K8s multi. Admin guide. New OpenShift deployment docs #391
Conversation
ghost
requested review from
|
|
||
| You can get the list of available versions at [Che GitHub page](https://github.com/eclipse/che/tags). | ||
|
|
||
| Since `nightly` is the default tag used in Che deployment, and image pull policy is set to Always, triggering a new deployment, will pull a newer image, if available. |
There was a problem hiding this comment.
probably add link on how to change the image pull policy
There was a problem hiding this comment.
Done.
As to link to K8S admin guide, it is references from OpenShift Config page.
There was a problem hiding this comment.
I'm not sold on the idea of forcing OpenShift users to jump through the K8S and OS install pages. GitHub pages lets you use common text to populate multiple pages - we should use something like that so the K8S and OpenShift pages can have identical content sections (updated in one place) without forcing one or other to read multiple pages.
| | installers | yes | some installers may require [sudo access](openshift-config.html#enable-ssh-and-sudo) | | ||
| | file system permissions | not limited | limited to directories owned by root [group](openshift-config.html#filesystem-permissions) | | ||
| | Feature | **Docker** | **OpenShift** | **Kubernetes** | | ||
| | root access | yes | no (See: [Configuration](openshift-config.html#enable-ssh-and-sudo)) | yes | |
There was a problem hiding this comment.
I think this line should say "yes" for OpenShift with the link you provided since you can do it.
| | root access | yes | no (See: [Configuration](openshift-config.html#enable-ssh-and-sudo)) | yes | | ||
| | https | no | yes (See: [Configuration](openshift-config.html#https-mode)) | yes | | ||
| | scalability | no | yes (See: [Configuration](openshift-config.html#scalability)) | yes | | ||
| | priviliged containers | yes | no (configurable in [OpenShift](https://docs.openshift.com/container-platform/3.6/admin_guide/manage_scc.html#grant-access-to-the-privileged-scc)) | yes | |
There was a problem hiding this comment.
same as above, since you can do it - should say "yes"
| | priviliged containers | yes | no (configurable in [OpenShift](https://docs.openshift.com/container-platform/3.6/admin_guide/manage_scc.html#grant-access-to-the-privileged-scc)) | yes | | ||
| | health checks | no | yes | yes | | ||
| | persistent preview URLs | no | yes | yes | | ||
| | installers | yes | some installers may require [sudo access](openshift-config.html#enable-ssh-and-sudo) | yes | |
There was a problem hiding this comment.
Again - change text for OpenShift to "yes, some installers may require..."
|
|
||
| **Single User** | ||
|
|
||
| Che server pod consumes up to 1GB RAM. The initial request is 256MB, and server pod rarely consumes more than 800MB. A typical workspace will require 2GB. So, **<span style="color:red;">3GB</span>** is a bare minimum to try single user Che on OpenShift/Kubernetes. |
|
|
||
| * If there's `CHE_INFRA_KUBERNETES_OAUTH__TOKEN` fabric8 client will use it. If both are available, token has a priority over username/pass. | ||
|
|
||
| * If none are available **che service account** is used to create workspace objects. This is default behavior. Since che SA cannot create objects outside a namespace it's bound to, all workspace objects are created in Che namespace. Admins can grant `che` [service account super user permissions](https://kubernetes.io/docs/admin/authorization/rbac/#service-account-permissions), and this way it will be possible to use this SA to create objects outside Che namespace. OpenShift cluster admins can do it this way using oc CLI: |
There was a problem hiding this comment.
I don't understand what "Since che SA cannot..." means - is that a typo?
| |**common**|One PVC for all workspaces, sub-paths pre-created| easy to manage and control storage. no need to recycle PVs when pod with pvc is deleted | ws pods should all be in one namespace | ||
| |**unique**|PVC per workspace| Storage isolation | An undefined number of PVs is required | | ||
|
|
||
| ## Common PVC strategy |
There was a problem hiding this comment.
Headings should consistently use title case.
|
|
||
| This is going to be changed once [this issue](https://github.com/eclipse/che/issues/8178) is completed. | ||
| This page describes OpenShift specific configuration. Refer to [Kubernetes Admin Guide][kubernetes-admin-guide] to general information that works both for OS and K8S. |
There was a problem hiding this comment.
So for OpenShift someone would do everything in the K8S section, then come back here and do all the stuff here?
There was a problem hiding this comment.
Fixed. Now k8s guide is embedded in k8s and openshift admin guide pages
ghost
mentioned this pull request
|
@bmicklea all issues addressed. PR in Che merged. Merging this one as well. |
Do not merge until eclipse-che/che#9190 is merged
What's done: