# Copyright (c) 2012-2020 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ # # SPDX-License-Identifier: EPL-2.0 # # Contributors: # Red Hat, Inc. - initial API and implementation # IBM - Codewind specific settings # # Instructions: # For instructions on installing Codewind for Eclipse Che using # this codewind-checluster.yaml file, see # https://www.eclipse.org/codewind/che-installinfo.html apiVersion: org.eclipse.che/v1 kind: CheCluster metadata: name: codewind-che spec: server: # server image used in Che deployment cheImage: 'quay.io/eclipse/che-server' # tag of an image used in Che deployment cheImageTag: '7.16.1' # image:tag used in Devfile registry deployment devfileRegistryImage: 'quay.io/eclipse/che-devfile-registry:7.16.1' # image:tag used in plugin registry deployment pluginRegistryImage: 'quay.io/eclipse/che-plugin-registry:7.16.1' # defaults to `che`. When set to `codeready`, CodeReady Workspaces is deployed # the difference is in images, labels, exec commands cheFlavor: '' # specifies a custom cluster role to user for the Che workspaces # Uses the default roles if left blank. cheWorkspaceClusterRole: 'eclipse-codewind' # when set to true the operator will attempt to get a secret in OpenShift router namespace # to add it to Java trust store of Che server. Requires cluster-admin privileges for operator service account selfSignedCert: true # TLS mode for Che. Make sure you either have public cert, or set selfSignedCert to true tlsSupport: true # protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy # to Che server and workspaces containers proxyURL: '' # port of a proxy server proxyPort: '' # username for a proxy server proxyUser: '' # password for a proxy user proxyPassword: '' # a list of non-proxy hosts. Use | as delimiter, eg localhost|my.host.com|123.42.12.32 nonProxyHosts: '' # sets mem request for server deployment. Defaults to 512Mi serverMemoryRequest: '' # sets mem limit for server deployment. Defaults to 1Gi serverMemoryLimit: '' # additional custom Che properties customCheProperties: CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN: "15" CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT: "0" CHE_WORKSPACE_PLUGIN__BROKER_WAIT__TIMEOUT__MIN: "15" database: # when set to true, the operator skips deploying Postgres, and passes connection details of existing DB to Che server # otherwise a Postgres deployment is created externalDb: false # Postgres Database hostname that Che server uses to connect to. Defaults to postgres chePostgresHostName: '' # Postgres Database port that Che server uses to connect to. Defaults to 5432 chePostgresPort: '' # Postgres user that Che server when making a db connection. Defaults to pgche chePostgresUser: '' # password of a postgres user. Auto-generated when left blank chePostgresPassword: '' # Postgres database name that Che server uses to connect to. Defaults to dbche chePostgresDb: '' # Postgres deployment in format image:tag. Defaults to registry.redhat.io/rhscl/postgresql-96-rhel7 (see pkg/deploy/defaults.go for latest tag) postgresImage: '' storage: # persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume), # per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common pvcStrategy: 'per-workspace' # size of a persistent volume claim for workspaces. Defaults to 1Gi pvcClaimSize: '1Gi' # instruct Che server to launch a special pod to precreate a subpath in a PV preCreateSubPaths: true # image:tag for preCreateSubPaths jobs pvcJobsImage: '' # keep blank unless you need to use a non default storage class for Postgres PVC postgresPVCStorageClassName: '' # keep blank unless you need to use a non default storage class for workspace PVC(s) workspacePVCStorageClassName: '' auth: # instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details externalIdentityProvider: false # retrieved from respective route/ingress unless explicitly specified in CR (when ExternalKeycloak is true) identityProviderURL: '' # password for keycloak database user. Auto generated if left blank keycloakPostgresPassword: '' # desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false) identityProviderAdminUserName: '' # desired password of Keycloak admin user (applicable only when externalIdentityProvider is false) identityProviderPassword: 'admin' # name of a keycloak realm. This realm will be created, when externalIdentityProvider is true, otherwise passed to Che server identityProviderRealm: '' # id of a keycloak client. This client will be created, when externalIdentityProvider is false, otherwise passed to Che server identityProviderClientId: '' # instructs an Operator to enable OpenShift v3 identity provider in Keycloak, # as well as create respective oAuthClient and configure Che configMap accordingly openShiftoAuth: false # name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank oAuthClientName: '' # secret used in oAuthClient. Auto generated if left blank oAuthSecret: '' # image:tag used in Keycloak deployment identityProviderImage: 'quay.io/eclipse/che-keycloak:7.16.1' k8s: # your global ingress domain ingressDomain: '' # kubernetes.io/ingress.class, defaults to nginx ingressClass: '' # IngressStrategy is the way ingresses are created. # Can be multi-host (host is explicitly provided in ingress, -.), # single-host (host is provided, path based rules, /path) and default-host *(no host is provided, path based rules) ingressStrategy: '' # secret name used for tls termination tlsSecretName: '' # FSGroup the Che POD and Workspace pod containers should run in securityContextFsGroup: '' # User the Che POD and Workspace pod containers should run as securityContextRunAsUser: ''