From c77a713b80b4d0f3386f5960146a059d1e6fd9d9 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 21 Jan 2021 14:27:58 +0200 Subject: [PATCH 01/11] Generate checluster references tables Signed-off-by: Anatolii Bazko --- Jenkinsfile | 17 +-- devfile.yaml | 8 +- ...ster-custom-resource-fields-reference.adoc | 135 +----------------- 3 files changed, 21 insertions(+), 139 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 953d7495cd..09430fb689 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,5 +1,5 @@ pipeline { - + agent { kubernetes { label 'che-docs-pod' @@ -30,25 +30,25 @@ spec: """ } } - + environment { PROJECT_NAME = "che" PROJECT_BOT_NAME = "CHE Bot" CI = true } - - triggers { pollSCM('H/10 * * * *') - + + triggers { pollSCM('H/10 * * * *') + } - + options { buildDiscarder(logRotator(numToKeepStr: '5')) checkoutToSubdirectory('che-docs') timeout(time: 15, unit: 'MINUTES') } - + stages { - + stage('Checkout www repo (master)') { when { branch 'master' @@ -76,6 +76,7 @@ spec: container('che-docs') { dir('che-docs') { sh './tools/environment_docs_gen.sh' + sh './tools/checluster_docs_gen.sh' sh 'CI=true antora generate antora-playbook.yml --stacktrace' } } diff --git a/devfile.yaml b/devfile.yaml index 8a64089b95..b8f22964cc 100644 --- a/devfile.yaml +++ b/devfile.yaml @@ -31,12 +31,18 @@ components: type: chePlugin commands: - - name: Generate reference tables + - name: Generate reference tables for environment variables actions: - type: exec component: che-docs workdir: /projects/che-docs command: bash tools/environment_docs_gen.sh + - name: Generate reference tables for CheCluster + actions: + - type: exec + component: che-docs + workdir: /projects/che-docs + command: bash tools/checluster_docs_gen.sh - name: Start preview server actions: - type: exec diff --git a/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc b/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc index 1f37cce9d6..5260eb7197 100644 --- a/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc +++ b/modules/installation-guide/partials/ref_checluster-custom-resource-fields-reference.adoc @@ -8,12 +8,13 @@ This section describes all fields available to customize the `CheCluster` Custom Resource. * xref:a-minimal-checluster-custom-resource-example_{context}[] -* xref:checluster-custom-resource-auth-settings_{context}[] -* xref:checluster-custom-resource-database-settings_{context}[] * xref:checluster-custom-resource-server-settings_{context}[] +* xref:checluster-custom-resource-database-settings_{context}[] +* xref:checluster-custom-resource-auth-settings_{context}[] * xref:checluster-custom-resource-storage-settings_{context}[] * xref:checluster-custom-resource-k8s-settings_{context}[] -* xref:checluster-custom-resource-installation-settings_{context}[] +* xref:checluster-custom-resource-metrics-settings_{context}[] +* xref:checluster-custom-resource-status-settings_{context}[] [id="a-minimal-checluster-custom-resource-example_{context}"] .A minimal `CheCluster` Custom Resource example. @@ -24,130 +25,4 @@ include::example$checluster-custom-resource.yaml[] ---- ==== - - -[id="checluster-custom-resource-server-settings_{context}"] -.`CheCluster` Custom Resource `server` settings, related to the {prod-short} server component. -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`airGapContainerRegistryHostname`: omit: An optional host name or URL to an alternative container registry to pull images from. This value overrides the container registry host name defined in all default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. -`airGapContainerRegistryOrganization`: omit: Optional repository name of an alternative container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. -`cheDebug`: `false`: Enables the debug mode for {prod-short} server. -`cheFlavor`: `{prod-id-short}`: Flavor of the installation. -`cheHost`: The Operator automatically sets the value.: A public host name of the installed {prod-short} server. -`cheImagePullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in {prod-short} deployment. -`cheImageTag`: omit: Overrides the tag of the container image used in {prod-short} deployment. Omit it or leave it empty to use the default image tag provided by the Operator. -`cheImage`: omit: Overrides the container image used in {prod-short} deployment. This does not include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`cheLogLevel`: `INFO`: Log level for the {prod-short} server\: `INFO` or `DEBUG`. -`cheClusterRoles`: `che-namespace-editor`: Comma-separated list of ClusterRoles that will be assigned to che ServiceAccount. Che uses default `che-namespace-editor` ClusterRole to label workspace namespaces. Be aware that che-operator has to already have all permissions in these ClusterRoles to be able to grant them. -`cheWorkspaceClusterRole`: omit: Custom cluster role bound to the user for the {prod-short} workspaces. Omit or leave empty to use the default roles. -`customCheProperties`: omit: Map of additional environment variables that will be applied in the generated `{prod-id-short}` ConfigMap to be used by the {prod-short} server, in addition to the values already generated from other fields of the `CheCluster` Custom Resource (CR). If `customCheProperties` contains a property that would be normally generated in `{prod-id-short}` ConfigMap from other CR fields, then the value defined in the `customCheProperties` will be used instead. -`devfileRegistryImage`: omit: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`devfileRegistryMemoryLimit`: `256Mi`: Overrides the memory limit used in the Devfile registry deployment. -`devfileRegistryMemoryRequest`: `16Mi`: Overrides the memory request used in the Devfile registry deployment. -`devfileRegistryPullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the Devfile registry deployment. -`devfileRegistryUrl`: The Operator automatically sets the value.: Public URL of the Devfile registry that serves sample, ready-to-use devfiles. Set it if you use an external devfile registry (see the `externalDevfileRegistry` field). -`externalDevfileRegistry`: `false`: Instructs the Operator to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. If `externalDevfileRegistry` set to `true`, the Operator does not start a dedicated registry server automatically and you need to set the `devfileRegistryUrl` field manually. -`externalPluginRegistry`: `false`: Instructs the Operator to deploy a dedicated Plugin registry server. By default, a dedicated plug-in registry server is started. If `externalPluginRegistry` set to `true`, the Operator does not deploy a dedicated server automatically and you need to set the `pluginRegistryUrl` field manually. -`nonProxyHosts`: omit: List of hosts that will not use the configured proxy. Use `|`` as delimiter, for example `localhost|my.host.com|123.42.12.32` Only use when configuring a proxy is required (see also the `proxyURL` field). -`pluginRegistryImage`: omit: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`pluginRegistryMemoryLimit`: `256Mi`: Overrides the memory limit used in the Plugin registry deployment. -`pluginRegistryMemoryRequest`: `16Mi`: Overrides the memory request used in the Plugin registry deployment. -`pluginRegistryPullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the Plugin registry deployment. -`pluginRegistryUrl`: the Operator sets the value automatically: Public URL of the Plugin registry that serves sample ready-to-use devfiles. Set it only when using an external devfile registry (see the `externalPluginRegistry` field). -`proxyPassword`: omit: Password of the proxy server. Only use when proxy configuration is required. -`proxyPort`: omit: Port of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field). -`proxyURL`: omit: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the {prod-short} server and workspaces containers. Only use when configuring a proxy is required. -`proxyUser`: omit: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL` field). -`serverMemoryLimit`: `1Gi`: Overrides the memory limit used in the {prod-short} server deployment. -`serverMemoryRequest`: `512Mi`: Overrides the memory request used in the {prod-short} server deployment. -`tlsSupport`: `true`: Instructs the Operator to deploy {prod-short} in TLS mode. -:=== - -[id="checluster-custom-resource-database-settings_{context}"] -.`CheCluster` Custom Resource `database` configuration settings related to the database used by {prod-short} -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`chePostgresDb`: `dbche`: PostgreSQL database name that the {prod-short} server uses to connect to the database. -`chePostgresHostName`: the Operator sets the value automatically: PostgreSQL Database host name that the {prod-short} server uses to connect to. Defaults to `postgres`. Override this value only when using an external database. (See the field `externalDb`.) -`chePostgresPassword`: auto-generated value: PostgreSQL password that the {prod-short} server uses to connect to the database. -`chePostgresPort`: `5432`: PostgreSQL Database port that the {prod-short} server uses to connect to. Override this value only when using an external database (see field `externalDb`). -`chePostgresUser`: `pgche`: PostgreSQL user that the {prod-short} server uses to connect to the database. -`externalDb`: `false`: Instructs the Operator to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the {prod-short} installation. If set to `true`, the Operator does not deploy a dedicated database automatically, you need to provide connection details to an external database. See all the fields starting with\: `chePostgres`. -`postgresImagePullPolicy`: Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the PostgreSQL database deployment. -`postgresImage`: omit: Overrides the container image used in the PostgreSQL database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -:=== - -[id="checluster-custom-resource-auth-settings_{context}"] -.`CheCluster` Custom Resource `auth` configuration settings related to authentication used by {prod-short} installation -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`externalIdentityProvider`: `false`: By default, a dedicated Identity Provider server is deployed as part of the {prod-short} installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the Operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. -`identityProviderAdminUserName`:`admin`: Overrides the name of the Identity Provider admin user. -`identityProviderClientId`: omit: Name of an Identity provider ({identity-provider}) `client-id` that must be used for {prod-short}. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavor` field suffixed with `-public`. -`identityProviderImagePullPolicy`: `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases: Overrides the image pull policy used in the Identity Provider ({identity-provider}) deployment. -`identityProviderImage`: omit: Overrides the container image used in the Identity Provider ({identity-provider}) deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -`identityProviderPassword`: omit: Overrides the password of {identity-provider} admin user. Override it only when using an external Identity Provider (see the `externalIdentityProvider` field). Omit or leave empty to set an auto-generated password. -`identityProviderPostgresPassword`: the Operator sets the value automatically: Password for The Identity Provider ({identity-provider}) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). -`identityProviderRealm`: omit: Name of an Identity provider ({identity-provider}) realm. Override it only when using an external Identity Provider (see the `externalIdentityProvider` field). Omit or leave empty blank to set it to the value of the `flavor` field. -`identityProviderURL`: the Operator sets the value automatically: Instructs the Operator to deploy a dedicated Identity Provider ({identity-provider} instance). Public URL of the Identity Provider server ({identity-provider} server). Set it only when using an external Identity Provider (see the `externalIdentityProvider` field). -`oAuthClientName`: the Operator sets the value automatically: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. See also the `OpenShiftoAuth` field. -`oAuthSecret`: the Operator sets the value automatically: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. See also the `OAuthClientName` field. -`openShiftoAuth`: `true` on OpenShift: Enables the integration of the identity provider ({identity-provider} / RHSSO) with OpenShift OAuth. This allows users to log in with their OpenShift login and have their workspaces created under personal OpenShift {orch-namespace}s. The `kubeadmin` user is not supported, and logging through does not allow access to the {prod-short} Dashboard. -`updateAdminPassword`: `false`: Forces the default `admin` {prod-short} user to update password on first login. -:=== - -[id="checluster-custom-resource-storage-settings_{context}"] -.`CheCluster` Custom Resource `storage` configuration settings related to persistent storage used by {prod-short} -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`postgresPVCStorageClassName`: omit: Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. Omitted or leave empty to use a default storage class. -`preCreateSubPaths`: `false`: Instructs the {prod-short} server to launch a special Pod to pre-create a subpath in the Persistent Volumes. Enable it according to the configuration of your K8S cluster. -`pvcClaimSize`: `1Gi`: Size of the persistent volume claim for workspaces. -`pvcJobsImage`: omit: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. -`pvcStrategy`: `common`: Available options\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). -`workspacePVCStorageClassName`: omit: Storage class for the Persistent Volume Claims dedicated to the {prod-short} workspaces. Omit or leave empty to use a default storage class. -:=== - - -[id="checluster-custom-resource-k8s-settings_{context}"] -.`CheCluster` Custom Resource `k8s` configuration settings specific to {prod-short} installations on {platforms-name} -[cols="1,1,3", options="header"] -:=== -Property: Default value: Description - -`ingressClass`: `nginx`: Ingress class that defines which controller manages ingresses. -`ingressDomain`: omit: Global ingress domain for a K8S cluster. This field must be explicitly specified. This drives the `is kubernetes.io/ingress.class` annotation on {prod-short}-related ingresses. -`ingressStrategy`: `multi-host`: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). -`securityContextFsGroup,omitempty`: `1724`: FSGroup the {prod-short} Pod and Workspace Pods containers run in. -`securityContextRunAsUser`: `1724`: ID of the user the {prod-short} Pod and Workspace Pods containers run as. -`tlsSecretName`: che-tls: Name of a secret that is used to set ingress TLS termination if TLS is enabled. If the specified secret does not exist, a self-signed certificate will be created. If the value is empty or omitted, the default ingress controller certificate will be used. See also the `tlsSupport` field. Note, when switching to the default ingress controller certificate, `self-signed-certificate` secret should be deleted manually. -:=== - -[id="checluster-custom-resource-installation-settings_{context}"] -.`CheCluster` Custom Resource `status` defines the observed state of {prod-short} installation -[cols="1,3", options="header"] -:=== -Property: Description - -`cheClusterRunning`: Status of a {prod-short} installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. -`cheURL`: Public URL to the {prod-short} server. -`cheVersion`: Currently installed {prod-short} version. -`dbProvisioned`: Indicates whether a PostgreSQL instance has been correctly provisioned. -`devfileRegistryURL`: Public URL to the Devfile registry. -`helpLink`: A URL to where to find help related to the current Operator status. -`keycloakProvisioned`: Indicates whether an Identity Provider instance ({identity-provider} / RH SSO) has been provisioned with realm, client and user. -`keycloakURL`: Public URL to the Identity Provider server ({identity-provider} / RH SSO). -`message`: A human-readable message with details about why the Pod is in this state. -`openShiftoAuthProvisioned`: Indicates whether an Identity Provider instance ({identity-provider} / RH SSO) has been configured to integrate with the OpenShift OAuth. -`pluginRegistryURL`: Public URL to the Plugin registry. -`reason`: A brief CamelCase message with details about why the Pod is in this state. -:=== +include::example$checluster-properties.adoc[leveloffset=+1] From 310f3301adbe97a729808928ad742e9f90148d14 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 21 Jan 2021 14:29:04 +0200 Subject: [PATCH 02/11] Add missing files Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 159 ++++++++++++++++++ tools/checluster_docs_gen.sh | 114 +++++++++++++ 2 files changed, 273 insertions(+) create mode 100644 modules/installation-guide/examples/checluster-properties.adoc create mode 100755 tools/checluster_docs_gen.sh diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc new file mode 100644 index 0000000000..9221ce63be --- /dev/null +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -0,0 +1,159 @@ +[id="checluster-custom-resource-server-settings_{context}"] +.