From f781194590981058e4c9d352cbc2584664b91c28 Mon Sep 17 00:00:00 2001 From: Oleksandr Andriienko Date: Thu, 4 Mar 2021 14:58:27 +0200 Subject: [PATCH 1/2] Fix and improve CR, CRD. Delete tls switcher. Add plugin and devfile registry links. Remove some aren't popular fields from CR sample. Improve CR sample and CRD descriptions. Signed-off-by: Oleksandr Andriienko --- deploy/crds/org_v1_che_cr.yaml | 188 +++++++++--------- deploy/crds/org_v1_che_crd.yaml | 6 +- .../che-operator.clusterserviceversion.yaml | 38 ++-- .../manifests/org_v1_che_crd.yaml | 6 +- .../che-operator.clusterserviceversion.yaml | 36 ++-- .../manifests/org_v1_che_crd.yaml | 6 +- pkg/apis/org/v1/che_types.go | 15 +- 7 files changed, 142 insertions(+), 153 deletions(-) diff --git a/deploy/crds/org_v1_che_cr.yaml b/deploy/crds/org_v1_che_cr.yaml index 04da1ff9fa..bf02a9f78d 100644 --- a/deploy/crds/org_v1_che_cr.yaml +++ b/deploy/crds/org_v1_che_cr.yaml @@ -16,144 +16,150 @@ metadata: name: eclipse-che spec: server: - # use internal host names provided by cluster dns. + # Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. useInternalClusterSVCNames: true - # server image used in Che deployment - cheImage: '' - # tag of an image used in Che deployment - cheImageTag: '' - # image:tag used in Devfile registry deployment - devfileRegistryImage: '' - # image:tag used in plugin registry deployment - pluginRegistryImage: '' - # defaults to `che`. When set to `codeready`, CodeReady Workspaces is deployed - # the difference is in images, labels, exec commands + # Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for link:https://developers.redhat.com/products/codeready-workspaces/overview[CodeReady Workspaces] installation. + # Override the default value only on necessary occasions. cheFlavor: '' - # Comma-separated list of ClusterRoles that will be assigned - # to che ServiceAccount. Be aware that che-operator has to already have all permissions in these - # ClusterRoles to be able to grant them. + # A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount. + # Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them. cheClusterRoles: '' - # specifies a custom cluster role to user for the Che workspaces - # Uses the default roles if left blank. + # Custom cluster role bound to the user for the Che workspaces. + # The default roles are used when omitted or left blank. cheWorkspaceClusterRole: '' - # Name of the config-map with public certificates to add to Java trust store of the Che server. + # Name of the ConfigMap with public certificates to add to Java trust store of the Che server. + # This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert. + # The Che server must be aware of its CA cert to be able to request it. serverTrustStoreConfigMapName: '' - # If enabled then the certificate from `che-git-self-signed-cert` config map - # will be propagated to the Che components and provide particular configuration for Git. + # When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git. gitSelfSignedCert: false - # TLS mode for Che. It is not recommended to turn this off. + # Deprecated. Instructs the Operator to deploy Che in TLS mode. Disabling TLS sometimes cause malfunction of some Che components. tlsSupport: true - # protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy - # to Che server and workspaces containers + # URL (protocol+host name) of the proxy server. This drives the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy` variables + # in the Che server and workspaces containers. + # Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration + # and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration + # with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. + # See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. proxyURL: '' - # port of a proxy server + # Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. proxyPort: '' - # username for a proxy server + # User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. proxyUser: '' - # password for a proxy user + # Password of the proxy server. + # Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields. proxyPassword: '' - # a list of non-proxy hosts. Use | as delimiter, eg localhost|my.host.com|123.42.12.32 + # List of hosts that will be reached directly, bypassing the proxy. + # Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` + # Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, + # but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. + # See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields. nonProxyHosts: '' - # sets mem request for server deployment. Defaults to 512Mi - serverMemoryRequest: '' - # sets mem limit for server deployment. Defaults to 1Gi - serverMemoryLimit: '' - # sets default namespace where new workspaces will be created + # Defines Kubernetes default namespace in which user's workspaces are created for a case when a user does not override it. + # It's possible to use ``, `` and `` placeholders, such as che-workspace-. + # In that case, a new namespace will be created for each user