From b553934a3cefdb3ad85b68285af1efc5c2e82070 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Mon, 15 Feb 2021 12:44:49 +0200 Subject: [PATCH] Generate checluster references tables (#1803) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Generate checluster references tables Signed-off-by: Anatolii Bazko Co-authored-by: Michal Maléř <48474054+MichalMaler@users.noreply.github.com> --- Jenkinsfile | 17 +- devfile.yaml | 8 +- .../examples/checluster-properties.adoc | 168 ++++++++++++++++++ ...ster-custom-resource-fields-reference.adoc | 135 +------------- tools/checluster_docs_gen.sh | 102 +++++++++++ 5 files changed, 291 insertions(+), 139 deletions(-) create mode 100644 modules/installation-guide/examples/checluster-properties.adoc create mode 100755 tools/checluster_docs_gen.sh diff --git a/Jenkinsfile b/Jenkinsfile index 953d7495cd..09430fb689 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,5 @@ pipeline { - + agent { kubernetes { label 'che-docs-pod' @@ -30,25 +30,25 @@ spec: """ } } - + environment { PROJECT_NAME = "che" PROJECT_BOT_NAME = "CHE Bot" CI = true } - - triggers { pollSCM('H/10 * * * *') - + + triggers { pollSCM('H/10 * * * *') + } - + options { buildDiscarder(logRotator(numToKeepStr: '5')) checkoutToSubdirectory('che-docs') timeout(time: 15, unit: 'MINUTES') } - + stages { - + stage('Checkout www repo (master)') { when { branch 'master' @@ -76,6 +76,7 @@ spec: container('che-docs') { dir('che-docs') { sh './tools/environment_docs_gen.sh' + sh './tools/checluster_docs_gen.sh' sh 'CI=true antora generate antora-playbook.yml --stacktrace' } } diff --git a/devfile.yaml b/devfile.yaml index c1c05f7644..d0b817e30b 100644 --- a/devfile.yaml +++ b/devfile.yaml @@ -29,12 +29,18 @@ components: type: chePlugin commands: - - name: Generate reference tables + - name: Generate reference tables for environment variables actions: - type: exec component: che-docs workdir: /projects/che-docs command: bash tools/environment_docs_gen.sh + - name: Generate reference tables for CheCluster + actions: + - type: exec + component: che-docs + workdir: /projects/che-docs + command: bash tools/checluster_docs_gen.sh - name: Start preview server actions: - type: exec diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc new file mode 100644 index 0000000000..a3c1a32944 --- /dev/null +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -0,0 +1,168 @@ +[id="checluster-custom-resource-server-settings_{context}"] +.`CheCluster` Custom Resource `server` settings, related to the {prod-short} server component. + +[cols="2,5", options="header"] +:=== + Property: Description +airGapContainerRegistryHostname: Optional host name, or URL, to an alternate container registry to pull images from. This value overrides the container registry host name defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in a restricted environment. +airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install {prod-short} in a restricted environment. +allowUserDefinedWorkspaceNamespaces: Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. +cheClusterRoles: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. +cheDebug: Enables the debug mode for Che server. Defaults to `false`. +cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for link\:https\://developers.redhat.com/products/codeready-workspaces/overview[CodeReady Workspaces] installation. Override the default value only on necessary occasions. +cheHost: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. +cheHostTLSSecret: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. See the `cheHost` field. +cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. +cheImagePullPolicy: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +cheImageTag: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the default image tag provided by the Operator. +cheLogLevel: Log level for the Che server\: `INFO` or `DEBUG`. Defaults to `INFO`. +cheServerIngress: The Che server ingress custom settings. +cheServerRoute: The Che server route custom settings. +cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used when omitted or left blank. +customCheProperties: Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, the value defined in the `customCheProperties` is used instead. +devfileRegistryCpuLimit: Overrides the CPU limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. +devfileRegistryCpuRequest: Overrides the CPU request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. +devfileRegistryImage: Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +devfileRegistryIngress: The devfile registry ingress custom settings. +devfileRegistryMemoryLimit: Overrides the memory limit used in the devfile registry deployment. Defaults to 256Mi. +devfileRegistryMemoryRequest: Overrides the memory request used in the devfile registry deployment. Defaults to 16Mi. +devfileRegistryPullPolicy: Overrides the image pull policy used in the devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +devfileRegistryRoute: The devfile registry route custom settings. +devfileRegistryUrl: Public URL of the devfile registry, that serves sample, ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalDevfileRegistry` field. By default, this will be automatically calculated by the Operator. +externalDevfileRegistry: Instructs the Operator on whether to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `devfileRegistryUrl` field +externalPluginRegistry: Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. +gitSelfSignedCert: When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. +nonProxyHosts: List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyURL` fields. +pluginRegistryCpuLimit: Overrides the CPU limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. +pluginRegistryCpuRequest: Overrides the CPU request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. +pluginRegistryImage: Overrides the container image used in the plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +pluginRegistryIngress: Plugin registry ingress custom settings. +pluginRegistryMemoryLimit: Overrides the memory limit used in the plugin registry deployment. Defaults to 256Mi. +pluginRegistryMemoryRequest: Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi. +pluginRegistryPullPolicy: Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +pluginRegistryRoute: Plugin registry route custom settings. +pluginRegistryUrl: Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. +proxyPassword: Password of the proxy server. Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. +proxyPort: Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. +proxySecret: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. +proxyURL: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyPort` and `nonProxyHosts` fields. +proxyUser: User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. +selfSignedCert: Deprecated. The value of this flag is ignored. The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server. +serverCpuLimit: Overrides the CPU limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. +serverCpuRequest: Overrides the CPU request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. +serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. +serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. +serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. +serverTrustStoreConfigMapName: Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. +singleHostGatewayConfigMapLabels: The labels that need to be present in the ConfigMaps representing the gateway configuration. +singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the default container image provided by the Operator. +singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the default container image provided by the Operator. +tlsSupport: Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components. +useInternalClusterSVCNames: Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `false`. +workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. It's possible to use ``, `` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace. +:=== + +[id="checluster-custom-resource-database-settings_{context}"] +.`CheCluster` Custom Resource `database` configuration settings related to the database used by {prod-short}. + +[cols="2,5", options="header"] +:=== + Property: Description +chePostgresContainerResources: PostgreSQL container custom settings +chePostgresDb: PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`. +chePostgresHostName: PostgreSQL Database host name that the Che server uses to connect to. Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. +chePostgresPassword: PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. +chePostgresPort: PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. +chePostgresSecret: The secret that contains PosgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. +chePostgresUser: PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`. +externalDb: Instructs the Operator on whether to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with\: `chePostgres`. +postgresImage: Overrides the container image used in the PosgreSQL database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +postgresImagePullPolicy: Overrides the image pull policy used in the PosgreSQL database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +:=== + +[id="checluster-custom-resource-auth-settings_{context}"] +.Custom Resource `auth` configuration settings related to authentication used by {prod-short}. + +[cols="2,5", options="header"] +:=== + Property: Description +externalIdentityProvider: Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with\: `identityProvider`. +identityProviderAdminUserName: Overrides the name of the Identity Provider administrator user. Defaults to `admin`. +identityProviderClientId: Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. +identityProviderContainerResources: Identity provider container custom settings. +identityProviderImage: Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +identityProviderIngress: Ingress custom settings. +identityProviderPassword: Overrides the password of Keycloak administrator user. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresPassword: Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresSecret: The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. +identityProviderRealm: Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field. +identityProviderRoute: Route custom settings. +identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. +identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. +oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field. +oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field. +openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. +updateAdminPassword: Forces the default `admin` Che user to update password on first login. Defaults to `false`. +:=== + +[id="checluster-custom-resource-storage-settings_{context}"] +.`CheCluster` Custom Resource `storage` configuration settings related to persistent storage used by {prod-short}. + +[cols="2,5", options="header"] +:=== + Property: Description +postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the PosgreSQL database. When omitted or left blank, a default storage class is used. +preCreateSubPaths: Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster. +pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi`. +pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. +pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. +workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used. +:=== + +[id="checluster-custom-resource-k8s-settings_{context}"] +.`CheCluster` Custom Resource `k8s` configuration settings specific to {prod-short} installations on {platforms-name}. + +[cols="2,5", options="header"] +:=== + Property: Description +ingressClass: Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB\: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. +ingressDomain: Global ingress domain for a Kubernetes cluster. This MUST be explicitly specified\: there are no defaults. +ingressStrategy: Strategy for ingress creation. Options are\: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. +securityContextFsGroup: The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. +securityContextRunAsUser: ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. +singleHostExposureType: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on link\:https\://doc.traefik.io/traefik/[Traefik]. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. +tlsSecretName: Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. +:=== + +[id="checluster-custom-resource-metrics-settings_{context}"] +.`CheCluster` Custom Resource `metrics` settings, related to the {prod-short} metrics collection used by {prod-short}. + +[cols="2,5", options="header"] +:=== + Property: Description +enable: Enables `metrics` the Che server endpoint. Default to `true`. +:=== + +[id="checluster-custom-resource-status-settings_{context}"] +.`CheCluster` Custom Resource `status` defines the observed state of {prod-short} installation + +[cols="2,5", options="header"] +:=== + Property: Description +cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. +cheURL: Public URL to the Che server. +cheVersion: Current installed Che version. +dbProvisioned: Indicates that a PosgreSQL instance has been correctly provisioned or not. +devfileRegistryURL: Public URL to the devfile registry. +gitHubOAuthProvisioned: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been configured to integrate with the GitHub OAuth. +helpLink: A URL that points to some URL where to find help related to the current Operator status. +keycloakProvisioned: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been provisioned with realm, client and user. +keycloakURL: Public URL to the Identity Provider server, Keycloak or RH-SSO,. +message: A human readable message indicating details about why the Pod is in this condition. +openShiftoAuthProvisioned: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been configured to integrate