diff --git a/operators/eclipse-che/7.78.0/manifests/eclipse-che.v7.78.0.clusterserviceversion.yaml b/operators/eclipse-che/7.78.0/manifests/eclipse-che.v7.78.0.clusterserviceversion.yaml new file mode 100644 index 00000000000..3bab9912bd4 --- /dev/null +++ b/operators/eclipse-che/7.78.0/manifests/eclipse-che.v7.78.0.clusterserviceversion.yaml @@ -0,0 +1,1425 @@ +# +# Copyright (c) 2019-2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: operators.coreos.com/v1alpha1 +kind: ClusterServiceVersion +metadata: + annotations: + alm-examples: |- + [ + { + "apiVersion": "org.eclipse.che/v1", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che", + "namespace": "eclipse-che" + }, + "spec": { + "auth": { + "identityProviderURL": "", + "oAuthClientName": "", + "oAuthSecret": "" + }, + "database": { + "externalDb": false + }, + "k8s": { + "ingressDomain": null, + "tlsSecretName": null + }, + "metrics": { + "enable": true + }, + "server": { + "workspaceNamespaceDefault": "-che" + }, + "storage": { + "pvcStrategy": "common" + } + } + }, + { + "apiVersion": "org.eclipse.che/v2", + "kind": "CheCluster", + "metadata": { + "name": "eclipse-che", + "namespace": "eclipse-che" + }, + "spec": { + "components": {}, + "containerRegistry": {}, + "devEnvironments": {}, + "gitServices": {}, + "networking": {} + } + } + ] + capabilities: Seamless Upgrades + categories: Developer Tools + certified: "false" + containerImage: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a + createdAt: "2023-11-29T19:23:56Z" + description: A Kube-native development solution that delivers portable and collaborative + developer workspaces. + operatorframework.io/suggested-namespace: openshift-operators + operators.openshift.io/infrastructure-features: '["disconnected", "proxy-aware", + "fips"]' + operators.operatorframework.io/builder: operator-sdk-v1.9.0+git + operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 + repository: https://github.com/eclipse-che/che-operator + support: Eclipse Foundation + name: eclipse-che.v7.78.0 + namespace: placeholder +spec: + apiservicedefinitions: {} + customresourcedefinitions: + owned: + - description: 'The `CheCluster` custom resource allows defining and managing + Eclipse Che server installation. Based on these settings, the Operator + automatically creates and maintains several ConfigMaps: `che`, `plugin-registry`, + `devfile-registry` that will contain the appropriate environment variables + of the various components of the installation. These generated ConfigMaps + must NOT be updated manually.' + displayName: Eclipse Che instance Specification + kind: CheCluster + name: checlusters.org.eclipse.che + resources: + - kind: ClusterRole + name: '' + version: v1 + - kind: ClusterRoleBinding + name: '' + version: v1 + - kind: ConfigMap + name: '' + version: v1 + - kind: Deployment + name: '' + version: apps/v1 + - kind: Ingress + name: '' + version: v1 + - kind: Role + name: '' + version: v1 + - kind: RoleBinding + name: '' + version: v1 + - kind: Route + name: '' + version: v1 + - kind: Secret + name: '' + version: v1 + - kind: Service + name: '' + version: v1 + specDescriptors: + - description: Development environment default configuration options. + displayName: Development environments + path: devEnvironments + - description: Che components configuration. + displayName: Components + path: components + - description: A configuration that allows users to work with remote Git + repositories. + displayName: Git Services + path: gitServices + - description: Networking, Che authentication, and TLS configuration. + displayName: Networking + path: networking + - description: Configuration of an alternative registry that stores Che + images. + displayName: Container registry + path: containerRegistry + - description: Enables users to work with repositories hosted on Azure DevOps + Service (dev.azure.com). + displayName: Azure + path: gitServices.azure + - description: 'Kubernetes secret, that contains Base64-encoded Azure DevOps + Service Application ID and Client Secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services' + displayName: Secret Name + path: gitServices.azure[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on Bitbucket + (bitbucket.org or self-hosted). + displayName: Bitbucket + path: gitServices.bitbucket + - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket + OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.' + displayName: Secret Name + path: gitServices.bitbucket[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitHub + (github.com or GitHub Enterprise). + displayName: GitHub + path: gitServices.github + - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth + Client id and GitHub OAuth Client secret. See the following page for + details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + displayName: Secret Name + path: gitServices.github[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitLab + (gitlab.com or self-hosted). + displayName: GitLab + path: gitServices.gitlab + - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application + id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + displayName: Secret Name + path: gitServices.gitlab[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + statusDescriptors: + - description: Specifies the current phase of the Che deployment. + displayName: ChePhase + path: chePhase + x-descriptors: + - urn:alm:descriptor:text + - description: Public URL of the Che server. + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Currently installed Che version. + displayName: 'displayName: Eclipse Che version' + path: cheVersion + x-descriptors: + - urn:alm:descriptor:text + - description: The public URL of the internal devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Specifies the current phase of the gateway deployment. + displayName: Gateway phase + path: gatewayPhase + x-descriptors: + - urn:alm:descriptor:text + - description: A human readable message indicating details about why the + Che deployment is in the current phase. + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: The public URL of the internal plug-in registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A brief CamelCase message indicating details about why the + Che deployment is in the current phase. + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + - description: The resolved workspace base domain. This is either the copy + of the explicitly defined property of the same name in the spec or, + if it is undefined in the spec and we're running on OpenShift, the automatically + resolved basedomain for routes. + displayName: Workspace base domain + path: workspaceBaseDomain + x-descriptors: + - urn:alm:descriptor:text + version: v2 + - description: The `CheCluster` custom resource allows defining and managing + a Che server installation + displayName: Eclipse Che instance Specification + kind: CheCluster + name: checlusters.org.eclipse.che + resources: + - kind: ClusterRole + name: '' + version: v1 + - kind: ClusterRoleBinding + name: '' + version: v1 + - kind: ConfigMap + name: '' + version: v1 + - kind: Deployment + name: '' + version: apps/v1 + - kind: Ingress + name: '' + version: v1 + - kind: Role + name: '' + version: v1 + - kind: RoleBinding + name: '' + version: v1 + - kind: Route + name: '' + version: v1 + - kind: Secret + name: '' + version: v1 + - kind: Service + name: '' + version: v1 + specDescriptors: + - description: Configuration settings related to the Authentication used + by the Che installation. + displayName: Authentication + path: auth + - description: Deprecated. The value of this flag is ignored. Sidecar functionality + is now implemented in Traefik plugin. + displayName: Gateway Header Rewrite Sidecar Image + path: auth.gatewayHeaderRewriteSidecarImage + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Configuration settings related to the User Dashboard used + by the Che installation. + displayName: User Dashboard + path: dashboard + - description: Configuration settings related to the database used by the + Che installation. + displayName: Database + path: database + - description: DevWorkspace operator configuration + displayName: Dev Workspace operator + path: devWorkspace + - description: Deploys the DevWorkspace Operator in the cluster. Does nothing + when a matching version of the Operator is already installed. Fails + when a non-matching version of the Operator is already installed. + displayName: Enable DevWorkspace operator + path: devWorkspace.enable + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:booleanSwitch + - description: A configuration that allows users to work with remote Git + repositories. + displayName: Git Services + path: gitServices + - description: Enables users to work with repositories hosted on Bitbucket + (bitbucket.org or self-hosted). + displayName: Bitbucket + path: gitServices.bitbucket + - description: 'Kubernetes secret, that contains Base64-encoded Bitbucket + OAuth 1.0 or OAuth 2.0 data. See the following pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.' + displayName: Secret Name + path: gitServices.bitbucket[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitHub + (github.com or GitHub Enterprise). + displayName: GitHub + path: gitServices.github + - description: 'Kubernetes secret, that contains Base64-encoded GitHub OAuth + Client id and GitHub OAuth Client secret. See the following page for + details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + displayName: Secret Name + path: gitServices.github[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Enables users to work with repositories hosted on GitLab + (gitlab.com or self-hosted). + displayName: GitLab + path: gitServices.gitlab + - description: 'Kubernetes secret, that contains Base64-encoded GitHub Application + id and GitLab Application Client secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + displayName: Secret Name + path: gitServices.gitlab[0].secretName + x-descriptors: + - urn:alm:descriptor:io.kubernetes:Secret + - description: Kubernetes Image Puller configuration + displayName: Kubernetes Image Puller + path: imagePuller + - description: Configuration settings specific to Che installations made + on upstream Kubernetes. + displayName: Kubernetes + path: k8s + - description: Configuration settings related to the metrics collection + used by the Che installation. + displayName: Metrics + path: metrics + - description: General configuration settings related to the Che server, + the plugin and devfile registries + displayName: Che server + path: server + - description: Deprecated. The value of this flag is ignored. Defines that + a user is allowed to specify a Kubernetes namespace, or an OpenShift + project, which differs from the default. It's NOT RECOMMENDED to set + to `true` without OpenShift OAuth configured. The OpenShift infrastructure + also uses this property. + displayName: Allow User Defined Workspace Namespaces + path: server.allowUserDefinedWorkspaceNamespaces + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated in favor of `externalDevfileRegistries` fields. + displayName: Devfile Registry Url + path: server.devfileRegistryUrl + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated. The value of this flag is ignored. The Che Operator + will automatically detect whether the router certificate is self-signed + and propagate it to other components, such as the Che server. + displayName: Self Signed Cert + path: server.selfSignedCert + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated. Instructs the Operator to deploy Che in TLS mode. + This is enabled by default. Disabling TLS sometimes cause malfunction + of some Che components. + displayName: Tls Support + path: server.tlsSupport + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Deprecated in favor of `disableInternalClusterSVCNames`. + displayName: Use Internal Cluster SVCNames + path: server.useInternalClusterSVCNames + x-descriptors: + - urn:alm:descriptor:com.tectonic.ui:hidden + - description: Configuration settings related to the persistent storage + used by the Che installation. + displayName: Persistent storage + path: storage + statusDescriptors: + - description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + displayName: Status + path: cheClusterRunning + x-descriptors: + - urn:alm:descriptor:io.kubernetes.phase + - description: Public URL to the Che server. + displayName: Eclipse Che URL + path: cheURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Current installed Che version. + displayName: 'displayName: Eclipse Che version' + path: cheVersion + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Public URL to the devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: The ConfigMap containing certificates to propagate to the + Che components and to provide particular configuration for Git. + displayName: Git certificates + path: gitServerTLSCertificateConfigMapName + x-descriptors: + - urn:alm:descriptor:text + - description: A URL that points to some URL where to find help related + to the current Operator status. + displayName: Help link + path: helpLink + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: Public URL to the Identity Provider server, Keycloak or RH-SSO,. + displayName: Keycloak Admin Console URL + path: keycloakURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A human readable message indicating details about why the + Pod is in this condition. + displayName: Message + path: message + x-descriptors: + - urn:alm:descriptor:text + - description: OpenShift OAuth secret in `openshift-config` namespace that + contains user credentials for HTPasswd identity provider. + displayName: OpenShift OAuth secret in `openshift-config` namespace that + contains user credentials for HTPasswd identity provider. + path: openShiftOAuthUserCredentialsSecret + x-descriptors: + - urn:alm:descriptor:text + - description: Public URL to the plugin registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link + - description: A brief CamelCase message indicating details about why the + Pod is in this state. + displayName: Reason + path: reason + x-descriptors: + - urn:alm:descriptor:text + version: v1 + description: | + A collaborative Kubernetes-native development solution that delivers OpenShift workspaces and in-browser IDE for rapid cloud application development. + This operator installs the Plugin and Devfile registries, Dashboard, Gateway and the Eclipse Che server, and configures these services. + OpenShift OAuth is used directly for authentication. TLS mode is on. + + ## How to Install + Press the **Install** button, choose the channel and the upgrade strategy, and wait for the **Installed** Operator status. + When the operator is installed, create a new Custom Resource (CR) of Kind CheCluster (click the **Create New** button). + The CR spec contains all defaults. You can start using Eclipse Che when the CR status is set to **Available**, and you see a URL to Eclipse Che. + + ## Defaults + By default, the operator deploys Eclipse Che with: + * 10Gi storage + * Auto-generated passwords + * Bundled Plugin and Devfile registries + + Use `oc edit checluster/eclipse-che -n eclipse-che` to update Eclipse Che default installation options. + See more in the [Installation guide](https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-the-che-installation/). + + ### Certificates + Operator uses a default router certificate to secure Eclipse Che routes. + Follow the [guide](https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/) + to import certificates into Eclipse Che. + displayName: Eclipse Che + icon: + - base64data:  + mediatype: image/png + install: + spec: + clusterPermissions: + - rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - oauths + verbs: + - get + - list + - watch + - patch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + - proxies + verbs: + - get + - list + - watch + - apiGroups: + - user.openshift.io + resources: + - users + verbs: + - list + - delete + - apiGroups: + - user.openshift.io + resources: + - identities + verbs: + - delete + - apiGroups: + - console.openshift.io + resources: + - consolelinks + verbs: + - get + - list + - create + - update + - patch + - delete + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - roles + - rolebindings + verbs: + - list + - create + - watch + - update + - get + - delete + - apiGroups: + - authorization.openshift.io + resources: + - roles + - rolebindings + verbs: + - get + - create + - update + - delete + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + - checlusters/status + verbs: + - '*' + - apiGroups: + - project.openshift.io + resources: + - projectrequests + verbs: + - create + - update + - apiGroups: + - project.openshift.io + resources: + - projects + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - create + - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - get + - apiGroups: + - apps + resources: + - secrets + verbs: + - list + - apiGroups: + - "" + resources: + - secrets + verbs: + - list + - get + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - persistentvolumeclaims + verbs: + - create + - get + - list + - watch + - delete + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - create + - watch + - delete + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - '*' + - apiGroups: + - route.openshift.io + resources: + - routes/custom-host + verbs: + - create + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - replicasets + verbs: + - list + - get + - patch + - delete + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - create + - update + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + verbs: + - get + - apiGroups: + - operators.coreos.com + resources: + - clusterserviceversions + verbs: + - list + - get + - watch + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - cert-manager.io + resources: + - issuers + - certificates + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - configmaps + - persistentvolumeclaims + - pods + - secrets + - serviceaccounts + - services + verbs: + - '*' + - apiGroups: + - apps + resourceNames: + - che-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - update + - watch + - list + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - create + - get + - nonResourceURLs: + - /metrics + verbs: + - get + - apiGroups: + - che.eclipse.org + resources: + - kubernetesimagepullers + verbs: + - '*' + - apiGroups: + - config.openshift.io + resourceNames: + - cluster + resources: + - consoles + verbs: + - get + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get + - list + - watch + - apiGroups: + - workspace.devfile.io + resources: + - devworkspaces + - devworkspacetemplates + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + - devworkspaceoperatorconfigs + verbs: + - get + - list + - watch + - create + - delete + - patch + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - security.openshift.io + resources: + - securitycontextconstraints + verbs: + - get + - create + - delete + - update + - use + - apiGroups: + - "" + resources: + - limitranges + verbs: + - list + serviceAccountName: che-operator + deployments: + - name: che-operator + spec: + replicas: 1 + selector: + matchLabels: + app: che-operator + strategy: + type: RollingUpdate + template: + metadata: + labels: + app: che-operator + app.kubernetes.io/component: che-operator + app.kubernetes.io/instance: che + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: che + app.kubernetes.io/part-of: che.eclipse.org + spec: + containers: + - args: + - --leader-elect + command: + - /manager + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.annotations['olm.targetNamespaces'] + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: che-operator + - name: CHE_VERSION + value: 7.78.0 + - name: RELATED_IMAGE_che_server + value: quay.io/eclipse/che-server@sha256:6085a3486f1e0ee072fe874048130602f64d3260a94a11a99d5cfdb562d529f1 + - name: RELATED_IMAGE_dashboard + value: quay.io/eclipse/che-dashboard@sha256:8fd291de6db4fc5bc18805e6d5d1fe372e58e3d0f5b4a837b262f8feb1a564b5 + - name: RELATED_IMAGE_plugin_registry + value: quay.io/eclipse/che-plugin-registry@sha256:d8ca527076ee0dcda570d9d862969e9fbede7f96bbe5d750996d993ee47d6668 + - name: RELATED_IMAGE_devfile_registry + value: quay.io/eclipse/che-devfile-registry@sha256:4191a5b12b966b5e6f2213a89f0c26b28f070393232edbcaf2003c644e0042fc + - name: RELATED_IMAGE_che_tls_secrets_creation_job + value: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0 + - name: RELATED_IMAGE_single_host_gateway + value: quay.io/eclipse/che--traefik@sha256:bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2 + - name: RELATED_IMAGE_single_host_gateway_config_sidecar + value: quay.io/che-incubator/configbump@sha256:175ff2ba1bd74429de192c0a9facf39da5699c6da9f151bd461b3dc8624dd532 + - name: RELATED_IMAGE_gateway_authentication_sidecar + value: quay.io/openshift/origin-oauth-proxy@sha256:870bfe92a4663720775c0dfe5728ecbb10a17f0644eef5f57276ec135034c6a1 + - name: RELATED_IMAGE_gateway_authorization_sidecar + value: quay.io/openshift/origin-kube-rbac-proxy@sha256:354fc75eb7a21a934381e93d03ef9d42bc2c8ae8989fdcacecfb39b863b96ced + - name: RELATED_IMAGE_gateway_authentication_sidecar_k8s + value: quay.io/oauth2-proxy/oauth2-proxy@sha256:393e63c3b924e3f78a5b592ad647417af4ea229398b7bebbbd7ef3d6181aceb5 + - name: RELATED_IMAGE_gateway_authorization_sidecar_k8s + value: quay.io/brancz/kube-rbac-proxy@sha256:738c854322f56d63ebab75de5210abcdd5e0782ce2d30c0ecd4620f63b24694d + - name: RELATED_IMAGE_gateway_header_sidecar + value: quay.io/che-incubator/header-rewrite-proxy@sha256:bd7873b8feef35f218f54c6251ea224bea2c8bf202a328230019a0ba2941245d + - name: CHE_FLAVOR + value: che + - name: CONSOLE_LINK_NAME + value: che + - name: CONSOLE_LINK_DISPLAY_NAME + value: Eclipse Che + - name: CONSOLE_LINK_SECTION + value: Red Hat Applications + - name: CONSOLE_LINK_IMAGE + value: /dashboard/assets/branding/loader.svg + - name: MAX_CONCURRENT_RECONCILES + value: "1" + - name: CHE_DEFAULT_SPEC_COMPONENTS_DASHBOARD_HEADERMESSAGE_TEXT + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTEDITOR + value: che-incubator/che-code/latest + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS + value: '[{"name": "universal-developer-image", "container": + {"image": "quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74"}}]' + - name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL + value: https://open-vsx.org + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES + value: "false" + - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT + value: '{"allowPrivilegeEscalation": true,"capabilities": + {"add": ["SETGID", "SETUID"]}}' + - name: RELATED_IMAGE_che_editor_jupyter_plugin_registry_image_IBZWQYJSGU3DUOBTGQZTSYLFHFSWIY3BMEZWCOJXGUZTMNZUGIZTCNLBG44TCMTGHEZWKNBZHFTDIOJYGQ3WIYJQHE2GGNBYGAYDGMLFMFSTIYTBGQ3Q____ + value: index.docker.io/ksmster/che-editor-jupyter@sha256:83439ae9edcaa3a97536742315a7912f93e499f49847da094c480031eae4ba47 + - name: RELATED_IMAGE_dirigible_openshift_plugin_registry_image_IBZWQYJSGU3DUMZTGY2TMMZVMQYWKMBUGAZTMOJXMRSWCMBWG42GEYTCMRRTONBZMM2GEZJSMRRDEOJYGE4GCOJTMI4GKMLFGUZWGM3DGUYTINBRGEZQ____ + value: index.docker.io/dirigiblelabs/dirigible-openshift@sha256:3365635d1e0403697dea0674bbbdc749c4be2db29818a93b8e1e53c3c5144113 + - name: RELATED_IMAGE_eclipse_broadway_plugin_registry_image_IBZWQYJSGU3DUNJXMM4DEY3EHAYDMYJVGZTDMOLBME4DMNRTMY3DQNBQGVSDANZXHBRDMMRYMEZDSYJWGRTGEMJWHA4DCYRRGFRWKOLGGQ4DIZDEME3Q____ + value: index.docker.io/wsskeleton/eclipse-broadway@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7 + - name: RELATED_IMAGE_code_server_plugin_registry_image_IBZWQYJSGU3DUZLGGA3TEOBRGAYDIOJQHFRGEMTDGIZDQNBSGJSGMMTFHE4WCNLCME2WKNBVGBTGGZJXGU2DMYRYMZQTCOBWHA2TEZRSGNRGMNRXGUYQ____ + value: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751 + - name: RELATED_IMAGE_universal_developer_image_plugin_registry_image_IBZWQYJSGU3DUZRUMUZTCOBQGQYTGYLCGNSDCNRZGU3TMNBSMFTDSYRRGJRDAZBRGNQWMZJZMYZTIMRZMVRWINRSMZRTOMLFGI2DKNJTMNQTAY3EG42A____ + value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + - name: RELATED_IMAGE_che_code_plugin_registry_image_NFXHG2LEMVZHG___ + value: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81 + - name: RELATED_IMAGE_che_code_plugin_registry_image_IBZWQYJSGU3DUNRXGA3GEZJVMI3TANRUGQ3TAMLEGZSTCN3CGA4GEMZYG5RGINBTMJSGEM3DMIYDIM3DGBQWMZBXGZRDIOJQGRRDQNDGMNSTEOBWGYZA____ + value: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662 + - name: RELATED_IMAGE_che_idea_plugin_registry_image_NZSXQ5A_ + value: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690 + - name: RELATED_IMAGE_che_idea_plugin_registry_image_IBZWQYJSGU3DUODBMFSTMOLEMM2GEMDDGEZDENBZGFQTONJUGAYDMMZZMFTDAZTFHEZGENLFGIYTIYZWMU3DQYLDHE3WGZDBGI4WMYRVHBRDINBRGUYQ____ + value: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151 + - name: RELATED_IMAGE_che_pycharm_plugin_registry_image_NZSXQ5A_ + value: quay.io/che-incubator/che-pycharm@sha256:c3f377182ba3807b0675fc571167aed468fe4b03cd20a60449e15da3b7431797 + - name: RELATED_IMAGE_che_pycharm_plugin_registry_image_IBZWQYJSGU3DUN3DGBSTGZLBMJSDMMRUHE2TEMBRMNTDKYTBGBQTSMJTG43TMZBZG4ZGCMLFGZTGEOLDMYYWEY3EMM3TQYLGMNTDIZBXGI2TMYLGGQ3Q____ + value: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47 + - name: RELATED_IMAGE_che_code_devfile_registry_image_NFXHG2LEMVZHG___ + value: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81 + - name: RELATED_IMAGE_che_code_devfile_registry_image_IBZWQYJSGU3DUNRXGA3GEZJVMI3TANRUGQ3TAMLEGZSTCN3CGA4GEMZYG5RGINBTMJSGEM3DMIYDIM3DGBQWMZBXGZRDIOJQGRRDQNDGMNSTEOBWGYZA____ + value: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662 + - name: RELATED_IMAGE_che_idea_devfile_registry_image_NZSXQ5A_ + value: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690 + - name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_OVRGSOBNNRQXIZLTOQ______ + value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + - name: RELATED_IMAGE_universal_developer_image_devfile_registry_image_IBZWQYJSGU3DUZRUMUZTCOBQGQYTGYLCGNSDCNRZGU3TMNBSMFTDSYRRGJRDAZBRGNQWMZJZMYZTIMRZMVRWINRSMZRTOMLFGI2DKNJTMNQTAY3EG42A____ + value: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + - name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWCOJRGVSGEN3CMVRWCOBXGE4TQZTDMQ3TQNRQGA4DMOJYHFTGKODBGMZDOYJRME2GMNRVGA4DAMRVMI3DIYLCGI4GMY3DG42DEM3CGI______ + value: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2 + - name: RELATED_IMAGE_che__centos__mongodb_36_centos7_devfile_registry_image_NRQXIZLTOQWWMZTEMYZDIMZRMJRGGNTEHFQTSZBSMEYDGZJZGVRGEYTFHBQWIYRUHFQWEOLFMFRTGMBRMYZDMODBGM2TAMZYMM4DIMRYHAZDKOLDGE______ + value: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:ffdf2431bbc6d9a9d2a03e95bbbe8adb49ab9eac301f268a35038c84288259c1 + - name: RELATED_IMAGE_che__centos__mysql_57_centos7_devfile_registry_image_NRQXIZLTOQWWKMBYMVSTIZBUGNRDOMZVGY3DANZWHA2WENRZMJSGKNRTGM2WKMRXMNTDEMDDGAZDAZRTGQ2WENTDGZRTKOJUGAYDCOBTHA4DENZWGQ______ + value: quay.io/eclipse/che--centos--mysql-57-centos7@sha256:e08ee4d43b7356607685b69bde6335e27cf20c020f345b6c6c59400183882764 + - name: RELATED_IMAGE_che__mariadb_devfile_registry_image_GEYC4NZOGEWTKYJYGAYDSMZWHFSWKNJXMM4DKYRWMY2GCMBYGQYDMMJUG5RGIOLDGUYDKY3EMU3GEOBSGUYGIMJWMEZDOZBSME2WMZLCMZSGKYLEG4______ + value: quay.io/eclipse/che--mariadb@sha256:5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7 + - name: RELATED_IMAGE_ubi_minimal_devfile_registry_image_ + value: registry.access.redhat.com/ubi8/ubi-minimal@sha256:87bcbfedfd70e67aab3875fff103bade460aeff510033ebb36b7efa009ab6639 + image: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 10 + httpGet: + path: /healthz + port: 6789 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: che-operator + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 60000 + name: metrics + readinessProbe: + failureThreshold: 10 + httpGet: + path: /readyz + port: 6789 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: + cpu: 500m + memory: 1Gi + requests: + cpu: 100m + memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: false + hostIPC: false + hostNetwork: false + hostPID: false + restartPolicy: Always + serviceAccountName: che-operator + terminationGracePeriodSeconds: 20 + permissions: + - rules: + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - '*' + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - update + - watch + - list + - apiGroups: + - route.openshift.io + resources: + - routes + - routes/custom-host + verbs: + - '*' + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - create + - watch + - update + - get + - delete + - apiGroups: + - "" + resources: + - pods + - services + - serviceaccounts + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - pods/exec + - pods/log + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - apiGroups: + - apps + - extensions + resources: + - deployments + - replicasets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - org.eclipse.che + resources: + - checlusters + - checlusters/status + - checlusters/finalizers + verbs: + - '*' + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - operators.coreos.com + resources: + - subscriptions + - clusterserviceversions + - operatorgroups + verbs: + - '*' + - apiGroups: + - packages.operators.coreos.com + resources: + - packagemanifests + verbs: + - get + - list + - apiGroups: + - "" + resources: + - configmaps/status + verbs: + - get + - update + - patch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - apps + resourceNames: + - che-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings + verbs: + - '*' + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/finalizers + verbs: + - update + - apiGroups: + - controller.devfile.io + resources: + - devworkspaceroutings/status + verbs: + - get + - patch + - update + - apiGroups: + - oauth.openshift.io + resources: + - oauthclients + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + serviceAccountName: che-operator + strategy: deployment + installModes: + - supported: false + type: OwnNamespace + - supported: false + type: SingleNamespace + - supported: false + type: MultiNamespace + - supported: true + type: AllNamespaces + keywords: + - eclipse che + - workspaces + - devtools + - developer + - ide + - java + links: + - name: Product Page + url: http://www.eclipse.org/che + - name: Documentation + url: https://www.eclipse.org/che/docs + - name: Operator GitHub Repo + url: https://github.com/eclipse-che/che-operator + maintainers: + - email: abazko@redhat.com + name: Anatolii Bazko + maturity: stable + minKubeVersion: 1.19.0 + provider: + name: Eclipse Foundation + version: 7.78.0 + webhookdefinitions: + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: che-operator + failurePolicy: Fail + generateName: vchecluster.kb.io + rules: + - apiGroups: + - org.eclipse.che + apiVersions: + - v2 + operations: + - CREATE + - UPDATE + resources: + - checlusters + sideEffects: None + targetPort: 9443 + type: ValidatingAdmissionWebhook + webhookPath: /validate-org-eclipse-che-v2-checluster + - admissionReviewVersions: + - v1 + - v1beta1 + containerPort: 443 + deploymentName: che-operator + failurePolicy: Fail + generateName: mchecluster.kb.io + rules: + - apiGroups: + - org.eclipse.che + apiVersions: + - v2 + operations: + - CREATE + - UPDATE + resources: + - checlusters + sideEffects: None + targetPort: 9443 + type: MutatingAdmissionWebhook + webhookPath: /mutate-org-eclipse-che-v2-checluster + - admissionReviewVersions: + - v1 + - v2 + containerPort: 443 + conversionCRDs: + - checlusters.org.eclipse.che + deploymentName: che-operator + generateName: ccheclusters.kb.io + sideEffects: None + targetPort: 9443 + type: ConversionWebhook + webhookPath: /convert + relatedImages: + - name: che-operator-7.78.0 + image: quay.io/eclipse/che-operator@sha256:da76155c2c40eb4732b71ee1a7c4ec3140df96a04394c93754cb7bc36d827f0a + # tag: quay.io/eclipse/che-operator:7.78.0 + - name: kube-rbac-proxy-v0.13.1 + image: quay.io/brancz/kube-rbac-proxy@sha256:738c854322f56d63ebab75de5210abcdd5e0782ce2d30c0ecd4620f63b24694d + # tag: quay.io/brancz/kube-rbac-proxy:v0.13.1 + - name: configbump-0.1.4 + image: quay.io/che-incubator/configbump@sha256:175ff2ba1bd74429de192c0a9facf39da5699c6da9f151bd461b3dc8624dd532 + # tag: quay.io/che-incubator/configbump:0.1.4 + - name: header-rewrite-proxy-latest + image: quay.io/che-incubator/header-rewrite-proxy@sha256:bd7873b8feef35f218f54c6251ea224bea2c8bf202a328230019a0ba2941245d + # tag: quay.io/che-incubator/header-rewrite-proxy:latest + - name: che--traefik-v2.9.6-bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2 + image: quay.io/eclipse/che--traefik@sha256:bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2 + # tag: quay.io/eclipse/che--traefik:v2.9.6-bb7be8d50edf73d8d3a812ac8873ef354a0fe9b40d7f3880747b43a3525855d2 + - name: che-dashboard-7.78.0 + image: quay.io/eclipse/che-dashboard@sha256:8fd291de6db4fc5bc18805e6d5d1fe372e58e3d0f5b4a837b262f8feb1a564b5 + # tag: quay.io/eclipse/che-dashboard:7.78.0 + - name: che-devfile-registry-7.78.0 + image: quay.io/eclipse/che-devfile-registry@sha256:4191a5b12b966b5e6f2213a89f0c26b28f070393232edbcaf2003c644e0042fc + # tag: quay.io/eclipse/che-devfile-registry:7.78.0 + - name: che-plugin-registry-7.78.0 + image: quay.io/eclipse/che-plugin-registry@sha256:d8ca527076ee0dcda570d9d862969e9fbede7f96bbe5d750996d993ee47d6668 + # tag: quay.io/eclipse/che-plugin-registry:7.78.0 + - name: che-server-7.78.0 + image: quay.io/eclipse/che-server@sha256:6085a3486f1e0ee072fe874048130602f64d3260a94a11a99d5cfdb562d529f1 + # tag: quay.io/eclipse/che-server:7.78.0 + - name: che-tls-secret-creator-alpine-01a4c34 + image: quay.io/eclipse/che-tls-secret-creator@sha256:54df0ccf598d230e278d512c3b44bdf24edb280f71da32643db46e0120bfaee0 + # tag: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34 + - name: oauth2-proxy-v7.4.0 + image: quay.io/oauth2-proxy/oauth2-proxy@sha256:393e63c3b924e3f78a5b592ad647417af4ea229398b7bebbbd7ef3d6181aceb5 + # tag: quay.io/oauth2-proxy/oauth2-proxy:v7.4.0 + - name: origin-kube-rbac-proxy-4.9 + image: quay.io/openshift/origin-kube-rbac-proxy@sha256:354fc75eb7a21a934381e93d03ef9d42bc2c8ae8989fdcacecfb39b863b96ced + # tag: quay.io/openshift/origin-kube-rbac-proxy:4.9 + - name: origin-oauth-proxy-4.9 + image: quay.io/openshift/origin-oauth-proxy@sha256:870bfe92a4663720775c0dfe5728ecbb10a17f0644eef5f57276ec135034c6a1 + # tag: quay.io/openshift/origin-oauth-proxy:4.9 + - name: che-editor-jupyter-@sha256:83439ae9edcaa3a97536742315a7912f93e499f49847da094c480031eae4ba47 + image: index.docker.io/ksmster/che-editor-jupyter@sha256:83439ae9edcaa3a97536742315a7912f93e499f49847da094c480031eae4ba47 + # tag: index.docker.io/ksmster/che-editor-jupyter@sha256:83439ae9edcaa3a97536742315a7912f93e499f49847da094c480031eae4ba47 + - name: dirigible-openshift-@sha256:3365635d1e0403697dea0674bbbdc749c4be2db29818a93b8e1e53c3c5144113 + image: index.docker.io/dirigiblelabs/dirigible-openshift@sha256:3365635d1e0403697dea0674bbbdc749c4be2db29818a93b8e1e53c3c5144113 + # tag: index.docker.io/dirigiblelabs/dirigible-openshift@sha256:3365635d1e0403697dea0674bbbdc749c4be2db29818a93b8e1e53c3c5144113 + - name: eclipse-broadway-@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7 + image: index.docker.io/wsskeleton/eclipse-broadway@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7 + # tag: index.docker.io/wsskeleton/eclipse-broadway@sha256:57c82cd806a56f69aa8663f68405d0778b628a29a64fb16881b11ce9f484dda7 + - name: code-server-@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751 + image: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751 + # tag: index.docker.io/codercom/code-server@sha256:ef07281004909bb2c228422df2e99a5ba5e450fce7546b8fa186852f23bf6751 + - name: universal-developer-image-@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + image: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + # tag: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + - name: che-code-insiders + image: quay.io/che-incubator/che-code@sha256:a614dd6d5fa5002cb948eeb82680682471687983f43c3d8ae0afd7279a30ec81 + # tag: quay.io/che-incubator/che-code:insiders + - name: che-code-@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662 + image: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662 + # tag: quay.io/che-incubator/che-code@sha256:6706be5b70644701d6e17b08b387bd43bdb3cb043c0afd76b4904b84fce28662 + - name: che-idea-next + image: quay.io/che-incubator/che-idea@sha256:f5e9dae0ddc49e398514cf6dad5536467043dd582f6f62ae786400d2ebc5a690 + # tag: quay.io/che-incubator/che-idea:next + - name: che-idea-@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151 + image: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151 + # tag: quay.io/che-incubator/che-idea@sha256:8aae69dc4b0c122491a75400639af0fe92b5e214c6e68ac97cda29fb58b44151 + - name: che-pycharm-next + image: quay.io/che-incubator/che-pycharm@sha256:c3f377182ba3807b0675fc571167aed468fe4b03cd20a60449e15da3b7431797 + # tag: quay.io/che-incubator/che-pycharm:next + - name: che-pycharm-@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47 + image: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47 + # tag: quay.io/che-incubator/che-pycharm@sha256:7c0e3eabd62495201cf5ba0a913776d972a1e6fb9cf1bcdc78afcf4d7256af47 + - name: universal-developer-image-ubi8-latest + image: quay.io/devfile/universal-developer-image@sha256:f4e3180413ab3d16957642af9b12b0d13afe9f3429ecd62fc71e24553ca0cd74 + # tag: quay.io/devfile/universal-developer-image:ubi8-latest + - name: che--centos--mongodb-36-centos7-latest-a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2 + image: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2 + # tag: quay.io/eclipse/che--centos--mongodb-36-centos7:latest-a915db7beca87198fcd7860086989fe8a327a1a4f6508025b64ab28fcc7423b2 + - name: che--centos--mongodb-36-centos7-latest-ffdf2431bbc6d9a9d2a03e95bbbe8adb49ab9eac301f268a35038c84288259c1 + image: quay.io/eclipse/che--centos--mongodb-36-centos7@sha256:ffdf2431bbc6d9a9d2a03e95bbbe8adb49ab9eac301f268a35038c84288259c1 + # tag: quay.io/eclipse/che--centos--mongodb-36-centos7:latest-ffdf2431bbc6d9a9d2a03e95bbbe8adb49ab9eac301f268a35038c84288259c1 + - name: che--centos--mysql-57-centos7-latest-e08ee4d43b7356607685b69bde6335e27cf20c020f345b6c6c59400183882764 + image: quay.io/eclipse/che--centos--mysql-57-centos7@sha256:e08ee4d43b7356607685b69bde6335e27cf20c020f345b6c6c59400183882764 + # tag: quay.io/eclipse/che--centos--mysql-57-centos7:latest-e08ee4d43b7356607685b69bde6335e27cf20c020f345b6c6c59400183882764 + - name: che--mariadb-10.7.1-5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7 + image: quay.io/eclipse/che--mariadb@sha256:5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7 + # tag: quay.io/eclipse/che--mariadb:10.7.1-5a8009369ee57c85b6f4a08406147bd9c505cde6b8250d16a27d2a5febfdead7 + - name: ubi-minimal- + image: registry.access.redhat.com/ubi8/ubi-minimal@sha256:87bcbfedfd70e67aab3875fff103bade460aeff510033ebb36b7efa009ab6639 + # tag: registry.access.redhat.com/ubi8/ubi-minimal diff --git a/operators/eclipse-che/7.78.0/manifests/org.eclipse.che_checlusters.yaml b/operators/eclipse-che/7.78.0/manifests/org.eclipse.che_checlusters.yaml new file mode 100644 index 00000000000..c8e1e6ba5ee --- /dev/null +++ b/operators/eclipse-che/7.78.0/manifests/org.eclipse.che_checlusters.yaml @@ -0,0 +1,8346 @@ +# +# Copyright (c) 2019-2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + app.kubernetes.io/instance: che + app.kubernetes.io/managed-by: olm + app.kubernetes.io/name: che + app.kubernetes.io/part-of: che.eclipse.org + name: checlusters.org.eclipse.che +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: che-operator-service + namespace: eclipse-che + path: /convert + conversionReviewVersions: + - v1 + - v2 + group: org.eclipse.che + names: + kind: CheCluster + listKind: CheClusterList + plural: checlusters + singular: checluster + scope: Namespaced + versions: + - deprecated: true + deprecationWarning: org.eclipse.che/v1 CheCluster is deprecated and will be + removed in future releases + name: v1 + schema: + openAPIV3Schema: + description: The `CheCluster` custom resource allows defining and managing + a Che server installation + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of the Che installation. Based on + these settings, the Operator automatically creates and maintains + several ConfigMaps that will contain the appropriate environment variables + the various components of the Che installation. These generated ConfigMaps + must NOT be updated manually. + properties: + auth: + description: Configuration settings related to the Authentication + used by the Che installation. + properties: + debug: + description: Deprecated. The value of this flag is ignored. + Debug internal identity provider. + type: boolean + externalIdentityProvider: + description: 'Deprecated. The value of this flag is ignored. + Instructs the Operator on whether or not to deploy a dedicated + Identity Provider (Keycloak or RH SSO instance). Instructs + the Operator on whether to deploy a dedicated Identity Provider + (Keycloak or RH-SSO instance). By default, a dedicated Identity + Provider server is deployed as part of the Che installation. + When `externalIdentityProvider` is `true`, no dedicated identity + provider will be deployed by the Operator and you will need + to provide details about the external identity provider you + are about to use. See also all the other fields starting with: + `identityProvider`.' + type: boolean + gatewayAuthenticationSidecarImage: + description: Gateway sidecar responsible for authentication + when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] + or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. + type: string + gatewayAuthorizationSidecarImage: + description: Gateway sidecar responsible for authorization when + NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] + or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] + type: string + gatewayConfigBumpEnv: + description: List of environment variables to set in the Configbump + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gatewayEnv: + description: List of environment variables to set in the Gateway + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gatewayHeaderRewriteSidecarImage: + description: Deprecated. The value of this flag is ignored. + Sidecar functionality is now implemented in Traefik plugin. + type: string + gatewayKubeRbacProxyEnv: + description: List of environment variables to set in the Kube + rbac proxy container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + gatewayOAuthProxyEnv: + description: List of environment variables to set in the OAuth + proxy container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + identityProviderAdminUserName: + description: Deprecated. The value of this flag is ignored. + Overrides the name of the Identity Provider administrator + user. Defaults to `admin`. + type: string + identityProviderClientId: + description: Deprecated. The value of this flag is ignored. + Name of a Identity provider, Keycloak or RH-SSO, `client-id` + that is used for Che. Override this when an external Identity + Provider is in use. See the `externalIdentityProvider` field. + When omitted or left blank, it is set to the value of the + `flavour` field suffixed with `-public`. + type: string + identityProviderContainerResources: + description: Deprecated. The value of this flag is ignored. + Identity provider container custom settings. + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + identityProviderImage: + description: Deprecated. The value of this flag is ignored. + Overrides the container image used in the Identity Provider, + Keycloak or RH-SSO, deployment. This includes the image tag. + Omit it or leave it empty to use the default container image + provided by the Operator. + type: string + identityProviderImagePullPolicy: + description: Deprecated. The value of this flag is ignored. + Overrides the image pull policy used in the Identity Provider, + Keycloak or RH-SSO, deployment. Default value is `Always` + for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + type: string + identityProviderIngress: + description: Deprecated. The value of this flag is ignored. + Ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderPassword: + description: Deprecated. The value of this flag is ignored. + Overrides the password of Keycloak administrator user. Override + this when an external Identity Provider is in use. See the + `externalIdentityProvider` field. When omitted or left blank, + it is set to an auto-generated password. + type: string + identityProviderPostgresPassword: + description: Deprecated. The value of this flag is ignored. + Password for a Identity Provider, Keycloak or RH-SSO, to connect + to the database. Override this when an external Identity Provider + is in use. See the `externalIdentityProvider` field. When + omitted or left blank, it is set to an auto-generated password. + type: string + identityProviderPostgresSecret: + description: 'Deprecated. The value of this flag is ignored. + The secret that contains `password` for the Identity Provider, + Keycloak or RH-SSO, to connect to the database. When the secret + is defined, the `identityProviderPostgresPassword` is ignored. + When the value is omitted or left blank, the one of following + scenarios applies: 1. `identityProviderPostgresPassword` is + defined, then it will be used to connect to the database. + 2. `identityProviderPostgresPassword` is not defined, then + a new secret with the name `che-identity-postgres-secret` + will be created with an auto-generated value for `password`. + The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label.' + type: string + identityProviderRealm: + description: Deprecated. The value of this flag is ignored. + Name of a Identity provider, Keycloak or RH-SSO, realm that + is used for Che. Override this when an external Identity Provider + is in use. See the `externalIdentityProvider` field. When + omitted or left blank, it is set to the value of the `flavour` + field. + type: string + identityProviderRoute: + description: Deprecated. The value of this flag is ignored. + Route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + identityProviderSecret: + description: 'Deprecated. The value of this flag is ignored. + The secret that contains `user` and `password` for Identity + Provider. When the secret is defined, the `identityProviderAdminUserName` + and `identityProviderPassword` are ignored. When the value + is omitted or left blank, the one of following scenarios applies: + 1. `identityProviderAdminUserName` and `identityProviderPassword` + are defined, then they will be used. 2. `identityProviderAdminUserName` + or `identityProviderPassword` are not defined, then a new + secret with the name `che-identity-secret` will be created + with default value `admin` for `user` and with an auto-generated + value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label.' + type: string + identityProviderURL: + description: Public URL of the Identity Provider server (Keycloak + / RH-SSO server). Set this ONLY when a use of an external + Identity Provider is needed. See the `externalIdentityProvider` + field. By default, this will be automatically calculated and + set by the Operator. + type: string + identityToken: + description: 'Identity token to be passed to upstream. There + are two types of tokens supported: `id_token` and `access_token`. + Default value is `id_token`. This field is specific to Che + installations made for Kubernetes only and ignored for OpenShift.' + type: string + initialOpenShiftOAuthUser: + description: Deprecated. The value of this flag is ignored. + For operating with the OpenShift OAuth authentication, create + a new user account since the kubeadmin can not be used. If + the value is true, then a new OpenShift OAuth user will be + created for the HTPasswd identity provider. If the value is + false and the user has already been created, then it will + be removed. If value is an empty, then do nothing. The user's + credentials are stored in the `openshift-oauth-user-credentials` + secret in 'openshift-config' namespace by Operator. Note that + this solution is Openshift 4 platform-specific. + type: boolean + nativeUserMode: + description: Deprecated. The value of this flag is ignored. + Enables native user mode. Currently works only on OpenShift + and DevWorkspace engine. Native User mode uses OpenShift OAuth + directly as identity provider, without Keycloak. + type: boolean + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource used + to setup identity federation on the OpenShift side. Auto-generated + when left blank. See also the `OpenShiftoAuth` field. + type: string + oAuthScope: + description: Access Token Scope. This field is specific to Che + installations made for Kubernetes only and ignored for OpenShift. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to setup identity federation on the OpenShift + side. Auto-generated when left blank. See also the `OAuthClientName` + field. + type: string + openShiftoAuth: + description: 'Deprecated. The value of this flag is ignored. + Enables the integration of the identity provider (Keycloak + / RHSSO) with OpenShift OAuth. Empty value on OpenShift by + default. This will allow users to directly login with their + OpenShift user through the OpenShift login, and have their + workspaces created under personal OpenShift namespaces. WARNING: + the `kubeadmin` user is NOT supported, and logging through + it will NOT allow accessing the Che Dashboard.' + type: boolean + updateAdminPassword: + description: Deprecated. The value of this flag is ignored. + Forces the default `admin` Che user to update password on + first login. Defaults to `false`. + type: boolean + type: object + dashboard: + description: Configuration settings related to the User Dashboard + used by the Che installation. + properties: + warning: + description: Warning message that will be displayed on the User + Dashboard + type: string + type: object + database: + description: Configuration settings related to the database used + by the Che installation. + properties: + chePostgresContainerResources: + description: PostgreSQL container custom settings + properties: + limits: + description: Limits describes the maximum amount of compute + resources allowed. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + request: + description: Requests describes the minimum amount of compute + resources required. + properties: + cpu: + description: CPU, in cores. (500m = .5 cores) + type: string + memory: + description: Memory, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + type: string + type: object + type: object + chePostgresDb: + description: PostgreSQL database name that the Che server uses + to connect to the DB. Defaults to `dbche`. + type: string + chePostgresHostName: + description: PostgreSQL Database host name that the Che server + uses to connect to. Defaults is `postgres`. Override this + value ONLY when using an external database. See field `externalDb`. + In the default case it will be automatically set by the Operator. + type: string + chePostgresPassword: + description: PostgreSQL password that the Che server uses to + connect to the DB. When omitted or left blank, it will be + set to an automatically generated value. + type: string + chePostgresPort: + description: PostgreSQL Database port that the Che server uses + to connect to. Defaults to 5432. Override this value ONLY + when using an external database. See field `externalDb`. In + the default case it will be automatically set by the Operator. + type: string + chePostgresSecret: + description: 'The secret that contains PostgreSQL`user` and + `password` that the Che server uses to connect to the DB. + When the secret is defined, the `chePostgresUser` and `chePostgresPassword` + are ignored. When the value is omitted or left blank, the + one of following scenarios applies: 1. `chePostgresUser` and + `chePostgresPassword` are defined, then they will be used + to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` + are not defined, then a new secret with the name `postgres-credentials` + will be created with default value of `pgche` for `user` and + with an auto-generated value for `password`. The secret must + have `app.kubernetes.io/part-of=che.eclipse.org` label.' + type: string + chePostgresUser: + description: PostgreSQL user that the Che server uses to connect + to the DB. Defaults to `pgche`. + type: string + externalDb: + description: 'Instructs the Operator on whether to deploy a + dedicated database. By default, a dedicated PostgreSQL database + is deployed as part of the Che installation. When `externalDb` + is `true`, no dedicated database will be deployed by the Operator + and you will need to provide connection details to the external + DB you are about to use. See also all the fields starting + with: `chePostgres`.' + type: boolean + postgresEnv: + description: List of environment variables to set in the PostgreSQL + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + postgresImage: + description: Overrides the container image used in the PostgreSQL + database deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + postgresImagePullPolicy: + description: Overrides the image pull policy used in the PostgreSQL + database deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + postgresVersion: + description: 'Indicates a PostgreSQL version image to use. Allowed + values are: `9.6` and `13.3`. Migrate your PostgreSQL database + to switch from one version to another.' + type: string + pvcClaimSize: + description: Size of the persistent volume claim for database. + Defaults to `1Gi`. To update pvc storageclass that provisions + it must support resize when Eclipse Che has been already deployed. + type: string + type: object + devWorkspace: + description: DevWorkspace operator configuration + properties: + controllerImage: + description: Overrides the container image used in the DevWorkspace + controller deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + enable: + description: Deploys the DevWorkspace Operator in the cluster. + Does nothing when a matching version of the Operator is already + installed. Fails when a non-matching version of the Operator + is already installed. + type: boolean + env: + description: List of environment variables to set in the DevWorkspace + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + runningLimit: + description: Maximum number of the running workspaces per user. + type: string + secondsOfInactivityBeforeIdling: + default: 1800 + description: Idle timeout for workspaces in seconds. This timeout + is the duration after which a workspace will be idled if there + is no activity. To disable workspace idling due to inactivity, + set this value to -1. + format: int32 + type: integer + secondsOfRunBeforeIdling: + default: -1 + description: Run timeout for workspaces in seconds. This timeout + is the maximum duration a workspace runs. To disable workspace + run timeout, set this value to -1. + format: int32 + type: integer + required: + - enable + type: object + gitServices: + description: A configuration that allows users to work with remote + Git repositories. + properties: + bitbucket: + description: Enables users to work with repositories hosted + on Bitbucket (bitbucket.org or self-hosted). + items: + description: BitBucketService enables users to work with repositories + hosted on Bitbucket (bitbucket.org or self-hosted). + properties: + endpoint: + description: 'Bitbucket server endpoint URL. Deprecated + in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.' + type: string + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following + pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.' + type: string + required: + - secretName + type: object + type: array + github: + description: Enables users to work with repositories hosted + on GitHub (github.com or GitHub Enterprise). + items: + description: GitHubService enables users to work with repositories + hosted on GitHub (GitHub.com or GitHub Enterprise). + properties: + endpoint: + description: 'GitHub server endpoint URL. Deprecated in + favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + type: string + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + GitHub OAuth Client id and GitHub OAuth Client secret. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + type: string + required: + - secretName + type: object + type: array + gitlab: + description: Enables users to work with repositories hosted + on GitLab (gitlab.com or self-hosted). + items: + description: GitLabService enables users to work with repositories + hosted on GitLab (gitlab.com or self-hosted). + properties: + endpoint: + description: 'GitLab server endpoint URL. Deprecated in + favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + type: string + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + GitHub Application id and GitLab Application Client + secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + type: string + required: + - secretName + type: object + type: array + type: object + imagePuller: + description: Kubernetes Image Puller configuration + properties: + enable: + description: Install and configure the Community Supported Kubernetes + Image Puller Operator. When set to `true` and no spec is provided, + it will create a default KubernetesImagePuller object to be + managed by the Operator. When set to `false`, the KubernetesImagePuller + object will be deleted, and the Operator will be uninstalled, + regardless of whether a spec is provided. If the `spec.images` + field is empty, a set of recommended workspace-related images + will be automatically detected and pre-pulled after installation. + Note that while this Operator and its behavior is community-supported, + its payload may be commercially-supported for pulling commercially-supported + images. + type: boolean + spec: + description: A KubernetesImagePullerSpec to configure the image + puller in the CheCluster + properties: + affinity: + type: string + cachingCPULimit: + type: string + cachingCPURequest: + type: string + cachingIntervalHours: + type: string + cachingMemoryLimit: + type: string + cachingMemoryRequest: + type: string + configMapName: + type: string + daemonsetName: + type: string + deploymentName: + type: string + imagePullSecrets: + type: string + imagePullerImage: + type: string + images: + type: string + nodeSelector: + type: string + type: object + required: + - enable + type: object + k8s: + description: Configuration settings specific to Che installations + made on upstream Kubernetes. + properties: + ingressClass: + description: 'Ingress class that will define the which controller + will manage ingresses. Defaults to `nginx`. NB: This drives + the `kubernetes.io/ingress.class` annotation on Che-related + ingresses.' + type: string + ingressDomain: + description: 'Global ingress domain for a Kubernetes cluster. + This MUST be explicitly specified: there are no defaults.' + type: string + ingressStrategy: + description: 'Deprecated. The value of this flag is ignored. + Strategy for ingress creation. Options are: `multi-host` (host + is explicitly provided in ingress), `single-host` (host is + provided, path-based rules) and `default-host` (no host is + provided, path-based rules). Defaults to `multi-host` Deprecated + in favor of `serverExposureStrategy` in the `server` section, + which defines this regardless of the cluster type. When both + are defined, the `serverExposureStrategy` option takes precedence.' + type: string + securityContextFsGroup: + description: The FSGroup in which the Che Pod and workspace + Pods containers runs in. Default value is `1724`. + type: string + securityContextRunAsUser: + description: ID of the user the Che Pod and workspace Pods containers + run as. Default value is `1724`. + type: string + singleHostExposureType: + description: Deprecated. The value of this flag is ignored. + When the serverExposureStrategy is set to `single-host`, the + way the server, registries and workspaces are exposed is further + configured by this property. The possible values are `native`, + which means that the server and workspaces are exposed using + ingresses on K8s or `gateway` where the server and workspaces + are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. + All the endpoints whether backed by the ingress or gateway + `route` always point to the subpaths on the same domain. Defaults + to `native`. + type: string + tlsSecretName: + description: Name of a secret that will be used to setup ingress + TLS termination when TLS is enabled. When the field is empty + string, the default cluster certificate will be used. See + also the `tlsSupport` field. + type: string + type: object + metrics: + description: Configuration settings related to the metrics collection + used by the Che installation. + properties: + enable: + description: Enables `metrics` the Che server endpoint. Default + to `true`. + type: boolean + type: object + server: + description: General configuration settings related to the Che server, + the plugin and devfile registries + properties: + airGapContainerRegistryHostname: + description: Optional host name, or URL, to an alternate container + registry to pull images from. This value overrides the container + registry host name defined in all the default container images + involved in a Che deployment. This is particularly useful + to install Che in a restricted environment. + type: string + airGapContainerRegistryOrganization: + description: Optional repository name of an alternate container + registry to pull images from. This value overrides the container + registry organization defined in all the default container + images involved in a Che deployment. This is particularly + useful to install Eclipse Che in a restricted environment. + type: string + allowAutoProvisionUserNamespace: + description: Indicates if is allowed to automatically create + a user namespace. If it set to false, then user namespace + must be pre-created by a cluster administrator. + type: boolean + allowUserDefinedWorkspaceNamespaces: + description: Deprecated. The value of this flag is ignored. + Defines that a user is allowed to specify a Kubernetes namespace, + or an OpenShift project, which differs from the default. It's + NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. + The OpenShift infrastructure also uses this property. + type: boolean + cheClusterRoles: + description: A comma-separated list of ClusterRoles that will + be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org` + label. Be aware that the Che Operator has to already have + all permissions in these ClusterRoles to grant them. + type: string + cheDebug: + description: Enables the debug mode for Che server. Defaults + to `false`. + type: string + cheFlavor: + description: Deprecated. The value of this flag is ignored. + Specifies a variation of the installation. The options are `che` + for upstream Che installations or `devspaces` for Red Hat + OpenShift Dev Spaces (formerly Red Hat CodeReady Workspaces) + installation + type: string + cheHost: + description: Public host name of the installed Che server. When + value is omitted, the value it will be automatically set by + the Operator. See the `cheHostTLSSecret` field. + type: string + cheHostTLSSecret: + description: Name of a secret containing certificates to secure + ingress or route for the custom host name of the installed + Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label. See the `cheHost` field. + type: string + cheImage: + description: Overrides the container image used in Che deployment. + This does NOT include the container image tag. Omit it or + leave it empty to use the default container image provided + by the Operator. + type: string + cheImagePullPolicy: + description: Overrides the image pull policy used in Che deployment. + Default value is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + type: string + cheImageTag: + description: Overrides the tag of the container image used in + Che deployment. Omit it or leave it empty to use the default + image tag provided by the Operator. + type: string + cheLogLevel: + description: 'Log level for the Che server: `INFO` or `DEBUG`. + Defaults to `INFO`.' + type: string + cheServerEnv: + description: List of environment variables to set in the Che + server container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + cheServerIngress: + description: The Che server ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheServerRoute: + description: The Che server route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + cheWorkspaceClusterRole: + description: Custom cluster role bound to the user for the Che + workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org` + label. The default roles are used when omitted or left blank. + type: string + customCheProperties: + additionalProperties: + type: string + description: Map of additional environment variables that will + be applied in the generated `che` ConfigMap to be used by + the Che server, in addition to the values already generated + from other fields of the `CheCluster` custom resource (CR). + When `customCheProperties` contains a property that would + be normally generated in `che` ConfigMap from other CR fields, + the value defined in the `customCheProperties` is used instead. + type: object + dashboardCpuLimit: + description: Overrides the CPU limit used in the dashboard deployment. + In cores. (500m = .5 cores). Default to 500m. + type: string + dashboardCpuRequest: + description: Overrides the CPU request used in the dashboard + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + dashboardEnv: + description: List of environment variables to set in the dashboard + container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + dashboardImage: + description: Overrides the container image used in the dashboard + deployment. This includes the image tag. Omit it or leave + it empty to use the default container image provided by the + Operator. + type: string + dashboardImagePullPolicy: + description: Overrides the image pull policy used in the dashboard + deployment. Default value is `Always` for `nightly`, `next` + or `latest` images, and `IfNotPresent` in other cases. + type: string + dashboardIngress: + description: Deprecated. The value of this flag is ignored. + Dashboard ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + dashboardMemoryLimit: + description: Overrides the memory limit used in the dashboard + deployment. Defaults to 256Mi. + type: string + dashboardMemoryRequest: + description: Overrides the memory request used in the dashboard + deployment. Defaults to 16Mi. + type: string + dashboardRoute: + description: Deprecated. The value of this flag is ignored. + Dashboard route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryCpuLimit: + description: Overrides the CPU limit used in the devfile registry + deployment. In cores. (500m = .5 cores). Default to 500m. + type: string + devfileRegistryCpuRequest: + description: Overrides the CPU request used in the devfile registry + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + devfileRegistryEnv: + description: List of environment variables to set in the plugin + registry container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + devfileRegistryImage: + description: Overrides the container image used in the devfile + registry deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + devfileRegistryIngress: + description: Deprecated. The value of this flag is ignored. + The devfile registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryMemoryLimit: + description: Overrides the memory limit used in the devfile + registry deployment. Defaults to 256Mi. + type: string + devfileRegistryMemoryRequest: + description: Overrides the memory request used in the devfile + registry deployment. Defaults to 16Mi. + type: string + devfileRegistryPullPolicy: + description: Overrides the image pull policy used in the devfile + registry deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + devfileRegistryRoute: + description: Deprecated. The value of this flag is ignored. + The devfile registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + devfileRegistryUrl: + description: Deprecated in favor of `externalDevfileRegistries` + fields. + type: string + disableInternalClusterSVCNames: + description: Deprecated. The value of this flag is ignored. + Disable internal cluster SVC names usage to communicate between + components to speed up the traffic and avoid proxy issues. + type: boolean + externalDevfileRegistries: + description: External devfile registries, that serves sample, + ready-to-use devfiles. Configure this in addition to a dedicated + devfile registry (when `externalDevfileRegistry` is `false`) + or instead of it (when `externalDevfileRegistry` is `true`) + items: + description: Settings for a configuration of the external + devfile registries. + properties: + url: + description: Public URL of the devfile registry. + type: string + type: object + type: array + externalDevfileRegistry: + description: Instructs the Operator on whether to deploy a dedicated + devfile registry server. By default, a dedicated devfile registry + server is started. When `externalDevfileRegistry` is `true`, + no such dedicated server will be started by the Operator and + configure at least one devfile registry with `externalDevfileRegistries` + field. + type: boolean + externalPluginRegistry: + description: Instructs the Operator on whether to deploy a dedicated + plugin registry server. By default, a dedicated plugin registry + server is started. When `externalPluginRegistry` is `true`, + no such dedicated server will be started by the Operator and + you will have to manually set the `pluginRegistryUrl` field. + type: boolean + gitSelfSignedCert: + description: When enabled, the certificate from `che-git-self-signed-cert` + ConfigMap will be propagated to the Che components and provide + particular configuration for Git. Note, the `che-git-self-signed-cert` + ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: boolean + nonProxyHosts: + description: 'List of hosts that will be reached directly, bypassing + the proxy. Specify wild card domain use the following form + `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` + Only use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional + configuration is required, but defining `nonProxyHosts` in + a custom resource leads to merging non proxy hosts lists from + the cluster proxy configuration and ones defined in the custom + resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. + See also the `proxyURL` fields.' + type: string + openVSXRegistryURL: + description: Open VSX registry URL. If omitted an embedded instance + will be used. + type: string + pluginRegistryCpuLimit: + description: Overrides the CPU limit used in the plugin registry + deployment. In cores. (500m = .5 cores). Default to 500m. + type: string + pluginRegistryCpuRequest: + description: Overrides the CPU request used in the plugin registry + deployment. In cores. (500m = .5 cores). Default to 100m. + type: string + pluginRegistryEnv: + description: List of environment variables to set in the devfile + registry container. + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be + a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. + If a variable cannot be resolved, the reference in the + input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) + syntax: i.e. "$$(VAR_NAME)" will produce the string + literal "$(VAR_NAME)". Escaped references will never + be expanded, regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + pluginRegistryImage: + description: Overrides the container image used in the plugin + registry deployment. This includes the image tag. Omit it + or leave it empty to use the default container image provided + by the Operator. + type: string + pluginRegistryIngress: + description: Deprecated. The value of this flag is ignored. + Plugin registry ingress custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryMemoryLimit: + description: Overrides the memory limit used in the plugin registry + deployment. Defaults to 1536Mi. + type: string + pluginRegistryMemoryRequest: + description: Overrides the memory request used in the plugin + registry deployment. Defaults to 16Mi. + type: string + pluginRegistryPullPolicy: + description: Overrides the image pull policy used in the plugin + registry deployment. Default value is `Always` for `nightly`, + `next` or `latest` images, and `IfNotPresent` in other cases. + type: string + pluginRegistryRoute: + description: Deprecated. The value of this flag is ignored. + Plugin registry route custom settings. + properties: + annotations: + additionalProperties: + type: string + description: Unstructured key value map stored with a resource + that may be set by external tools to store and retrieve + arbitrary metadata. + type: object + domain: + description: 'Operator uses the domain to generate a hostname + for a route. In a conjunction with labels it creates a + route, which is served by a non-default Ingress controller. + The generated host name will follow this pattern: `-.