or workspace. workspaceNamespaceDefault: "-che" - # defines if user is able to specify namespace different from the default + # Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default. + # It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property. allowUserDefinedWorkspaceNamespaces: false - # Sets the server and workspaces exposure type. Possible values are "multi-host", "single-host", "default-host". - # Defaults to "multi-host" which creates a separate ingress (or route on OpenShift) for every required - # endpoint. - # "single-host" makes Che exposed on a single hostname with workspaces exposed on subpaths. Please read the docs - # to learn about the limitations of this approach. Also consult the `singleHostExposureType` property to further configure - # how the operator and Che server make that happen on Kubernetes. - # "default-host" exposes che server on the host of the cluster. Please read the docs to learn about - # the limitations of this approach. + # Sets the server and workspaces exposure type. + # Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint. + # `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths. + # Read the docs to learn about the limitations of this approach. + # Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes. + # `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach. serverExposureStrategy: '' - # The image used for the gateway in the single host mode. - # Omit it or leave it empty to use the defaut container image provided by the operator. - singleHostGatewayImage: '' - # The image used for the gateway sidecar that provides configuration to the gateway. - # Omit it or leave it empty to use the defaut container image provided by the operator. - singleHostGatewayConfigSidecarImage: '' - # The labels that need to be present (and are put) on the configmaps representing the gateway configuration. - singleHostGatewayConfigMapLabels: {} database: - # when set to true, the operator skips deploying Postgres, and passes connection details of existing DB to Che server - # otherwise a Postgres deployment is created + # Instructs the Operator on whether to deploy a dedicated database. + # By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the + # Operator and you will need to provide connection details to the external DB you are about to use. See also all the fields starting with: `chePostgres`. externalDb: false - # Postgres Database hostname that Che server uses to connect to. Defaults to postgres + # PostgreSQL Database host name that the Che server uses to connect to. + # Defaults is `postgres`. Override this value ONLY when using an external database. See field `externalDb`. + # In the default case it will be automatically set by the Operator. chePostgresHostName: '' - # Postgres Database port that Che server uses to connect to. Defaults to 5432 + # PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432. + # Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator. chePostgresPort: '' - # Postgres user that Che server when making a db connection. Defaults to pgche + # PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`. chePostgresUser: '' - # password of a postgres user. Auto-generated when left blank + # PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value. chePostgresPassword: '' - # Postgres database name that Che server uses to connect to. Defaults to dbche + # PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`. chePostgresDb: '' - # Postgres deployment in format image:tag. Default in https://github.com/eclipse/che-operator/blob/master/deploy/operator.yaml#L57-L58 or operator metadata CSV environment variable RELATED_IMAGE_postgres) - postgresImage: '' storage: - # persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume), - # per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common + # Persistent volume claim strategy for the Che server. This Can be:`common` (all workspaces PVCs in one volume), + # `per-workspace` (one PVC per workspace for all declared volumes) and `unique` (one PVC per declared volume). pvcStrategy: 'common' - # size of a persistent volume claim for workspaces. Defaults to 1Gi + # Size of the persistent volume claim for workspaces. pvcClaimSize: '1Gi' - # instruct Che server to launch a special pod to precreate a subpath in a PV + # Instructs the Che server to start a special Pod to pre-create a sub-path in the Persistent Volumes. preCreateSubPaths: true - # image:tag for preCreateSubPaths jobs - pvcJobsImage: '' - # keep blank unless you need to use a non default storage class for Postgres PVC + # Storage class for the Persistent Volume Claim dedicated to the PostgreSQL database. When omitted or left blank, a default storage class is used. postgresPVCStorageClassName: '' - # keep blank unless you need to use a non default storage class for workspace PVC(s) + # Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used. workspacePVCStorageClassName: '' auth: + # For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used. + # If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider. + # If