with the OpenShift OAuth. +pluginRegistryURL: Public URL to the plugin registry. +reason: A brief CamelCase message indicating details about why the Pod is in this state. +:=== + + diff --git a/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc b/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc index 1f37cce9d6..5260eb7197 100644 --- a/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc +++ b/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc @@ -8,12 +8,13 @@ This section describes all fields available to customize the `CheCluster` Custom Resource. * xref:a-minimal-checluster-custom-resource-example_{context}[] -* xref:checluster-custom-resource-auth-settings_{context}[] -* xref:checluster-custom-resource-database-settings_{context}[] * xref:checluster-custom-resource-server-settings_{context}[] +* xref:checluster-custom-resource-database-settings_{context}[] +* xref:checluster-custom-resource-auth-settings_{context}[] * xref:checluster-custom-resource-storage-settings_{context}[] * xref:checluster-custom-resource-k8s-settings_{context}[] -* xref:checluster-custom-resource-installation-settings_{context}[] +* xref:checluster-custom-resource-metrics-settings_{context}[] +* xref:checluster-custom-resource-status-settings_{context}[] [id="a-minimal-checluster-custom-resource-example_{context}"] .A minimal `CheCluster` Custom Resource example. @@ -24,130 +25,4 @@ include::example$checluster-custom-resource.yaml[] ---- ==== - - -[id="checluster-custom-resource-server-settings_{context}"] -.`CheCluster` Custom Resource `server` settings, related to the {prod-short} server component. -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`airGapContainerRegistryHostname`: omit: An optional host name or URL to an alternative container registry to pull images from. This value overrides the container registry host name defined in all default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. -`airGapContainerRegistryOrganization`: omit: Optional repository name of an alternative container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. -`cheDebug`: `false`: Enables the debug mode for {prod-short} server. -`cheFlavor`: `{prod-id-short}`: Flavor of the installation. -`cheHost`: The Operator automatically sets the value.: A public host name of the installed {prod-short} server. -`cheImagePullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in {prod-short} deployment. -`cheImageTag`: omit: Overrides the tag of the container image used in {prod-short} deployment. Omit it or leave it empty to use the default image tag provided by the Operator. -`cheImage`: omit: Overrides the container image used in {prod-short} deployment. This does not include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`cheLogLevel`: `INFO`: Log level for the {prod-short} server\: `INFO` or `DEBUG`. -`cheClusterRoles`: `che-namespace-editor`: Comma-separated list of ClusterRoles that will be assigned to che ServiceAccount. Che uses default `che-namespace-editor` ClusterRole to label workspace namespaces. Be aware that che-operator has to already have all permissions in these ClusterRoles to be able to grant them. -`cheWorkspaceClusterRole`: omit: Custom cluster role bound to the user for the {prod-short} workspaces. Omit or leave empty to use the default roles. -`customCheProperties`: omit: Map of additional environment variables that will be applied in the generated `{prod-id-short}` ConfigMap to be used by the {prod-short} server, in addition to the values already generated from other fields of the `CheCluster` Custom Resource (CR). If `customCheProperties` contains a property that would be normally generated in `{prod-id-short}` ConfigMap from other CR fields, then the value defined in the `customCheProperties` will be used instead. -`devfileRegistryImage`: omit: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`devfileRegistryMemoryLimit`: `256Mi`: Overrides the memory limit used in the Devfile registry deployment. -`devfileRegistryMemoryRequest`: `16Mi`: Overrides the memory request used in the Devfile registry deployment. -`devfileRegistryPullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the Devfile registry deployment. -`devfileRegistryUrl`: The Operator automatically sets the value.: Public URL of the Devfile registry that serves sample, ready-to-use devfiles. Set it if you use an external devfile registry (see the `externalDevfileRegistry` field). -`externalDevfileRegistry`: `false`: Instructs the Operator to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. If `externalDevfileRegistry` set to `true`, the Operator does not start a dedicated registry server automatically and you need to set the `devfileRegistryUrl` field