`CheCluster` Custom Resource `server` settings, related to the {prod-short} server component. + +[cols="2,5", options=header] +:=== + Property: Description +airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. +airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. +allowUserDefinedWorkspaceNamespaces: Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default. It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra. +cheClusterRoles: Comma-separated list of ClusterRoles that will be assigned to che ServiceAccount. Be aware that che-operator has to already have all permissions in these ClusterRoles to be able to grant them. +cheDebug: Enables the debug mode for Che server. Defaults to `false`. +cheFlavor: Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden. +cheHost: Public hostname of the installed Che server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field). +cheHostTLSSecret: Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed Che server. (see the `cheHost` field). +cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +cheImagePullPolicy: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +cheImageTag: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. +cheLogLevel: Log level for the Che server\: `INFO` or `DEBUG`. Defaults to `INFO`. +cheServerIngress: Che server ingress custom settings +cheServerRoute: Che server route custom settings +cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. +customCheProperties: Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. +devfileRegistryImage: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +devfileRegistryIngress: Devfile registry ingress custom settings +devfileRegistryMemoryLimit: Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi. +devfileRegistryMemoryRequest: Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi. +devfileRegistryPullPolicy: Overrides the image pull policy used in the Devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +devfileRegistryRoute: Devfile registry route custom settings +devfileRegistryUrl: Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator. +externalDevfileRegistry: Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field +externalPluginRegistry: Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field. +gitSelfSignedCert: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the Che components and provide particular configuration for Git. +nonProxyHosts: List of hosts that should not use the configured proxy. So specify wild card domain use the following form `.` and `|` as delimiter, eg\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyURL` fields). +pluginRegistryImage: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the operator. +pluginRegistryIngress: Plugin registry ingress custom settings +pluginRegistryMemoryLimit: Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi. +pluginRegistryMemoryRequest: Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi. +pluginRegistryPullPolicy: Overrides the image pull policy used in the Plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +pluginRegistryRoute: Plugin registry route custom settings +pluginRegistryUrl: Public URL of the Plugin registry, that serves sample ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field). By default this will be automatically calculated by the operator. +proxyPassword: Password of the proxy server Only use when proxy configuration is required (see also the `proxyURL`, `proxyUser` and `proxySecret` fields). +proxyPort: Port of the proxy server. Only use when configuring a proxy is required. (see also the `proxyURL` and `nonProxyHosts` fields). +proxySecret: The secret that contains `user` and `password` for a proxy server. If the secret is defined then `proxyUser` and `proxyPassword` are ignored +proxyURL: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). +proxyUser: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL`, `proxyPassword` and `proxySecret` fields). +selfSignedCert: Deprecated. The value of this flag is ignored. Che operator will automatically detect if router certificate is self-signed. If so it will be propagated to Che server and some other components. +serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are \multi-host\, \single-host\, \default-host\. Defaults to \multi-host\ which creates a separate ingress (or route on OpenShift) for every required endpoint. \single-host\ makes Che exposed on a single hostname with workspaces exposed on subpaths. Please read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the operator and Che server make that happen on Kubernetes. \default-host\ exposes che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. +serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. +serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. +serverTrustStoreConfigMapName: Name of the config-map with public certificates to add to Java trust store of the Che server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, Che server must be aware of its CA cert to be able to request it. This is disabled by default. +singleHostGatewayConfigMapLabels: The labels that need to be present (and are put) on the configmaps representing the gateway configuration. +singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the defaut container image provided by the operator. +singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the defaut container image provided by the operator. +tlsSupport: Deprecated. Instructs the operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some Che components. +useInternalClusterSVCNames: Use internal cluster svc names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `true`. +workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use , and placeholders (e.g.\: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infra as well to specify Project +:=== + +[id="checluster-custom-resource-database-settings_{context}"] +.`CheCluster` Custom Resource `database` configuration settings related to the database used by {prod-short}. + +[cols="2,5", options=header] +:=== + Property: Description +chePostgresDb: Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. +chePostgresHostName: Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. +chePostgresPassword: Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. +chePostgresPort: Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. +chePostgresSecret: The secret that contains Postgres `user` and `password` that the Che server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. +chePostgresUser: Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`. +externalDb: Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with\: `chePostgres`. +postgresImage: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +postgresImagePullPolicy: Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +:=== + +[id="checluster-custom-resource-auth-settings_{context}"] +.Custom Resource `auth` configuration settings related to authentication used by {prod-short}. + +[cols="2,5", options=header] +:=== + Property: Description +externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. +identityProviderAdminUserName: Overrides the name of the Identity Provider admin user. Defaults to `admin`. +identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. +identityProviderImage: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +identityProviderIngress: Ingress custom settings +identityProviderPassword: Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. +identityProviderPostgresPassword: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. +identityProviderPostgresSecret: The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. If the secret is defined then `identityProviderPostgresPassword` will be ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. +identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. +identityProviderRoute: Route custom settings +identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. If the secret is defined then `identityProviderAdminUserName` and `identityProviderPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. +identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator. +oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. +oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. +openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. +updateAdminPassword: Forces the default `admin` Che user to update password on first login. Defaults to `false`. +:=== + +[id="checluster-custom-resource-storage-settings_{context}"] +.`CheCluster` Custom Resource `storage` configuration settings related to persistent storage used by {prod-short}. + +[cols="2,5", options=header] +:=== + Property: Description +postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used. +preCreateSubPaths: Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. +pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi` +pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field. +pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. +workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used. +:=== + +[id="checluster-custom-resource-k8s-settings_{context}"] +.`CheCluster` Custom Resource `k8s` configuration settings specific to {prod-short} installations on {platforms-name}. + +[cols="2,5", options=header] +:=== + Property: Description +ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. +ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly specified\: there are no defaults. +ingressStrategy: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `\multi-host` Deprecated in favor of \serverExposureStrategy\ in the \server\ section, which defines this regardless of the cluster type. If both are defined, `serverExposureStrategy` takes precedence. +securityContextFsGroup: FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`. +securityContextRunAsUser: ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`. +singleHostExposureType: When the serverExposureStrategy is set to \single-host\, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are \native\ (which means that the server and workspaces are exposed using ingresses on K8s) or \gateway\ where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway \route\ always point to the subpaths on the same domain. Defaults to \native\. +tlsSecretName: Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. If the field is empty string, then default cluster certificate will be used. See also the `tlsSupport` field. +:=== + +[id="checluster-custom-resource-metrics-settings_{context}"] +.`CheCluster` Custom Resource `metrics` settings, related to the {prod-short} metrics collection used by {prod-short}. + +[cols="2,5", options=header] +:=== + Property: Description +enable: Enables `metrics` Che server endpoint. Default to `true`. +:=== + +[id="checluster-custom-resource-status-settings_{context}"] +.`CheCluster` Custom Resource `status` defines the observed state of {prod-short} installation + +[cols="2,5", options=header] +:=== + Property: Description +cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` +cheURL: Public URL to the Che server +cheVersion: Current installed Che version +dbProvisioned: Indicates if or not a Postgres instance has been correctly provisioned +devfileRegistryURL: Public URL to the Devfile registry +helpLink: A URL that can point to some URL where to find help related to the current Operator status. +keycloakProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user +keycloakURL: Public URL to the Identity Provider server (Keycloak / RH SSO). +message: A human readable message indicating details about why the pod is in this condition. +openShiftoAuthProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth. +pluginRegistryURL: Public URL to the Plugin registry +reason: A brief CamelCase message indicating details about why the pod is in this state. +:=== + + diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh new file mode 100755 index 0000000000..2f9bda39f6 --- /dev/null +++ b/tools/checluster_docs_gen.sh @@ -0,0 +1,114 @@ +#!/bin/bash +# +# Copyright (c) 2018 Red Hat, Inc. +# This program and the accompanying materials are made +# available under the terms of the Eclipse Public License 2.0 +# which is available at https://www.eclipse.org/legal/epl-2.0/ +# +# SPDX-License-Identifier: EPL-2.0 +# +set -o pipefail + +CURRENT_VERSION="" +PRODUCT="" +RAW_CONTENT="" +NEWLINE=$'\n' +NEWLINEx2="$NEWLINE$NEWLINE" +TABLE_HEADER="$NEWLINE[cols=\"2,5\", options="header"]$NEWLINE:=== $NEWLINE Property: Description $NEWLINE" +TABLE_FOOTER=":=== $NEWLINEx2" +PARENT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")/.." ; pwd -P ) +BUFF="" +OUTPUT_PATH="$PARENT_PATH/modules/installation-guide/examples/checluster-properties.adoc" + +fetch_current_version() { + echo "Trying to read current product version from $PARENT_PATH/antora-playbook.yml..." >&2 + + CURRENT_VERSION=$(grep 'prod-ver:' "$PARENT_PATH/antora-playbook.yml" | cut -d: -f2 | sed 's/ //g').x + if [ $? -ne 0 ]; then + echo "Failure: Cannot read version from $PARENT_PATH/antora-playbook.yml" >&2 + exit 1 + fi + if [[ "$CURRENT_VERSION" == *-SNAPSHOT ]]; then + CURRENT_VERSION="master" + fi + echo "Detected version: $CURRENT_VERSION" >&2 +} + +fetch_product_name() { + echo "Trying to read product name from $PARENT_PATH/antora-playbook.yml..." >&2 + + PRODUCT=$(grep 'prod-id-short:' "$PARENT_PATH/antora-playbook.yml" | cut -d: -f2 | sed 's/ //g') + if [ $? -ne 0 ]; then + echo "Failure: Cannot read product from $PARENT_PATH/antora-playbook.yml" >&2 + exit 1 + fi + echo "Detected product: $PRODUCT" >&2 +} + + +fetch_conf_files_content() { + echo "Fetching property files content from GitHub..." >&2 + + if [[ $PRODUCT == "che" ]]; then + CHECLUSTER_PROPERTIES_URL="https://raw.githubusercontent.com/eclipse/che-operator/$CURRENT_VERSION/deploy/crds/org_v1_che_crd.yaml" + else + CHECLUSTER_PROPERTIES_URL="https://raw.githubusercontent.com/redhat-developer/codeready-workspaces-operator/crw-$CURRENT_VERSION-rhel-8/deploy/crds/org_v1_che_crd.yaml" + fi + + RAW_CONTENT=$(curl -sf "$CHECLUSTER_PROPERTIES_URL") + if [ $? -ne 0 ]; then + echo "Failure: Cannot read 'org_v1_che_crd.yaml' from URL $CHECLUSTER_PROPERTIES_URL" >&2 + exit 1 + fi + echo "Fetching content done. Trying to parse it." >&2 +} + +parse_content() { + parse_section "server" "\`CheCluster\` Custom Resource \`server\` settings, related to the {prod-short} server component." + parse_section "database" "\`CheCluster\` Custom Resource \`database\` configuration settings related to the database used by {prod-short}." + parse_section "auth" "Custom Resource \`auth\` configuration settings related to authentication used by {prod-short}." + parse_section "storage" "\`CheCluster\` Custom Resource \`storage\` configuration settings related to persistent storage used by {prod-short}." + if [[ $PRODUCT == "che" ]]; then + parse_section "k8s" "\`CheCluster\` Custom Resource \`k8s\` configuration settings specific to {prod-short} installations on {platforms-name}." + fi + parse_section "metrics" "\`CheCluster\` Custom Resource \`metrics\` settings, related to the {prod-short} metrics collection used by {prod-short}." + parse_section "status" "\`CheCluster\` Custom Resource \`status\` defines the observed state of {prod-short} installation" + + echo "$BUFF" > "$OUTPUT_PATH" + echo "Processing done. Output file is $OUTPUT_PATH" >&2 +} + + +parse_section() { + local sectionName=$1 + local id="[id=\"checluster-custom-resource-$sectionName-settings_{context}\"]" + local caption=$2 + + if [[ $sectionName == "status" ]]; then + local section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.status') + else + local section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.spec.properties.'$sectionName) + fi + + local properties=( + $(echo "$section" | yq -M '.properties | keys[]' ) + ) + + BUFF="$BUFF$id$NEWLINE" + BUFF="$BUFF.$caption$NEWLINE" + BUFF="$BUFF$TABLE_HEADER" + for prop in "${properties[@]}" + do + prop="${prop//\"}" + description=$(echo "$section" | yq -M '.properties.'$prop'.description') + description="${description//\"}" + description="${description//:/\\:}" + BUFF="$BUFF${prop}: ${description}$NEWLINE" + done + BUFF="$BUFF$TABLE_FOOTER" +} + +fetch_current_version +fetch_product_name +fetch_conf_files_content +parse_content From b17e2c5a8a6de55d7839835b1a82ad1362a6ad83 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 26 Jan 2021 09:43:50 +0200 Subject: [PATCH 03/11] Fix remarks Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 14 +++++----- tools/checluster_docs_gen.sh | 26 +++++-------------- 2 files changed, 14 insertions(+), 26 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index 9221ce63be..7610cb8d1e 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -1,7 +1,7 @@ [id="checluster-custom-resource-server-settings_{context}"] .`CheCluster` Custom Resource `server` settings, related to the {prod-short} server component. -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. @@ -59,7 +59,7 @@ workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's [id="checluster-custom-resource-database-settings_{context}"] .