`.' + type: string + labels: + description: Comma separated list of labels that can be + used to organize and categorize objects by scoping and + selecting. + type: string + type: object + pluginRegistryUrl: + description: Public URL of the plugin registry that serves sample + ready-to-use devfiles. Set this ONLY when a use of an external + devfile registry is needed. See the `externalPluginRegistry` + field. By default, this will be automatically calculated by + the Operator. + type: string + proxyPassword: + description: Password of the proxy server. Only use when proxy + configuration is required. See the `proxyURL`, `proxyUser` + and `proxySecret` fields. + type: string + proxyPort: + description: Port of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL` and `nonProxyHosts` + fields. + type: string + proxySecret: + description: The secret that contains `user` and `password` + for a proxy server. When the secret is defined, the `proxyUser` + and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: string + proxyURL: + description: URL (protocol+host name) of the proxy server. This + drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` + variables in the Che server and workspaces containers. Only + use when configuring a proxy is required. Operator respects + OpenShift cluster wide proxy configuration and no additional + configuration is required, but defining `proxyUrl` in a custom + resource leads to overrides the cluster proxy configuration + with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` + from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. + See also the `proxyPort` and `nonProxyHosts` fields. + type: string + proxyUser: + description: User name of the proxy server. Only use when configuring + a proxy is required. See also the `proxyURL`, `proxyPassword` + and `proxySecret` fields. + type: string + selfSignedCert: + description: Deprecated. The value of this flag is ignored. + The Che Operator will automatically detect whether the router + certificate is self-signed and propagate it to other components, + such as the Che server. + type: boolean + serverCpuLimit: + description: Overrides the CPU limit used in the Che server + deployment In cores. (500m = .5 cores). Default to 1. + type: string + serverCpuRequest: + description: Overrides the CPU request used in the Che server + deployment In cores. (500m = .5 cores). Default to 100m. + type: string + serverExposureStrategy: + description: Deprecated. The value of this flag is ignored. + Sets the server and workspaces exposure type. Possible values + are `multi-host`, `single-host`, `default-host`. Defaults + to `multi-host`, which creates a separate ingress, or OpenShift + routes, for every required endpoint. `single-host` makes Che + exposed on a single host name with workspaces exposed on subpaths. + Read the docs to learn about the limitations of this approach. + Also consult the `singleHostExposureType` property to further + configure how the Operator and the Che server make that happen + on Kubernetes. `default-host` exposes the Che server on the + host of the cluster. Read the docs to learn about the limitations + of this approach. + type: string + serverMemoryLimit: + description: Overrides the memory limit used in the Che server + deployment. Defaults to 1Gi. + type: string + serverMemoryRequest: + description: Overrides the memory request used in the Che server + deployment. Defaults to 512Mi. + type: string + serverTrustStoreConfigMapName: + description: Name of the ConfigMap with public certificates + to add to Java trust store of the Che server. This is often + required when adding the OpenShift OAuth provider, which has + HTTPS endpoint signed with self-signed cert. The Che server + must be aware of its CA cert to be able to request it. This + is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: string + singleHostGatewayConfigMapLabels: + additionalProperties: + type: string + description: The labels that need to be present in the ConfigMaps + representing the gateway configuration. + type: object + singleHostGatewayConfigSidecarImage: + description: The image used for the gateway sidecar that provides + configuration to the gateway. Omit it or leave it empty to + use the default container image provided by the Operator. + type: string + singleHostGatewayImage: + description: The image used for the gateway in the single host + mode. Omit it or leave it empty to use the default container + image provided by the Operator. + type: string + tlsSupport: + description: Deprecated. Instructs the Operator to deploy Che + in TLS mode. This is enabled by default. Disabling TLS sometimes + cause malfunction of some Che components. + type: boolean + useInternalClusterSVCNames: + description: Deprecated in favor of `disableInternalClusterSVCNames`. + type: boolean + workspaceDefaultComponents: + description: Default components applied to DevWorkspaces. These + default components are meant to be used when a Devfile does + not contain any components. + items: + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + - Plugin + - Custom + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command\ + \ running the dockerimage component. The arguments\ + \ are supplied either to the default command provided\ + \ in the image or to the overridden command. \n\ + \ Defaults to an empty array, meaning use whatever\ + \ is defined in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage\ + \ component instead of the default one provided\ + \ in the image. \n Defaults to an empty array, meaning\ + \ use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in\ + \ its own separated pod, instead of running as part\ + \ of the main development environment pod. \n Default\ + \ value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes. \n Examples\ + \ of Che-specific attributes: \n - cookiesAuthEnabled:\ + \ \"true\" / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: "Describes how the endpoint should\ + \ be exposed on the network. \n - `public`\ + \ means that the endpoint will be exposed\ + \ on the public network, typically through\ + \ a K8S ingress or an OpenShift route. \n\ + \ - `internal` means that the endpoint will\ + \ be exposed internally outside of the main\ + \ devworkspace POD, typically by K8S services,\ + \ to be consumed by other elements running\ + \ on the same cloud internal network. \n -\ + \ `none` means that the endpoint will not\ + \ be exposed and will only be accessible inside\ + \ the main devworkspace POD, on a local address.\ + \ \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: "Describes the application and\ + \ transport protocols of the traffic that\ + \ will go through this endpoint. \n - `http`:\ + \ Endpoint will have `http` traffic, typically\ + \ on a TCP connection. It will be automaticaly\ + \ promoted to `https` when the `secure` field\ + \ is set to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically on\ + \ a TCP connection. \n - `ws`: Endpoint will\ + \ have `ws` traffic, typically on a TCP connection.\ + \ It will be automaticaly promoted to `wss`\ + \ when the `secure` field is set to `true`.\ + \ \n - `wss`: Endpoint will have `wss` traffic,\ + \ typically on a TCP connection. \n - `tcp`:\ + \ Endpoint will have traffic on a TCP connection,\ + \ without specifying an application protocol.\ + \ \n - `udp`: Endpoint will have traffic on\ + \ an UDP connection, without specifying an\ + \ application protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + env: + description: "Environment variables used in this container.\ + \ \n The following variables are reserved and cannot\ + \ be overridden via env: \n - `$PROJECTS_ROOT`\ + \ \n - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source\ + \ code should be mounted in the component. \n Defaults\ + \ to true for all component types except plugins\ + \ and components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + default: /projects + description: Optional specification of the path in + the container where project sources should be transferred/mounted + when `mountSources` is `true`. When omitted, the + default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: The volume mount name is the name + of an existing `Volume` component. If several + containers mount the same volume name then + they will reuse the same volume and will be + able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container + where the volume should be mounted. If not + path is mentioned, default path is the is + `/`. + type: string + required: + - name + type: object + type: array + required: + - image + type: object + custom: + description: Custom component whose logic is implementation-dependant + and should be provided by the user possibly through + some dedicated controller + properties: + componentClass: + description: Class of component that the associated + implementation controller should use to process + this command with the appropriate logic + type: string + embeddedResource: + description: Additional free-form configuration for + this custom component that the implementation controller + will know how to use + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + required: + - componentClass + - embeddedResource + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + properties: + autoBuild: + description: "Defines if the image should be built\ + \ during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that + contains a Dockerfile. The src in the OCI + registry required for the Dockerfile build + will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull + the Dockerfile from when using the Devfile + Registry as Dockerfile src. To ensure the + Dockerfile gets resolved consistently in + different environments, it is recommended + to always specify the `devfileRegistryUrl` + when `Id` is used. + type: string + required: + - id + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: The revision to checkout + from. Should be branch name, tag or + commit id. Default branch is used if + missing or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in + the Git repository when using git as Dockerfile + src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should + be initialized in the git project. Projects + must have at least one remote configured + while StarterProjects & Image Component's + Git source can only have at most one remote + configured. + type: object + required: + - remotes + type: object + rootRequired: + description: "Specify if a privileged builder\ + \ pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It + can be a full URL or a relative URI from the + current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + type: string + required: + - imageName + type: object + kubernetes: + description: Allows importing into the devworkspace the + Kubernetes resources defined in a given manifest. For + example this allows reusing the Kubernetes definitions + used to deploy some runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should be deployed\ + \ during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes. \n Examples\ + \ of Che-specific attributes: \n - cookiesAuthEnabled:\ + \ \"true\" / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: "Describes how the endpoint should\ + \ be exposed on the network. \n - `public`\ + \ means that the endpoint will be exposed\ + \ on the public network, typically through\ + \ a K8S ingress or an OpenShift route. \n\ + \ - `internal` means that the endpoint will\ + \ be exposed internally outside of the main\ + \ devworkspace POD, typically by K8S services,\ + \ to be consumed by other elements running\ + \ on the same cloud internal network. \n -\ + \ `none` means that the endpoint will not\ + \ be exposed and will only be accessible inside\ + \ the main devworkspace POD, on a local address.\ + \ \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: "Describes the application and\ + \ transport protocols of the traffic that\ + \ will go through this endpoint. \n - `http`:\ + \ Endpoint will have `http` traffic, typically\ + \ on a TCP connection. It will be automaticaly\ + \ promoted to `https` when the `secure` field\ + \ is set to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically on\ + \ a TCP connection. \n - `ws`: Endpoint will\ + \ have `ws` traffic, typically on a TCP connection.\ + \ It will be automaticaly promoted to `wss`\ + \ when the `secure` field is set to `true`.\ + \ \n - `wss`: Endpoint will have `wss` traffic,\ + \ typically on a TCP connection. \n - `tcp`:\ + \ Endpoint will have traffic on a TCP connection,\ + \ without specifying an application protocol.\ + \ \n - `udp`: Endpoint will have traffic on\ + \ an UDP connection, without specifying an\ + \ application protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the + component from other elements (such as commands) or + from an external devfile that may reference this component + through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the + OpenShift resources defined in a given manifest. For + example this allows reusing the OpenShift definitions + used to deploy some runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should be deployed\ + \ during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes. \n Examples\ + \ of Che-specific attributes: \n - cookiesAuthEnabled:\ + \ \"true\" / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: "Describes how the endpoint should\ + \ be exposed on the network. \n - `public`\ + \ means that the endpoint will be exposed\ + \ on the public network, typically through\ + \ a K8S ingress or an OpenShift route. \n\ + \ - `internal` means that the endpoint will\ + \ be exposed internally outside of the main\ + \ devworkspace POD, typically by K8S services,\ + \ to be consumed by other elements running\ + \ on the same cloud internal network. \n -\ + \ `none` means that the endpoint will not\ + \ be exposed and will only be accessible inside\ + \ the main devworkspace POD, on a local address.\ + \ \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: "Describes the application and\ + \ transport protocols of the traffic that\ + \ will go through this endpoint. \n - `http`:\ + \ Endpoint will have `http` traffic, typically\ + \ on a TCP connection. It will be automaticaly\ + \ promoted to `https` when the `secure` field\ + \ is set to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically on\ + \ a TCP connection. \n - `ws`: Endpoint will\ + \ have `ws` traffic, typically on a TCP connection.\ + \ It will be automaticaly promoted to `wss`\ + \ when the `secure` field is set to `true`.\ + \ \n - `wss`: Endpoint will have `wss` traffic,\ + \ typically on a TCP connection. \n - `tcp`:\ + \ Endpoint will have traffic on a TCP connection,\ + \ without specifying an application protocol.\ + \ \n - `udp`: Endpoint will have traffic on\ + \ an UDP connection, without specifying an\ + \ application protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + plugin: + description: "Allows importing a plugin. \n Plugins are\ + \ mainly imported devfiles that contribute components,\ + \ commands and events as a consistent single unit. They\ + \ are defined in either YAML files following the devfile\ + \ syntax, or as `DevWorkspaceTemplate` Kubernetes Custom\ + \ Resources" + properties: + commands: + description: Overrides of commands encapsulated in + a parent devfile or a plugin. Overriding is done + according to K8S strategic merge patch standard + rules. + items: + properties: + apply: + description: "Command that consists in applying\ + \ a given component definition, typically\ + \ bound to a devworkspace event. \n For example,\ + \ when an `apply` command is bound to a `preStart`\ + \ event, and references a `container` component,\ + \ it will start the container as a K8S initContainer\ + \ in the devworkspace POD, unless the component\ + \ has its `dedicatedPod` field set to `true`.\ + \ \n When no `apply` command exist for a given\ + \ component, it is assumed the component will\ + \ be applied at devworkspace start by default,\ + \ unless `deployByDefault` for that component\ + \ is set to false." + properties: + component: + description: Describes component that will + be applied + type: string + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides + a label for this command to be used in + Editor UI menus for example + type: string + type: object + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing + several sub-commands either sequentially or + concurrently + properties: + commands: + description: The commands that comprise + this composite command + items: + type: string + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides + a label for this command to be used in + Editor UI menus for example + type: string + parallel: + description: Indicates if the sub-commands + should be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing + component container + properties: + commandLine: + description: "The actual command-line string\ + \ \n Special variables that can be used:\ + \ \n - `$PROJECTS_ROOT`: A path where\ + \ projects sources are mounted as defined\ + \ by container component's sourceMapping.\ + \ \n - `$PROJECT_SOURCE`: A path to a\ + \ project source ($PROJECTS_ROOT/).\ + \ If there are multiple projects, this\ + \ will point to the directory of the first\ + \ one." + type: string + component: + description: Describes component to which + given action relates + type: string + env: + description: Optional list of environment + variables that have to be set before running + the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Specify whether the command\ + \ is restarted or not when the source\ + \ code changes. If set to `true` the command\ + \ won't be restarted. A *hotReloadCapable*\ + \ `run` or `debug` command is expected\ + \ to handle file changes on its own and\ + \ won't be restarted. A *hotReloadCapable*\ + \ `build` command is expected to be executed\ + \ only once and won't be executed again.\ + \ This field is taken into account only\ + \ for commands `build`, `run` and `debug`\ + \ with `isDefault` set to `true`. \n Default\ + \ value is `false`" + type: boolean + label: + description: Optional label that provides + a label for this command to be used in + Editor UI menus for example + type: string + workingDir: + description: "Working directory where the\ + \ command should be executed \n Special\ + \ variables that can be used: \n - `$PROJECTS_ROOT`:\ + \ A path where projects sources are mounted\ + \ as defined by container component's\ + \ sourceMapping. \n - `$PROJECT_SOURCE`:\ + \ A path to a project source ($PROJECTS_ROOT/).\ + \ If there are multiple projects, this\ + \ will point to the directory of the first\ + \ one." + type: string + type: object + id: + description: Mandatory identifier that allows + referencing this command in composite commands, + from a parent, or in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated + in a parent devfile or a plugin. Overriding is done + according to K8S strategic merge patch standard + rules. + items: + properties: + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be + added to specific resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added + to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added + to service + type: object + type: object + args: + description: "The arguments to supply to\ + \ the command running the dockerimage\ + \ component. The arguments are supplied\ + \ either to the default command provided\ + \ in the image or to the overridden command.\ + \ \n Defaults to an empty array, meaning\ + \ use whatever is defined in the image." + items: + type: string + type: array + command: + description: "The command to run in the\ + \ dockerimage component instead of the\ + \ default one provided in the image. \n\ + \ Defaults to an empty array, meaning\ + \ use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should\ + \ run in its own separated pod, instead\ + \ of running as part of the main development\ + \ environment pod. \n Default value is\ + \ `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes.\ + \ \n Examples of Che-specific attributes:\ + \ \n - cookiesAuthEnabled: \"true\"\ + \ / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint\ + \ should be exposed on the network.\ + \ \n - `public` means that the endpoint\ + \ will be exposed on the public\ + \ network, typically through a K8S\ + \ ingress or an OpenShift route.\ + \ \n - `internal` means that the\ + \ endpoint will be exposed internally\ + \ outside of the main devworkspace\ + \ POD, typically by K8S services,\ + \ to be consumed by other elements\ + \ running on the same cloud internal\ + \ network. \n - `none` means that\ + \ the endpoint will not be exposed\ + \ and will only be accessible inside\ + \ the main devworkspace POD, on\ + \ a local address. \n Default value\ + \ is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: "Describes the application\ + \ and transport protocols of the\ + \ traffic that will go through this\ + \ endpoint. \n - `http`: Endpoint\ + \ will have `http` traffic, typically\ + \ on a TCP connection. It will be\ + \ automaticaly promoted to `https`\ + \ when the `secure` field is set\ + \ to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically\ + \ on a TCP connection. \n - `ws`:\ + \ Endpoint will have `ws` traffic,\ + \ typically on a TCP connection.\ + \ It will be automaticaly promoted\ + \ to `wss` when the `secure` field\ + \ is set to `true`. \n - `wss`:\ + \ Endpoint will have `wss` traffic,\ + \ typically on a TCP connection.\ + \ \n - `tcp`: Endpoint will have\ + \ traffic on a TCP connection, without\ + \ specifying an application protocol.