manually. -`externalPluginRegistry`: `false`: Instructs the Operator to deploy a dedicated Plugin registry server. By default, a dedicated plug-in registry server is started. If `externalPluginRegistry` set to `true`, the Operator does not deploy a dedicated server automatically and you need to set the `pluginRegistryUrl` field manually. -`nonProxyHosts`: omit: List of hosts that will not use the configured proxy. Use `|`` as delimiter, for example `localhost|my.host.com|123.42.12.32` Only use when configuring a proxy is required (see also the `proxyURL` field). -`pluginRegistryImage`: omit: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`pluginRegistryMemoryLimit`: `256Mi`: Overrides the memory limit used in the Plugin registry deployment. -`pluginRegistryMemoryRequest`: `16Mi`: Overrides the memory request used in the Plugin registry deployment. -`pluginRegistryPullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the Plugin registry deployment. -`pluginRegistryUrl`: the Operator sets the value automatically: Public URL of the Plugin registry that serves sample ready-to-use devfiles. Set it only when using an external devfile registry (see the `externalPluginRegistry` field). -`proxyPassword`: omit: Password of the proxy server. Only use when proxy configuration is required. -`proxyPort`: omit: Port of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field). -`proxyURL`: omit: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the {prod-short} server and workspaces containers. Only use when configuring a proxy is required. -`proxyUser`: omit: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field). -`serverMemoryLimit`: `1Gi`: Overrides the memory limit used in the {prod-short} server deployment. -`serverMemoryRequest`: `512Mi`: Overrides the memory request used in the {prod-short} server deployment. -`tlsSupport`: `true`: Instructs the Operator to deploy {prod-short} in TLS mode. -:=== - -[id="checluster-custom-resource-database-settings_{context}"] -.`CheCluster` Custom Resource `database` configuration settings related to the database used by {prod-short} -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`chePostgresDb`: `dbche`: PostgreSQL database name that the {prod-short} server uses to connect to the database. -`chePostgresHostName`: the Operator sets the value automatically: PostgreSQL Database host name that the {prod-short} server uses to connect to. Defaults to `postgres`. Override this value only when using an external database. (See the field `externalDb`.) -`chePostgresPassword`: auto-generated value: PostgreSQL password that the {prod-short} server uses to connect to the database. -`chePostgresPort`: `5432`: PostgreSQL Database port that the {prod-short} server uses to connect to. Override this value only when using an external database (see field `externalDb`). -`chePostgresUser`: `pgche`: PostgreSQL user that the {prod-short} server uses to connect to the database. -`externalDb`: `false`: Instructs the Operator to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the {prod-short} installation. If set to `true`, the Operator does not deploy a dedicated database automatically, you need to provide connection details to an external database. See all the fields starting with\: `chePostgres`. -`postgresImagePullPolicy`: Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the PostgreSQL database deployment. -`postgresImage`: omit: Overrides the container image used in the PostgreSQL database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -:=== - -[id="checluster-custom-resource-auth-settings_{context}"] -.`CheCluster` Custom Resource `auth` configuration settings related to authentication used by {prod-short} installation -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`externalIdentityProvider`: `false`: By default, a dedicated Identity Provider server is deployed as part of the {prod-short} installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the Operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. -`identityProviderAdminUserName`:`admin`: Overrides the name of the Identity Provider admin user. -`identityProviderClientId`: omit: Name of an Identity provider ({identity-provider}) `client-id` that must be used for {prod-short}. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavor` field suffixed with `-public`. -`identityProviderImagePullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the Identity Provider ({identity-provider}) deployment. -`identityProviderImage`: omit: Overrides the container image used in the Identity Provider ({identity-provider}) deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`identityProviderPassword`: omit: Overrides the password of {identity-provider} admin user. Override it only when using an external Identity Provider (see the `externalIdentityProvider` field). Omit or leave empty to set an auto-generated password. -`identityProviderPostgresPassword`: the Operator sets the value automatically: Password for The Identity Provider ({identity-provider}) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). -`identityProviderRealm`: omit: Name of an Identity provider ({identity-provider}) realm. Override it only when using an external Identity Provider (see the `externalIdentityProvider` field). Omit or leave empty blank to set it to the value of the `flavor` field. -`identityProviderURL`: the Operator sets the value automatically: Instructs the Operator to deploy a dedicated Identity Provider ({identity-provider} instance). Public URL of the Identity Provider server ({identity-provider} server). Set it only when using an external Identity Provider (see the `externalIdentityProvider` field). -`oAuthClientName`: the Operator sets the value automatically: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. See also the `OpenShiftoAuth` field. -`oAuthSecret`: the Operator sets the value automatically: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. See also the `OAuthClientName` field. -`openShiftoAuth`: `true` on OpenShift: Enables the integration of the identity provider ({identity-provider} / RHSSO) with OpenShift OAuth. This allows users to log in with their OpenShift login and have their workspaces created under personal OpenShift {orch-namespace}s. The `kubeadmin` user is not supported, and logging through does not allow access to the {prod-short} Dashboard. -`updateAdminPassword`: `false`: Forces the default `admin` {prod-short} user to update password on first login. -:=== - -[id="checluster-custom-resource-storage-settings_{context}"] -.`CheCluster` Custom Resource `storage` configuration settings related to persistent storage used by {prod-short} -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`postgresPVCStorageClassName`: omit: Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. Omitted or leave empty to use a default storage class. -`preCreateSubPaths`: `false`: Instructs the {prod-short} server to launch a special Pod to pre-create a subpath in the Persistent Volumes. Enable it according to the configuration of your K8S cluster. -`pvcClaimSize`: `1Gi`: Size of the persistent volume claim for workspaces. -`pvcJobsImage`: omit: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. -`pvcStrategy`: `common`: Available options\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). -`workspacePVCStorageClassName`: omit: Storage class for the Persistent Volume Claims dedicated to the {prod-short} workspaces. Omit or leave empty to use a default storage class. -:=== - - -[id="checluster-custom-resource-k8s-settings_{context}"] -.`CheCluster` Custom Resource `k8s` configuration settings specific to {prod-short} installations on {platforms-name} -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`ingressClass`: `nginx`: Ingress class that defines which controller manages ingresses. -`ingressDomain`: omit: Global ingress domain for a K8S cluster. This field must be explicitly specified. This drives the `is kubernetes.io/ingress.class` annotation on {prod-short}-related ingresses. -`ingressStrategy`: `multi-host`: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). -`securityContextFsGroup,omitempty`: `1724`: FSGroup the {prod-short} Pod and Workspace Pods containers run in. -`securityContextRunAsUser`: `1724`: ID of the user the {prod-short} Pod and Workspace Pods containers run as. -`tlsSecretName`: che-tls: Name of a secret that is used to set ingress TLS termination if TLS is enabled. If the specified secret does not exist, a self-signed certificate will be created. If the value is empty or omitted, the default ingress controller certificate will be used. See also the `tlsSupport` field. Note, when switching to the default ingress controller certificate, `self-signed-certificate` secret should be deleted manually. -:=== - -[id="checluster-custom-resource-installation-settings_{context}"] -.