the value is false and the user has already been created, then it will be removed. + # If value is an empty, then do nothing. + # The user's credentials are stored in the `openshift-oauth-user-credentials` secret by Operator. + # Note that this solution is Openshift 4 platform-specific. initialOpenShiftOAuthUser: true - # instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details + # Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). + # Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance). + # By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`, + # no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use. + # See also all the other fields starting with: `identityProvider`. externalIdentityProvider: false - # retrieved from respective route/ingress unless explicitly specified in CR (when ExternalKeycloak is true) + # Public URL of the Identity Provider server (Keycloak / RH-SSO server). + # Set this ONLY when a use of an external Identity Provider is needed. + # See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator. identityProviderURL: '' - # desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false) + # Overrides the name of the Identity Provider administrator user. Defaults to `admin`. identityProviderAdminUserName: '' - # desired password of Keycloak admin user (applicable only when externalIdentityProvider is false) + # Overrides the password of Keycloak administrator user. + # Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + # When omitted or left blank, it is set to an auto-generated password. identityProviderPassword: '' - # name of a keycloak realm. This realm will be created, when externalIdentityProvider is true, otherwise passed to Che server + # Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che. + # Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + # When omitted or left blank, it is set to the value of the `flavour` field. identityProviderRealm: '' - # id of a keycloak client. This client will be created, when externalIdentityProvider is false, otherwise passed to Che server + # Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che. + # Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field. + # When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`. identityProviderClientId: '' - # name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank + # Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field. oAuthClientName: '' - # secret used in oAuthClient. Auto generated if left blank + # Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field. oAuthSecret: '' - # image:tag used in Keycloak deployment - identityProviderImage: '' k8s: - # your global ingress domain + # Global ingress domain for a Kubernetes cluster. ingressDomain: '192.168.99.101.nip.io' - # kubernetes.io/ingress.class, defaults to nginx + # Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`. + # NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses. ingressClass: '' - # IngressStrategy is the way ingresses are created. - # Can be multi-host (host is explicitly provided in ingress, -.), - # single-host (host is provided, path based rules, /path) and default-host *(no host is provided, path based rules) + # Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress), + # `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules). + # Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section, + # which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence. ingressStrategy: '' - # Secret name used for tls termination. - # If the field is empty string, then default cluster certificate will be used. + # Name of a secret that will be used to setup ingress TLS termination when TLS is enabled. + # When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field. tlsSecretName: 'che-tls' - # FSGroup the Che POD and Workspace pod containers should run in + # The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`. securityContextFsGroup: '' - # User the Che POD and Workspace pod containers should run as + # ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`. securityContextRunAsUser: '' - # When the serverExposureStrategy is set to "single-host", the way the server, registries and workspaces - # are exposed is further configured by this property. The possible values are "native" (which means - # that the server and workspaces are exposed using ingresses on K8s) or "gateway" where the server - # and workspaces are exposed using a custom gateway based on Traefik. All the endpoints whether backed by the ingress - # or gateway "route" always point to the subpaths on the same domain. - # Defaults to "native". + # When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property. + # The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s + # or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik]. + # All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`. singleHostExposureType: '' metrics: - # Enables '/metrics' endpoint of Che server. + # Enables `metrics` the Che server endpoint. enable: true diff --git