`CheCluster` Custom Resource `database` configuration settings related to the database used by {prod-short}. -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description chePostgresDb: Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. @@ -76,7 +76,7 @@ postgresImagePullPolicy: Overrides the image pull policy used in the Postgres da [id="checluster-custom-resource-auth-settings_{context}"] .Custom Resource `auth` configuration settings related to authentication used by {prod-short}. -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. @@ -101,7 +101,7 @@ updateAdminPassword: Forces the default `admin` Che user to update password on f [id="checluster-custom-resource-storage-settings_{context}"] .`CheCluster` Custom Resource `storage` configuration settings related to persistent storage used by {prod-short}. -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used. @@ -115,7 +115,7 @@ workspacePVCStorageClassName: Storage class for the Persistent Volume Claims ded [id="checluster-custom-resource-k8s-settings_{context}"] .`CheCluster` Custom Resource `k8s` configuration settings specific to {prod-short} installations on {platforms-name}. -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. @@ -130,7 +130,7 @@ tlsSecretName: Name of a secret that will be used to setup ingress TLS terminati [id="checluster-custom-resource-metrics-settings_{context}"] .`CheCluster` Custom Resource `metrics` settings, related to the {prod-short} metrics collection used by {prod-short}. -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description enable: Enables `metrics` Che server endpoint. Default to `true`. @@ -139,7 +139,7 @@ enable: Enables `metrics` Che server endpoint. Default to `true`. [id="checluster-custom-resource-status-settings_{context}"] .`CheCluster` Custom Resource `status` defines the observed state of {prod-short} installation -[cols="2,5", options=header] +[cols="2,5", options="header"] :=== Property: Description cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh index 2f9bda39f6..59df7357b8 100755 --- a/tools/checluster_docs_gen.sh +++ b/tools/checluster_docs_gen.sh @@ -8,26 +8,22 @@ # SPDX-License-Identifier: EPL-2.0 # set -o pipefail +set -e CURRENT_VERSION="" PRODUCT="" RAW_CONTENT="" NEWLINE=$'\n' NEWLINEx2="$NEWLINE$NEWLINE" -TABLE_HEADER="$NEWLINE[cols=\"2,5\", options="header"]$NEWLINE:=== $NEWLINE Property: Description $NEWLINE" +TABLE_HEADER="$NEWLINE[cols=\"2,5\", options=\"header\"]$NEWLINE:=== $NEWLINE Property: Description $NEWLINE" TABLE_FOOTER=":=== $NEWLINEx2" -PARENT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")/.." ; pwd -P ) +PARENT_PATH=$(cd "$(dirname "${BASH_SOURCE[0]}")/.."; pwd -P) BUFF="" OUTPUT_PATH="$PARENT_PATH/modules/installation-guide/examples/checluster-properties.adoc" fetch_current_version() { echo "Trying to read current product version from $PARENT_PATH/antora-playbook.yml..." >&2 - CURRENT_VERSION=$(grep 'prod-ver:' "$PARENT_PATH/antora-playbook.yml" | cut -d: -f2 | sed 's/ //g').x - if [ $? -ne 0 ]; then - echo "Failure: Cannot read version from $PARENT_PATH/antora-playbook.yml" >&2 - exit 1 - fi if [[ "$CURRENT_VERSION" == *-SNAPSHOT ]]; then CURRENT_VERSION="master" fi @@ -36,12 +32,7 @@ fetch_current_version() { fetch_product_name() { echo "Trying to read product name from $PARENT_PATH/antora-playbook.yml..." >&2 - PRODUCT=$(grep 'prod-id-short:' "$PARENT_PATH/antora-playbook.yml" | cut -d: -f2 | sed 's/ //g') - if [ $? -ne 0 ]; then - echo "Failure: Cannot read product from $PARENT_PATH/antora-playbook.yml" >&2 - exit 1 - fi echo "Detected product: $PRODUCT" >&2 } @@ -56,10 +47,6 @@ fetch_conf_files_content() { fi RAW_CONTENT=$(curl -sf "$CHECLUSTER_PROPERTIES_URL") - if [ $? -ne 0 ]; then - echo "Failure: Cannot read 'org_v1_che_crd.yaml' from URL $CHECLUSTER_PROPERTIES_URL" >&2 - exit 1 - fi echo "Fetching content done. Trying to parse it." >&2 } @@ -80,14 +67,15 @@ parse_content() { parse_section() { + local section local sectionName=$1 local id="[id=\"checluster-custom-resource-$sectionName-settings_{context}\"]" local caption=$2 if [[ $sectionName == "status" ]]; then - local section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.status') + section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.status') else - local section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.spec.properties.'$sectionName) + section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.spec.properties.'"$sectionName") fi local properties=( @@ -100,7 +88,7 @@ parse_section() { for prop in "${properties[@]}" do prop="${prop//\"}" - description=$(echo "$section" | yq -M '.properties.'$prop'.description') + description=$(echo "$section" | yq -M '.properties.'"$prop"'.description') description="${description//\"}" description="${description//:/\\:}" BUFF="$BUFF${prop}: ${description}$NEWLINE" From 7319479db473c6aa1b7a2274eafa1a9b27906593 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 28 Jan 2021 14:55:48 +0200 Subject: [PATCH 04/11] Update example Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 88 +++++++++---------- tools/checluster_docs_gen.sh | 22 ++--- 2 files changed, 55 insertions(+), 55 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index 7610cb8d1e..a767c2b379 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -4,22 +4,22 @@ [cols="2,5", options="header"] :=== Property: Description -airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. -airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. +airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. +airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. allowUserDefinedWorkspaceNamespaces: Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default. It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra. cheClusterRoles: Comma-separated list of ClusterRoles that will be assigned to che ServiceAccount. Be aware that che-operator has to already have all permissions in these ClusterRoles to be able to grant them. -cheDebug: Enables the debug mode for Che server. Defaults to `false`. -cheFlavor: Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden. -cheHost: Public hostname of the installed Che server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field). -cheHostTLSSecret: Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed Che server. (see the `cheHost` field). -cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. -cheImagePullPolicy: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. -cheImageTag: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. -cheLogLevel: Log level for the Che server\: `INFO` or `DEBUG`. Defaults to `INFO`. -cheServerIngress: Che server ingress custom settings -cheServerRoute: Che server route custom settings -cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. -customCheProperties: Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. +cheDebug: Enables the debug mode for {prod-short} server. Defaults to `false`. +cheFlavor: Flavor of the installation. This is either `che` for upstream {prod-short} installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden. +cheHost: Public hostname of the installed {prod-short} server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field). +cheHostTLSSecret: Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed {prod-short} server. (see the `cheHost` field). +cheImage: Overrides the container image used in {prod-short} deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +cheImagePullPolicy: Overrides the image pull policy used in {prod-short} deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +cheImageTag: Overrides the tag of the container image used in {prod-short} deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. +cheLogLevel: Log level for the {prod-short} server\: `INFO` or `DEBUG`. Defaults to `INFO`. +cheServerIngress: {prod-short} server ingress custom settings +cheServerRoute: {prod-short} server route custom settings +cheWorkspaceClusterRole: Custom cluster role bound to the user for the {prod-short} workspaces. The default roles are used if this is omitted or left blank. +customCheProperties: Map of additional environment variables that will be applied in the generated `che` config map to be used by the {prod-short} server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. devfileRegistryImage: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. devfileRegistryIngress: Devfile registry ingress custom settings devfileRegistryMemoryLimit: Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi. @@ -29,7 +29,7 @@ devfileRegistryRoute: Devfile registry route custom settings devfileRegistryUrl: Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator. externalDevfileRegistry: Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field externalPluginRegistry: Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field. -gitSelfSignedCert: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the Che components and provide particular configuration for Git. +gitSelfSignedCert: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the {prod-short} components and provide particular configuration for Git. nonProxyHosts: List of hosts that should not use the configured proxy. So specify wild card domain use the following form `.` and `|` as delimiter, eg\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyURL` fields). pluginRegistryImage: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the operator. pluginRegistryIngress: Plugin registry ingress custom settings @@ -41,17 +41,17 @@ pluginRegistryUrl: Public URL of the Plugin registry, that serves sample ready-t proxyPassword: Password of the proxy server Only use when proxy configuration is required (see also the `proxyURL`, `proxyUser` and `proxySecret` fields). proxyPort: Port of the proxy server. Only use when configuring a proxy is required. (see also the `proxyURL` and `nonProxyHosts` fields). proxySecret: The secret that contains `user` and `password` for a proxy server. If the secret is defined then `proxyUser` and `proxyPassword` are ignored -proxyURL: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). +proxyURL: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the {prod-short} server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). proxyUser: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL`, `proxyPassword` and `proxySecret` fields). -selfSignedCert: Deprecated. The value of this flag is ignored. Che operator will automatically detect if router certificate is self-signed. If so it will be propagated to Che server and some other components. -serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are \multi-host\, \single-host\, \default-host\. Defaults to \multi-host\ which creates a separate ingress (or route on OpenShift) for every required endpoint. \single-host\ makes Che exposed on a single hostname with workspaces exposed on subpaths. Please read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the operator and Che server make that happen on Kubernetes. \default-host\ exposes che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. -serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. -serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. -serverTrustStoreConfigMapName: Name of the config-map with public certificates to add to Java trust store of the Che server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, Che server must be aware of its CA cert to be able to request it. This is disabled by default. +selfSignedCert: Deprecated. The value of this flag is ignored. {prod-short} operator will automatically detect if router certificate is self-signed. If so it will be propagated to {prod-short} server and some other components. +serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are \multi-host\, \single-host\, \default-host\. Defaults to \multi-host\ which creates a separate ingress (or route on OpenShift) for every required endpoint. \single-host\ makes {prod-short} exposed on a single hostname with workspaces exposed on subpaths. Please read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the operator and {prod-short} server make that happen on Kubernetes. \default-host\ exposes che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. +serverMemoryLimit: Overrides the memory limit used in the {prod-short} server deployment. Defaults to 1Gi. +serverMemoryRequest: Overrides the memory request used in the {prod-short} server deployment. Defaults to 512Mi. +serverTrustStoreConfigMapName: Name of the config-map with public certificates to add to Java trust store of the {prod-short} server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, {prod-short} server must be aware of its CA cert to be able to request it. This is disabled by default. singleHostGatewayConfigMapLabels: The labels that need to be present (and are put) on the configmaps representing the gateway configuration. singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the defaut container image provided by the operator. singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the defaut container image provided by the operator. -tlsSupport: Deprecated. Instructs the operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some Che components. +tlsSupport: Deprecated. Instructs the operator to deploy {prod-short} in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some {prod-short} components. useInternalClusterSVCNames: Use internal cluster svc names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `true`. workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use , and placeholders (e.g.\: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infra as well to specify Project :=== @@ -62,13 +62,13 @@ workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's [cols="2,5", options="header"] :=== Property: Description -chePostgresDb: Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. -chePostgresHostName: Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. -chePostgresPassword: Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. -chePostgresPort: Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. -chePostgresSecret: The secret that contains Postgres `user` and `password` that the Che server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. -chePostgresUser: Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`. -externalDb: Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with\: `chePostgres`. +chePostgresDb: Postgres database name that the {prod-short} server uses to connect to the DB. Defaults to `dbche`. +chePostgresHostName: Postgres Database hostname that the {prod-short} server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. +chePostgresPassword: Postgres password that the {prod-short} server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. +chePostgresPort: Postgres Database port that the {prod-short} server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. +chePostgresSecret: The secret that contains Postgres `user` and `password` that the {prod-short} server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. +chePostgresUser: Postgres user that the {prod-short} server should use to connect to the DB. Defaults to `pgche`. +externalDb: Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the {prod-short} installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with\: `chePostgres`. postgresImage: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. postgresImagePullPolicy: Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. :=== @@ -79,23 +79,23 @@ postgresImagePullPolicy: Overrides the image pull policy used in the Postgres da [cols="2,5", options="header"] :=== Property: Description -externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. +externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the {prod-short} installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. identityProviderAdminUserName: Overrides the name of the Identity Provider admin user. Defaults to `admin`. -identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. +identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for {prod-short}. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. identityProviderImage: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. identityProviderIngress: Ingress custom settings identityProviderPassword: Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. identityProviderPostgresPassword: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. identityProviderPostgresSecret: The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. If the secret is defined then `identityProviderPostgresPassword` will be ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. -identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. +identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for {prod-short}. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. identityProviderRoute: Route custom settings identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. If the secret is defined then `identityProviderAdminUserName` and `identityProviderPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator. oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. -openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. -updateAdminPassword: Forces the default `admin` Che user to update password on first login. Defaults to `false`. +openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the {prod-short} Dashboard. +updateAdminPassword: Forces the default `admin` {prod-short} user to update password on first login. Defaults to `false`. :=== [id="checluster-custom-resource-storage-settings_{context}"] @@ -105,11 +105,11 @@ updateAdminPassword: Forces the default `admin` Che user to update password on f :=== Property: Description postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used. -preCreateSubPaths: Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. +preCreateSubPaths: Instructs the {prod-short} server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi` pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field. -pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. -workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used. +pvcStrategy: Persistent volume claim strategy for the {prod-short} server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. +workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the {prod-short} workspaces. If omitted or left blank, default storage class is used. :=== [id="checluster-custom-resource-k8s-settings_{context}"] @@ -118,11 +118,11 @@ workspacePVCStorageClassName: Storage class for the Persistent Volume Claims ded [cols="2,5", options="header"] :=== Property: Description -ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. +ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on {prod-short}-related ingresses. ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly specified\: there are no defaults. ingressStrategy: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `\multi-host` Deprecated in favor of \serverExposureStrategy\ in the \server\ section, which defines this regardless of the cluster type. If both are defined, `serverExposureStrategy` takes precedence. -securityContextFsGroup: FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`. -securityContextRunAsUser: ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`. +securityContextFsGroup: FSGroup the {prod-short} pod and Workspace pods containers should run in. Defaults to `1724`. +securityContextRunAsUser: ID of the user the {prod-short} pod and Workspace pods containers should run as. Default to `1724`. singleHostExposureType: When the serverExposureStrategy is set to \single-host\, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are \native\ (which means that the server and workspaces are exposed using ingresses on K8s) or \gateway\ where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway \route\ always point to the subpaths on the same domain. Defaults to \native\. tlsSecretName: Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. If the field is empty string, then default cluster certificate will be used. See also the `tlsSupport` field. :=== @@ -133,7 +133,7 @@ tlsSecretName: Name of a secret that will be used to setup ingress TLS terminati [cols="2,5", options="header"] :=== Property: Description -enable: Enables `metrics` Che server endpoint. Default to `true`. +enable: Enables `metrics` {prod-short} server endpoint. Default to `true`. :=== [id="checluster-custom-resource-status-settings_{context}"] @@ -142,9 +142,9 @@ enable: Enables `metrics` Che server endpoint. Default to `true`. [cols="2,5", options="header"] :=== Property: Description -cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` -cheURL: Public URL to the Che server -cheVersion: Current installed Che version +cheClusterRunning: Status of a {prod-short} installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` +cheURL: Public URL to the {prod-short} server +cheVersion: Current installed {prod-short} version dbProvisioned: Indicates if or not a Postgres instance has been correctly provisioned devfileRegistryURL: Public URL to the Devfile registry helpLink: A URL that can point to some URL where to find help related to the current Operator status. diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh index 59df7357b8..2e7ecafeac 100755 --- a/tools/checluster_docs_gen.sh +++ b/tools/checluster_docs_gen.sh @@ -23,7 +23,7 @@ OUTPUT_PATH="$PARENT_PATH/modules/installation-guide/examples/checluster-propert fetch_current_version() { echo "Trying to read current product version from $PARENT_PATH/antora-playbook.yml..." >&2 - CURRENT_VERSION=$(grep 'prod-ver:' "$PARENT_PATH/antora-playbook.yml" | cut -d: -f2 | sed 's/ //g').x + CURRENT_VERSION=$(yq -M '.asciidoc.attributes."prod-ver"' "$PARENT_PATH/antora-playbook.yml").x if [[ "$CURRENT_VERSION" == *-SNAPSHOT ]]; then CURRENT_VERSION="master" fi @@ -32,15 +32,14 @@ fetch_current_version() { fetch_product_name() { echo "Trying to read product name from $PARENT_PATH/antora-playbook.yml..." >&2 - PRODUCT=$(grep 'prod-id-short:' "$PARENT_PATH/antora-playbook.yml" | cut -d: -f2 | sed 's/ //g') + PRODUCT=$(yq -M '.asciidoc.attributes."prod-id-short"' "$PARENT_PATH/antora-playbook.yml") echo "Detected product: $PRODUCT" >&2 } - fetch_conf_files_content() { echo "Fetching property files content from GitHub..." >&2 - if [[ $PRODUCT == "che" ]]; then + if [[ $PRODUCT == "\"che\"" ]]; then CHECLUSTER_PROPERTIES_URL="https://raw.githubusercontent.com/eclipse/che-operator/$CURRENT_VERSION/deploy/crds/org_v1_che_crd.yaml" else CHECLUSTER_PROPERTIES_URL="https://raw.githubusercontent.com/redhat-developer/codeready-workspaces-operator/crw-$CURRENT_VERSION-rhel-8/deploy/crds/org_v1_che_crd.yaml" @@ -55,7 +54,7 @@ parse_content() { parse_section "database" "\`CheCluster\` Custom Resource \`database\` configuration settings related to the database used by {prod-short}." parse_section "auth" "Custom Resource \`auth\` configuration settings related to authentication used by {prod-short}." parse_section "storage" "\`CheCluster\` Custom Resource \`storage\` configuration settings related to persistent storage used by {prod-short}." - if [[ $PRODUCT == "che" ]]; then + if [[ $PRODUCT == "\"che\"" ]]; then parse_section "k8s" "\`CheCluster\` Custom Resource \`k8s\` configuration settings specific to {prod-short} installations on {platforms-name}." fi parse_section "metrics" "\`CheCluster\` Custom Resource \`metrics\` settings, related to the {prod-short} metrics collection used by {prod-short}." @@ -85,13 +84,14 @@ parse_section() { BUFF="$BUFF$id$NEWLINE" BUFF="$BUFF.$caption$NEWLINE" BUFF="$BUFF$TABLE_HEADER" - for prop in "${properties[@]}" + for PROP in "${properties[@]}" do - prop="${prop//\"}" - description=$(echo "$section" | yq -M '.properties.'"$prop"'.description') - description="${description//\"}" - description="${description//:/\\:}" - BUFF="$BUFF${prop}: ${description}$NEWLINE" + PROP="${PROP//\"}" + DESCR_BUFF=$(echo "$section" | yq -M '.properties.'"$PROP"'.description') + DESCR_BUFF="${DESCR_BUFF//\"}" + DESCR_BUFF="${DESCR_BUFF//:/\\:}" + DESCR_BUFF="$(sed 's|\(Eclipse \)\?\bChe\b|{prod-short}|g' <<< $DESCR_BUFF)" + BUFF="$BUFF${PROP}: ${DESCR_BUFF}$NEWLINE" done BUFF="$BUFF$TABLE_FOOTER" } From db9df37bf4ae84b4adb4f3aa8200e235de7d53be Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 28 Jan 2021 14:57:12 +0200 Subject: [PATCH 05/11] Fix Signed-off-by: Anatolii Bazko --- tools/checluster_docs_gen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh index 2e7ecafeac..dddf4c06f7 100755 --- a/tools/checluster_docs_gen.sh +++ b/tools/checluster_docs_gen.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2018 Red Hat, Inc. +# Copyright (c) 2021F Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ From d6d817017e1e7cbf65e529183d49481d81fba204 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 28 Jan 2021 14:57:16 +0200 Subject: [PATCH 06/11] Fix Signed-off-by: Anatolii Bazko --- tools/checluster_docs_gen.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh index dddf4c06f7..62c1560899 100755 --- a/tools/checluster_docs_gen.sh +++ b/tools/checluster_docs_gen.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2021F Red Hat, Inc. +# Copyright (c) 2021 Red Hat, Inc. # This program and the accompanying materials are made # available under the terms of the Eclipse Public License 2.0 # which is available at https://www.eclipse.org/legal/epl-2.0/ From e3eb48d86c586b033e7b6d08eea67f3c246dd639 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 28 Jan 2021 15:12:09 +0200 Subject: [PATCH 07/11] Fixes Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 88 +++++++++---------- tools/checluster_docs_gen.sh | 2 +- 2 files changed, 45 insertions(+), 45 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index a767c2b379..7610cb8d1e 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -4,22 +4,22 @@ [cols="2,5", options="header"] :=== Property: Description -airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. -airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a {prod-short} deployment. This is particularly useful to install {prod-short} in an air-gapped environment. +airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. +airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. allowUserDefinedWorkspaceNamespaces: Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default. It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra. cheClusterRoles: Comma-separated list of ClusterRoles that will be assigned to che ServiceAccount. Be aware that che-operator has to already have all permissions in these ClusterRoles to be able to grant them. -cheDebug: Enables the debug mode for {prod-short} server. Defaults to `false`. -cheFlavor: Flavor of the installation. This is either `che` for upstream {prod-short} installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden. -cheHost: Public hostname of the installed {prod-short} server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field). -cheHostTLSSecret: Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed {prod-short} server. (see the `cheHost` field). -cheImage: Overrides the container image used in {prod-short} deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. -cheImagePullPolicy: Overrides the image pull policy used in {prod-short} deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. -cheImageTag: Overrides the tag of the container image used in {prod-short} deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. -cheLogLevel: Log level for the {prod-short} server\: `INFO` or `DEBUG`. Defaults to `INFO`. -cheServerIngress: {prod-short} server ingress custom settings -cheServerRoute: {prod-short} server route custom settings -cheWorkspaceClusterRole: Custom cluster role bound to the user for the {prod-short} workspaces. The default roles are used if this is omitted or left blank. -customCheProperties: Map of additional environment variables that will be applied in the generated `che` config map to be used by the {prod-short} server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. +cheDebug: Enables the debug mode for Che server. Defaults to `false`. +cheFlavor: Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden. +cheHost: Public hostname of the installed Che server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field). +cheHostTLSSecret: Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed Che server. (see the `cheHost` field). +cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +cheImagePullPolicy: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +cheImageTag: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. +cheLogLevel: Log level for the Che server\: `INFO` or `DEBUG`. Defaults to `INFO`. +cheServerIngress: Che server ingress custom settings +cheServerRoute: Che server route custom settings +cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. +customCheProperties: Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. devfileRegistryImage: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. devfileRegistryIngress: Devfile registry ingress custom settings devfileRegistryMemoryLimit: Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi. @@ -29,7 +29,7 @@ devfileRegistryRoute: Devfile registry route custom settings devfileRegistryUrl: Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator. externalDevfileRegistry: Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field externalPluginRegistry: Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field. -gitSelfSignedCert: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the {prod-short} components and provide particular configuration for Git. +gitSelfSignedCert: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the Che components and provide particular configuration for Git. nonProxyHosts: List of hosts that should not use the configured proxy. So specify wild card domain use the following form `.` and `|` as delimiter, eg\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyURL` fields). pluginRegistryImage: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the operator. pluginRegistryIngress: Plugin registry ingress custom settings @@ -41,17 +41,17 @@ pluginRegistryUrl: Public URL of the Plugin registry, that serves sample ready-t proxyPassword: Password of the proxy server Only use when proxy configuration is required (see also the `proxyURL`, `proxyUser` and `proxySecret` fields). proxyPort: Port of the proxy server. Only use when configuring a proxy is required. (see also the `proxyURL` and `nonProxyHosts` fields). proxySecret: The secret that contains `user` and `password` for a proxy server. If the secret is defined then `proxyUser` and `proxyPassword` are ignored -proxyURL: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the {prod-short} server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). +proxyURL: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). proxyUser: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL`, `proxyPassword` and `proxySecret` fields). -selfSignedCert: Deprecated. The value of this flag is ignored. {prod-short} operator will automatically detect if router certificate is self-signed. If so it will be propagated to {prod-short} server and some other components. -serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are \multi-host\, \single-host\, \default-host\. Defaults to \multi-host\ which creates a separate ingress (or route on OpenShift) for every required endpoint. \single-host\ makes {prod-short} exposed on a single hostname with workspaces exposed on subpaths. Please read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the operator and {prod-short} server make that happen on Kubernetes. \default-host\ exposes che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. -serverMemoryLimit: Overrides the memory limit used in the {prod-short} server deployment. Defaults to 1Gi. -serverMemoryRequest: Overrides the memory request used in the {prod-short} server deployment. Defaults to 512Mi. -serverTrustStoreConfigMapName: Name of the config-map with public certificates to add to Java trust store of the {prod-short} server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, {prod-short} server must be aware of its CA cert to be able to request it. This is disabled by default. +selfSignedCert: Deprecated. The value of this flag is ignored. Che operator will automatically detect if router certificate is self-signed. If so it will be propagated to Che server and some other components. +serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are \multi-host\, \single-host\, \default-host\. Defaults to \multi-host\ which creates a separate ingress (or route on OpenShift) for every required endpoint. \single-host\ makes Che exposed on a single hostname with workspaces exposed on subpaths. Please read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the operator and Che server make that happen on Kubernetes. \default-host\ exposes che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. +serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. +serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. +serverTrustStoreConfigMapName: Name of the config-map with public certificates to add to Java trust store of the Che server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, Che server must be aware of its CA cert to be able to request it. This is disabled by default. singleHostGatewayConfigMapLabels: The labels that need to be present (and are put) on the configmaps representing the gateway configuration. singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the defaut container image provided by the operator. singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the defaut container image provided by the operator. -tlsSupport: Deprecated. Instructs the operator to deploy {prod-short} in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some {prod-short} components. +tlsSupport: Deprecated. Instructs the operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some Che components. useInternalClusterSVCNames: Use internal cluster svc names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `true`. workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use , and placeholders (e.g.