`CheCluster` Custom Resource `status` defines the observed state of {prod-short} installation -[cols="1,3", options="header"] -:=== -Property: Description - -`cheClusterRunning`: Status of a {prod-short} installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. -`cheURL`: Public URL to the {prod-short} server. -`cheVersion`: Currently installed {prod-short} version. -`dbProvisioned`: Indicates whether a PostgreSQL instance has been correctly provisioned. -`devfileRegistryURL`: Public URL to the Devfile registry. -`helpLink`: A URL to where to find help related to the current Operator status. -`keycloakProvisioned`: Indicates whether an Identity Provider instance ({identity-provider} / RH SSO) has been provisioned with realm, client and user. -`keycloakURL`: Public URL to the Identity Provider server ({identity-provider} / RH SSO). -`message`: A human-readable message with details about why the Pod is in this state. -`openShiftoAuthProvisioned`: Indicates whether an Identity Provider instance ({identity-provider} / RH SSO) has been configured to integrate with the OpenShift OAuth. -`pluginRegistryURL`: Public URL to the Plugin registry. -`reason`: A brief CamelCase message with details about why the Pod is in this state. -:=== +include::example$checluster-properties.adoc[leveloffset=+1] diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh new file mode 100755 index 0000000000..b976bf2b1f --- /dev/null +++ b/tools/checluster_docs_gen.sh @@ -0,0 +1,102 @@ +#!/bin/bash +# +# Copyright (c) 2021 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +set -o pipefail +set -e + +CURRENT_VERSION="" +PRODUCT="" +RAW_CONTENT="" +NEWLINE=$'\n' +NEWLINEx2="$NEWLINE$NEWLINE" +TABLE_HEADER="$NEWLINE[cols=\"2,5\", options=\"header\"]$NEWLINE:=== $NEWLINE Property: Description $NEWLINE" +TABLE_FOOTER=":=== $NEWLINEx2" +PARENT_PATH=$(cd "$(dirname "${BASH_SOURCE[0]}")/.."; pwd -P) +BUFF="" +OUTPUT_PATH="$PARENT_PATH/modules/installation-guide/examples/checluster-properties.adoc" + +fetch_current_version() { + echo "Trying to read current product version from $PARENT_PATH/antora-playbook.yml..." >&2 + CURRENT_VERSION=$(yq -M '.asciidoc.attributes."prod-ver"' "$PARENT_PATH/antora-playbook.yml").x + if [[ "$CURRENT_VERSION" == *-SNAPSHOT ]]; then + CURRENT_VERSION="master" + fi + echo "Detected version: $CURRENT_VERSION" >&2 +} + +fetch_product_name() { + echo "Trying to read product name from $PARENT_PATH/antora-playbook.yml..." >&2 + PRODUCT=$(yq -M '.asciidoc.attributes."prod-id-short"' "$PARENT_PATH/antora-playbook.yml") + echo "Detected product: $PRODUCT" >&2 +} + +fetch_conf_files_content() { + echo "Fetching property files content from GitHub..." >&2 + + if [[ $PRODUCT == "\"che\"" ]]; then + CHECLUSTER_PROPERTIES_URL="https://raw.githubusercontent.com/eclipse/che-operator/$CURRENT_VERSION/deploy/crds/org_v1_che_crd.yaml" + else + CHECLUSTER_PROPERTIES_URL="https://raw.githubusercontent.com/redhat-developer/codeready-workspaces-operator/crw-$CURRENT_VERSION-rhel-8/deploy/crds/org_v1_che_crd.yaml" + fi + + RAW_CONTENT=$(curl -sf "$CHECLUSTER_PROPERTIES_URL") + echo "Fetching content done. Trying to parse it." >&2 +} + +parse_content() { + parse_section "server" "\`CheCluster\` Custom Resource \`server\` settings, related to the {prod-short} server component." + parse_section "database" "\`CheCluster\` Custom Resource \`database\` configuration settings related to the database used by {prod-short}." + parse_section "auth" "Custom Resource \`auth\` configuration settings related to authentication used by {prod-short}." + parse_section "storage" "\`CheCluster\` Custom Resource \`storage\` configuration settings related to persistent storage used by {prod-short}." + if [[ $PRODUCT == "\"che\"" ]]; then + parse_section "k8s" "\`CheCluster\` Custom Resource \`k8s\` configuration settings specific to {prod-short} installations on {platforms-name}." + fi + parse_section "metrics" "\`CheCluster\` Custom Resource \`metrics\` settings, related to the {prod-short} metrics collection used by {prod-short}." + parse_section "status" "\`CheCluster\` Custom Resource \`status\` defines the observed state of {prod-short} installation" + + echo "$BUFF" > "$OUTPUT_PATH" + echo "Processing done. Output file is $OUTPUT_PATH" >&2 +} + + +parse_section() { + local section + local sectionName=$1 + local id="[id=\"checluster-custom-resource-$sectionName-settings_{context}\"]" + local caption=$2 + + if [[ $sectionName == "status" ]]; then + section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.status') + else + section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.spec.properties.'"$sectionName") + fi + + local properties=( + $(echo "$section" | yq -M '.properties | keys[]' ) + ) + + BUFF="$BUFF$id$NEWLINE" + BUFF="$BUFF.$caption$NEWLINE" + BUFF="$BUFF$TABLE_HEADER" + for PROP in "${properties[@]}" + do + PROP="${PROP//\"}" + DESCR_BUFF=$(echo "$section" | yq -M '.properties.'"$PROP"'.description') + DESCR_BUFF="${DESCR_BUFF//\"}" + DESCR_BUFF="${DESCR_BUFF//:/\\:}" + DESCR_BUFF="$(sed 's|Eclipse Che|{prod-short}|g' <<< $DESCR_BUFF)" + BUFF="$BUFF${PROP}: ${DESCR_BUFF}$NEWLINE" + done + BUFF="$BUFF$TABLE_FOOTER" +} + +fetch_current_version +fetch_product_name +fetch_conf_files_content +parse_content