerfile. + It can be a full URL or a relative URI from the current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + type: string + required: + - imageName + type: object + kubernetes: + description: |- + Allows importing into the devworkspace the Kubernetes resources + defined in a given manifest. For example this allows reusing the Kubernetes + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: |- + Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: |- + Allows importing into the devworkspace the OpenShift resources + defined in a given manifest. For example this allows reusing the OpenShift + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + plugin: + description: |- + Allows importing a plugin. + + + Plugins are mainly imported devfiles that contribute components, commands + and events as a consistent single unit. They are defined in either YAML files + following the devfile syntax, + or as `DevWorkspaceTemplate` Kubernetes Custom Resources + properties: + commands: + description: |- + Overrides of commands encapsulated in a parent devfile or a plugin. + Overriding is done according to K8S strategic merge patch standard rules. + items: + properties: + apply: + description: |- + Command that consists in applying a given component definition, + typically bound to a devworkspace event. + + + For example, when an `apply` command is bound to a `preStart` event, + and references a `container` component, it will start the container as a + K8S initContainer in the devworkspace POD, unless the component has its + `dedicatedPod` field set to `true`. + + + When no `apply` command exist for a given component, + it is assumed the component will be applied at devworkspace start + by default, unless `deployByDefault` for that component is set to false. + properties: + component: + description: Describes component that will + be applied + type: string + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: |- + Optional label that provides a label for this command + to be used in Editor UI menus for example + type: string + type: object + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: |- + Composite command that allows executing several sub-commands + either sequentially or concurrently + properties: + commands: + description: The commands that comprise + this composite command + items: + type: string + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: |- + Optional label that provides a label for this command + to be used in Editor UI menus for example + type: string + parallel: + description: Indicates if the sub-commands + should be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing + component container + properties: + commandLine: + description: |- + The actual command-line string + + + Special variables that can be used: + + + - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + + + - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + type: string + component: + description: Describes component to which + given action relates + type: string + env: + description: |- + Optional list of environment variables that have to be set + before running the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: |- + Specify whether the command is restarted or not when the source code changes. + If set to `true` the command won't be restarted. + A *hotReloadCapable* `run` or `debug` command is expected to handle file changes on its own and won't be restarted. + A *hotReloadCapable* `build` command is expected to be executed only once and won't be executed again. + This field is taken into account only for commands `build`, `run` and `debug` with `isDefault` set to `true`. + + + Default value is `false` + type: boolean + label: + description: |- + Optional label that provides a label for this command + to be used in Editor UI menus for example + type: string + workingDir: + description: |- + Working directory where the command should be executed + + + Special variables that can be used: + + + - `$PROJECTS_ROOT`: A path where projects sources are mounted as defined by container component's sourceMapping. + + + - `$PROJECT_SOURCE`: A path to a project source ($PROJECTS_ROOT/). If there are multiple projects, this will point to the directory of the first one. + type: string + type: object + id: + description: |- + Mandatory identifier that allows referencing + this command in composite commands, from + a parent, or in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: |- + Overrides of components encapsulated in a parent devfile or a plugin. + Overriding is done according to K8S strategic merge patch standard rules. + items: + properties: + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be + added to specific resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added + to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added + to service + type: object + type: object + args: + description: |- + The arguments to supply to the command running the dockerimage component. The arguments are supplied either to the default command provided in the image or to the overridden command. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + command: + description: |- + The command to run in the dockerimage component instead of the default one provided in the image. + + + Defaults to an empty array, meaning use whatever is defined in the image. + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: |- + Specify if a container should run in its own separated pod, + instead of running as part of the main development environment pod. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: |- + Environment variables used in this container. + + + The following variables are reserved and cannot be overridden via env: + + + - `$PROJECTS_ROOT` + + + - `$PROJECT_SOURCE` + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: |- + Toggles whether or not the project source code should + be mounted in the component. + + + Defaults to true for all component types except plugins and components that set `dedicatedPod` to true. + type: boolean + sourceMapping: + description: |- + Optional specification of the path in the container where + project sources should be transferred/mounted when `mountSources` is `true`. + When omitted, the default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that + should be mounted is this container. + items: + description: Volume that should be mounted + to a component container + properties: + name: + description: |- + The volume mount name is the name of an existing `Volume` component. + If several containers mount the same volume name + then they will reuse the same volume and will be able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: |- + The path in the component container where the volume should be mounted. + If not path is mentioned, default path is the is `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition + of an image for outer loop builds + properties: + autoBuild: + description: |- + Defines if the image should be built during startup. + + + Default value is `false` + type: boolean + dockerfile: + description: Allows specifying dockerfile + type build + properties: + args: + description: The arguments to supply + to the dockerfile build. + items: + type: string + type: array + buildContext: + description: Path of source directory + to establish build context. Defaults + to ${PROJECT_SOURCE} in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry + source + properties: + id: + description: |- + Id in a devfile registry that contains a Dockerfile. The src in the OCI registry + required for the Dockerfile build will be downloaded for building the image. + type: string + registryUrl: + description: |- + Devfile Registry URL to pull the Dockerfile from when using the Devfile Registry as Dockerfile src. + To ensure the Dockerfile gets resolved consistently in different environments, + it is recommended to always specify the `devfileRegistryUrl` when `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the + project should be checked out. + Required if there are more than + one remote configured + properties: + remote: + description: The remote name + should be used as init. Required + if there are more than one + remote configured + type: string + revision: + description: |- + The revision to checkout from. Should be branch name, tag or commit id. + Default branch is used if missing or specified revision is not found. + type: string + type: object + fileLocation: + description: |- + Location of the Dockerfile in the Git repository when using git as Dockerfile src. + Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: |- + The remotes map which should be initialized in the git project. + Projects must have at least one remote configured while StarterProjects & Image Component's Git source can only have at most one remote configured. + type: object + type: object + rootRequired: + description: |- + Specify if a privileged builder pod is required. + + + Default value is `false` + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: |- + URI Reference of a Dockerfile. + It can be a full URL or a relative URI from the current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting + outerloop build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: |- + Allows importing into the devworkspace the Kubernetes resources + defined in a given manifest. For example this allows reusing the Kubernetes + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + name: + description: |- + Mandatory name that allows referencing the component + from other elements (such as commands) or from an external + devfile that may reference this component through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: |- + Allows importing into the devworkspace the OpenShift resources + defined in a given manifest. For example this allows reusing the OpenShift + definitions used to deploy some runtime components in production. + properties: + deployByDefault: + description: |- + Defines if the component should be deployed during startup. + + + Default value is `false` + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: |- + Map of implementation-dependant string-based free-form attributes. + + + Examples of Che-specific attributes: + + + - cookiesAuthEnabled: "true" / "false", + + + - type: "terminal" / "ide" / "ide-dev", + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: |- + Describes how the endpoint should be exposed on the network. + + + - `public` means that the endpoint will be exposed on the public network, typically through + a K8S ingress or an OpenShift route. + + + - `internal` means that the endpoint will be exposed internally outside of the main devworkspace POD, + typically by K8S services, to be consumed by other elements running + on the same cloud internal network. + + + - `none` means that the endpoint will not be exposed and will only be accessible + inside the main devworkspace POD, on a local address. + + + Default value is `public` + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: |- + Describes the application and transport protocols of the traffic that will go through this endpoint. + + + - `http`: Endpoint will have `http` traffic, typically on a TCP connection. + It will be automaticaly promoted to `https` when the `secure` field is set to `true`. + + + - `https`: Endpoint will have `https` traffic, typically on a TCP connection. + + + - `ws`: Endpoint will have `ws` traffic, typically on a TCP connection. + It will be automaticaly promoted to `wss` when the `secure` field is set to `true`. + + + - `wss`: Endpoint will have `wss` traffic, typically on a TCP connection. + + + - `tcp`: Endpoint will have traffic on a TCP connection, without specifying an application protocol. + + + - `udp`: Endpoint will have traffic on an UDP connection, without specifying an application protocol. + + + Default value is `http` + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: |- + Describes whether the endpoint should be secured and protected by some + authentication process. This requires a protocol of `https` or `wss`. + type: boolean + targetPort: + description: |- + Port number to be used within the container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + volume: + description: |- + Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: |- + Ephemeral volumes are not stored persistently across restarts. Defaults + to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile + yaml file + type: string + importReferenceType: + description: type of location from where the referenced + template structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type + DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + registryUrl: + description: |- + Registry URL to pull the parent devfile from when using id in the parent reference. + To ensure the parent devfile gets resolved consistently in different environments, + it is recommended to always specify the `registryUrl` when `id` is used. + type: string + uri: + description: |- + URI Reference of a parent devfile YAML file. + It can be a full URL or a relative URI with the current devfile as the base URI. + type: string + version: + description: |- + Specific stack/sample version to pull the parent devfile from, when using id in the parent reference. + To specify `version`, `id` must be defined and used as the import reference source. + `version` can be either a specific stack version, or `latest`. + If no `version` specified, default version will be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + type: object + volume: + description: |- + Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: |- + Ephemeral volumes are not stored persistently across restarts. Defaults + to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + defaultEditor: + description: |- + The default editor to workspace create with. It could be a plugin ID or a URI. + The plugin ID must have `publisher/name/version` format. + The URI must start from `http://` or `https://`. + type: string + defaultNamespace: + default: + autoProvision: true + template: -che + description: User's default namespace. + properties: + autoProvision: + default: true + description: |- + Indicates if is allowed to automatically create a user namespace. + If it set to false, then user namespace must be pre-created by a cluster administrator. + type: boolean + template: + default: -che + description: |- + If you don't create the user namespaces in advance, this field defines the Kubernetes namespace created when you start your first workspace. + You can use `` and `` placeholders, such as che-workspace-. + pattern: | + type: string + type: object + defaultPlugins: + description: Default plug-ins applied to DevWorkspaces. + items: + properties: + editor: + description: |- + The editor ID to specify default plug-ins for. + The plugin ID must have `publisher/name/version` format. + type: string + plugins: + description: Default plug-in URIs for the specified editor. + items: + type: string + type: array + type: object + type: array + deploymentStrategy: + description: |- + DeploymentStrategy defines the deployment strategy to use to replace existing workspace pods + with new ones. The available deployment stragies are `Recreate` and `RollingUpdate`. + With the `Recreate` deployment strategy, the existing workspace pod is killed before the new one is created. + With the `RollingUpdate` deployment strategy, a new workspace pod is created and the existing workspace pod is deleted + only when the new workspace pod is in a ready state. + If not specified, the default `Recreate` deployment strategy is used. + enum: + - Recreate + - RollingUpdate + type: string + disableContainerBuildCapabilities: + description: |- + Disables the container build capabilities. + When set to `false` (the default value), the devEnvironments.security.containerSecurityContext + field is ignored, and the following container SecurityContext is applied: + + + containerSecurityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SETGID + - SETUID + type: boolean + gatewayContainer: + description: GatewayContainer configuration. + properties: + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave it empty + to use the default container image provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value is `Always` + for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + description: Describes the maximum amount of compute + resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount of compute + resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + ignoredUnrecoverableEvents: + description: |- + IgnoredUnrecoverableEvents defines a list of Kubernetes event names that should + be ignored when deciding to fail a workspace that is starting. This option should be used + if a transient cluster issue is triggering false-positives (for example, if + the cluster occasionally encounters FailedScheduling events). Events listed + here will not trigger workspace failures. + items: + type: string + type: array + imagePullPolicy: + description: ImagePullPolicy defines the imagePullPolicy used + for containers in a DevWorkspace. + enum: + - Always + - IfNotPresent + - Never + type: string + maxNumberOfRunningWorkspacesPerUser: + description: |- + The maximum number of running workspaces per user. + The value, -1, allows users to run an unlimited number of workspaces. + format: int64 + minimum: -1 + type: integer + maxNumberOfWorkspacesPerUser: + default: -1 + description: |- + Total number of workspaces, both stopped and running, that a user can keep. + The value, -1, allows users to keep an unlimited number of workspaces. + format: int64 + minimum: -1 + type: integer + nodeSelector: + additionalProperties: + type: string + description: The node selector limits the nodes that can run + the workspace pods. + type: object + persistUserHome: + description: |- + PersistUserHome defines configuration options for persisting the + user home directory in workspaces. + properties: + disableInitContainer: + description: |- + Determines whether the init container that initializes the persistent home directory should be disabled. + When the `/home/user` directory is persisted, the init container is used to initialize the directory before + the workspace starts. If set to true, the init container will not be created. + Disabling the init container allows home persistence to be initialized by the entrypoint present in the workspace's first container component. + This field is not used if the `devEnvironments.persistUserHome.enabled` field is set to false. + The init container is enabled by default. + type: boolean + enabled: + description: |- + Determines whether the user home directory in workspaces should persist between + workspace shutdown and startup. + Must be used with the 'per-user' or 'per-workspace' PVC strategy in order to take effect. + Disabled by default. + type: boolean + type: object + podSchedulerName: + description: |- + Pod scheduler for the workspace pods. + If not specified, the pod scheduler is set to the default scheduler on the cluster. + type: string + projectCloneContainer: + description: Project clone container configuration. + properties: + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave it empty + to use the default container image provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value is `Always` + for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + description: Describes the maximum amount of compute + resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount of compute + resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + secondsOfInactivityBeforeIdling: + default: 1800 + description: |- + Idle timeout for workspaces in seconds. + This timeout is the duration after which a workspace will be idled if there is no activity. + To disable workspace idling due to inactivity, set this value to -1. + format: int32 + type: integer + secondsOfRunBeforeIdling: + default: -1 + description: |- + Run timeout for workspaces in seconds. + This timeout is the maximum duration a workspace runs. + To disable workspace run timeout, set this value to -1. + format: int32 + type: integer + security: + description: Workspace security configuration. + properties: + containerSecurityContext: + description: |- + Container SecurityContext used by all workspace-related containers. + If set, defined values are merged into the default Container SecurityContext configuration. + Requires devEnvironments.disableContainerBuildCapabilities to be set to `true` in order to take effect. + properties: + allowPrivilegeEscalation: + description: |- + AllowPrivilegeEscalation controls whether a process can gain more + privileges than its parent process. This bool directly controls if + the no_new_privs flag will be set on the container process. + AllowPrivilegeEscalation is true always when the container is: + 1) run as Privileged + 2) has CAP_SYS_ADMIN + Note that this field cannot be set when spec.os.name is windows. + type: boolean + capabilities: + description: |- + The capabilities to add/drop when running containers. + Defaults to the default set of capabilities granted by the container runtime. + Note that this field cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: |- + Run container in privileged mode. + Processes in privileged containers are essentially equivalent to root on the host. + Defaults to false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: |- + procMount denotes the type of proc mount to use for the containers. + The default is DefaultProcMount which uses the container runtime defaults for + readonly paths and masked paths. + This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: |- + Whether this container has a read-only root filesystem. + Default is false. + Note that this field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to the container. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by this container. If seccomp options are + provided at both the pod & container level, the container options + override the pod options. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options from the PodSecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + This field is alpha-level and will only be honored by components that enable the + WindowsHostProcessContainers feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. All of a Pod's containers must + have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + podSecurityContext: + description: |- + PodSecurityContext used by all workspace-related pods. + If set, defined values are merged into the default PodSecurityContext configuration. + properties: + fsGroup: + description: |- + A special supplemental group that applies to all containers in a pod. + Some volume types allow the Kubelet to change the ownership of that volume + to be owned by the pod: + + + 1. The owning GID will be the FSGroup + 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) + + + If unset, the Kubelet will not modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + fsGroupChangePolicy: + description: |- + fsGroupChangePolicy defines behavior of changing ownership and permission of the volume + before being exposed inside Pod. This field will only apply to + volume types which support fsGroup based ownership(and permissions). + It will have no effect on ephemeral volume types such as: secret, configmaps + and emptydir. + Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name is windows. + type: string + runAsGroup: + description: |- + The GID to run the entrypoint of the container process. + Uses runtime default if unset. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: |- + Indicates that the container must run as a non-root user. + If true, the Kubelet will validate the image at runtime to ensure that it + does not run as UID 0 (root) and fail to start the container if it does. + If unset or false, no such validation will be performed. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: |- + The UID to run the entrypoint of the container process. + Defaults to user specified in image metadata if unspecified. + May also be set in SecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence + for that container. + Note that this field cannot be set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: |- + The SELinux context to be applied to all containers. + If unspecified, the container runtime will allocate a random SELinux context for each + container. May also be set in SecurityContext. If set in + both SecurityContext and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. + Note that this field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: |- + The seccomp options to use by the containers in this pod. + Note that this field cannot be set when spec.os.name is windows. + properties: + localhostProfile: + description: |- + localhostProfile indicates a profile defined in a file on the node should be used. + The profile must be preconfigured on the node to work. + Must be a descending path, relative to the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: |- + type indicates which kind of seccomp profile will be applied. + Valid options are: + + + Localhost - a profile defined in a file on the node should be used. + RuntimeDefault - the container runtime default profile should be used. + Unconfined - no profile should be applied. + type: string + required: + - type + type: object + supplementalGroups: + description: |- + A list of groups applied to the first process run in each container, in addition + to the container's primary GID, the fsGroup (if specified), and group memberships + defined in the container image for the uid of the container process. If unspecified, + no additional groups are added to any container. Note that group memberships + defined in the container image for the uid of the container process are still effective, + even if they are not included in this list. + Note that this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: |- + Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported + sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name is windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: |- + The Windows specific settings applied to all containers. + If unspecified, the options within a container's SecurityContext will be used. + If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: |- + GMSACredentialSpec is where the GMSA admission webhook + (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the + GMSA credential spec named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: |- + HostProcess determines if a container should be run as a 'Host Process' container. + This field is alpha-level and will only be honored by components that enable the + WindowsHostProcessContainers feature flag. Setting this field without the feature + flag will result in errors when validating the Pod. All of a Pod's containers must + have the same effective HostProcess value (it is not allowed to have a mix of HostProcess + containers and non-HostProcess containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: |- + The UserName in Windows to run the entrypoint of the container process. + Defaults to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set in both SecurityContext and + PodSecurityContext, the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + type: object + serviceAccount: + description: ServiceAccount to use by the DevWorkspace operator + when starting the workspaces. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + serviceAccountTokens: + description: List of ServiceAccount tokens that will be mounted + into workspace pods as projected volumes. + items: + properties: + audience: + description: |- + Audience is the intended audience of the token. A recipient of a token + must identify itself with an identifier specified in the audience of the + token, and otherwise should reject the token. The audience defaults to the + identifier of the apiserver. + type: string + expirationSeconds: + default: 3600 + description: |- + ExpirationSeconds is the requested duration of validity of the service + account token. As the token approaches expiration, the kubelet volume + plugin will proactively rotate the service account token. The kubelet will + start trying to rotate the token if the token is older than 80 percent of + its time to live or if the token is older than 24 hours. Defaults to 1 hour + and must be at least 10 minutes. + format: int64 + minimum: 600 + type: integer + mountPath: + description: |- + Path within the workspace container at which the token should be mounted. Must + not contain ':'. + type: string + name: + description: |- + Identifiable name of the ServiceAccount token. + If multiple ServiceAccount tokens use the same mount path, a generic name will be used + for the projected volume instead. + type: string + path: + description: |- + Path is the path relative to the mount point of the file to project the + token into. + type: string + required: + - mountPath + - name + - path + type: object + type: array + startTimeoutSeconds: + default: 300 + description: |- + StartTimeoutSeconds determines the maximum duration (in seconds) that a workspace can take to start + before it is automatically failed. + If not specified, the default value of 300 seconds (5 minutes) is used. + format: int32 + minimum: 1 + type: integer + storage: + default: + pvcStrategy: per-user + description: Workspaces persistent storage. + properties: + perUserStrategyPvcConfig: + description: PVC settings when using the `per-user` PVC + strategy. + properties: + claimSize: + description: Persistent Volume Claim size. To update + the claim size, the storage class that provisions + it must support resizing. + type: string + storageClass: + description: Storage class for the Persistent Volume + Claim. When omitted or left blank, a default storage + class is used. + type: string + type: object + perWorkspaceStrategyPvcConfig: + description: PVC settings when using the `per-workspace` + PVC strategy. + properties: + claimSize: + description: Persistent Volume Claim size. To update + the claim size, the storage class that provisions + it must support resizing. + type: string + storageClass: + description: Storage class for the Persistent Volume + Claim. When omitted or left blank, a default storage + class is used. + type: string + type: object + pvcStrategy: + default: per-user + description: |- + Persistent volume claim strategy for the Che server. + The supported strategies are: `per-user` (all workspaces PVCs in one volume), + `per-workspace` (each workspace is given its own individual PVC) + and `ephemeral` (non-persistent storage where local changes will be lost when + the workspace is stopped.) + enum: + - common + - per-user + - per-workspace + - ephemeral + type: string + type: object + tolerations: + description: The pod tolerations of the workspace pods limit + where the workspace pods can run. + items: + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . + properties: + effect: + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + trustedCerts: + description: Trusted certificate settings. + properties: + gitTrustedCertsConfigMapName: + description: |- + The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/ + The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + type: object + user: + description: User configuration. + properties: + clusterRoles: + description: |- + Additional ClusterRoles assigned to the user. + The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. + items: + type: string + type: array + type: object + workspacesPodAnnotations: + additionalProperties: + type: string + description: WorkspacesPodAnnotations defines additional annotations + for workspace pods. + type: object + type: object + gitServices: + description: A configuration that allows users to work with remote + Git repositories. + properties: + azure: + description: Enables users to work with repositories hosted + on Azure DevOps Service (dev.azure.com). + items: + description: AzureDevOpsService enables users to work with + repositories hosted on Azure DevOps Service (dev.azure.com). + properties: + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded Azure DevOps Service Application ID and Client Secret. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services + type: string + required: + - secretName + type: object + type: array + bitbucket: + description: Enables users to work with repositories hosted + on Bitbucket (bitbucket.org or self-hosted). + items: + description: BitBucketService enables users to work with repositories + hosted on Bitbucket (bitbucket.org or self-hosted). + properties: + endpoint: + description: |- + Bitbucket server endpoint URL. + Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/. + type: string + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded Bitbucket OAuth 1.0 or OAuth 2.0 data. + See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/. + type: string + required: + - secretName + type: object + type: array + github: + description: Enables users to work with repositories hosted + on GitHub (github.com or GitHub Enterprise). + items: + description: GitHubService enables users to work with repositories + hosted on GitHub (GitHub.com or GitHub Enterprise). + properties: + disableSubdomainIsolation: + description: |- + Disables subdomain isolation. + Deprecated in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` annotation. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + type: boolean + endpoint: + description: |- + GitHub server endpoint URL. + Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + type: string + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded GitHub OAuth Client id and GitHub OAuth Client secret. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/. + type: string + required: + - secretName + type: object + type: array + gitlab: + description: Enables users to work with repositories hosted + on GitLab (gitlab.com or self-hosted). + items: + description: GitLabService enables users to work with repositories + hosted on GitLab (gitlab.com or self-hosted). + properties: + endpoint: + description: |- + GitLab server endpoint URL. + Deprecated in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + type: string + secretName: + description: |- + Kubernetes secret, that contains Base64-encoded GitHub Application id and GitLab Application Client secret. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/. + type: string + required: + - secretName + type: object + type: array + type: object + networking: + default: + auth: + gateway: + configLabels: + app: che + component: che-gateway-config + description: Networking, Che authentication, and TLS configuration. + properties: + annotations: + additionalProperties: + type: string + description: |- + Defines annotations which will be set for an Ingress (a route for OpenShift platform). + The defaults for kubernetes platforms are: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600", + nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600", + nginx.ingress.kubernetes.io/ssl-redirect: "true" + type: object + auth: + default: + gateway: + configLabels: + app: che + component: che-gateway-config + description: Authentication settings. + properties: + advancedAuthorization: + description: |- + Advance authorization settings. Determines which users and groups are allowed to access Che. + User is allowed to access Che if he/she is either in the `allowUsers` list or is member of group from `allowGroups` list + and not in neither the `denyUsers` list nor is member of group from `denyGroups` list. + If `allowUsers` and `allowGroups` are empty, then all users are allowed to access Che. + if `denyUsers` and `denyGroups` are empty, then no users are denied to access Che. + properties: + allowGroups: + description: List of groups allowed to access Che (currently + supported in OpenShift only). + items: + type: string + type: array + allowUsers: + description: List of users allowed to access Che. + items: + type: string + type: array + denyGroups: + description: List of groups denied to access Che (currently + supported in OpenShift only). + items: + type: string + type: array + denyUsers: + description: List of users denied to access Che. + items: + type: string + type: array + type: object + gateway: + default: + configLabels: + app: che + component: che-gateway-config + description: Gateway settings. + properties: + configLabels: + additionalProperties: + type: string + default: + app: che + component: che-gateway-config + description: Gateway configuration labels. + type: object + deployment: + description: |- + Deployment override options. + Since gateway deployment consists of several containers, they must be distinguished in the configuration by their names: + - `gateway` + - `configbump` + - `oauth-proxy` + - `kube-rbac-proxy` + properties: + containers: + description: List of containers belonging to the + pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables + to set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment + variable. Must be a C_IDENTIFIER. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a + ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a + secret in the pod's namespace + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by + this container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: |- + CPU, in cores. (500m = .5 cores) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: |- + Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then the default value is set depending on the component. + If value is `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run + with. + properties: + fsGroup: + description: A special supplemental group that + applies to all containers in a pod. The default + value is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of + the container process. The default value is + `1724`. + format: int64 + type: integer + type: object + type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + oAuthProxy: + description: Configuration for oauth-proxy within the + Che gateway pod. + properties: + cookieExpireSeconds: + default: 86400 + description: Expire timeframe for cookie. If set + to 0, cookie becomes a session-cookie which will + expire when the browser is closed. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object + type: object + identityProviderURL: + description: Public URL of the Identity Provider server. + type: string + identityToken: + description: |- + Identity token to be passed to upstream. There are two types of tokens supported: `id_token` and `access_token`. + Default value is `id_token`. + This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + enum: + - id_token + - access_token + type: string + oAuthAccessTokenInactivityTimeoutSeconds: + description: |- + Inactivity timeout for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. + 0 means tokens for this client never time out. + format: int32 + type: integer + oAuthAccessTokenMaxAgeSeconds: + description: |- + Access token max age for tokens to set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. + 0 means no expiration. + format: int32 + type: integer + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource + used to set up identity federation on the OpenShift side. + type: string + oAuthScope: + description: |- + Access Token Scope. + This field is specific to Che installations made for Kubernetes only and ignored for OpenShift. + type: string + oAuthSecret: + description: |- + Name of the secret set in the OpenShift `OAuthClient` resource used to set up identity federation on the OpenShift side. + For Kubernetes, this can either be the plain text oAuthSecret value, or the name of a kubernetes secret which contains a + key `oAuthSecret` and the value is the secret. NOTE: this secret must exist in the same namespace as the `CheCluster` + resource and contain the label `app.kubernetes.io/part-of=che.eclipse.org`. + type: string + type: object + domain: + description: |- + For an OpenShift cluster, the Operator uses the domain to generate a hostname for the route. + The generated hostname follows this pattern: che-.. The is the namespace where the CheCluster CRD is created. + In conjunction with labels, it creates a route served by a non-default Ingress controller. + For a Kubernetes cluster, it contains a global ingress domain. There are no default values: you must specify them. + type: string + hostname: + description: The public hostname of the installed Che server. + type: string + ingressClassName: + description: |- + IngressClassName is the name of an IngressClass cluster resource. + If a class name is defined in both the `IngressClassName` field and the `kubernetes.io/ingress.class` annotation, + `IngressClassName` field takes precedence. + type: string + labels: + additionalProperties: + type: string + description: Defines labels which will be set for an Ingress + (a route for OpenShift platform). + type: object + tlsSecretName: + description: |- + The name of the secret used to set up Ingress TLS termination. + If the field is an empty string, the default cluster certificate is used. + The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + type: object + type: object + status: + description: Defines the observed state of Che installation. + properties: + chePhase: + description: Specifies the current phase of the Che deployment. + type: string + cheURL: + description: Public URL of the Che server. + type: string + cheVersion: + description: Currently installed Che version. + type: string + devfileRegistryURL: + description: Deprecated the public URL of the internal devfile registry. + type: string + gatewayPhase: + description: Specifies the current phase of the gateway deployment. + type: string + message: + description: A human readable message indicating details about why + the Che deployment is in the current phase. + type: string + pluginRegistryURL: + description: The public URL of the internal plug-in registry. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Che deployment is in the current phase. + type: string + workspaceBaseDomain: + description: |- + The resolved workspace base domain. This is either the copy of the explicitly defined property of the + same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically + resolved basedomain for routes. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: null + storedVersions: null diff --git a/operators/eclipse-che/7.90.0/metadata/annotations.yaml b/operators/eclipse-che/7.90.0/metadata/annotations.yaml new file mode 100644 index 00000000000..9aa666b7b09 --- /dev/null +++ b/operators/eclipse-che/7.90.0/metadata/annotations.yaml @@ -0,0 +1,27 @@ +# +# Copyright (c) 2019-2024 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: eclipse-che + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.9.0+git + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + + com.redhat.openshift.versions: "v4.8" diff --git a/operators/eclipse-che/7.90.0/metadata/dependencies.yaml b/operators/eclipse-che/7.90.0/metadata/dependencies.yaml new file mode 100644 index 00000000000..b8ba165d62e --- /dev/null +++ b/operators/eclipse-che/7.90.0/metadata/dependencies.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2019-2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +dependencies: +- type: olm.package + value: + packageName: devworkspace-operator + version: ">=0.11.0"