\ + \ \n - `udp`: Endpoint will have\ + \ traffic on an UDP connection,\ + \ without specifying an application\ + \ protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the + endpoint should be secured and protected + by some authentication process. + This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used + within the container component. + The same port cannot be used by + two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used\ + \ in this container. \n The following\ + \ variables are reserved and cannot be\ + \ overridden via env: \n - `$PROJECTS_ROOT`\ + \ \n - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the\ + \ project source code should be mounted\ + \ in the component. \n Defaults to true\ + \ for all component types except plugins\ + \ and components that set `dedicatedPod`\ + \ to true." + type: boolean + sourceMapping: + description: Optional specification of the + path in the container where project sources + should be transferred/mounted when `mountSources` + is `true`. When omitted, the default value + of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that + should be mounted is this container. + items: + description: Volume that should be mounted + to a component container + properties: + name: + description: The volume mount name + is the name of an existing `Volume` + component. If several containers + mount the same volume name then + they will reuse the same volume + and will be able to access to the + same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component + container where the volume should + be mounted. If not path is mentioned, + default path is the is `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition + of an image for outer loop builds + properties: + autoBuild: + description: "Defines if the image should\ + \ be built during startup. \n Default\ + \ value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile + type build + properties: + args: + description: The arguments to supply + to the dockerfile build. + items: + type: string + type: array + buildContext: + description: Path of source directory + to establish build context. Defaults + to ${PROJECT_SOURCE} in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry + source + properties: + id: + description: Id in a devfile registry + that contains a Dockerfile. The + src in the OCI registry required + for the Dockerfile build will + be downloaded for building the + image. + type: string + registryUrl: + description: Devfile Registry URL + to pull the Dockerfile from when + using the Devfile Registry as + Dockerfile src. To ensure the + Dockerfile gets resolved consistently + in different environments, it + is recommended to always specify + the `devfileRegistryUrl` when + `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the + project should be checked out. + Required if there are more than + one remote configured + properties: + remote: + description: The remote name + should be used as init. Required + if there are more than one + remote configured + type: string + revision: + description: The revision to + checkout from. Should be branch + name, tag or commit id. Default + branch is used if missing + or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile + in the Git repository when using + git as Dockerfile src. Defaults + to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which + should be initialized in the git + project. Projects must have at + least one remote configured while + StarterProjects & Image Component's + Git source can only have at most + one remote configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged\ + \ builder pod is required. \n Default\ + \ value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. + It can be a full URL or a relative + URI from the current devfile as the + base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting + outerloop build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace + the Kubernetes resources defined in a given + manifest. For example this allows reusing + the Kubernetes definitions used to deploy + some runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should\ + \ be deployed during startup. \n Default\ + \ value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes.\ + \ \n Examples of Che-specific attributes:\ + \ \n - cookiesAuthEnabled: \"true\"\ + \ / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint\ + \ should be exposed on the network.\ + \ \n - `public` means that the endpoint\ + \ will be exposed on the public\ + \ network, typically through a K8S\ + \ ingress or an OpenShift route.\ + \ \n - `internal` means that the\ + \ endpoint will be exposed internally\ + \ outside of the main devworkspace\ + \ POD, typically by K8S services,\ + \ to be consumed by other elements\ + \ running on the same cloud internal\ + \ network. \n - `none` means that\ + \ the endpoint will not be exposed\ + \ and will only be accessible inside\ + \ the main devworkspace POD, on\ + \ a local address. \n Default value\ + \ is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: "Describes the application\ + \ and transport protocols of the\ + \ traffic that will go through this\ + \ endpoint. \n - `http`: Endpoint\ + \ will have `http` traffic, typically\ + \ on a TCP connection. It will be\ + \ automaticaly promoted to `https`\ + \ when the `secure` field is set\ + \ to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically\ + \ on a TCP connection. \n - `ws`:\ + \ Endpoint will have `ws` traffic,\ + \ typically on a TCP connection.\ + \ It will be automaticaly promoted\ + \ to `wss` when the `secure` field\ + \ is set to `true`. \n - `wss`:\ + \ Endpoint will have `wss` traffic,\ + \ typically on a TCP connection.\ + \ \n - `tcp`: Endpoint will have\ + \ traffic on a TCP connection, without\ + \ specifying an application protocol.\ + \ \n - `udp`: Endpoint will have\ + \ traffic on an UDP connection,\ + \ without specifying an application\ + \ protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the + endpoint should be secured and protected + by some authentication process. + This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used + within the container component. + The same port cannot be used by + two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing + the component from other elements (such as + commands) or from an external devfile that + may reference this component through a parent + or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace + the OpenShift resources defined in a given + manifest. For example this allows reusing + the OpenShift definitions used to deploy some + runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should\ + \ be deployed during startup. \n Default\ + \ value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes.\ + \ \n Examples of Che-specific attributes:\ + \ \n - cookiesAuthEnabled: \"true\"\ + \ / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint\ + \ should be exposed on the network.\ + \ \n - `public` means that the endpoint\ + \ will be exposed on the public\ + \ network, typically through a K8S\ + \ ingress or an OpenShift route.\ + \ \n - `internal` means that the\ + \ endpoint will be exposed internally\ + \ outside of the main devworkspace\ + \ POD, typically by K8S services,\ + \ to be consumed by other elements\ + \ running on the same cloud internal\ + \ network. \n - `none` means that\ + \ the endpoint will not be exposed\ + \ and will only be accessible inside\ + \ the main devworkspace POD, on\ + \ a local address. \n Default value\ + \ is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: "Describes the application\ + \ and transport protocols of the\ + \ traffic that will go through this\ + \ endpoint. \n - `http`: Endpoint\ + \ will have `http` traffic, typically\ + \ on a TCP connection. It will be\ + \ automaticaly promoted to `https`\ + \ when the `secure` field is set\ + \ to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically\ + \ on a TCP connection. \n - `ws`:\ + \ Endpoint will have `ws` traffic,\ + \ typically on a TCP connection.\ + \ It will be automaticaly promoted\ + \ to `wss` when the `secure` field\ + \ is set to `true`. \n - `wss`:\ + \ Endpoint will have `wss` traffic,\ + \ typically on a TCP connection.\ + \ \n - `tcp`: Endpoint will have\ + \ traffic on a TCP connection, without\ + \ specifying an application protocol.\ + \ \n - `udp`: Endpoint will have\ + \ traffic on an UDP connection,\ + \ without specifying an application\ + \ protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the + endpoint should be secured and protected + by some authentication process. + This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used + within the container component. + The same port cannot be used by + two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + volume: + description: Allows specifying the definition + of a volume shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored + persistently across restarts. Defaults + to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile + yaml file + type: string + importReferenceType: + description: type of location from where the referenced + template structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type + DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + registryUrl: + description: Registry URL to pull the parent devfile + from when using id in the parent reference. To ensure + the parent devfile gets resolved consistently in + different environments, it is recommended to always + specify the `registryUrl` when `id` is used. + type: string + uri: + description: URI Reference of a parent devfile YAML + file. It can be a full URL or a relative URI with + the current devfile as the base URI. + type: string + version: + description: Specific stack/sample version to pull + the parent devfile from, when using id in the parent + reference. To specify `version`, `id` must be defined + and used as the import reference source. `version` + can be either a specific stack version, or `latest`. + If no `version` specified, default version will + be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + type: object + volume: + description: Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently + across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + workspaceDefaultEditor: + default: che-incubator/che-code/latest + description: The default editor to workspace create with. It + could be a plugin ID or a URI. The plugin ID must have `publisher/plugin/version`. + The URI must start from `http`. + type: string + workspaceNamespaceDefault: + description: Defines Kubernetes default namespace in which user's + workspaces are created for a case when a user does not override + it. It's possible to use ``, `` and `` + placeholders, such as che-workspace-. In that case, + a new namespace will be created for each user or workspace. + type: string + workspacePodNodeSelector: + additionalProperties: + type: string + description: The node selector that limits the nodes that can + run the workspace pods. + type: object + workspacePodTolerations: + description: The pod tolerations put on the workspace pods to + limit where the workspace pods can run. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + workspacesDefaultPlugins: + description: Default plug-ins applied to Devworkspaces. + items: + properties: + editor: + description: The editor id to specify default plug-ins + for. + type: string + plugins: + description: Default plug-in uris for the specified editor. + items: + type: string + type: array + type: object + type: array + type: object + storage: + description: Configuration settings related to the persistent storage + used by the Che installation. + properties: + perWorkspaceStrategyPVCStorageClassName: + description: Storage class for the Persistent Volume Claims + dedicated to the Che workspaces. When omitted or left blank, + a default storage class is used. + type: string + perWorkspaceStrategyPvcClaimSize: + description: Size of the persistent volume claim for workspaces. + type: string + postgresPVCStorageClassName: + description: Storage class for the Persistent Volume Claim dedicated + to the PostgreSQL database. When omitted or left blank, a + default storage class is used. + type: string + preCreateSubPaths: + description: Instructs the Che server to start a special Pod + to pre-create a sub-path in the Persistent Volumes. Defaults + to `false`, however it will need to enable it according to + the configuration of your Kubernetes cluster. + type: boolean + pvcClaimSize: + description: Size of the persistent volume claim for workspaces. + Defaults to `10Gi`. + type: string + pvcJobsImage: + description: Overrides the container image used to create sub-paths + in the Persistent Volumes. This includes the image tag. Omit + it or leave it empty to use the default container image provided + by the Operator. See also the `preCreateSubPaths` field. + type: string + pvcStrategy: + description: Persistent volume claim strategy for the Che server. + This Can be:`common` (all workspaces PVCs in one volume), + `per-workspace` (one PVC per workspace for all declared volumes) + and `unique` (one PVC per declared volume). Defaults to `common`. + type: string + workspacePVCStorageClassName: + description: Storage class for the Persistent Volume Claims + dedicated to the Che workspaces. When omitted or left blank, + a default storage class is used. + type: string + type: object + type: object + status: + description: CheClusterStatus defines the observed state of Che installation + properties: + cheClusterRunning: + description: Status of a Che installation. Can be `Available`, `Unavailable`, + or `Available, Rolling Update in Progress`. + type: string + cheURL: + description: Public URL to the Che server. + type: string + cheVersion: + description: Current installed Che version. + type: string + dbProvisioned: + description: Indicates that a PostgreSQL instance has been correctly + provisioned or not. + type: boolean + devfileRegistryURL: + description: Public URL to the devfile registry. + type: string + devworkspaceStatus: + description: The status of the Devworkspace subsystem + properties: + gatewayHost: + description: GatewayHost is the resolved host of the ingress/route. + This is equal to the Host in the spec on Kubernetes but contains + the actual host name of the route if Host is unspecified on + OpenShift. + type: string + gatewayPhase: + description: GatewayPhase specifies the phase in which the gateway + deployment currently is. If the gateway is disabled, the phase + is "Inactive". + type: string + message: + description: Message contains further human-readable info for + why the Che cluster is in the phase it currently is. + type: string + phase: + description: Phase is the phase in which the Che cluster as + a whole finds itself in. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Che cluster is in this state. + type: string + workspaceBaseDomain: + description: The resolved workspace base domain. This is either + the copy of the explicitly defined property of the same name + in the spec or, if it is undefined in the spec and we're running + on OpenShift, the automatically resolved basedomain for routes. + type: string + type: object + gitHubOAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the GitHub OAuth. + type: boolean + gitServerTLSCertificateConfigMapName: + description: The ConfigMap containing certificates to propagate + to the Che components and to provide particular configuration + for Git. + type: string + helpLink: + description: A URL that points to some URL where to find help related + to the current Operator status. + type: string + keycloakProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been provisioned with realm, client and user. + type: boolean + keycloakURL: + description: Public URL to the Identity Provider server, Keycloak + or RH-SSO,. + type: string + message: + description: A human readable message indicating details about why + the Pod is in this condition. + type: string + openShiftOAuthUserCredentialsSecret: + description: OpenShift OAuth secret in `openshift-config` namespace + that contains user credentials for HTPasswd identity provider. + type: string + openShiftoAuthProvisioned: + description: Indicates whether an Identity Provider instance, Keycloak + or RH-SSO, has been configured to integrate with the OpenShift + OAuth. + type: boolean + pluginRegistryURL: + description: Public URL to the plugin registry. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Pod is in this state. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v2 + schema: + openAPIV3Schema: + description: 'The `CheCluster` custom resource allows defining and managing + Eclipse Che server installation. Based on these settings, the Operator + automatically creates and maintains several ConfigMaps: `che`, `plugin-registry`, + `devfile-registry` that will contain the appropriate environment variables + of the various components of the installation. These generated ConfigMaps + must NOT be updated manually.' + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint the + client submits requests to. Cannot be updated. In CamelCase. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Desired configuration of Eclipse Che installation. + properties: + components: + default: + cheServer: + debug: false + logLevel: INFO + metrics: + enable: true + description: Che components configuration. + properties: + cheServer: + default: + debug: false + logLevel: INFO + description: General configuration settings related to the Che + server. + properties: + clusterRoles: + description: 'Additional ClusterRoles assigned to Che ServiceAccount. + Each role must have a `app.kubernetes.io/part-of=che.eclipse.org` + label. The defaults roles are: - `-cheworkspaces-clusterrole` + - `-cheworkspaces-namespaces-clusterrole` + - `-cheworkspaces-devworkspace-clusterrole` + where the is the namespace where the CheCluster + CR is created. The Che Operator must already have all + permissions in these ClusterRoles to grant them.' + items: + type: string + type: array + debug: + default: false + description: Enables the debug mode for Che server. + type: boolean + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + extraProperties: + additionalProperties: + type: string + description: A map of additional environment variables applied + in the generated `che` ConfigMap to be used by the Che + server in addition to the values already generated from + other fields of the `CheCluster` custom resource (CR). + If the `extraProperties` field contains a property normally + generated in `che` ConfigMap from other CR fields, the + value defined in the `extraProperties` is used instead. + type: object + logLevel: + default: INFO + description: 'The log level for the Che server: `INFO` or + `DEBUG`.' + type: string + proxy: + description: Proxy server settings for Kubernetes cluster. + No additional configuration is required for OpenShift + cluster. By specifying these settings for the OpenShift + cluster, you override the OpenShift proxy configuration. + properties: + credentialsSecretName: + description: The secret name that contains `user` and + `password` for a proxy server. The secret must have + a `app.kubernetes.io/part-of=che.eclipse.org` label. + type: string + nonProxyHosts: + description: 'A list of hosts that can be reached directly, + bypassing the proxy. Specify wild card domain use + the following form `.`, for example: - + localhost - my.host.com - 123.42.12.32 Use only + when a proxy configuration is required. The Operator + respects OpenShift cluster-wide proxy configuration, + defining `nonProxyHosts` in a custom resource leads + to merging non-proxy hosts lists from the cluster + proxy configuration, and the ones defined in the custom + resources. See the following page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.' + items: + type: string + type: array + port: + description: Proxy server port. + type: string + url: + description: 'URL (protocol+hostname) of the proxy server. + Use only when a proxy configuration is required. The + Operator respects OpenShift cluster-wide proxy configuration, + defining `url` in a custom resource leads to overriding + the cluster proxy configuration. See the following + page: https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html.' + type: string + type: object + type: object + dashboard: + description: Configuration settings related to the dashboard + used by the Che installation. + properties: + branding: + description: Dashboard branding resources. + properties: + logo: + description: Dashboard logo. + properties: + base64data: + type: string + mediatype: + type: string + required: + - base64data + - mediatype + type: object + type: object + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + headerMessage: + description: Dashboard header message. + properties: + show: + description: Instructs dashboard to show the message. + type: boolean + text: + description: Warning message displayed on the user dashboard. + type: string + type: object + logLevel: + default: ERROR + description: The log level for the Dashboard. + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - TRACE + - SILENT + type: string + type: object + devWorkspace: + description: DevWorkspace Operator configuration. + properties: + runningLimit: + description: Deprecated in favor of `MaxNumberOfRunningWorkspacesPerUser` + The maximum number of running workspaces per user. + type: string + type: object + devfileRegistry: + description: Configuration settings related to the devfile registry + used by the Che installation. + properties: + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + disableInternalRegistry: + description: Disables internal devfile registry. + type: boolean + externalDevfileRegistries: + description: External devfile registries serving sample + ready-to-use devfiles. + items: + description: External devfile registries configuration. + properties: + url: + description: The public UR of the devfile registry + that serves sample ready-to-use devfiles. + type: string + type: object + type: array + type: object + imagePuller: + description: Kubernetes Image Puller configuration. + properties: + enable: + description: Install and configure the community supported + Kubernetes Image Puller Operator. When you set the value + to `true` without providing any specs, it creates a default + Kubernetes Image Puller object managed by the Operator. + When you set the value to `false`, the Kubernetes Image + Puller object is deleted, and the Operator uninstalled, + regardless of whether a spec is provided. If you leave + the `spec.images` field empty, a set of recommended workspace-related + images is automatically detected and pre-pulled after + installation. Note that while this Operator and its behavior + is community-supported, its payload may be commercially-supported + for pulling commercially-supported images. + type: boolean + spec: + description: A Kubernetes Image Puller spec to configure + the image puller in the CheCluster. + properties: + affinity: + type: string + cachingCPULimit: + type: string + cachingCPURequest: + type: string + cachingIntervalHours: + type: string + cachingMemoryLimit: + type: string + cachingMemoryRequest: + type: string + configMapName: + type: string + daemonsetName: + type: string + deploymentName: + type: string + imagePullSecrets: + type: string + imagePullerImage: + type: string + images: + type: string + nodeSelector: + type: string + type: object + type: object + metrics: + default: + enable: true + description: Che server metrics configuration. + properties: + enable: + default: true + description: Enables `metrics` for the Che server endpoint. + type: boolean + type: object + pluginRegistry: + description: Configuration settings related to the plug-in registry + used by the Che installation. + properties: + deployment: + description: Deployment override options. + properties: + containers: + description: List of containers belonging to the pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables to + set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment variable. + Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously defined + environment variables in the container + and any service environment variables. + If a variable cannot be resolved, the + reference in the input string will be + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, + regardless of whether the variable exists + or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if value + is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the + pod: supports metadata.name, metadata.namespace, + `metadata.labels['''']`, `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the schema + the FieldPath is written in terms + of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to + select in the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of + the container: only resources limits + and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required + for volumes, optional for env + vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret + in the pod's namespace + properties: + key: + description: The key of the secret + to select from. Must be a valid + secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the + Secret or its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this + container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 + cores) If the value is not specified, + then the default value is set depending + on the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending on + the component. If value is `0`, then + no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run with. + properties: + fsGroup: + description: A special supplemental group that applies + to all containers in a pod. The default value + is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of the + container process. The default value is `1724`. + format: int64 + type: integer + type: object + type: object + disableInternalRegistry: + description: Disables internal plug-in registry. + type: boolean + externalPluginRegistries: + description: External plugin registries. + items: + description: External plug-in registries