\: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infra as well to specify Project :=== @@ -62,13 +62,13 @@ workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's [cols="2,5", options="header"] :=== Property: Description -chePostgresDb: Postgres database name that the {prod-short} server uses to connect to the DB. Defaults to `dbche`. -chePostgresHostName: Postgres Database hostname that the {prod-short} server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. -chePostgresPassword: Postgres password that the {prod-short} server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. -chePostgresPort: Postgres Database port that the {prod-short} server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. -chePostgresSecret: The secret that contains Postgres `user` and `password` that the {prod-short} server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. -chePostgresUser: Postgres user that the {prod-short} server should use to connect to the DB. Defaults to `pgche`. -externalDb: Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the {prod-short} installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with\: `chePostgres`. +chePostgresDb: Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. +chePostgresHostName: Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. +chePostgresPassword: Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. +chePostgresPort: Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. +chePostgresSecret: The secret that contains Postgres `user` and `password` that the Che server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. +chePostgresUser: Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`. +externalDb: Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with\: `chePostgres`. postgresImage: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. postgresImagePullPolicy: Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. :=== @@ -79,23 +79,23 @@ postgresImagePullPolicy: Overrides the image pull policy used in the Postgres da [cols="2,5", options="header"] :=== Property: Description -externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the {prod-short} installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. +externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. identityProviderAdminUserName: Overrides the name of the Identity Provider admin user. Defaults to `admin`. -identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for {prod-short}. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. +identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. identityProviderImage: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. identityProviderIngress: Ingress custom settings identityProviderPassword: Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. identityProviderPostgresPassword: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. identityProviderPostgresSecret: The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. If the secret is defined then `identityProviderPostgresPassword` will be ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. -identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for {prod-short}. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. +identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. identityProviderRoute: Route custom settings identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. If the secret is defined then `identityProviderAdminUserName` and `identityProviderPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator. oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. -openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the {prod-short} Dashboard. -updateAdminPassword: Forces the default `admin` {prod-short} user to update password on first login. Defaults to `false`. +openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. +updateAdminPassword: Forces the default `admin` Che user to update password on first login. Defaults to `false`. :=== [id="checluster-custom-resource-storage-settings_{context}"] @@ -105,11 +105,11 @@ updateAdminPassword: Forces the default `admin` {prod-short} user to update pass :=== Property: Description postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used. -preCreateSubPaths: Instructs the {prod-short} server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. +preCreateSubPaths: Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi` pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field. -pvcStrategy: Persistent volume claim strategy for the {prod-short} server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. -workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the {prod-short} workspaces. If omitted or left blank, default storage class is used. +pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. +workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used. :=== [id="checluster-custom-resource-k8s-settings_{context}"] @@ -118,11 +118,11 @@ workspacePVCStorageClassName: Storage class for the Persistent Volume Claims ded [cols="2,5", options="header"] :=== Property: Description -ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on {prod-short}-related ingresses. +ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly specified\: there are no defaults. ingressStrategy: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `\multi-host` Deprecated in favor of \serverExposureStrategy\ in the \server\ section, which defines this regardless of the cluster type. If both are defined, `serverExposureStrategy` takes precedence. -securityContextFsGroup: FSGroup the {prod-short} pod and Workspace pods containers should run in. Defaults to `1724`. -securityContextRunAsUser: ID of the user the {prod-short} pod and Workspace pods containers should run as. Default to `1724`. +securityContextFsGroup: FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`. +securityContextRunAsUser: ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`. singleHostExposureType: When the serverExposureStrategy is set to \single-host\, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are \native\ (which means that the server and workspaces are exposed using ingresses on K8s) or \gateway\ where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway \route\ always point to the subpaths on the same domain. Defaults to \native\. tlsSecretName: Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. If the field is empty string, then default cluster certificate will be used. See also the `tlsSupport` field. :=== @@ -133,7 +133,7 @@ tlsSecretName: Name of a secret that will be used to setup ingress TLS terminati [cols="2,5", options="header"] :=== Property: Description -enable: Enables `metrics` {prod-short} server endpoint. Default to `true`. +enable: Enables `metrics` Che server endpoint. Default to `true`. :=== [id="checluster-custom-resource-status-settings_{context}"] @@ -142,9 +142,9 @@ enable: Enables `metrics` {prod-short} server endpoint. Default to `true`. [cols="2,5", options="header"] :=== Property: Description -cheClusterRunning: Status of a {prod-short} installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` -cheURL: Public URL to the {prod-short} server -cheVersion: Current installed {prod-short} version +cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` +cheURL: Public URL to the Che server +cheVersion: Current installed Che version dbProvisioned: Indicates if or not a Postgres instance has been correctly provisioned devfileRegistryURL: Public URL to the Devfile registry helpLink: A URL that can point to some URL where to find help related to the current Operator status. diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh index 62c1560899..c1ec29cd29 100755 --- a/tools/checluster_docs_gen.sh +++ b/tools/checluster_docs_gen.sh @@ -90,7 +90,7 @@ parse_section() { DESCR_BUFF=$(echo "$section" | yq -M '.properties.'"$PROP"'.description') DESCR_BUFF="${DESCR_BUFF//\"}" DESCR_BUFF="${DESCR_BUFF//:/\\:}" - DESCR_BUFF="$(sed 's|\(Eclipse \)\?\bChe\b|{prod-short}|g' <<< $DESCR_BUFF)" + DESCR_BUFF="$(sed 's|Eclipse Che|{prod-short}|g' <<< $DESCR_BUFF)" BUFF="$BUFF${PROP}: ${DESCR_BUFF}$NEWLINE" done BUFF="$BUFF$TABLE_FOOTER" From bf459aa8688832123ee87dfd0a9f34fcd12d23b3 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Fri, 29 Jan 2021 12:58:32 +0200 Subject: [PATCH 08/11] Generate doc based on che-operator master branch Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 179 +++++++++--------- 1 file changed, 94 insertions(+), 85 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index 7610cb8d1e..e0cd38a26b 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -4,56 +4,62 @@ [cols="2,5", options="header"] :=== Property: Description -airGapContainerRegistryHostname: Optional hostname (or url) to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. -airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in an air-gapped environment. -allowUserDefinedWorkspaceNamespaces: Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default. It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra. -cheClusterRoles: Comma-separated list of ClusterRoles that will be assigned to che ServiceAccount. Be aware that che-operator has to already have all permissions in these ClusterRoles to be able to grant them. +airGapContainerRegistryHostname: Optional host name, or URL, to an alternate container registry to pull images from. This value overrides the container registry host name defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in a restricted environment. +airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install {prod-short} in a restricted environment. +allowUserDefinedWorkspaceNamespaces: Defines that a user is allowed to specify Kubernetes namespace, or OpenShift project, different from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. +cheClusterRoles: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the che-operator has to already have all permissions in these ClusterRoles to grant them. cheDebug: Enables the debug mode for Che server. Defaults to `false`. -cheFlavor: Flavor of the installation. This is either `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. In most cases the default value should not be overridden. -cheHost: Public hostname of the installed Che server. If value is omitted then it will be automatically set by the operator. (see the `cheHostTLSSecret` field). -cheHostTLSSecret: Name of a secret containing certificates to secure ingress/route for the custom hostname of the installed Che server. (see the `cheHost` field). -cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. If not necessary, do not override the default value. +cheHost: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. +cheHostTLSSecret: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. See the `cheHost` field. +cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. cheImagePullPolicy: Overrides the image pull policy used in Che deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. -cheImageTag: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the defaut image tag provided by the operator. +cheImageTag: Overrides the tag of the container image used in Che deployment. Omit it or leave it empty to use the default image tag provided by the Operator. cheLogLevel: Log level for the Che server\: `INFO` or `DEBUG`. Defaults to `INFO`. -cheServerIngress: Che server ingress custom settings -cheServerRoute: Che server route custom settings +cheServerIngress: The Che server ingress custom settings. +cheServerRoute: The Che server route custom settings. cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. -customCheProperties: Map of additional environment variables that will be applied in the generated `che` config map to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). If `customCheProperties` contains a property that would be normally generated in `che` config map from other CR fields, then the value defined in the `customCheProperties` will be used instead. -devfileRegistryImage: Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. -devfileRegistryIngress: Devfile registry ingress custom settings -devfileRegistryMemoryLimit: Overrides the memory limit used in the Devfile registry deployment. Defaults to 256Mi. -devfileRegistryMemoryRequest: Overrides the memory request used in the Devfile registry deployment. Defaults to 16Mi. -devfileRegistryPullPolicy: Overrides the image pull policy used in the Devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. -devfileRegistryRoute: Devfile registry route custom settings -devfileRegistryUrl: Public URL of the Devfile registry, that serves sample, ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalDevfileRegistry` field). By default this will be automatically calculated by the operator. -externalDevfileRegistry: Instructs the operator on whether or not to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. But if `externalDevfileRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `devfileRegistryUrl` field -externalPluginRegistry: Instructs the operator on whether or not to deploy a dedicated Plugin registry server. By default a dedicated plugin registry server is started. But if `externalPluginRegistry` is `true`, then no such dedicated server will be started by the operator and you will have to manually set the `pluginRegistryUrl` field. -gitSelfSignedCert: If enabled, then the certificate from `che-git-self-signed-cert` config map will be propagated to the Che components and provide particular configuration for Git. -nonProxyHosts: List of hosts that should not use the configured proxy. So specify wild card domain use the following form `.` and `|` as delimiter, eg\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyURL` fields). -pluginRegistryImage: Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the operator. -pluginRegistryIngress: Plugin registry ingress custom settings -pluginRegistryMemoryLimit: Overrides the memory limit used in the Plugin registry deployment. Defaults to 256Mi. -pluginRegistryMemoryRequest: Overrides the memory request used in the Plugin registry deployment. Defaults to 16Mi. -pluginRegistryPullPolicy: Overrides the image pull policy used in the Plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. -pluginRegistryRoute: Plugin registry route custom settings -pluginRegistryUrl: Public URL of the Plugin registry, that serves sample ready-to-use devfiles. You should set it ONLY if you use an external devfile registry (see the `externalPluginRegistry` field). By default this will be automatically calculated by the operator. -proxyPassword: Password of the proxy server Only use when proxy configuration is required (see also the `proxyURL`, `proxyUser` and `proxySecret` fields). -proxyPort: Port of the proxy server. Only use when configuring a proxy is required. (see also the `proxyURL` and `nonProxyHosts` fields). -proxySecret: The secret that contains `user` and `password` for a proxy server. If the secret is defined then `proxyUser` and `proxyPassword` are ignored -proxyURL: URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). +customCheProperties: Map of additional environment variables that will be applied in the generated `che` configMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` configMap from other CR fields, the value defined in the `customCheProperties` is used instead. +devfileRegistryCpuLimit: Overrides the cpu limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. +devfileRegistryCpuRequest: Overrides the cpu request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. +devfileRegistryImage: Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +devfileRegistryIngress: The devfile registry ingress custom settings. +devfileRegistryMemoryLimit: Overrides the memory limit used in the devfile registry deployment. Defaults to 256Mi. +devfileRegistryMemoryRequest: Overrides the memory request used in the devfile registry deployment. Defaults to 16Mi. +devfileRegistryPullPolicy: Overrides the image pull policy used in the devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +devfileRegistryRoute: The devfile registry route custom settings. +devfileRegistryUrl: Public URL of the devfile registry, that serves sample, ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalDevfileRegistry` field. By default, this will be automatically calculated by the Operator. +externalDevfileRegistry: Instructs the Operator on whether or not to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `devfileRegistryUrl` field +externalPluginRegistry: Instructs the Operator on whether or not to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. +gitSelfSignedCert: When enabled, the certificate from `che-git-self-signed-cert` configMap will be propagated to the Che components and provide particular configuration for Git. +nonProxyHosts: List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyURL` fields). +pluginRegistryCpuLimit: Overrides the cpu limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. +pluginRegistryCpuRequest: Overrides the cpu request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. +pluginRegistryImage: Overrides the container image used in the plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +pluginRegistryIngress: Plugin registry ingress custom settings. +pluginRegistryMemoryLimit: Overrides the memory limit used in the plugin registry deployment. Defaults to 256Mi. +pluginRegistryMemoryRequest: Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi. +pluginRegistryPullPolicy: Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +pluginRegistryRoute: Plugin registry route custom settings. +pluginRegistryUrl: Public URL of the plugin registry, that serves sample ready-to-use devfiles. Set this ONLY if a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. +proxyPassword: Password of the proxy server. Only use when proxy configuration is required (See also the `proxyURL`, `proxyUser` and `proxySecret` fields). +proxyPort: Port of the proxy server. Only use when configuring a proxy is required. (See also the `proxyURL` and `nonProxyHosts` fields). +proxySecret: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. +proxyURL: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). proxyUser: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL`, `proxyPassword` and `proxySecret` fields). -selfSignedCert: Deprecated. The value of this flag is ignored. Che operator will automatically detect if router certificate is self-signed. If so it will be propagated to Che server and some other components. -serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are \multi-host\, \single-host\, \default-host\. Defaults to \multi-host\ which creates a separate ingress (or route on OpenShift) for every required endpoint. \single-host\ makes Che exposed on a single hostname with workspaces exposed on subpaths. Please read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the operator and Che server make that happen on Kubernetes. \default-host\ exposes che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. +selfSignedCert: Deprecated. The value of this flag is ignored. The Che Operator will automatically detect if the router certificate is self-signed and propagate it to other components, such as the Che server. +serverCpuLimit: Overrides the cpu limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. +serverCpuRequest: Overrides the cpu request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. +serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host` which creates a separate ingress (or route on OpenShift) for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. -serverTrustStoreConfigMapName: Name of the config-map with public certificates to add to Java trust store of the Che server. This is usually required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. So, Che server must be aware of its CA cert to be able to request it. This is disabled by default. +serverTrustStoreConfigMapName: Name of the configMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. singleHostGatewayConfigMapLabels: The labels that need to be present (and are put) on the configmaps representing the gateway configuration. -singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the defaut container image provided by the operator. -singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the defaut container image provided by the operator. -tlsSupport: Deprecated. Instructs the operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS may cause malfunction of some Che components. -useInternalClusterSVCNames: Use internal cluster svc names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `true`. -workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use , and placeholders (e.g.\: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infra as well to specify Project +singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the default container image provided by the Operator. +singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the default container image provided by the Operator. +tlsSupport: Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components. +useInternalClusterSVCNames: Use internal cluster svc names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `false`. +workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use , and placeholders (e.g.\: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infrastructure as well to specify Project. :=== [id="checluster-custom-resource-database-settings_{context}"] @@ -62,14 +68,15 @@ workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's [cols="2,5", options="header"] :=== Property: Description -chePostgresDb: Postgres database name that the Che server uses to connect to the DB. Defaults to `dbche`. -chePostgresHostName: Postgres Database hostname that the Che server uses to connect to. Defaults to postgres. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. -chePostgresPassword: Postgres password that the Che server should use to connect to the DB. If omitted or left blank, it will be set to an auto-generated value. -chePostgresPort: Postgres Database port that the Che server uses to connect to. Defaults to 5432. This value should be overridden ONLY when using an external database (see field `externalDb`). In the default case it will be automatically set by the operator. -chePostgresSecret: The secret that contains Postgres `user` and `password` that the Che server should use to connect to the DB. If the secret is defined then `chePostgresUser` and `chePostgresPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. -chePostgresUser: Postgres user that the Che server should use to connect to the DB. Defaults to `pgche`. -externalDb: Instructs the operator on whether or not to deploy a dedicated database. By default a dedicated Postgres database is deployed as part of the Che installation. But if `externalDb` is `true`, then no dedicated database will be deployed by the operator and you might need to provide connection details to the external DB you want to use. See also all the fields starting with\: `chePostgres`. -postgresImage: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +chePostgresContainerResources: PostgreSQL container custom settings +chePostgresDb: PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`. +chePostgresHostName: PostgreSQL Database host name that the Che server uses to connect to. Defaults to postgres. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. +chePostgresPassword: PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. +chePostgresPort: PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. +chePostgresSecret: The secret that contains Postgres `user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. +chePostgresUser: PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`. +externalDb: Instructs the Operator on whether or not to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with\: `chePostgres`. +postgresImage: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. postgresImagePullPolicy: Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. :=== @@ -79,22 +86,23 @@ postgresImagePullPolicy: Overrides the image pull policy used in the Postgres da [cols="2,5", options="header"] :=== Property: Description -externalIdentityProvider: Instructs the operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default a dedicated Identity Provider server is deployed as part of the Che installation. But if `externalIdentityProvider` is `true`, then no dedicated identity provider will be deployed by the operator and you might need to provide details about the external identity provider you want to use. See also all the other fields starting with\: `identityProvider`. -identityProviderAdminUserName: Overrides the name of the Identity Provider admin user. Defaults to `admin`. -identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field suffixed with `-public`. -identityProviderImage: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. +externalIdentityProvider: Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with\: `identityProvider`. +identityProviderAdminUserName: Overrides the name of the Identity Provider administrator user. Defaults to `admin`. +identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that is used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. +identityProviderContainerResources: Identity provider container custom settings. +identityProviderImage: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. -identityProviderIngress: Ingress custom settings -identityProviderPassword: Overrides the password of Keycloak admin user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. -identityProviderPostgresPassword: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to an auto-generated password. -identityProviderPostgresSecret: The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. If the secret is defined then `identityProviderPostgresPassword` will be ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. -identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that should be used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). If omitted or left blank, it will be set to the value of the `flavour` field. -identityProviderRoute: Route custom settings -identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. If the secret is defined then `identityProviderAdminUserName` and `identityProviderPassword` are ignored. If the value is omitted or left blank then there are two scenarios\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. -identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH SSO server). You should set it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). By default this will be automatically calculated and set by the operator. +identityProviderIngress: Ingress custom settings. +identityProviderPassword: Overrides the password of Keycloak administrator user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresPassword: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresSecret: The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. +identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that is used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to the value of the `flavour` field. +identityProviderRoute: Route custom settings. +identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. +identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. -openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Enabled by default on OpenShift. This will allow users to directly login with their Openshift user through the Openshift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. +openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. updateAdminPassword: Forces the default `admin` Che user to update password on first login. Defaults to `false`. :=== @@ -104,12 +112,12 @@ updateAdminPassword: Forces the default `admin` Che user to update password on f [cols="2,5", options="header"] :=== Property: Description -postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. If omitted or left blank, default storage class is used. -preCreateSubPaths: Instructs the Che server to launch a special pod to pre-create a subpath in the Persistent Volumes. Defaults to `false`, however it might need to enable it according to the configuration of your K8S cluster. -pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi` -pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the defaut container image provided by the operator. See also the `preCreateSubPaths` field. +postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. When omitted or left blank, a default storage class is used. +preCreateSubPaths: Instructs the Che server to launch a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your K8S cluster. +pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi`. +pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. -workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. If omitted or left blank, default storage class is used. +workspacePVCStorageClassName: Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used. :=== [id="checluster-custom-resource-k8s-settings_{context}"] @@ -118,13 +126,13 @@ workspacePVCStorageClassName: Storage class for the Persistent Volume Claims ded [cols="2,5", options="header"] :=== Property: Description -ingressClass: Ingress class that will define the which controler will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. +ingressClass: Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly specified\: there are no defaults. -ingressStrategy: Strategy for ingress creation. This can be `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host.*`(no host is provided, path-based rules). Defaults to `\multi-host` Deprecated in favor of \serverExposureStrategy\ in the \server\ section, which defines this regardless of the cluster type. If both are defined, `serverExposureStrategy` takes precedence. -securityContextFsGroup: FSGroup the Che pod and Workspace pods containers should run in. Defaults to `1724`. -securityContextRunAsUser: ID of the user the Che pod and Workspace pods containers should run as. Default to `1724`. -singleHostExposureType: When the serverExposureStrategy is set to \single-host\, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are \native\ (which means that the server and workspaces are exposed using ingresses on K8s) or \gateway\ where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway \route\ always point to the subpaths on the same domain. Defaults to \native\. -tlsSecretName: Name of a secret that will be used to setup ingress TLS termination if TLS is enabled. If the field is empty string, then default cluster certificate will be used. See also the `tlsSupport` field. +ingressStrategy: Strategy for ingress creation. Options are\: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. +securityContextFsGroup: The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. +securityContextRunAsUser: ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. +singleHostExposureType: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native` (which means that the server and workspaces are exposed using ingresses on K8s) or `gateway` where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. +tlsSecretName: Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. :=== [id="checluster-custom-resource-metrics-settings_{context}"] @@ -133,7 +141,7 @@ tlsSecretName: Name of a secret that will be used to setup ingress TLS terminati [cols="2,5", options="header"] :=== Property: Description -enable: Enables `metrics` Che server endpoint. Default to `true`. +enable: Enables `metrics` the Che server endpoint. Default to `true`. :=== [id="checluster-custom-resource-status-settings_{context}"] @@ -142,18 +150,19 @@ enable: Enables `metrics` Che server endpoint. Default to `true`. [cols="2,5", options="header"] :=== Property: Description -cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress` -cheURL: Public URL to the Che server -cheVersion: Current installed Che version -dbProvisioned: Indicates if or not a Postgres instance has been correctly provisioned -devfileRegistryURL: Public URL to the Devfile registry -helpLink: A URL that can point to some URL where to find help related to the current Operator status. -keycloakProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user +cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. +cheURL: Public URL to the Che server. +cheVersion: Current installed Che version. +dbProvisioned: Indicates that a Postgres instance has been correctly provisioned or not. +devfileRegistryURL: Public URL to the devfile registry. +gitHubOAuthProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the GitHub OAuth. +helpLink: A URL that points to some URL where to find help related to the current Operator status. +keycloakProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user. keycloakURL: Public URL to the Identity Provider server (Keycloak / RH SSO). -message: A human readable message indicating details about why the pod is in this condition. +message: A human readable message indicating details about why the Pod is in this condition. openShiftoAuthProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth. -pluginRegistryURL: Public URL to the Plugin registry -reason: A brief CamelCase message indicating details about why the pod is in this state. +pluginRegistryURL: Public URL to the plugin registry. +reason: A brief CamelCase message indicating details about why the Pod is in this state. :=== From d7456636b255a234d90420e7c115357a18135660 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 10 Feb 2021 16:07:26 +0200 Subject: [PATCH 09/11] Update doc Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 86 +++++++++---------- tools/checluster_docs_gen.sh | 2 +- 2 files changed, 44 insertions(+), 44 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index e0cd38a26b..726e153a6d 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -6,8 +6,8 @@ Property: Description airGapContainerRegistryHostname: Optional host name, or URL, to an alternate container registry to pull images from. This value overrides the container registry host name defined in all the default container images involved in a Che deployment. This is particularly useful to install Che in a restricted environment. airGapContainerRegistryOrganization: Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a Che deployment. This is particularly useful to install {prod-short} in a restricted environment. -allowUserDefinedWorkspaceNamespaces: Defines that a user is allowed to specify Kubernetes namespace, or OpenShift project, different from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. -cheClusterRoles: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the che-operator has to already have all permissions in these ClusterRoles to grant them. +allowUserDefinedWorkspaceNamespaces: Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. +cheClusterRoles: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. cheDebug: Enables the debug mode for Che server. Defaults to `false`. cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. If not necessary, do not override the default value. cheHost: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. @@ -20,8 +20,8 @@ cheServerIngress: The Che server ingress custom settings. cheServerRoute: The Che server route custom settings. cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. customCheProperties: Map of additional environment variables that will be applied in the generated `che` configMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` configMap from other CR fields, the value defined in the `customCheProperties` is used instead. -devfileRegistryCpuLimit: Overrides the cpu limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. -devfileRegistryCpuRequest: Overrides the cpu request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. +devfileRegistryCpuLimit: Overrides the CPU limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. +devfileRegistryCpuRequest: Overrides the CPU request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. devfileRegistryImage: Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. devfileRegistryIngress: The devfile registry ingress custom settings. devfileRegistryMemoryLimit: Overrides the memory limit used in the devfile registry deployment. Defaults to 256Mi. @@ -29,37 +29,37 @@ devfileRegistryMemoryRequest: Overrides the memory request used in the devfile r devfileRegistryPullPolicy: Overrides the image pull policy used in the devfile registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. devfileRegistryRoute: The devfile registry route custom settings. devfileRegistryUrl: Public URL of the devfile registry, that serves sample, ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalDevfileRegistry` field. By default, this will be automatically calculated by the Operator. -externalDevfileRegistry: Instructs the Operator on whether or not to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `devfileRegistryUrl` field -externalPluginRegistry: Instructs the Operator on whether or not to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. +externalDevfileRegistry: Instructs the Operator on whether to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `devfileRegistryUrl` field +externalPluginRegistry: Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. gitSelfSignedCert: When enabled, the certificate from `che-git-self-signed-cert` configMap will be propagated to the Che components and provide particular configuration for Git. -nonProxyHosts: List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyURL` fields). -pluginRegistryCpuLimit: Overrides the cpu limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. -pluginRegistryCpuRequest: Overrides the cpu request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. +nonProxyHosts: List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyURL` fields. +pluginRegistryCpuLimit: Overrides the CPU limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. +pluginRegistryCpuRequest: Overrides the CPU request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. pluginRegistryImage: Overrides the container image used in the plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. pluginRegistryIngress: Plugin registry ingress custom settings. pluginRegistryMemoryLimit: Overrides the memory limit used in the plugin registry deployment. Defaults to 256Mi. pluginRegistryMemoryRequest: Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi. pluginRegistryPullPolicy: Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. pluginRegistryRoute: Plugin registry route custom settings. -pluginRegistryUrl: Public URL of the plugin registry, that serves sample ready-to-use devfiles. Set this ONLY if a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. -proxyPassword: Password of the proxy server. Only use when proxy configuration is required (See also the `proxyURL`, `proxyUser` and `proxySecret` fields). -proxyPort: Port of the proxy server. Only use when configuring a proxy is required. (See also the `proxyURL` and `nonProxyHosts` fields). +pluginRegistryUrl: Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY if a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. +proxyPassword: Password of the proxy server. Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. +proxyPort: Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. proxySecret: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. -proxyURL: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. (see the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html) (see also the `proxyPort` and `nonProxyHosts` fields). -proxyUser: User name of the proxy server. Only use when configuring a proxy is required (see also the `proxyURL`, `proxyPassword` and `proxySecret` fields). +proxyURL: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyPort` and `nonProxyHosts` fields. +proxyUser: User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. selfSignedCert: Deprecated. The value of this flag is ignored. The Che Operator will automatically detect if the router certificate is self-signed and propagate it to other components, such as the Che server. -serverCpuLimit: Overrides the cpu limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. -serverCpuRequest: Overrides the cpu request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. -serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host` which creates a separate ingress (or route on OpenShift) for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Please read the docs to learn about the limitations of this approach. +serverCpuLimit: Overrides the CPU limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. +serverCpuRequest: Overrides the CPU request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. +serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. -serverTrustStoreConfigMapName: Name of the configMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider which has https endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. -singleHostGatewayConfigMapLabels: The labels that need to be present (and are put) on the configmaps representing the gateway configuration. +serverTrustStoreConfigMapName: Name of the configMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. +singleHostGatewayConfigMapLabels: The labels that need to be present in the configMaps representing the gateway configuration. singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the default container image provided by the Operator. singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the default container image provided by the Operator. tlsSupport: Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components. -useInternalClusterSVCNames: Use internal cluster svc names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `false`. -workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use , and placeholders (e.g.\: che-workspace-). In that case, new namespace will be created for each user (or workspace). Is used by OpenShift infrastructure as well to specify Project. +useInternalClusterSVCNames: Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `false`. +workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use ``,`` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace. Is used by OpenShift infrastructure as well to specify Project. :=== [id="checluster-custom-resource-database-settings_{context}"] @@ -73,11 +73,11 @@ chePostgresDb: PostgreSQL database name that the Che server uses to connect to t chePostgresHostName: PostgreSQL Database host name that the Che server uses to connect to. Defaults to postgres. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. chePostgresPassword: PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. chePostgresPort: PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. -chePostgresSecret: The secret that contains Postgres `user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. +chePostgresSecret: The secret that contains PosgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. chePostgresUser: PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`. -externalDb: Instructs the Operator on whether or not to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with\: `chePostgres`. -postgresImage: Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -postgresImagePullPolicy: Overrides the image pull policy used in the Postgres database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +externalDb: Instructs the Operator on whether to deploy a dedicated database. By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with\: `chePostgres`. +postgresImage: Overrides the container image used in the PosgreSQL database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +postgresImagePullPolicy: Overrides the image pull policy used in the PosgreSQL database deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. :=== [id="checluster-custom-resource-auth-settings_{context}"] @@ -86,20 +86,20 @@ postgresImagePullPolicy: Overrides the image pull policy used in the Postgres da [cols="2,5", options="header"] :=== Property: Description -externalIdentityProvider: Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with\: `identityProvider`. +externalIdentityProvider: Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with\: `identityProvider`. identityProviderAdminUserName: Overrides the name of the Identity Provider administrator user. Defaults to `admin`. -identityProviderClientId: Name of a Identity provider (Keycloak / RH SSO) `client-id` that is used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. +identityProviderClientId: Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. identityProviderContainerResources: Identity provider container custom settings. -identityProviderImage: Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. -identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. +identityProviderImage: Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. +identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. identityProviderIngress: Ingress custom settings. -identityProviderPassword: Overrides the password of Keycloak administrator user. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to an auto-generated password. -identityProviderPostgresPassword: Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to an auto-generated password. -identityProviderPostgresSecret: The secret that contains `password` for The Identity Provider (Keycloak / RH SSO) to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. -identityProviderRealm: Name of a Identity provider (Keycloak / RH SSO) realm that is used for Che. This is useful to override it ONLY if you use an external Identity Provider (see the `externalIdentityProvider` field). When omitted or left blank, it is set to the value of the `flavour` field. +identityProviderPassword: Overrides the password of Keycloak administrator user. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresPassword: Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresSecret: The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. +identityProviderRealm: Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field. identityProviderRoute: Route custom settings. identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. -identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. +identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. @@ -112,8 +112,8 @@ updateAdminPassword: Forces the default `admin` Che user to update password on f [cols="2,5", options="header"] :=== Property: Description -postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the Postgres database. When omitted or left blank, a default storage class is used. -preCreateSubPaths: Instructs the Che server to launch a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your K8S cluster. +postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the PosgreSQL database. When omitted or left blank, a default storage class is used. +preCreateSubPaths: Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your K8S cluster. pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi`. pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. @@ -126,12 +126,12 @@ workspacePVCStorageClassName: Storage class for the Persistent Volume Claims ded [cols="2,5", options="header"] :=== Property: Description -ingressClass: Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB\: This drives the `is kubernetes.io/ingress.class` annotation on Che-related ingresses. +ingressClass: Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB\: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly specified\: there are no defaults. ingressStrategy: Strategy for ingress creation. Options are\: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. securityContextFsGroup: The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. securityContextRunAsUser: ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. -singleHostExposureType: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native` (which means that the server and workspaces are exposed using ingresses on K8s) or `gateway` where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. +singleHostExposureType: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. tlsSecretName: Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. :=== @@ -153,14 +153,14 @@ enable: Enables `metrics` the Che server endpoint. Default to `true`. cheClusterRunning: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. cheURL: Public URL to the Che server. cheVersion: Current installed Che version. -dbProvisioned: Indicates that a Postgres instance has been correctly provisioned or not. +dbProvisioned: Indicates that a PosgreSQL instance has been correctly provisioned or not. devfileRegistryURL: Public URL to the devfile registry. -gitHubOAuthProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the GitHub OAuth. +gitHubOAuthProvisioned: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been configured to integrate with the GitHub OAuth. helpLink: A URL that points to some URL where to find help related to the current Operator status. -keycloakProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user. -keycloakURL: Public URL to the Identity Provider server (Keycloak / RH SSO). +keycloakProvisioned: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been provisioned with realm, client and user. +keycloakURL: Public URL to the Identity Provider server, Keycloak or RH-SSO,. message: A human readable message indicating details about why the Pod is in this condition. -openShiftoAuthProvisioned: Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth. +openShiftoAuthProvisioned: Indicates whether an Identity Provider instance, Keycloak or RH-SSO, has been configured to integrate with the OpenShift OAuth. pluginRegistryURL: Public URL to the plugin registry. reason: A brief CamelCase message indicating details about why the Pod is in this state. :=== diff --git a/tools/checluster_docs_gen.sh b/tools/checluster_docs_gen.sh index c1ec29cd29..b976bf2b1f 100755 --- a/tools/checluster_docs_gen.sh +++ b/tools/checluster_docs_gen.sh @@ -74,7 +74,7 @@ parse_section() { if [[ $sectionName == "status" ]]; then section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.status') else - section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.spec.properties.'"$sectionName") + section=$(echo "$RAW_CONTENT" | yq -M '.spec.validation.openAPIV3Schema.properties.spec.properties.'"