a/deploy/crds/org_v1_che_crd.yaml b/deploy/crds/org_v1_che_crd.yaml index 26b7fe3c51..18035ad937 100644 --- a/deploy/crds/org_v1_che_crd.yaml +++ b/deploy/crds/org_v1_che_crd.yaml @@ -590,7 +590,7 @@ spec: is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the - doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.' type: string pluginRegistryCpuLimit: @@ -671,7 +671,7 @@ spec: is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. - See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). + See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. type: string proxyUser: @@ -744,7 +744,7 @@ spec: useInternalClusterSVCNames: description: Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. The - default value is `false`. + default value is `true`. type: boolean workspaceNamespaceDefault: description: Defines Kubernetes default namespace in which user's diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml index cf19f60dbe..ffb0a8b3d6 100644 --- a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml @@ -15,7 +15,6 @@ metadata: "externalIdentityProvider": false, "identityProviderAdminUserName": "", "identityProviderClientId": "", - "identityProviderImage": "", "identityProviderPassword": "", "identityProviderRealm": "", "identityProviderURL": "", @@ -29,8 +28,7 @@ metadata: "chePostgresPassword": "", "chePostgresPort": "", "chePostgresUser": "", - "externalDb": false, - "postgresImage": "" + "externalDb": false }, "k8s": { "ingressClass": "", @@ -48,24 +46,15 @@ metadata: "allowUserDefinedWorkspaceNamespaces": false, "cheClusterRoles": "", "cheFlavor": "", - "cheImage": "", - "cheImageTag": "", "cheWorkspaceClusterRole": "", - "devfileRegistryImage": "", "gitSelfSignedCert": false, "nonProxyHosts": "", - "pluginRegistryImage": "", "proxyPassword": "", "proxyPort": "", "proxyURL": "", "proxyUser": "", "serverExposureStrategy": "", - "serverMemoryLimit": "", - "serverMemoryRequest": "", "serverTrustStoreConfigMapName": "", - "singleHostGatewayConfigMapLabels": {}, - "singleHostGatewayConfigSidecarImage": "", - "singleHostGatewayImage": "", "tlsSupport": true, "useInternalClusterSVCNames": true, "workspaceNamespaceDefault": "-che" @@ -74,7 +63,6 @@ metadata: "postgresPVCStorageClassName": "", "preCreateSubPaths": true, "pvcClaimSize": "1Gi", - "pvcJobsImage": "", "pvcStrategy": "common", "workspacePVCStorageClassName": "" } @@ -102,14 +90,6 @@ spec: displayName: Eclipse Che Cluster kind: CheCluster name: checlusters.org.eclipse.che - specDescriptors: - - description: Deprecated. Instructs the Operator to deploy Che in TLS mode. - This is enabled by default. Disabling TLS sometimes cause malfunction - of some Che components. - displayName: TLS support - path: server.tlsSupport - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch statusDescriptors: - description: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. @@ -127,6 +107,11 @@ spec: path: cheVersion x-descriptors: - urn:alm:descriptor:org.w3:link + - description: Public URL to the devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link - description: A URL that points to some URL where to find help related to the current Operator status. displayName: Help link @@ -151,6 +136,11 @@ spec: path: openShiftOAuthUserCredentialsSecret x-descriptors: - urn:alm:descriptor:text + - description: Public URL to the plugin registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link - description: A brief CamelCase message indicating details about why the Pod is in this state. displayName: Reason @@ -223,7 +213,7 @@ spec: Status: Che Cluster Running: Available Che URL: http://che-my-eclipse-che.gcp.my-ide.cloud - Che Version: 7.0.0 + Che Version: 7.26.0 ... ``` @@ -231,9 +221,9 @@ spec: ## Defaults By default, the operator deploys Eclipse Che with: * Bundled PostgreSQL and Keycloak - * Per-Workspace PVC strategy + * Common PVC strategy * Auto-generated passwords - * TLS mode (secure routes) + * TLS mode (secure ingresses) ## Installation Options Eclipse Che operator installation options include: * Connection to external database and Keycloak diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml index 26b7fe3c51..18035ad937 100644 --- a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml @@ -590,7 +590,7 @@ spec: is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the - doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.' type: string pluginRegistryCpuLimit: @@ -671,7 +671,7 @@ spec: is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. - See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). + See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. type: string proxyUser: @@ -744,7 +744,7 @@ spec: useInternalClusterSVCNames: description: Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. The - default value is `false`. + default value is `true`. type: boolean workspaceNamespaceDefault: description: Defines Kubernetes default namespace in which user's diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml index 2b3180cf6e..f25aa1e036 100644 --- a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml @@ -15,7 +15,6 @@ metadata: "externalIdentityProvider": false, "identityProviderAdminUserName": "", "identityProviderClientId": "", - "identityProviderImage": "", "identityProviderPassword": "", "identityProviderRealm": "", "identityProviderURL": "", @@ -29,8 +28,7 @@ metadata: "chePostgresPassword": "", "chePostgresPort": "", "chePostgresUser": "", - "externalDb": false, - "postgresImage": "" + "externalDb": false }, "metrics": { "enable": true @@ -39,24 +37,15 @@ metadata: "allowUserDefinedWorkspaceNamespaces": false, "cheClusterRoles": "", "cheFlavor": "", - "cheImage": "", - "cheImageTag": "", "cheWorkspaceClusterRole": "", - "devfileRegistryImage": "", "gitSelfSignedCert": false, "nonProxyHosts": "", - "pluginRegistryImage": "", "proxyPassword": "", "proxyPort": "", "proxyURL": "", "proxyUser": "", "serverExposureStrategy": "", - "serverMemoryLimit": "", - "serverMemoryRequest": "", "serverTrustStoreConfigMapName": "", - "singleHostGatewayConfigMapLabels": {}, - "singleHostGatewayConfigSidecarImage": "", - "singleHostGatewayImage": "", "tlsSupport": true, "useInternalClusterSVCNames": true, "workspaceNamespaceDefault": "-che" @@ -65,7 +54,6 @@ metadata: "postgresPVCStorageClassName": "", "preCreateSubPaths": true, "pvcClaimSize": "1Gi", - "pvcJobsImage": "", "pvcStrategy": "common", "workspacePVCStorageClassName": "" } @@ -93,14 +81,6 @@ spec: displayName: Eclipse Che Cluster kind: CheCluster name: checlusters.org.eclipse.che - specDescriptors: - - description: Deprecated. Instructs the Operator to deploy Che in TLS mode. - This is enabled by default. Disabling TLS sometimes cause malfunction - of some Che components. - displayName: TLS support - path: server.tlsSupport - x-descriptors: - - urn:alm:descriptor:com.tectonic.ui:booleanSwitch statusDescriptors: - description: Status of a Che installation. Can be `Available`, `Unavailable`, or `Available, Rolling Update in Progress`. @@ -118,6 +98,11 @@ spec: path: cheVersion x-descriptors: - urn:alm:descriptor:org.w3:link + - description: Public URL to the devfile registry. + displayName: Devfile registry URL + path: devfileRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link - description: A URL that points to some URL where to find help related to the current Operator status. displayName: Help link @@ -142,6 +127,11 @@ spec: path: openShiftOAuthUserCredentialsSecret x-descriptors: - urn:alm:descriptor:text + - description: Public URL to the plugin registry. + displayName: Plugin registry URL + path: pluginRegistryURL + x-descriptors: + - urn:alm:descriptor:org.w3:link - description: A brief CamelCase message indicating details about why the Pod is in this state. displayName: Reason @@ -158,7 +148,7 @@ spec: Press the **Install** button, choose the upgrade strategy, and wait for the **Installed** Operator status. - When the operator is installed, create a new CR of Kind CheCluster (click the **Create New** button). + When the operator is installed, create a new CR of Kind CheCluster (click the **Create New** or **Create Instance** button). The CR spec contains all defaults (see below). You can start using Eclipse Che when the CR status is set to **Available**, and you see a URL to Eclipse Che. @@ -169,7 +159,7 @@ spec: * Bundled PostgreSQL and Keycloak - * Per-Workspace PVC strategy + * Common PVC strategy * Auto-generated passwords diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml index 7e616e5082..a8e76df4bb 100644 --- a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml @@ -591,7 +591,7 @@ spec: is required, but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. See the - doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). + doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields.' type: string pluginRegistryCpuLimit: @@ -672,7 +672,7 @@ spec: is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. - See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). + See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. type: string proxyUser: @@ -745,7 +745,7 @@ spec: useInternalClusterSVCNames: description: Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. The - default value is `false`. + default value is `true`. type: boolean workspaceNamespaceDefault: description: Defines Kubernetes default namespace in which user's diff --git a/pkg/apis/org/v1/che_types.go b/pkg/apis/org/v1/che_types.go index e165adb3ab..074d67d8f8 100644 --- a/pkg/apis/org/v1/che_types.go +++ b/pkg/apis/org/v1/che_types.go @@ -131,12 +131,9 @@ type CheClusterSpecServer struct { GitSelfSignedCert bool `json:"gitSelfSignedCert"` // Deprecated. Instructs the Operator to deploy Che in TLS mode. This is enabled by default. Disabling TLS sometimes cause malfunction of some Che components. // +optional - // +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true - // +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors.displayName="TLS support" - // +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors.x-descriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch" TlsSupport bool `json:"tlsSupport"` // Use