# # Copyright (c) 2019-2021 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ # # SPDX-License-Identifier: EPL-2.0 # # Contributors: # Red Hat, Inc. - initial API and implementation # apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.4.1 creationTimestamp: null name: checlusters.org.eclipse.che spec: group: org.eclipse.che names: kind: CheCluster listKind: CheClusterList plural: checlusters singular: checluster scope: Namespaced versions: - name: v1 schema: openAPIV3Schema: description: The `CheCluster` custom resource allows defining and managing a Che server installation properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Desired configuration of the Che installation. Based on these settings, the Operator automatically creates and maintains several ConfigMaps that will contain the appropriate environment variables the various components of the Che installation. These generated ConfigMaps must NOT be updated manually. properties: auth: description: Configuration settings related to the Authentication used by the Che installation. properties: debug: description: Debug internal identity provider. type: boolean externalIdentityProvider: description: 'Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with: `identityProvider`.' type: boolean gatewayAuthenticationSidecarImage: description: Gateway sidecar responsible for authentication when NativeUserMode is enabled. See link:https://github.com/oauth2-proxy/oauth2-proxy[oauth2-proxy] or link:https://github.com/openshift/oauth-proxy[openshift/oauth-proxy]. type: string gatewayAuthorizationSidecarImage: description: Gateway sidecar responsible for authorization when NativeUserMode is enabled. See link:https://github.com/brancz/kube-rbac-proxy[kube-rbac-proxy] or link:https://github.com/openshift/kube-rbac-proxy[openshift/kube-rbac-proxy] type: string gatewayHeaderRewriteSidecarImage: description: Deprecated. The value of this flag is ignored. Sidecar functionality is now implemented in Traefik plugin. type: string identityProviderAdminUserName: description: Overrides the name of the Identity Provider administrator user. Defaults to `admin`. type: string identityProviderClientId: description: Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. type: string identityProviderContainerResources: description: Identity provider container custom settings. properties: limits: description: Limits describes the maximum amount of compute resources allowed. properties: cpu: description: CPU, in cores. (500m = .5 cores) type: string memory: description: Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) type: string type: object request: description: Requests describes the minimum amount of compute resources required. properties: cpu: description: CPU, in cores. (500m = .5 cores) type: string memory: description: Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) type: string type: object type: object identityProviderImage: description: Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string identityProviderImagePullPolicy: description: Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. type: string identityProviderIngress: description: Ingress custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object identityProviderPassword: description: Overrides the password of Keycloak administrator user. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. type: string identityProviderPostgresPassword: description: Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. type: string identityProviderPostgresSecret: description: 'The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.' type: string identityProviderRealm: description: Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field. type: string identityProviderRoute: description: Route custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object domain: description: 'Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`.' type: string labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object identityProviderSecret: description: 'The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.' type: string identityProviderURL: description: Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. type: string initialOpenShiftOAuthUser: description: For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used. If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider. If the value is false and the user has already been created, then it will be removed. If value is an empty, then do nothing. The user's credentials are stored in the `openshift-oauth-user-credentials` secret in 'openshift-config' namespace by Operator. Note that this solution is Openshift 4 platform-specific. type: boolean nativeUserMode: description: Enables native user mode. Currently works only on OpenShift and DevWorkspace engine. Native User mode uses OpenShift OAuth directly as identity provider, without Keycloak. type: boolean oAuthClientName: description: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field. type: string oAuthSecret: description: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field. type: string openShiftoAuth: description: 'Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard.' type: boolean updateAdminPassword: description: Forces the default `admin` Che user to update password on first login. Defaults to `false`. type: boolean type: object database: description: Configuration settings related to the database used by the Che installation. properties: chePostgresContainerResources: description: PostgreSQL container custom settings properties: limits: description: Limits describes the maximum amount of compute resources allowed. properties: cpu: description: CPU, in cores. (500m = .5 cores) type: string memory: description: Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) type: string type: object request: description: Requests describes the minimum amount of compute resources required. properties: cpu: description: CPU, in cores. (500m = .5 cores) type: string memory: description: Memory, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) type: string type: object type: object chePostgresDb: description: PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`. type: string chePostgresHostName: description: PostgreSQL Database host name that the Che server uses to connect to. Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. type: string chePostgresPassword: description: PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. type: string chePostgresPort: description: PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. type: string chePostgresSecret: description: 'The secret that contains PostgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.' type: string chePostgresUser: description: PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`. type: string externalDb: description: 'Instructs the Operator on whether to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`.' type: boolean postgresImage: description: Overrides the container image used in the PostgreSQL database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string postgresImagePullPolicy: description: Overrides the image pull policy used in the PostgreSQL database deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. type: string postgresVersion: description: 'Indicates a PostgreSQL version image to use. Allowed values are: `9.6` and `13.3`. Migrate your PostgreSQL database to switch from one version to another.' type: string pvcClaimSize: description: Size of the persistent volume claim for database. Defaults to `1Gi`. To update pvc storageclass that provisions it must support resize when Eclipse Che has been already deployed. type: string type: object devWorkspace: description: DevWorkspace operator configuration properties: controllerImage: description: Overrides the container image used in the DevWorkspace controller deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string enable: description: Deploys the DevWorkspace Operator in the cluster. Does nothing when a matching version of the Operator is already installed. Fails when a non-matching version of the Operator is already installed. type: boolean required: - enable type: object imagePuller: description: Kubernetes Image Puller configuration properties: enable: description: Install and configure the Community Supported Kubernetes Image Puller Operator. When set to `true` and no spec is provided, it will create a default KubernetesImagePuller object to be managed by the Operator. When set to `false`, the KubernetesImagePuller object will be deleted, and the Operator will be uninstalled, regardless of whether a spec is provided. If the `spec.images` field is empty, a set of recommended workspace-related images will be automatically detected and pre-pulled after installation. Note that while this Operator and its behavior is community-supported, its payload may be commercially-supported for pulling commercially-supported images. type: boolean spec: description: A KubernetesImagePullerSpec to configure the image puller in the CheCluster properties: affinity: type: string cachingCPULimit: type: string cachingCPURequest: type: string cachingIntervalHours: type: string cachingMemoryLimit: type: string cachingMemoryRequest: type: string configMapName: type: string daemonsetName: type: string deploymentName: type: string imagePullSecrets: type: string imagePullerImage: type: string images: type: string nodeSelector: type: string type: object required: - enable type: object k8s: description: Configuration settings specific to Che installations made on upstream Kubernetes. properties: ingressClass: description: 'Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses.' type: string ingressDomain: description: 'Global ingress domain for a Kubernetes cluster. This MUST be explicitly specified: there are no defaults.' type: string ingressStrategy: description: 'Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence.' type: string securityContextFsGroup: description: The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. type: string securityContextRunAsUser: description: ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. type: string singleHostExposureType: description: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. type: string tlsSecretName: description: Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. type: string type: object metrics: description: Configuration settings related to the metrics collection used by the Che installation. properties: enable: description: Enables `metrics` the Che server endpoint. Default to `true`. type: boolean type: object server: description: General configuration settings related to the Che server, the plugin and devfile registries properties: airGapContainerRegistryHostname: description: Optional host name, or URL, to an alternate container registry to pull images from. This value overrides the container registry host name defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in a restricted environment. type: string airGapContainerRegistryOrganization: description: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Eclipse Che in a restricted environment. type: string allowUserDefinedWorkspaceNamespaces: description: Deprecated. The value of this flag is ignored. Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. type: boolean cheClusterRoles: description: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Each role must have `app.kubernetes.io/part-of=che.eclipse.org` label. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. type: string cheDebug: description: Enables the debug mode for Che server. Defaults to `false`. type: string cheFlavor: description: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for link:https://developers.redhat.com/products/codeready-workspaces/overview[CodeReady Workspaces] installation. Override the default value only on necessary occasions. type: string cheHost: description: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. type: string cheHostTLSSecret: description: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. See the `cheHost` field. type: string cheImage: description: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string cheImagePullPolicy: description: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. type: string cheImageTag: description: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the default image tag provided by the Operator. type: string cheLogLevel: description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`.' type: string cheServerIngress: description: The Che server ingress custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object cheServerRoute: description: The Che server route custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object domain: description: 'Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`.' type: string labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object cheWorkspaceClusterRole: description: Custom cluster role bound to the user for the Che workspaces. The role must have `app.kubernetes.io/part-of=che.eclipse.org` label. The default roles are used when omitted or left blank. type: string customCheProperties: additionalProperties: type: string description: Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, the value defined in the `customCheProperties` is used instead. type: object dashboardCpuLimit: description: Overrides the CPU limit used in the dashboard deployment. In cores. (500m = .5 cores). Default to 500m. type: string dashboardCpuRequest: description: Overrides the CPU request used in the dashboard deployment. In cores. (500m = .5 cores). Default to 100m. type: string dashboardImage: description: Overrides the container image used in the dashboard deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string dashboardImagePullPolicy: description: Overrides the image pull policy used in the dashboard deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. type: string dashboardIngress: description: Dashboard ingress custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object dashboardMemoryLimit: description: Overrides the memory limit used in the dashboard deployment. Defaults to 256Mi. type: string dashboardMemoryRequest: description: Overrides the memory request used in the dashboard deployment. Defaults to 16Mi. type: string dashboardRoute: description: Dashboard route custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object domain: description: 'Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`.' type: string labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object devfileRegistryCpuLimit: description: Overrides the CPU limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. type: string devfileRegistryCpuRequest: description: Overrides the CPU request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. type: string devfileRegistryImage: description: Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string devfileRegistryIngress: description: The devfile registry ingress custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object devfileRegistryMemoryLimit: description: Overrides the memory limit used in the devfile registry deployment. Defaults to 256Mi. type: string devfileRegistryMemoryRequest: description: Overrides the memory request used in the devfile registry deployment. Defaults to 16Mi. type: string devfileRegistryPullPolicy: description: Overrides the image pull policy used in the devfile registry deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. type: string devfileRegistryRoute: description: The devfile registry route custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object domain: description: 'Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`.' type: string labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object devfileRegistryUrl: description: Deprecated in favor of `externalDevfileRegistries` fields. type: string disableInternalClusterSVCNames: description: Disable internal cluster SVC names usage to communicate between components to speed up the traffic and avoid proxy issues. type: boolean externalDevfileRegistries: description: External devfile registries, that serves sample, ready-to-use devfiles. Configure this in addition to a dedicated devfile registry (when `externalDevfileRegistry` is `false`) or instead of it (when `externalDevfileRegistry` is `true`) items: description: Settings for a configuration of the external devfile registries. properties: url: description: Public URL of the devfile registry. type: string type: object type: array externalDevfileRegistry: description: Instructs the Operator on whether to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and configure at least one devfile registry with `externalDevfileRegistries` field. type: boolean externalPluginRegistry: description: Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. type: boolean gitSelfSignedCert: description: When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. Note, the `che-git-self-signed-cert` ConfigMap must have `app.kubernetes.io/part-of=che.eclipse.org` label. type: boolean nonProxyHosts: description: 'List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.' type: string pluginRegistryCpuLimit: description: Overrides the CPU limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. type: string pluginRegistryCpuRequest: description: Overrides the CPU request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. type: string pluginRegistryImage: description: Overrides the container image used in the plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. type: string pluginRegistryIngress: description: Plugin registry ingress custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object pluginRegistryMemoryLimit: description: Overrides the memory limit used in the plugin registry deployment. Defaults to 256Mi. type: string pluginRegistryMemoryRequest: description: Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi. type: string pluginRegistryPullPolicy: description: Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly`, `next` or `latest` images, and `IfNotPresent` in other cases. type: string pluginRegistryRoute: description: Plugin registry route custom settings. properties: annotations: additionalProperties: type: string description: Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. type: object domain: description: 'Operator uses the domain to generate a hostname for a route. In a conjunction with labels it creates a route, which is served by a non-default Ingress controller. The generated host name will follow this pattern: `-.`.' type: string labels: description: Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting. type: string type: object pluginRegistryUrl: description: Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. type: string proxyPassword: description: Password of the proxy server. Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. type: string proxyPort: description: Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. type: string proxySecret: description: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label. type: string proxyURL: description: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. type: string proxyUser: description: User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. type: string selfSignedCert: description: Deprecated. The value of this flag is ignored. The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server. type: boolean serverCpuLimit: description: Overrides the CPU limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. type: string serverCpuRequest: description: Overrides the CPU request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. type: string serverExposureStrategy: description: Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. type: string serverMemoryLimit: description: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. type: string serverMemoryRequest: description: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. type: string serverTrustStoreConfigMapName: description: Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. The Config Map must have `app.kubernetes.io/part-of=che.eclipse.org` label. type: string singleHostGatewayConfigMapLabels: additionalProperties: type: string description: The labels that need to be present in the ConfigMaps representing the gateway configuration. type: object singleHostGatewayConfigSidecarImage: description: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the default container image provided by the Operator. type: string singleHostGatewayImage: description: The image used for the gateway in the single host mode. Omit it or leave it empty to use the default container image provided by the Operator. type: string tlsSupport: description: Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components. type: boolean useInternalClusterSVCNames: description: Deprecated in favor of `disableInternalClusterSVCNames`. type: boolean workspaceNamespaceDefault: description: Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. It's possible to use ``, `` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace. type: string workspacesDefaultPlugins: description: Default plug-ins applied to Devworkspaces. items: properties: editor: description: The editor id to specify default plug-ins for. type: string plugins: description: Default plug-in ids and uris for the specified editor. items: type: string type: array type: object type: array type: object storage: description: Configuration settings related to the persistent storage used by the Che installation. properties: postgresPVCStorageClassName: description: Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. When omitted or left blank, a default storage class is used. type: string preCreateSubPaths: description: Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster. type: boolean pvcClaimSize: description: Size of the persistent volume claim for workspaces. Defaults to `10Gi`. type: string pvcJobsImage: description: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. type: string pvcStrategy: description: Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. type: string workspacePVCStorageClassName: description: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used. type: string type: object type: object status: description: CheClusterStatus defines the observed state of Che installation properties: cheClusterRunning: description: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. type: string cheURL: description: Public URL to the Che server. type: string cheVersion: description: Current installed Che version. type: string dbProvisioned: description: Indicates that a PostgreSQL instance has been correctly provisioned or not. type: boolean devfileRegistryURL: description: Public URL to the devfile registry. type: string devworkspaceStatus: description: The status of the Devworkspace subsystem properties: gatewayHost: description: GatewayHost is the resolved host of the ingress/route. This is equal to the Host in the spec on Kubernetes but contains the actual host name of the route if Host is unspecified on OpenShift. type: string gatewayPhase: description: GatewayPhase specifies the phase in which the gateway deployment currently is. If the gateway is disabled, the phase is "Inactive". type: string message: description: Message contains further human-readable info for why the Che cluster is in the phase it currently is. type: string phase: description: Phase is the phase in which the Che cluster as a whole finds itself in. type: string reason: description: A brief CamelCase message indicating details about why the Che cluster is in this state. type: string workspaceBaseDomain: description: The resolved workspace base domain. This is either the copy of the explicitly defined property of the same name in the spec or, if it is undefined in the spec and we're running on OpenShift, the automatically resolved basedomain for routes. type: string type: object gitHubOAuthProvisioned: description: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been configured to integrate with the GitHub OAuth. type: boolean helpLink: description: A URL that points to some URL where to find help related to the current Operator status. type: string keycloakProvisioned: description: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been provisioned with realm, client and user. type: boolean keycloakURL: description: Public URL to the Identity Provider server, Keycloak or RH-SSO,. type: string message: description: A human readable message indicating details about why the Pod is in this condition. type: string openShiftOAuthUserCredentialsSecret: description: OpenShift OAuth secret in `openshift-config` namespace that contains user credentials for HTPasswd identity provider. type: string openShiftoAuthProvisioned: description: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been configured to integrate with the OpenShift OAuth. type: boolean pluginRegistryURL: description: Public URL to the plugin registry. type: string reason: description: A brief CamelCase message indicating details about why the Pod is in this state. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: []