# # Copyright (c) 2012-2020 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ # # SPDX-License-Identifier: EPL-2.0 # # Contributors: # Red Hat, Inc. - initial API and implementation apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: checlusters.org.eclipse.che spec: group: org.eclipse.che names: kind: CheCluster listKind: CheClusterList plural: checlusters singular: checluster scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: Desired configuration of the Che installation. Based on these settings, the operator automatically creates and maintains several config maps that will contain the appropriate environment variables the various components of the Che installation. These generated config maps should NOT be updated manually. properties: auth: description: Configuration settings related to the Authentication used by the Che installation. properties: externalIdentityProvider: description: 'Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with: `identityProvider`.' type: boolean identityProviderAdminUserName: description: Overrides the name of the Identity Provider admin user. Defaults to `admin`. type: string identityProviderClientId: description: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. type: string identityProviderImage: description: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. type: string identityProviderImagePullPolicy: description: Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. type: string identityProviderPassword: description: Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. type: string identityProviderPostgresPassword: description: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. type: string identityProviderPostgresSecret: description: 'The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. If the secret is defined then `identityProviderPostgresPassword` will be ignored. If the value is omitted or left blank then there are two scenarios: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`.' type: string identityProviderRealm: description: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. type: string identityProviderSecret: description: 'The secret that contains `user` and `password` for Identity Provider. If the secret is defined then `identityProviderAdminUserName` and `identityProviderPassword` are ignored. If the value is omitted or left blank then there are two scenarios: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`.' type: string identityProviderURL: description: Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator. type: string oAuthClientName: description: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. type: string oAuthSecret: description: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. type: string openShiftoAuth: description: 'Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard.' type: boolean updateAdminPassword: description: Forces the default `admin` Che user to update password on first login. Defaults to `false`. type: boolean type: object database: description: Configuration settings related to the database used by the Che installation. properties: chePostgresDb: description: Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. type: string chePostgresHostName: description: Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. type: string chePostgresPassword: description: Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. type: string chePostgresPort: description: Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. type: string chePostgresSecret: description: 'The secret that contains Postgres `user` and `password` that the Che server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`.' type: string chePostgresUser: description: Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`. type: string externalDb: description: 'Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with: `chePostgres`.' type: boolean postgresImage: description: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. type: string postgresImagePullPolicy: description: Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. type: string type: object k8s: description: Configuration settings specific to Che installations made on upstream Kubernetes. properties: ingressClass: description: 'Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses.' type: string ingressDomain: description: 'Global ingress domain for a K8S cluster. This MUST be explicitly specified: there are no defaults.' type: string ingressStrategy: description: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `"multi-host` type: string securityContextFsGroup: description: FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`. type: string securityContextRunAsUser: description: ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`. type: string tlsSecretName: description: Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. See also the `tlsSupport` field. type: string type: object metrics: description: Configuration settings related to the metrics collection used by the Che installation. properties: enable: description: Enables `metrics` Che server endpoint. Default to `false`. type: boolean type: object server: description: General configuration settings related to the Che server and the plugin and devfile registries properties: airGapContainerRegistryHostname: description: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. type: string airGapContainerRegistryOrganization: description: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. type: string allowUserDefinedWorkspaceNamespaces: description: Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default. It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra. type: boolean cheDebug: description: Enables the debug mode for Che server. Defaults to `false`. type: string cheFlavor: description: Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overriden. type: string cheHost: description: Public hostname of the installed Che server. This will be automatically set by the operator. In most cases the default value set by the operator should not be overriden. type: string cheImage: description: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. type: string cheImagePullPolicy: description: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. type: string cheImageTag: description: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. type: string cheLogLevel: description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults to `INFO`.' type: string cheWorkspaceClusterRole: description: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. type: string customCheProperties: additionalProperties: type: string description: Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. type: object devfileRegistryImage: description: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. type: string devfileRegistryMemoryLimit: description: Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi. type: string devfileRegistryMemoryRequest: description: Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi. type: string devfileRegistryPullPolicy: description: Overrides the image pull policy used in the Devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. type: string devfileRegistryUrl: description: Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator. type: string externalDevfileRegistry: description: Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field type: boolean externalPluginRegistry: description: Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field. type: boolean gitSelfSignedCert: description: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the Che components and provide particular configuration for Git. type: boolean nonProxyHosts: description: List of hosts that should not use the configured proxy. Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32` Only use when configuring a proxy is required (see also the `proxyURL` field). type: string pluginRegistryImage: description: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. type: string pluginRegistryMemoryLimit: description: Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi. type: string pluginRegistryMemoryRequest: description: Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi. type: string pluginRegistryPullPolicy: description: Overrides the image pull policy used in the Plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. type: string pluginRegistryUrl: description: Public URL of the Plugin registry, that serves sample ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field). By default this will be automatically calculated by the operator. type: string proxyPassword: description: Password of the proxy server Only use when proxy configuration is required (see also the `proxyUser` and `proxySecret` fields). type: string proxyPort: description: Port of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field). type: string proxySecret: description: The secret that contains `user` and `password` for a proxy server. If the secret is defined then `proxyUser` and `proxyPassword` are ignored type: string proxyURL: description: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. type: string proxyUser: description: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` `proxySecret` fields). type: string selfSignedCert: description: Deprecated. The value of this flag is ignored. Che operator will automatically detect if router certificate is self-signed. If so it will be propagated to Che server and some other components. type: boolean serverMemoryLimit: description: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. type: string serverMemoryRequest: description: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. type: string serverTrustStoreConfigMapName: description: Name of the config-map with public certificates to add to Java trust store of the Che server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, Che server must be aware of its CA cert to be able to request it. This is disabled by default. type: string tlsSupport: description: Deprecated. Instructs the operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some Che components. type: boolean workspaceNamespaceDefault: description: 'Defines Kubernetes default namespace in which user''s workspaces are created if user does not override it. It''s possible to use , and placeholders (e.g.: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infra as well to specify Project' type: string type: object storage: description: Configuration settings related to the persistent storage used by the Che installation. properties: postgresPVCStorageClassName: description: Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used. type: string preCreateSubPaths: description: Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. type: boolean pvcClaimSize: description: Size of the persistent volume claim for workspaces. Defaults to `1Gi` type: string pvcJobsImage: description: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field. type: string pvcStrategy: description: Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. type: string workspacePVCStorageClassName: description: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used. type: string type: object type: object status: description: CheClusterStatus defines the observed state of Che installation properties: cheClusterRunning: description: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` type: string cheURL: description: Public URL to the Che server type: string cheVersion: description: Current installed Che version type: string dbProvisioned: description: Indicates if or not a Postgres instance has been correctly provisioned type: boolean devfileRegistryURL: description: Public URL to the Devfile registry type: string helpLink: description: A URL that can point to some URL where to find help related to the current Operator status. type: string keycloakProvisioned: description: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user type: boolean keycloakURL: description: Public URL to the Identity Provider server (Keycloak / RH SSO). type: string message: description: A human readable message indicating details about why the pod is in this condition. type: string openShiftoAuthProvisioned: description: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth. type: boolean pluginRegistryURL: description: Public URL to the Plugin registry type: string reason: description: A brief CamelCase message indicating details about why the pod is in this state. type: string type: object version: v1 versions: - name: v1 served: true storage: true