internal cluster SVC names to communicate between components to speed up the traffic and avoid proxy issues. - // The default value is `false`. + // The default value is `true`. // +optional UseInternalClusterSVCNames bool `json:"useInternalClusterSVCNames"` // Public URL of the devfile registry, that serves sample, ready-to-use devfiles. @@ -226,7 +223,7 @@ type CheClusterSpecServer struct { // Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration // and no additional configuration is required, but defining `proxyUrl` in a custom resource leads to overrides the cluster proxy configuration // with fields `proxyUrl`, `proxyPort`, `proxyUser` and `proxyPassword` from the custom resource. - // See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyPort` and `nonProxyHosts` fields. + // See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyPort` and `nonProxyHosts` fields. // +optional ProxyURL string `json:"proxyURL,omitempty"` // Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields. @@ -236,7 +233,7 @@ type CheClusterSpecServer struct { // Specify wild card domain use the following form `.` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32` // Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required, // but defining `nonProxyHosts` in a custom resource leads to merging non proxy hosts lists from the cluster proxy configuration and ones defined in the custom resources. - // See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html). See also the `proxyURL` fields. + // See the doc https://docs.openshift.com/container-platform/4.4/networking/enable-cluster-wide-proxy.html. See also the `proxyURL` fields. NonProxyHosts string `json:"nonProxyHosts,omitempty"` // User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields. // +optional @@ -592,9 +589,15 @@ type CheClusterStatus struct { KeycloakURL string `json:"keycloakURL"` // Public URL to the devfile registry. // +optional + // +operator-sdk:gen-csv:customresourcedefinitions.statusDescriptors=true + // +operator-sdk:gen-csv:customresourcedefinitions.statusDescriptors.displayName="Devfile registry URL" + // +operator-sdk:gen-csv:customresourcedefinitions.statusDescriptors.x-descriptors="urn:alm:descriptor:org.w3:link" DevfileRegistryURL string `json:"devfileRegistryURL"` // Public URL to the plugin registry. // +optional + // +operator-sdk:gen-csv:customresourcedefinitions.statusDescriptors=true + // +operator-sdk:gen-csv:customresourcedefinitions.statusDescriptors.displayName="Plugin registry URL" + // +operator-sdk:gen-csv:customresourcedefinitions.statusDescriptors.x-descriptors="urn:alm:descriptor:org.w3:link" PluginRegistryURL string `json:"pluginRegistryURL"` // A human readable message indicating details about why the Pod is in this condition. // +optional From 8a2b87e8c1d511c9a8998083dfdebfef9e1851cd Mon Sep 17 00:00:00 2001 From: Oleksandr Andriienko Date: Thu, 4 Mar 2021 15:35:59 +0200 Subject: [PATCH 2/2] Update OLM bundle Signed-off-by: Oleksandr Andriienko --- .../manifests/che-operator.clusterserviceversion.yaml | 6 +++--- .../manifests/che-operator.clusterserviceversion.yaml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml index ffb0a8b3d6..b7eb12a228 100644 --- a/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml @@ -73,13 +73,13 @@ metadata: categories: Developer Tools certified: "false" containerImage: quay.io/eclipse/che-operator:nightly - createdAt: "2021-03-03T13:40:26Z" + createdAt: "2021-03-04T13:35:29Z" description: A Kube-native development solution that delivers portable and collaborative developer workspaces. operatorframework.io/suggested-namespace: eclipse-che repository: https://github.com/eclipse/che-operator support: Eclipse Foundation - name: eclipse-che-preview-kubernetes.v7.27.0-106.nightly + name: eclipse-che-preview-kubernetes.v7.28.0-108.nightly namespace: placeholder spec: apiservicedefinitions: {} @@ -675,4 +675,4 @@ spec: maturity: stable provider: name: Eclipse Foundation - version: 7.27.0-106.nightly + version: 7.28.0-108.nightly diff --git a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml index f25aa1e036..f0ba67a0bd 100644 --- a/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml +++ b/deploy/olm-catalog/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml @@ -64,13 +64,13 @@ metadata: categories: Developer Tools, OpenShift Optional certified: "false" containerImage: quay.io/eclipse/che-operator:nightly - createdAt: "2021-03-03T13:40:37Z" + createdAt: "2021-03-04T13:35:37Z" description: A Kube-native development solution that delivers portable and collaborative developer workspaces in OpenShift. operatorframework.io/suggested-namespace: eclipse-che repository: https://github.com/eclipse/che-operator support: Eclipse Foundation - name: eclipse-che-preview-openshift.v7.27.0-106.nightly + name: eclipse-che-preview-openshift.v7.28.0-108.nightly namespace: placeholder spec: apiservicedefinitions: {} @@ -747,4 +747,4 @@ spec: maturity: stable provider: name: Eclipse Foundation - version: 7.27.0-106.nightly + version: 7.28.0-108.nightly