configuration. + properties: + url: + description: Public URL of the plug-in registry. + type: string + type: object + type: array + openVSXURL: + description: Open VSX registry URL. If omitted an embedded + instance will be used. + type: string + type: object + type: object + containerRegistry: + description: Configuration of an alternative registry that stores + Che images. + properties: + hostname: + description: An optional hostname or URL of an alternative container + registry to pull images from. This value overrides the container + registry hostname defined in all the default container images + involved in a Che deployment. This is particularly useful + for installing Che in a restricted environment. + type: string + organization: + description: An optional repository name of an alternative registry + to pull images from. This value overrides the container registry + organization defined in all the default container images involved + in a Che deployment. This is particularly useful for installing + Eclipse Che in a restricted environment. + type: string + type: object + devEnvironments: + default: + defaultNamespace: + autoProvision: true + template: -che + maxNumberOfWorkspacesPerUser: -1 + secondsOfInactivityBeforeIdling: 1800 + secondsOfRunBeforeIdling: -1 + startTimeoutSeconds: 300 + storage: + pvcStrategy: per-user + description: Development environment default configuration options. + properties: + containerBuildConfiguration: + description: Container build configuration. + properties: + openShiftSecurityContextConstraint: + default: container-build + description: OpenShift security context constraint to build + containers. + type: string + type: object + defaultComponents: + description: Default components applied to DevWorkspaces. These + default components are meant to be used when a Devfile, that + does not contain any components. + items: + properties: + attributes: + description: Map of implementation-dependant free-form + YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + - Plugin + - Custom + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be added to specific + resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added to service + type: object + type: object + args: + description: "The arguments to supply to the command\ + \ running the dockerimage component. The arguments\ + \ are supplied either to the default command provided\ + \ in the image or to the overridden command. \n\ + \ Defaults to an empty array, meaning use whatever\ + \ is defined in the image." + items: + type: string + type: array + command: + description: "The command to run in the dockerimage\ + \ component instead of the default one provided\ + \ in the image. \n Defaults to an empty array, meaning\ + \ use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should run in\ + \ its own separated pod, instead of running as part\ + \ of the main development environment pod. \n Default\ + \ value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes. \n Examples\ + \ of Che-specific attributes: \n - cookiesAuthEnabled:\ + \ \"true\" / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: "Describes how the endpoint should\ + \ be exposed on the network. \n - `public`\ + \ means that the endpoint will be exposed\ + \ on the public network, typically through\ + \ a K8S ingress or an OpenShift route. \n\ + \ - `internal` means that the endpoint will\ + \ be exposed internally outside of the main\ + \ devworkspace POD, typically by K8S services,\ + \ to be consumed by other elements running\ + \ on the same cloud internal network. \n -\ + \ `none` means that the endpoint will not\ + \ be exposed and will only be accessible inside\ + \ the main devworkspace POD, on a local address.\ + \ \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: "Describes the application and\ + \ transport protocols of the traffic that\ + \ will go through this endpoint. \n - `http`:\ + \ Endpoint will have `http` traffic, typically\ + \ on a TCP connection. It will be automaticaly\ + \ promoted to `https` when the `secure` field\ + \ is set to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically on\ + \ a TCP connection. \n - `ws`: Endpoint will\ + \ have `ws` traffic, typically on a TCP connection.\ + \ It will be automaticaly promoted to `wss`\ + \ when the `secure` field is set to `true`.\ + \ \n - `wss`: Endpoint will have `wss` traffic,\ + \ typically on a TCP connection. \n - `tcp`:\ + \ Endpoint will have traffic on a TCP connection,\ + \ without specifying an application protocol.\ + \ \n - `udp`: Endpoint will have traffic on\ + \ an UDP connection, without specifying an\ + \ application protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + env: + description: "Environment variables used in this container.\ + \ \n The following variables are reserved and cannot\ + \ be overridden via env: \n - `$PROJECTS_ROOT`\ + \ \n - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the project source\ + \ code should be mounted in the component. \n Defaults\ + \ to true for all component types except plugins\ + \ and components that set `dedicatedPod` to true." + type: boolean + sourceMapping: + default: /projects + description: Optional specification of the path in + the container where project sources should be transferred/mounted + when `mountSources` is `true`. When omitted, the + default value of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that should be + mounted is this container. + items: + description: Volume that should be mounted to a + component container + properties: + name: + description: The volume mount name is the name + of an existing `Volume` component. If several + containers mount the same volume name then + they will reuse the same volume and will be + able to access to the same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component container + where the volume should be mounted. If not + path is mentioned, default path is the is + `/`. + type: string + required: + - name + type: object + type: array + required: + - image + type: object + custom: + description: Custom component whose logic is implementation-dependant + and should be provided by the user possibly through + some dedicated controller + properties: + componentClass: + description: Class of component that the associated + implementation controller should use to process + this command with the appropriate logic + type: string + embeddedResource: + description: Additional free-form configuration for + this custom component that the implementation controller + will know how to use + type: object + x-kubernetes-embedded-resource: true + x-kubernetes-preserve-unknown-fields: true + required: + - componentClass + - embeddedResource + type: object + image: + description: Allows specifying the definition of an image + for outer loop builds + properties: + autoBuild: + description: "Defines if the image should be built\ + \ during startup. \n Default value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile type build + properties: + args: + description: The arguments to supply to the dockerfile + build. + items: + type: string + type: array + buildContext: + description: Path of source directory to establish + build context. Defaults to ${PROJECT_SOURCE} + in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry source + properties: + id: + description: Id in a devfile registry that + contains a Dockerfile. The src in the OCI + registry required for the Dockerfile build + will be downloaded for building the image. + type: string + registryUrl: + description: Devfile Registry URL to pull + the Dockerfile from when using the Devfile + Registry as Dockerfile src. To ensure the + Dockerfile gets resolved consistently in + different environments, it is recommended + to always specify the `devfileRegistryUrl` + when `Id` is used. + type: string + required: + - id + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the project + should be checked out. Required if there + are more than one remote configured + properties: + remote: + description: The remote name should be + used as init. Required if there are + more than one remote configured + type: string + revision: + description: The revision to checkout + from. Should be branch name, tag or + commit id. Default branch is used if + missing or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile in + the Git repository when using git as Dockerfile + src. Defaults to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which should + be initialized in the git project. Projects + must have at least one remote configured + while StarterProjects & Image Component's + Git source can only have at most one remote + configured. + type: object + required: + - remotes + type: object + rootRequired: + description: "Specify if a privileged builder\ + \ pod is required. \n Default value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. It + can be a full URL or a relative URI from the + current devfile as the base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting outerloop + build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + type: string + required: + - imageName + type: object + kubernetes: + description: Allows importing into the devworkspace the + Kubernetes resources defined in a given manifest. For + example this allows reusing the Kubernetes definitions + used to deploy some runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should be deployed\ + \ during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes. \n Examples\ + \ of Che-specific attributes: \n - cookiesAuthEnabled:\ + \ \"true\" / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: "Describes how the endpoint should\ + \ be exposed on the network. \n - `public`\ + \ means that the endpoint will be exposed\ + \ on the public network, typically through\ + \ a K8S ingress or an OpenShift route. \n\ + \ - `internal` means that the endpoint will\ + \ be exposed internally outside of the main\ + \ devworkspace POD, typically by K8S services,\ + \ to be consumed by other elements running\ + \ on the same cloud internal network. \n -\ + \ `none` means that the endpoint will not\ + \ be exposed and will only be accessible inside\ + \ the main devworkspace POD, on a local address.\ + \ \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: "Describes the application and\ + \ transport protocols of the traffic that\ + \ will go through this endpoint. \n - `http`:\ + \ Endpoint will have `http` traffic, typically\ + \ on a TCP connection. It will be automaticaly\ + \ promoted to `https` when the `secure` field\ + \ is set to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically on\ + \ a TCP connection. \n - `ws`: Endpoint will\ + \ have `ws` traffic, typically on a TCP connection.\ + \ It will be automaticaly promoted to `wss`\ + \ when the `secure` field is set to `true`.\ + \ \n - `wss`: Endpoint will have `wss` traffic,\ + \ typically on a TCP connection. \n - `tcp`:\ + \ Endpoint will have traffic on a TCP connection,\ + \ without specifying an application protocol.\ + \ \n - `udp`: Endpoint will have traffic on\ + \ an UDP connection, without specifying an\ + \ application protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing the + component from other elements (such as commands) or + from an external devfile that may reference this component + through a parent or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace the + OpenShift resources defined in a given manifest. For + example this allows reusing the OpenShift definitions + used to deploy some runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should be deployed\ + \ during startup. \n Default value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added to Kubernetes + Ingress or Openshift Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes. \n Examples\ + \ of Che-specific attributes: \n - cookiesAuthEnabled:\ + \ \"true\" / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + default: public + description: "Describes how the endpoint should\ + \ be exposed on the network. \n - `public`\ + \ means that the endpoint will be exposed\ + \ on the public network, typically through\ + \ a K8S ingress or an OpenShift route. \n\ + \ - `internal` means that the endpoint will\ + \ be exposed internally outside of the main\ + \ devworkspace POD, typically by K8S services,\ + \ to be consumed by other elements running\ + \ on the same cloud internal network. \n -\ + \ `none` means that the endpoint will not\ + \ be exposed and will only be accessible inside\ + \ the main devworkspace POD, on a local address.\ + \ \n Default value is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint URL + type: string + protocol: + default: http + description: "Describes the application and\ + \ transport protocols of the traffic that\ + \ will go through this endpoint. \n - `http`:\ + \ Endpoint will have `http` traffic, typically\ + \ on a TCP connection. It will be automaticaly\ + \ promoted to `https` when the `secure` field\ + \ is set to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically on\ + \ a TCP connection. \n - `ws`: Endpoint will\ + \ have `ws` traffic, typically on a TCP connection.\ + \ It will be automaticaly promoted to `wss`\ + \ when the `secure` field is set to `true`.\ + \ \n - `wss`: Endpoint will have `wss` traffic,\ + \ typically on a TCP connection. \n - `tcp`:\ + \ Endpoint will have traffic on a TCP connection,\ + \ without specifying an application protocol.\ + \ \n - `udp`: Endpoint will have traffic on\ + \ an UDP connection, without specifying an\ + \ application protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the endpoint + should be secured and protected by some authentication + process. This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used within the + container component. The same port cannot + be used by two different container components. + type: integer + required: + - name + - targetPort + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched from a uri. + type: string + type: object + plugin: + description: "Allows importing a plugin. \n Plugins are\ + \ mainly imported devfiles that contribute components,\ + \ commands and events as a consistent single unit. They\ + \ are defined in either YAML files following the devfile\ + \ syntax, or as `DevWorkspaceTemplate` Kubernetes Custom\ + \ Resources" + properties: + commands: + description: Overrides of commands encapsulated in + a parent devfile or a plugin. Overriding is done + according to K8S strategic merge patch standard + rules. + items: + properties: + apply: + description: "Command that consists in applying\ + \ a given component definition, typically\ + \ bound to a devworkspace event. \n For example,\ + \ when an `apply` command is bound to a `preStart`\ + \ event, and references a `container` component,\ + \ it will start the container as a K8S initContainer\ + \ in the devworkspace POD, unless the component\ + \ has its `dedicatedPod` field set to `true`.\ + \ \n When no `apply` command exist for a given\ + \ component, it is assumed the component will\ + \ be applied at devworkspace start by default,\ + \ unless `deployByDefault` for that component\ + \ is set to false." + properties: + component: + description: Describes component that will + be applied + type: string + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides + a label for this command to be used in + Editor UI menus for example + type: string + type: object + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + commandType: + description: Type of devworkspace command + enum: + - Exec + - Apply + - Composite + type: string + composite: + description: Composite command that allows executing + several sub-commands either sequentially or + concurrently + properties: + commands: + description: The commands that comprise + this composite command + items: + type: string + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + label: + description: Optional label that provides + a label for this command to be used in + Editor UI menus for example + type: string + parallel: + description: Indicates if the sub-commands + should be executed concurrently + type: boolean + type: object + exec: + description: CLI Command executed in an existing + component container + properties: + commandLine: + description: "The actual command-line string\ + \ \n Special variables that can be used:\ + \ \n - `$PROJECTS_ROOT`: A path where\ + \ projects sources are mounted as defined\ + \ by container component's sourceMapping.\ + \ \n - `$PROJECT_SOURCE`: A path to a\ + \ project source ($PROJECTS_ROOT/).\ + \ If there are multiple projects, this\ + \ will point to the directory of the first\ + \ one." + type: string + component: + description: Describes component to which + given action relates + type: string + env: + description: Optional list of environment + variables that have to be set before running + the command + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + group: + description: Defines the group this command + is part of + properties: + isDefault: + description: Identifies the default + command for a given group kind + type: boolean + kind: + description: Kind of group the command + is part of + enum: + - build + - run + - test + - debug + - deploy + type: string + type: object + hotReloadCapable: + description: "Specify whether the command\ + \ is restarted or not when the source\ + \ code changes. If set to `true` the command\ + \ won't be restarted. A *hotReloadCapable*\ + \ `run` or `debug` command is expected\ + \ to handle file changes on its own and\ + \ won't be restarted. A *hotReloadCapable*\ + \ `build` command is expected to be executed\ + \ only once and won't be executed again.\ + \ This field is taken into account only\ + \ for commands `build`, `run` and `debug`\ + \ with `isDefault` set to `true`. \n Default\ + \ value is `false`" + type: boolean + label: + description: Optional label that provides + a label for this command to be used in + Editor UI menus for example + type: string + workingDir: + description: "Working directory where the\ + \ command should be executed \n Special\ + \ variables that can be used: \n - `$PROJECTS_ROOT`:\ + \ A path where projects sources are mounted\ + \ as defined by container component's\ + \ sourceMapping. \n - `$PROJECT_SOURCE`:\ + \ A path to a project source ($PROJECTS_ROOT/).\ + \ If there are multiple projects, this\ + \ will point to the directory of the first\ + \ one." + type: string + type: object + id: + description: Mandatory identifier that allows + referencing this command in composite commands, + from a parent, or in events. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - id + type: object + type: array + components: + description: Overrides of components encapsulated + in a parent devfile or a plugin. Overriding is done + according to K8S strategic merge patch standard + rules. + items: + properties: + attributes: + description: Map of implementation-dependant + free-form YAML attributes. + type: object + x-kubernetes-preserve-unknown-fields: true + componentType: + description: Type of component + enum: + - Container + - Kubernetes + - Openshift + - Volume + - Image + type: string + container: + description: Allows adding and configuring devworkspace-related + containers + properties: + annotation: + description: Annotations that should be + added to specific resources for this container + properties: + deployment: + additionalProperties: + type: string + description: Annotations to be added + to deployment + type: object + service: + additionalProperties: + type: string + description: Annotations to be added + to service + type: object + type: object + args: + description: "The arguments to supply to\ + \ the command running the dockerimage\ + \ component. The arguments are supplied\ + \ either to the default command provided\ + \ in the image or to the overridden command.\ + \ \n Defaults to an empty array, meaning\ + \ use whatever is defined in the image." + items: + type: string + type: array + command: + description: "The command to run in the\ + \ dockerimage component instead of the\ + \ default one provided in the image. \n\ + \ Defaults to an empty array, meaning\ + \ use whatever is defined in the image." + items: + type: string + type: array + cpuLimit: + type: string + cpuRequest: + type: string + dedicatedPod: + description: "Specify if a container should\ + \ run in its own separated pod, instead\ + \ of running as part of the main development\ + \ environment pod. \n Default value is\ + \ `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes.\ + \ \n Examples of Che-specific attributes:\ + \ \n - cookiesAuthEnabled: \"true\"\ + \ / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint\ + \ should be exposed on the network.\ + \ \n - `public` means that the endpoint\ + \ will be exposed on the public\ + \ network, typically through a K8S\ + \ ingress or an OpenShift route.\ + \ \n - `internal` means that the\ + \ endpoint will be exposed internally\ + \ outside of the main devworkspace\ + \ POD, typically by K8S services,\ + \ to be consumed by other elements\ + \ running on the same cloud internal\ + \ network. \n - `none` means that\ + \ the endpoint will not be exposed\ + \ and will only be accessible inside\ + \ the main devworkspace POD, on\ + \ a local address. \n Default value\ + \ is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: "Describes the application\ + \ and transport protocols of the\ + \ traffic that will go through this\ + \ endpoint. \n - `http`: Endpoint\ + \ will have `http` traffic, typically\ + \ on a TCP connection. It will be\ + \ automaticaly promoted to `https`\ + \ when the `secure` field is set\ + \ to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically\ + \ on a TCP connection. \n - `ws`:\ + \ Endpoint will have `ws` traffic,\ + \ typically on a TCP connection.\ + \ It will be automaticaly promoted\ + \ to `wss` when the `secure` field\ + \ is set to `true`. \n - `wss`:\ + \ Endpoint will have `wss` traffic,\ + \ typically on a TCP connection.\ + \ \n - `tcp`: Endpoint will have\ + \ traffic on a TCP connection, without\ + \ specifying an application protocol.\ + \ \n - `udp`: Endpoint will have\ + \ traffic on an UDP connection,\ + \ without specifying an application\ + \ protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the + endpoint should be secured and protected + by some authentication process. + This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used + within the container component. + The same port cannot be used by + two different container components. + type: integer + required: + - name + type: object + type: array + env: + description: "Environment variables used\ + \ in this container. \n The following\ + \ variables are reserved and cannot be\ + \ overridden via env: \n - `$PROJECTS_ROOT`\ + \ \n - `$PROJECT_SOURCE`" + items: + properties: + name: + type: string + value: + type: string + required: + - name + type: object + type: array + image: + type: string + memoryLimit: + type: string + memoryRequest: + type: string + mountSources: + description: "Toggles whether or not the\ + \ project source code should be mounted\ + \ in the component. \n Defaults to true\ + \ for all component types except plugins\ + \ and components that set `dedicatedPod`\ + \ to true." + type: boolean + sourceMapping: + description: Optional specification of the + path in the container where project sources + should be transferred/mounted when `mountSources` + is `true`. When omitted, the default value + of /projects is used. + type: string + volumeMounts: + description: List of volumes mounts that + should be mounted is this container. + items: + description: Volume that should be mounted + to a component container + properties: + name: + description: The volume mount name + is the name of an existing `Volume` + component. If several containers + mount the same volume name then + they will reuse the same volume + and will be able to access to the + same files. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: The path in the component + container where the volume should + be mounted. If not path is mentioned, + default path is the is `/`. + type: string + required: + - name + type: object + type: array + type: object + image: + description: Allows specifying the definition + of an image for outer loop builds + properties: + autoBuild: + description: "Defines if the image should\ + \ be built during startup. \n Default\ + \ value is `false`" + type: boolean + dockerfile: + description: Allows specifying dockerfile + type build + properties: + args: + description: The arguments to supply + to the dockerfile build. + items: + type: string + type: array + buildContext: + description: Path of source directory + to establish build context. Defaults + to ${PROJECT_SOURCE} in the container + type: string + devfileRegistry: + description: Dockerfile's Devfile Registry + source + properties: + id: + description: Id in a devfile registry + that contains a Dockerfile. The + src in the OCI registry required + for the Dockerfile build will + be downloaded for building the + image. + type: string + registryUrl: + description: Devfile Registry URL + to pull the Dockerfile from when + using the Devfile Registry as + Dockerfile src. To ensure the + Dockerfile gets resolved consistently + in different environments, it + is recommended to always specify + the `devfileRegistryUrl` when + `Id` is used. + type: string + type: object + git: + description: Dockerfile's Git source + properties: + checkoutFrom: + description: Defines from what the + project should be checked out. + Required if there are more than + one remote configured + properties: + remote: + description: The remote name + should be used as init. Required + if there are more than one + remote configured + type: string + revision: + description: The revision to + checkout from. Should be branch + name, tag or commit id. Default + branch is used if missing + or specified revision is not + found. + type: string + type: object + fileLocation: + description: Location of the Dockerfile + in the Git repository when using + git as Dockerfile src. Defaults + to Dockerfile. + type: string + remotes: + additionalProperties: + type: string + description: The remotes map which + should be initialized in the git + project. Projects must have at + least one remote configured while + StarterProjects & Image Component's + Git source can only have at most + one remote configured. + type: object + type: object + rootRequired: + description: "Specify if a privileged\ + \ builder pod is required. \n Default\ + \ value is `false`" + type: boolean + srcType: + description: Type of Dockerfile src + enum: + - Uri + - DevfileRegistry + - Git + type: string + uri: + description: URI Reference of a Dockerfile. + It can be a full URL or a relative + URI from the current devfile as the + base URI. + type: string + type: object + imageName: + description: Name of the image for the resulting + outerloop build + type: string + imageType: + description: Type of image + enum: + - Dockerfile + - AutoBuild + type: string + type: object + kubernetes: + description: Allows importing into the devworkspace + the Kubernetes resources defined in a given + manifest. For example this allows reusing + the Kubernetes definitions used to deploy + some runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should\ + \ be deployed during startup. \n Default\ + \ value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes.\ + \ \n Examples of Che-specific attributes:\ + \ \n - cookiesAuthEnabled: \"true\"\ + \ / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint\ + \ should be exposed on the network.\ + \ \n - `public` means that the endpoint\ + \ will be exposed on the public\ + \ network, typically through a K8S\ + \ ingress or an OpenShift route.\ + \ \n - `internal` means that the\ + \ endpoint will be exposed internally\ + \ outside of the main devworkspace\ + \ POD, typically by K8S services,\ + \ to be consumed by other elements\ + \ running on the same cloud internal\ + \ network. \n - `none` means that\ + \ the endpoint will not be exposed\ + \ and will only be accessible inside\ + \ the main devworkspace POD, on\ + \ a local address. \n Default value\ + \ is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: "Describes the application\ + \ and transport protocols of the\ + \ traffic that will go through this\ + \ endpoint. \n - `http`: Endpoint\ + \ will have `http` traffic, typically\ + \ on a TCP connection. It will be\ + \ automaticaly promoted to `https`\ + \ when the `secure` field is set\ + \ to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically\ + \ on a TCP connection. \n - `ws`:\ + \ Endpoint will have `ws` traffic,\ + \ typically on a TCP connection.\ + \ It will be automaticaly promoted\ + \ to `wss` when the `secure` field\ + \ is set to `true`. \n - `wss`:\ + \ Endpoint will have `wss` traffic,\ + \ typically on a TCP connection.\ + \ \n - `tcp`: Endpoint will have\ + \ traffic on a TCP connection, without\ + \ specifying an application protocol.\ + \ \n - `udp`: Endpoint will have\ + \ traffic on an UDP connection,\ + \ without specifying an application\ + \ protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the + endpoint should be secured and protected + by some authentication process. + This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used + within the container component. + The same port cannot be used by + two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + name: + description: Mandatory name that allows referencing + the component from other elements (such as + commands) or from an external devfile that + may reference this component through a parent + or a plugin. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + openshift: + description: Allows importing into the devworkspace + the OpenShift resources defined in a given + manifest. For example this allows reusing + the OpenShift definitions used to deploy some + runtime components in production. + properties: + deployByDefault: + description: "Defines if the component should\ + \ be deployed during startup. \n Default\ + \ value is `false`" + type: boolean + endpoints: + items: + properties: + annotation: + additionalProperties: + type: string + description: Annotations to be added + to Kubernetes Ingress or Openshift + Route + type: object + attributes: + description: "Map of implementation-dependant\ + \ string-based free-form attributes.\ + \ \n Examples of Che-specific attributes:\ + \ \n - cookiesAuthEnabled: \"true\"\ + \ / \"false\", \n - type: \"terminal\"\ + \ / \"ide\" / \"ide-dev\"," + type: object + x-kubernetes-preserve-unknown-fields: true + exposure: + description: "Describes how the endpoint\ + \ should be exposed on the network.\ + \ \n - `public` means that the endpoint\ + \ will be exposed on the public\ + \ network, typically through a K8S\ + \ ingress or an OpenShift route.\ + \ \n - `internal` means that the\ + \ endpoint will be exposed internally\ + \ outside of the main devworkspace\ + \ POD, typically by K8S services,\ + \ to be consumed by other elements\ + \ running on the same cloud internal\ + \ network. \n - `none` means that\ + \ the endpoint will not be exposed\ + \ and will only be accessible inside\ + \ the main devworkspace POD, on\ + \ a local address. \n Default value\ + \ is `public`" + enum: + - public + - internal + - none + type: string + name: + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + path: + description: Path of the endpoint + URL + type: string + protocol: + description: "Describes the application\ + \ and transport protocols of the\ + \ traffic that will go through this\ + \ endpoint. \n - `http`: Endpoint\ + \ will have `http` traffic, typically\ + \ on a TCP connection. It will be\ + \ automaticaly promoted to `https`\ + \ when the `secure` field is set\ + \ to `true`. \n - `https`: Endpoint\ + \ will have `https` traffic, typically\ + \ on a TCP connection. \n - `ws`:\ + \ Endpoint will have `ws` traffic,\ + \ typically on a TCP connection.\ + \ It will be automaticaly promoted\ + \ to `wss` when the `secure` field\ + \ is set to `true`. \n - `wss`:\ + \ Endpoint will have `wss` traffic,\ + \ typically on a TCP connection.\ + \ \n - `tcp`: Endpoint will have\ + \ traffic on a TCP connection, without\ + \ specifying an application protocol.\ + \ \n - `udp`: Endpoint will have\ + \ traffic on an UDP connection,\ + \ without specifying an application\ + \ protocol. \n Default value is\ + \ `http`" + enum: + - http + - https + - ws + - wss + - tcp + - udp + type: string + secure: + description: Describes whether the + endpoint should be secured and protected + by some authentication process. + This requires a protocol of `https` + or `wss`. + type: boolean + targetPort: + description: Port number to be used + within the container component. + The same port cannot be used by + two different container components. + type: integer + required: + - name + type: object + type: array + inlined: + description: Inlined manifest + type: string + locationType: + description: Type of Kubernetes-like location + enum: + - Uri + - Inlined + type: string + uri: + description: Location in a file fetched + from a uri. + type: string + type: object + volume: + description: Allows specifying the definition + of a volume shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored + persistently across restarts. Defaults + to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + id: + description: Id in a registry that contains a Devfile + yaml file + type: string + importReferenceType: + description: type of location from where the referenced + template structure should be retrieved + enum: + - Uri + - Id + - Kubernetes + type: string + kubernetes: + description: Reference to a Kubernetes CRD of type + DevWorkspaceTemplate + properties: + name: + type: string + namespace: + type: string + required: + - name + type: object + registryUrl: + description: Registry URL to pull the parent devfile + from when using id in the parent reference. To ensure + the parent devfile gets resolved consistently in + different environments, it is recommended to always + specify the `registryUrl` when `id` is used. + type: string + uri: + description: URI Reference of a parent devfile YAML + file. It can be a full URL or a relative URI with + the current devfile as the base URI. + type: string + version: + description: Specific stack/sample version to pull + the parent devfile from, when using id in the parent + reference. To specify `version`, `id` must be defined + and used as the import reference source. `version` + can be either a specific stack version, or `latest`. + If no `version` specified, default version will + be used. + pattern: ^(latest)|(([1-9])\.([0-9]+)\.([0-9]+)(\-[0-9a-z-]+(\.[0-9a-z-]+)*)?(\+[0-9A-Za-z-]+(\.[0-9A-Za-z-]+)*)?)$ + type: string + type: object + volume: + description: Allows specifying the definition of a volume + shared by several other components + properties: + ephemeral: + description: Ephemeral volumes are not stored persistently + across restarts. Defaults to false + type: boolean + size: + description: Size of the volume + type: string + type: object + required: + - name + type: object + type: array + defaultEditor: + description: The default editor to workspace create with. It + could be a plugin ID or a URI. The plugin ID must have `publisher/plugin/version` + format. The URI must start from `http://` or `https://`. + type: string + defaultNamespace: + default: + autoProvision: true + template: -che + description: User's default namespace. + properties: + autoProvision: + default: true + description: Indicates if is allowed to automatically create + a user namespace. If it set to false, then user namespace + must be pre-created by a cluster administrator. + type: boolean + template: + default: -che + description: If you don't create the user namespaces in + advance, this field defines the Kubernetes namespace created + when you start your first workspace. You can use `` + and `` placeholders, such as che-workspace-. + pattern: | + type: string + type: object + defaultPlugins: + description: Default plug-ins applied to DevWorkspaces. + items: + properties: + editor: + description: The editor ID to specify default plug-ins + for. + type: string + plugins: + description: Default plug-in URIs for the specified editor. + items: + type: string + type: array + type: object + type: array + deploymentStrategy: + description: DeploymentStrategy defines the deployment strategy + to use to replace existing workspace pods with new ones. The + available deployment stragies are `Recreate` and `RollingUpdate`. + With the `Recreate` deployment strategy, the existing workspace + pod is killed before the new one is created. With the `RollingUpdate` + deployment strategy, a new workspace pod is created and the + existing workspace pod is deleted only when the new workspace + pod is in a ready state. If not specified, the default `Recreate` + deployment strategy is used. + enum: + - Recreate + - RollingUpdate + type: string + disableContainerBuildCapabilities: + description: "Disables the container build capabilities. When\ + \ set to `false` (the default value), the devEnvironments.security.containerSecurityContext\ + \ field is ignored, and the following container SecurityContext\ + \ is applied: \n containerSecurityContext: allowPrivilegeEscalation:\ + \ true capabilities: add: - SETGID - SETUID" + type: boolean + gatewayContainer: + description: GatewayContainer configuration. + properties: + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave it empty + to use the default container image provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value is `Always` + for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + description: Describes the maximum amount of compute + resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 cores) If + the value is not specified, then the default value + is set depending on the component. If value is + `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) If the value is not + specified, then the default value is set depending + on the component. If value is `0`, then no value + is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount of compute + resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 cores) If + the value is not specified, then the default value + is set depending on the component. If value is + `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) If the value is not + specified, then the default value is set depending + on the component. If value is `0`, then no value + is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + imagePullPolicy: + description: ImagePullPolicy defines the imagePullPolicy used + for containers in a DevWorkspace. + enum: + - Always + - IfNotPresent + - Never + type: string + maxNumberOfRunningWorkspacesPerUser: + description: The maximum number of running workspaces per user. + The value, -1, allows users to run an unlimited number of + workspaces. + format: int64 + minimum: -1 + type: integer + maxNumberOfWorkspacesPerUser: + default: -1 + description: Total number of workspaces, both stopped and running, + that a user can keep. The value, -1, allows users to keep + an unlimited number of workspaces. + format: int64 + minimum: -1 + type: integer + nodeSelector: + additionalProperties: + type: string + description: The node selector limits the nodes that can run + the workspace pods. + type: object + persistUserHome: + description: PersistUserHome defines configuration options for + persisting the user home directory in workspaces. + properties: + enabled: + description: Determines whether the user home directory + in workspaces should persist between workspace shutdown + and startup. Must be used with the 'per-user' or 'per-workspace' + PVC strategy in order to take effect. Disabled by default. + type: boolean + type: object + podSchedulerName: + description: Pod scheduler for the workspace pods. If not specified, + the pod scheduler is set to the default scheduler on the cluster. + type: string + projectCloneContainer: + description: Project clone container configuration. + properties: + env: + description: List of environment variables to set in the + container. + items: + description: EnvVar represents an environment variable + present in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are + expanded using the previously defined environment + variables in the container and any service environment + variables. If a variable cannot be resolved, the + reference in the input string will be unchanged. + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of + whether the variable exists or not. Defaults to + "".' + type: string + valueFrom: + description: Source for the environment variable's + value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap + or its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for + volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the + pod's namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or + its key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave it empty + to use the default container image provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value is `Always` + for `nightly`, `next` or `latest` images, and `IfNotPresent` + in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by this container. + properties: + limits: + description: Describes the maximum amount of compute + resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 cores) If + the value is not specified, then the default value + is set depending on the component. If value is + `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) If the value is not + specified, then the default value is set depending + on the component. If value is `0`, then no value + is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount of compute + resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m = .5 cores) If + the value is not specified, then the default value + is set depending on the component. If value is + `0`, then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) If the value is not + specified, then the default value is set depending + on the component. If value is `0`, then no value + is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + secondsOfInactivityBeforeIdling: + default: 1800 + description: Idle timeout for workspaces in seconds. This timeout + is the duration after which a workspace will be idled if there + is no activity. To disable workspace idling due to inactivity, + set this value to -1. + format: int32 + type: integer + secondsOfRunBeforeIdling: + default: -1 + description: Run timeout for workspaces in seconds. This timeout + is the maximum duration a workspace runs. To disable workspace + run timeout, set this value to -1. + format: int32 + type: integer + security: + description: Workspace security configuration. + properties: + containerSecurityContext: + description: Container SecurityContext used by all workspace-related + containers. If set, defined values are merged into the + default Container SecurityContext configuration. Requires + devEnvironments.disableContainerBuildCapabilities to be + set to `true` in order to take effect. + properties: + allowPrivilegeEscalation: + description: 'AllowPrivilegeEscalation controls whether + a process can gain more privileges than its parent + process. This bool directly controls if the no_new_privs + flag will be set on the container process. AllowPrivilegeEscalation + is true always when the container is: 1) run as Privileged + 2) has CAP_SYS_ADMIN Note that this field cannot be + set when spec.os.name is windows.' + type: boolean + capabilities: + description: The capabilities to add/drop when running + containers. Defaults to the default set of capabilities + granted by the container runtime. Note that this field + cannot be set when spec.os.name is windows. + properties: + add: + description: Added capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + drop: + description: Removed capabilities + items: + description: Capability represent POSIX capabilities + type + type: string + type: array + type: object + privileged: + description: Run container in privileged mode. Processes + in privileged containers are essentially equivalent + to root on the host. Defaults to false. Note that + this field cannot be set when spec.os.name is windows. + type: boolean + procMount: + description: procMount denotes the type of proc mount + to use for the containers. The default is DefaultProcMount + which uses the container runtime defaults for readonly + paths and masked paths. This requires the ProcMountType + feature flag to be enabled. Note that this field cannot + be set when spec.os.name is windows. + type: string + readOnlyRootFilesystem: + description: Whether this container has a read-only + root filesystem. Default is false. Note that this + field cannot be set when spec.os.name is windows. + type: boolean + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in PodSecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if + it does. If unset or false, no such validation will + be performed. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in PodSecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to the + container. If unspecified, the container runtime will + allocate a random SELinux context for each container. May + also be set in PodSecurityContext. If set in both + SecurityContext and PodSecurityContext, the value + specified in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name is + windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by this container. + If seccomp options are provided at both the pod & + container level, the container options override the + pod options. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp\ + \ profile will be applied. Valid options are:\ + \ \n Localhost - a profile defined in a file on\ + \ the node should be used. RuntimeDefault - the\ + \ container runtime default profile should be\ + \ used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options from the + PodSecurityContext will be used. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence. Note that this field cannot be set + when spec.os.name is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the + Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + podSecurityContext: + description: PodSecurityContext used by all workspace-related + pods. If set, defined values are merged into the default + PodSecurityContext configuration. + properties: + fsGroup: + description: "A special supplemental group that applies\ + \ to all containers in a pod. Some volume types allow\ + \ the Kubelet to change the ownership of that volume\ + \ to be owned by the pod: \n 1. The owning GID will\ + \ be the FSGroup 2. The setgid bit is set (new files\ + \ created in the volume will be owned by FSGroup)\ + \ 3. The permission will not modify the ownership\ + \ and permissions of any volume. Note that this field\ + \ cannot be set when spec.os.name is windows." + format: int64 + type: integer + fsGroupChangePolicy: + description: 'fsGroupChangePolicy defines behavior of + changing ownership and permission of the volume before + being exposed inside Pod. This field will only apply + to volume types which support fsGroup based ownership(and + permissions). It will have no effect on ephemeral + volume types such as: secret, configmaps and emptydir. + Valid values are "OnRootMismatch" and "Always". If + not specified, "Always" is used. Note that this field + cannot be set when spec.os.name is windows.' + type: string + runAsGroup: + description: The GID to run the entrypoint of the container + process. Uses runtime default if unset. May also be + set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + format: int64 + type: integer + runAsNonRoot: + description: Indicates that the container must run as + a non-root user. If true, the Kubelet will validate + the image at runtime to ensure that it does not run + as UID 0 (root) and fail to start the container if + it does. If unset or false, no such validation will + be performed. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container + process. Defaults to user specified in image metadata + if unspecified. May also be set in SecurityContext. If + set in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence + for that container. Note that this field cannot be + set when spec.os.name is windows. + format: int64 + type: integer + seLinuxOptions: + description: The SELinux context to be applied to all + containers. If unspecified, the container runtime + will allocate a random SELinux context for each container. May + also be set in SecurityContext. If set in both SecurityContext + and PodSecurityContext, the value specified in SecurityContext + takes precedence for that container. Note that this + field cannot be set when spec.os.name is windows. + properties: + level: + description: Level is SELinux level label that applies + to the container. + type: string + role: + description: Role is a SELinux role label that applies + to the container. + type: string + type: + description: Type is a SELinux type label that applies + to the container. + type: string + user: + description: User is a SELinux user label that applies + to the container. + type: string + type: object + seccompProfile: + description: The seccomp options to use by the containers + in this pod. Note that this field cannot be set when + spec.os.name is windows. + properties: + localhostProfile: + description: localhostProfile indicates a profile + defined in a file on the node should be used. + The profile must be preconfigured on the node + to work. Must be a descending path, relative to + the kubelet's configured seccomp profile location. + Must only be set if type is "Localhost". + type: string + type: + description: "type indicates which kind of seccomp\ + \ profile will be applied. Valid options are:\ + \ \n Localhost - a profile defined in a file on\ + \ the node should be used. RuntimeDefault - the\ + \ container runtime default profile should be\ + \ used. Unconfined - no profile should be applied." + type: string + required: + - type + type: object + supplementalGroups: + description: A list of groups applied to the first process + run in each container, in addition to the container's + primary GID, the fsGroup (if specified), and group + memberships defined in the container image for the + uid of the container process. If unspecified, no additional + groups are added to any container. Note that group + memberships defined in the container image for the + uid of the container process are still effective, + even if they are not included in this list. Note that + this field cannot be set when spec.os.name is windows. + items: + format: int64 + type: integer + type: array + sysctls: + description: Sysctls hold a list of namespaced sysctls + used for the pod. Pods with unsupported sysctls (by + the container runtime) might fail to launch. Note + that this field cannot be set when spec.os.name is + windows. + items: + description: Sysctl defines a kernel parameter to + be set + properties: + name: + description: Name of a property to set + type: string + value: + description: Value of a property to set + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + description: The Windows specific settings applied to + all containers. If unspecified, the options within + a container's SecurityContext will be used. If set + in both SecurityContext and PodSecurityContext, the + value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. + properties: + gmsaCredentialSpec: + description: GMSACredentialSpec is where the GMSA + admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) + inlines the contents of the GMSA credential spec + named by the GMSACredentialSpecName field. + type: string + gmsaCredentialSpecName: + description: GMSACredentialSpecName is the name + of the GMSA credential spec to use. + type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. This + field is alpha-level and will only be honored + by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the feature + flag will result in errors when validating the + Pod. All of a Pod's containers must have the same + effective HostProcess value (it is not allowed + to have a mix of HostProcess containers and non-HostProcess + containers). In addition, if HostProcess is true + then HostNetwork must also be set to true. + type: boolean + runAsUserName: + description: The UserName in Windows to run the + entrypoint of the container process. Defaults + to the user specified in image metadata if unspecified. + May also be set in PodSecurityContext. If set + in both SecurityContext and PodSecurityContext, + the value specified in SecurityContext takes precedence. + type: string + type: object + type: object + type: object + serviceAccount: + description: ServiceAccount to use by the DevWorkspace operator + when starting the workspaces. + maxLength: 63 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + serviceAccountTokens: + description: List of ServiceAccount tokens that will be mounted + into workspace pods as projected volumes. + items: + properties: + audience: + description: Audience is the intended audience of the + token. A recipient of a token must identify itself with + an identifier specified in the audience of the token, + and otherwise should reject the token. The audience + defaults to the identifier of the apiserver. + type: string + expirationSeconds: + default: 3600 + description: ExpirationSeconds is the requested duration + of validity of the service account token. As the token + approaches expiration, the kubelet volume plugin will + proactively rotate the service account token. The kubelet + will start trying to rotate the token if the token is + older than 80 percent of its time to live or if the + token is older than 24 hours. Defaults to 1 hour and + must be at least 10 minutes. + format: int64 + minimum: 600 + type: integer + mountPath: + description: Path within the workspace container at which + the token should be mounted. Must not contain ':'. + type: string + name: + description: Identifiable name of the ServiceAccount token. + If multiple ServiceAccount tokens use the same mount + path, a generic name will be used for the projected + volume instead. + type: string + path: + description: Path is the path relative to the mount point + of the file to project the token into. + type: string + required: + - mountPath + - name + - path + type: object + type: array + startTimeoutSeconds: + default: 300 + description: StartTimeoutSeconds determines the maximum duration + (in seconds) that a workspace can take to start before it + is automatically failed. If not specified, the default value + of 300 seconds (5 minutes) is used. + format: int32 + minimum: 1 + type: integer + storage: + default: + pvcStrategy: per-user + description: Workspaces persistent storage. + properties: + perUserStrategyPvcConfig: + description: PVC settings when using the `per-user` PVC + strategy. + properties: + claimSize: + description: Persistent Volume Claim size. To update + the claim size, the storage class that provisions + it must support resizing. + type: string + storageClass: + description: Storage class for the Persistent Volume + Claim. When omitted or left blank, a default storage + class is used. + type: string + type: object + perWorkspaceStrategyPvcConfig: + description: PVC settings when using the `per-workspace` + PVC strategy. + properties: + claimSize: + description: Persistent Volume Claim size. To update + the claim size, the storage class that provisions + it must support resizing. + type: string + storageClass: + description: Storage class for the Persistent Volume + Claim. When omitted or left blank, a default storage + class is used. + type: string + type: object + pvcStrategy: + default: per-user + description: 'Persistent volume claim strategy for the Che + server. The supported strategies are: `per-user` (all + workspaces PVCs in one volume), `per-workspace` (each + workspace is given its own individual PVC) and `ephemeral` + (non-persistent storage where local changes will be lost + when the workspace is stopped.)' + enum: + - common + - per-user + - per-workspace + - ephemeral + type: string + type: object + tolerations: + description: The pod tolerations of the workspace pods limit + where the workspace pods can run. + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + trustedCerts: + description: Trusted certificate settings. + properties: + gitTrustedCertsConfigMapName: + description: 'The ConfigMap contains certificates to propagate + to the Che components and to provide a particular configuration + for Git. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/ + The ConfigMap must have a `app.kubernetes.io/part-of=che.eclipse.org` + label.' + type: string + type: object + user: + description: User configuration. + properties: + clusterRoles: + description: Additional ClusterRoles assigned to the user. + The role must have `app.kubernetes.io/part-of=che.eclipse.org` + label. + items: + type: string + type: array + type: object + type: object + gitServices: + description: A configuration that allows users to work with remote + Git repositories. + properties: + azure: + description: Enables users to work with repositories hosted + on Azure DevOps Service (dev.azure.com). + items: + description: AzureDevOpsService enables users to work with + repositories hosted on Azure DevOps Service (dev.azure.com). + properties: + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + Azure DevOps Service Application ID and Client Secret. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-microsoft-azure-devops-services' + type: string + required: + - secretName + type: object + type: array + bitbucket: + description: Enables users to work with repositories hosted + on Bitbucket (bitbucket.org or self-hosted). + items: + description: BitBucketService enables users to work with repositories + hosted on Bitbucket (bitbucket.org or self-hosted). + properties: + endpoint: + description: 'Bitbucket server endpoint URL. Deprecated + in favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/.' + type: string + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + Bitbucket OAuth 1.0 or OAuth 2.0 data. See the following + pages for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-1-for-a-bitbucket-server/ + and https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-the-bitbucket-cloud/.' + type: string + required: + - secretName + type: object + type: array + github: + description: Enables users to work with repositories hosted + on GitHub (github.com or GitHub Enterprise). + items: + description: GitHubService enables users to work with repositories + hosted on GitHub (GitHub.com or GitHub Enterprise). + properties: + disableSubdomainIsolation: + description: 'Disables subdomain isolation. Deprecated + in favor of `che.eclipse.org/scm-github-disable-subdomain-isolation` + annotation. See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + type: boolean + endpoint: + description: 'GitHub server endpoint URL. Deprecated in + favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + type: string + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + GitHub OAuth Client id and GitHub OAuth Client secret. + See the following page for details: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-github/.' + type: string + required: + - secretName + type: object + type: array + gitlab: + description: Enables users to work with repositories hosted + on GitLab (gitlab.com or self-hosted). + items: + description: GitLabService enables users to work with repositories + hosted on GitLab (gitlab.com or self-hosted). + properties: + endpoint: + description: 'GitLab server endpoint URL. Deprecated in + favor of `che.eclipse.org/scm-server-endpoint` annotation. + See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + type: string + secretName: + description: 'Kubernetes secret, that contains Base64-encoded + GitHub Application id and GitLab Application Client + secret. See the following page: https://www.eclipse.org/che/docs/stable/administration-guide/configuring-oauth-2-for-gitlab/.' + type: string + required: + - secretName + type: object + type: array + type: object + networking: + default: + auth: + gateway: + configLabels: + app: che + component: che-gateway-config + description: Networking, Che authentication, and TLS configuration. + properties: + annotations: + additionalProperties: + type: string + description: 'Defines annotations which will be set for an Ingress + (a route for OpenShift platform). The defaults for kubernetes + platforms are: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/proxy-read-timeout: "3600", nginx.ingress.kubernetes.io/proxy-connect-timeout: + "3600", nginx.ingress.kubernetes.io/ssl-redirect: "true"' + type: object + auth: + default: + gateway: + configLabels: + app: che + component: che-gateway-config + description: Authentication settings. + properties: + gateway: + default: + configLabels: + app: che + component: che-gateway-config + description: Gateway settings. + properties: + configLabels: + additionalProperties: + type: string + default: + app: che + component: che-gateway-config + description: Gateway configuration labels. + type: object + deployment: + description: 'Deployment override options. Since gateway + deployment consists of several containers, they must + be distinguished in the configuration by their names: + - `gateway` - `configbump` - `oauth-proxy` - `kube-rbac-proxy`' + properties: + containers: + description: List of containers belonging to the + pod. + items: + description: Container custom settings. + properties: + env: + description: List of environment variables + to set in the container. + items: + description: EnvVar represents an environment + variable present in a Container. + properties: + name: + description: Name of the environment + variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) + are expanded using the previously + defined environment variables in the + container and any service environment + variables. If a variable cannot be + resolved, the reference in the input + string will be unchanged. Double $$ + are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: + i.e. "$$(VAR_NAME)" will produce the + string literal "$(VAR_NAME)". Escaped + references will never be expanded, + regardless of whether the variable + exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment + variable's value. Cannot be used if + value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a + ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the ConfigMap or its key must + be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of + the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, + spec.nodeName, spec.serviceAccountName, + status.hostIP, status.podIP, status.podIPs.' + properties: + apiVersion: + description: Version of the + schema the FieldPath is written + in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field + to select in the specified + API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource + of the container: only resources + limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, + requests.cpu, requests.memory + and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: + required for volumes, optional + for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output + format of the exposed resources, + defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource + to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a + secret in the pod's namespace + properties: + key: + description: The key of the + secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. + apiVersion, kind, uid?' + type: string + optional: + description: Specify whether + the Secret or its key must + be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: Container image. Omit it or leave + it empty to use the default container image + provided by the Operator. + type: string + imagePullPolicy: + description: Image pull policy. Default value + is `Always` for `nightly`, `next` or `latest` + images, and `IfNotPresent` in other cases. + enum: + - Always + - IfNotPresent + - Never + type: string + name: + description: Container name. + type: string + resources: + description: Compute resources required by + this container. + properties: + limits: + description: Describes the maximum amount + of compute resources allowed. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m + = .5 cores) If the value is not + specified, then the default value + is set depending on the component. + If value is `0`, then no value is + set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending + on the component. If value is `0`, + then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + request: + description: Describes the minimum amount + of compute resources required. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU, in cores. (500m + = .5 cores) If the value is not + specified, then the default value + is set depending on the component. + If value is `0`, then no value is + set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory, in bytes. (500Gi + = 500GiB = 500 * 1024 * 1024 * 1024) + If the value is not specified, then + the default value is set depending + on the component. If value is `0`, + then no value is set for the component. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + securityContext: + description: Security options the pod should run + with. + properties: + fsGroup: + description: A special supplemental group that + applies to all containers in a pod. The default + value is `1724`. + format: int64 + type: integer + runAsUser: + description: The UID to run the entrypoint of + the container process. The default value is + `1724`. + format: int64 + type: integer + type: object + type: object + kubeRbacProxy: + description: Configuration for kube-rbac-proxy within + the Che gateway pod. + properties: + logLevel: + default: 0 + description: The glog log level for the kube-rbac-proxy + container within the gateway pod. Larger values + represent a higher verbosity. The default value + is `0`. + format: int32 + minimum: 0 + type: integer + type: object + oAuthProxy: + description: Configuration for oauth-proxy within the + Che gateway pod. + properties: + cookieExpireSeconds: + default: 86400 + description: Expire timeframe for cookie. If set + to 0, cookie becomes a session-cookie which will + expire when the browser is closed. + format: int32 + minimum: 0 + type: integer + type: object + traefik: + description: Configuration for Traefik within the Che + gateway pod. + properties: + logLevel: + default: INFO + description: 'The log level for the Traefik container + within the gateway pod: `DEBUG`, `INFO`, `WARN`, + `ERROR`, `FATAL`, or `PANIC`. The default value + is `INFO`' + enum: + - DEBUG + - INFO + - WARN + - ERROR + - FATAL + - PANIC + type: string + type: object + type: object + identityProviderURL: + description: Public URL of the Identity Provider server. + type: string + identityToken: + description: 'Identity token to be passed to upstream. There + are two types of tokens supported: `id_token` and `access_token`. + Default value is `id_token`. This field is specific to + Che installations made for Kubernetes only and ignored + for OpenShift.' + enum: + - id_token + - access_token + type: string + oAuthAccessTokenInactivityTimeoutSeconds: + description: Inactivity timeout for tokens to set in the + OpenShift `OAuthClient` resource used to set up identity + federation on the OpenShift side. 0 means tokens for this + client never time out. + format: int32 + type: integer + oAuthAccessTokenMaxAgeSeconds: + description: Access token max age for tokens to set in the + OpenShift `OAuthClient` resource used to set up identity + federation on the OpenShift side. 0 means no expiration. + format: int32 + type: integer + oAuthClientName: + description: Name of the OpenShift `OAuthClient` resource + used to set up identity federation on the OpenShift side. + type: string + oAuthScope: + description: Access Token Scope. This field is specific + to Che installations made for Kubernetes only and ignored + for OpenShift. + type: string + oAuthSecret: + description: Name of the secret set in the OpenShift `OAuthClient` + resource used to set up identity federation on the OpenShift + side. + type: string + type: object + domain: + description: 'For an OpenShift cluster, the Operator uses the + domain to generate a hostname for the route. The generated + hostname follows this pattern: che-.. + The is the namespace where the CheCluster + CRD is created. In conjunction with labels, it creates a route + served by a non-default Ingress controller. For a Kubernetes + cluster, it contains a global ingress domain. There are no + default values: you must specify them.' + type: string + hostname: + description: The public hostname of the installed Che server. + type: string + ingressClassName: + description: IngressClassName is the name of an IngressClass + cluster resource. If a class name is defined in both the `IngressClassName` + field and the `kubernetes.io/ingress.class` annotation, `IngressClassName` + field takes precedence. + type: string + labels: + additionalProperties: + type: string + description: Defines labels which will be set for an Ingress + (a route for OpenShift platform). + type: object + tlsSecretName: + description: The name of the secret used to set up Ingress TLS + termination. If the field is an empty string, the default + cluster certificate is used. The secret must have a `app.kubernetes.io/part-of=che.eclipse.org` + label. + type: string + type: object + type: object + status: + description: Defines the observed state of Che installation. + properties: + chePhase: + description: Specifies the current phase of the Che deployment. + type: string + cheURL: + description: Public URL of the Che server. + type: string + cheVersion: + description: Currently installed Che version. + type: string + devfileRegistryURL: + description: The public URL of the internal devfile registry. + type: string + gatewayPhase: + description: Specifies the current phase of the gateway deployment. + type: string + message: + description: A human readable message indicating details about why + the Che deployment is in the current phase. + type: string + pluginRegistryURL: + description: The public URL of the internal plug-in registry. + type: string + reason: + description: A brief CamelCase message indicating details about + why the Che deployment is in the current phase. + type: string + workspaceBaseDomain: + description: The resolved workspace base domain. This is either + the copy of the explicitly defined property of the same name in + the spec or, if it is undefined in the spec and we're running + on OpenShift, the automatically resolved basedomain for routes. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/operators/eclipse-che/7.78.0/metadata/annotations.yaml b/operators/eclipse-che/7.78.0/metadata/annotations.yaml new file mode 100644 index 00000000000..1b0ee6d16e8 --- /dev/null +++ b/operators/eclipse-che/7.78.0/metadata/annotations.yaml @@ -0,0 +1,27 @@ +# +# Copyright (c) 2019-2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +annotations: + # Core bundle annotations. + operators.operatorframework.io.bundle.mediatype.v1: registry+v1 + operators.operatorframework.io.bundle.manifests.v1: manifests/ + operators.operatorframework.io.bundle.metadata.v1: metadata/ + operators.operatorframework.io.bundle.package.v1: eclipse-che + operators.operatorframework.io.bundle.channels.v1: stable + operators.operatorframework.io.bundle.channel.default.v1: stable + operators.operatorframework.io.metrics.builder: operator-sdk-v1.9.0+git + operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 + operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 + + # Annotations for testing. + + com.redhat.openshift.versions: "v4.8" \ No newline at end of file diff --git a/operators/eclipse-che/7.78.0/metadata/dependencies.yaml b/operators/eclipse-che/7.78.0/metadata/dependencies.yaml new file mode 100644 index 00000000000..b8ba165d62e --- /dev/null +++ b/operators/eclipse-che/7.78.0/metadata/dependencies.yaml @@ -0,0 +1,17 @@ +# +# Copyright (c) 2019-2023 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +# Contributors: +# Red Hat, Inc. - initial API and implementation +# + +dependencies: +- type: olm.package + value: + packageName: devworkspace-operator + version: ">=0.11.0"