$sectionName") fi local properties=( From 3a4aa61c08fae61657b33fe711230855a893a57a Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Fri, 12 Feb 2021 11:31:19 +0200 Subject: [PATCH 10/11] Update checluster properties Signed-off-by: Anatolii Bazko --- .../examples/checluster-properties.adoc | 34 +++++++++---------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index 726e153a6d..108e205cba 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -9,7 +9,7 @@ airGapContainerRegistryOrganization: Optional repository name of an alternate co allowUserDefinedWorkspaceNamespaces: Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. cheClusterRoles: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. cheDebug: Enables the debug mode for Che server. Defaults to `false`. -cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. If not necessary, do not override the default value. +cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. Override the default value only on necessary occasions. cheHost: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. cheHostTLSSecret: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. See the `cheHost` field. cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. @@ -18,8 +18,8 @@ cheImageTag: Overrides the tag of the container image used in Che deployment. Om cheLogLevel: Log level for the Che server\: `INFO` or `DEBUG`. Defaults to `INFO`. cheServerIngress: The Che server ingress custom settings. cheServerRoute: The Che server route custom settings. -cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used if this is omitted or left blank. -customCheProperties: Map of additional environment variables that will be applied in the generated `che` configMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` configMap from other CR fields, the value defined in the `customCheProperties` is used instead. +cheWorkspaceClusterRole: Custom cluster role bound to the user for the Che workspaces. The default roles are used when omitted or left blank. +customCheProperties: Map of additional environment variables that will be applied in the generated `che` ConfigMap to be used by the Che server, in addition to the values already generated from other fields of the `CheCluster` custom resource (CR). When `customCheProperties` contains a property that would be normally generated in `che` ConfigMap from other CR fields, the value defined in the `customCheProperties` is used instead. devfileRegistryCpuLimit: Overrides the CPU limit used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 500m. devfileRegistryCpuRequest: Overrides the CPU request used in the devfile registry deployment. In cores. (500m = .5 cores). Default to 100m. devfileRegistryImage: Overrides the container image used in the devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. @@ -31,7 +31,7 @@ devfileRegistryRoute: The devfile registry route custom settings. devfileRegistryUrl: Public URL of the devfile registry, that serves sample, ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalDevfileRegistry` field. By default, this will be automatically calculated by the Operator. externalDevfileRegistry: Instructs the Operator on whether to deploy a dedicated devfile registry server. By default, a dedicated devfile registry server is started. When `externalDevfileRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `devfileRegistryUrl` field externalPluginRegistry: Instructs the Operator on whether to deploy a dedicated plugin registry server. By default, a dedicated plugin registry server is started. When `externalPluginRegistry` is `true`, no such dedicated server will be started by the Operator and you will have to manually set the `pluginRegistryUrl` field. -gitSelfSignedCert: When enabled, the certificate from `che-git-self-signed-cert` configMap will be propagated to the Che components and provide particular configuration for Git. +gitSelfSignedCert: When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. nonProxyHosts: List of hosts that will be reached directly, bypassing the proxy. Specify wild card domain use the following form `.` and `|` as delimiter, for example\: `localhost|.my.host.com|123.42.12.32` Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyURL` fields. pluginRegistryCpuLimit: Overrides the CPU limit used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 500m. pluginRegistryCpuRequest: Overrides the CPU request used in the plugin registry deployment. In cores. (500m = .5 cores). Default to 100m. @@ -41,25 +41,25 @@ pluginRegistryMemoryLimit: Overrides the memory limit used in the plugin registr pluginRegistryMemoryRequest: Overrides the memory request used in the plugin registry deployment. Defaults to 16Mi. pluginRegistryPullPolicy: Overrides the image pull policy used in the plugin registry deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. pluginRegistryRoute: Plugin registry route custom settings. -pluginRegistryUrl: Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY if a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. +pluginRegistryUrl: Public URL of the plugin registry that serves sample ready-to-use devfiles. Set this ONLY when a use of an external devfile registry is needed. See the `externalPluginRegistry` field. By default, this will be automatically calculated by the Operator. proxyPassword: Password of the proxy server. Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. proxyPort: Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. proxySecret: The secret that contains `user` and `password` for a proxy server. When the secret is defined, the `proxyUser` and `proxyPassword` are ignored. proxyURL: URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables in the Che server and workspaces containers. Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. See the doc https\://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyPort` and `nonProxyHosts` fields. proxyUser: User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. -selfSignedCert: Deprecated. The value of this flag is ignored. The Che Operator will automatically detect if the router certificate is self-signed and propagate it to other components, such as the Che server. +selfSignedCert: Deprecated. The value of this flag is ignored. The Che Operator will automatically detect whether the router certificate is self-signed and propagate it to other components, such as the Che server. serverCpuLimit: Overrides the CPU limit used in the Che server deployment In cores. (500m = .5 cores). Default to 1. serverCpuRequest: Overrides the CPU request used in the Che server deployment In cores. (500m = .5 cores). Default to 100m. serverExposureStrategy: Sets the server and workspaces exposure type. Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. Read the docs to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. serverMemoryLimit: Overrides the memory limit used in the Che server deployment. Defaults to 1Gi. serverMemoryRequest: Overrides the memory request used in the Che server deployment. Defaults to 512Mi. -serverTrustStoreConfigMapName: Name of the configMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. -singleHostGatewayConfigMapLabels: The labels that need to be present in the configMaps representing the gateway configuration. +serverTrustStoreConfigMapName: Name of the ConfigMap with public certificates to add to Java trust store of the Che server. This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. The Che server must be aware of its CA cert to be able to request it. This is disabled by default. +singleHostGatewayConfigMapLabels: The labels that need to be present in the ConfigMaps representing the gateway configuration. singleHostGatewayConfigSidecarImage: The image used for the gateway sidecar that provides configuration to the gateway. Omit it or leave it empty to use the default container image provided by the Operator. singleHostGatewayImage: The image used for the gateway in the single host mode. Omit it or leave it empty to use the default container image provided by the Operator. tlsSupport: Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components. useInternalClusterSVCNames: Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. The default value is `false`. -workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created if user does not override it. It's possible to use ``,`` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace. Is used by OpenShift infrastructure as well to specify Project. +workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. It's possible to use ``, `` and `` placeholders, such as che-workspace-. In that case, a new namespace will be created for each user or workspace. :=== [id="checluster-custom-resource-database-settings_{context}"] @@ -70,7 +70,7 @@ workspaceNamespaceDefault: Defines Kubernetes default namespace in which user's Property: Description chePostgresContainerResources: PostgreSQL container custom settings chePostgresDb: PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`. -chePostgresHostName: PostgreSQL Database host name that the Che server uses to connect to. Defaults to postgres. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. +chePostgresHostName: PostgreSQL Database host name that the Che server uses to connect to. Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. chePostgresPassword: PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. chePostgresPort: PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. chePostgresSecret: The secret that contains PosgreSQL`user` and `password` that the Che server uses to connect to the DB. When the secret is defined, the `chePostgresUser` and `chePostgresPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `chePostgresUser` and `chePostgresPassword` are defined, then they will be used to connect to the DB. 2. `chePostgresUser` or `chePostgresPassword` are not defined, then a new secret with the name `che-postgres-secret` will be created with default value of `pgche` for `user` and with an auto-generated value for `password`. @@ -88,20 +88,20 @@ postgresImagePullPolicy: Overrides the image pull policy used in the PosgreSQL d Property: Description externalIdentityProvider: Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. See also all the other fields starting with\: `identityProvider`. identityProviderAdminUserName: Overrides the name of the Identity Provider administrator user. Defaults to `admin`. -identityProviderClientId: Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. +identityProviderClientId: Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. identityProviderContainerResources: Identity provider container custom settings. identityProviderImage: Overrides the container image used in the Identity Provider, Keycloak or RH-SSO, deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. identityProviderImagePullPolicy: Overrides the image pull policy used in the Identity Provider, Keycloak or RH-SSO, deployment. Default value is `Always` for `nightly` or `latest` images, and `IfNotPresent` in other cases. identityProviderIngress: Ingress custom settings. -identityProviderPassword: Overrides the password of Keycloak administrator user. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. -identityProviderPostgresPassword: Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. +identityProviderPassword: Overrides the password of Keycloak administrator user. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. +identityProviderPostgresPassword: Password for a Identity Provider, Keycloak or RH-SSO, to connect to the database. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to an auto-generated password. identityProviderPostgresSecret: The secret that contains `password` for the Identity Provider, Keycloak or RH-SSO, to connect to the database. When the secret is defined, the `identityProviderPostgresPassword` is ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderPostgresPassword` is defined, then it will be used to connect to the database. 2. `identityProviderPostgresPassword` is not defined, then a new secret with the name `che-identity-postgres-secret` will be created with an auto-generated value for `password`. -identityProviderRealm: Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. This is useful to override it ONLY if you use an external Identity Provider. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field. +identityProviderRealm: Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. When omitted or left blank, it is set to the value of the `flavour` field. identityProviderRoute: Route custom settings. identityProviderSecret: The secret that contains `user` and `password` for Identity Provider. When the secret is defined, the `identityProviderAdminUserName` and `identityProviderPassword` are ignored. When the value is omitted or left blank, the one of following scenarios applies\: 1. `identityProviderAdminUserName` and `identityProviderPassword` are defined, then they will be used. 2. `identityProviderAdminUserName` or `identityProviderPassword` are not defined, then a new secret with the name `che-identity-secret` will be created with default value `admin` for `user` and with an auto-generated value for `password`. identityProviderURL: Public URL of the Identity Provider server (Keycloak / RH-SSO server). Set this ONLY when a use of an external Identity Provider is needed. See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. -oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OpenShiftoAuth` field. -oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated if left blank. See also the `OAuthClientName` field. +oAuthClientName: Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field. +oAuthSecret: Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field. openShiftoAuth: Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. Empty value on OpenShift by default. This will allow users to directly login with their OpenShift user through the OpenShift login, and have their workspaces created under personal OpenShift namespaces. WARNING\: the `kubeadmin` user is NOT supported, and logging through it will NOT allow accessing the Che Dashboard. updateAdminPassword: Forces the default `admin` Che user to update password on first login. Defaults to `false`. :=== @@ -131,7 +131,7 @@ ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly ingressStrategy: Strategy for ingress creation. Options are\: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. securityContextFsGroup: The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. securityContextRunAsUser: ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. -singleHostExposureType: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. +singleHostExposureType: When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s or `gateway` where the server and workspaces are exposed using a custom gateway based on link\:https\://doc.traefik.io/traefik/[Traefik]. All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. tlsSecretName: Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. :=== From 16c0ce94c5e4d05d67ea5585439cf5e193e09ee7 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Fri, 12 Feb 2021 11:39:29 +0200 Subject: [PATCH 11/11] Update checluster properties Signed-off-by: Anatolii Bazko --- .../installation-guide/examples/checluster-properties.adoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/installation-guide/examples/checluster-properties.adoc b/modules/installation-guide/examples/checluster-properties.adoc index 108e205cba..a3c1a32944 100644 --- a/modules/installation-guide/examples/checluster-properties.adoc +++ b/modules/installation-guide/examples/checluster-properties.adoc @@ -9,7 +9,7 @@ airGapContainerRegistryOrganization: Optional repository name of an alternate co allowUserDefinedWorkspaceNamespaces: Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. cheClusterRoles: A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. cheDebug: Enables the debug mode for Che server. Defaults to `false`. -cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for CodeReady Workspaces installation. Override the default value only on necessary occasions. +cheFlavor: Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for link\:https\://developers.redhat.com/products/codeready-workspaces/overview[CodeReady Workspaces] installation. Override the default value only on necessary occasions. cheHost: Public host name of the installed Che server. When value is omitted, the value it will be automatically set by the Operator. See the `cheHostTLSSecret` field. cheHostTLSSecret: Name of a secret containing certificates to secure ingress or route for the custom host name of the installed Che server. See the `cheHost` field. cheImage: Overrides the container image used in Che deployment. This does NOT include the container image tag. Omit it or leave it empty to use the default container image provided by the Operator. @@ -113,7 +113,7 @@ updateAdminPassword: Forces the default `admin` Che user to update password on f :=== Property: Description postgresPVCStorageClassName: Storage class for the Persistent Volume Claim dedicated to the PosgreSQL database. When omitted or left blank, a default storage class is used. -preCreateSubPaths: Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your K8S cluster. +preCreateSubPaths: Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. Defaults to `false`, however it will need to enable it according to the configuration of your Kubernetes cluster. pvcClaimSize: Size of the persistent volume claim for workspaces. Defaults to `1Gi`. pvcJobsImage: Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the `preCreateSubPaths` field. pvcStrategy: Persistent volume claim strategy for the Che server. This Can be\:`common` (all workspaces PVCs in one volume), `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). Defaults to `common`. @@ -127,7 +127,7 @@ workspacePVCStorageClassName: Storage class for the Persistent Volume Claims ded :=== Property: Description ingressClass: Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. NB\: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. -ingressDomain: Global ingress domain for a K8S cluster. This MUST be explicitly specified\: there are no defaults. +ingressDomain: Global ingress domain for a Kubernetes cluster. This MUST be explicitly specified\: there are no defaults. ingressStrategy: Strategy for ingress creation. Options are\: `multi-host` (host is explicitly provided in ingress), `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. securityContextFsGroup: The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. securityContextRunAsUser: ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`.