chore: Switch to 'devWorkspace.enable: false' in a sample to allow to…

… deploy with che-serve engine by default (not in 7.42.0) Signed-off-by: Anatolii Bazko <abazko@redhat.com>
eclipse-che · Jan 25, 2022 · 1d6338e · 1d6338e
1 parent 9a5a2ef
commit 1d6338e
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 8 deletions.
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -123,6 +123,8 @@ spec:
               value: ca-certs
             - name: MAX_CONCURRENT_RECONCILES
               value: '1'
+            - name: ALLOW_DEVWORKSPACE_ENGINE
+              value: 'true'
             - name: ADD_COMPONENT_READINESS_INIT_CONTAINERS
               value: 'false'
             - name: RELATED_IMAGE_che_plugin_sidecar_plugin_registry_image_IBZWQYJSGU3DUNDCMNSTEZJTHFTGKZJWMI4WKNDBHBRDIZJYGY4DCMZYGBRWKMRUGYZDMNZUGU4TOYJUHBRDQMLDGEZTCY3CMJTDANJVMRSDKZBQMMZQ____

diff --git a/config/samples/org.eclipse.che_v1_checluster.yaml b/config/samples/org.eclipse.che_v1_checluster.yaml
@@ -16,12 +16,19 @@ metadata:
   name: eclipse-che
 spec:
   server:
+    # Specifies a variation of the installation. The options are `che` for upstream Che installations, or `codeready` for link:https://developers.redhat.com/products/codeready-workspaces/overview[CodeReady Workspaces] installation.
+    # Override the default value only on necessary occasions.
+    cheFlavor: ''
     # A comma-separated list of ClusterRoles that will be assigned to Che ServiceAccount.
     # Be aware that the Che Operator has to already have all permissions in these ClusterRoles to grant them.
     cheClusterRoles: ''
     # Custom cluster role bound to the user for the Che workspaces.
     # The default roles are used when omitted or left blank.
     cheWorkspaceClusterRole: ''
+    # Name of the ConfigMap with public certificates to add to Java trust store of the Che server.
+    # This is often required when adding the OpenShift OAuth provider, which has HTTPS endpoint signed with self-signed cert.
+    # The Che server must be aware of its CA cert to be able to request it.
+    serverTrustStoreConfigMapName: ''
     # When enabled, the certificate from `che-git-self-signed-cert` ConfigMap will be propagated to the Che components and provide particular configuration for Git.
     gitSelfSignedCert: false
     # Deprecated. Instructs the Operator to deploy Che in TLS mode. Disabling TLS sometimes cause malfunction of some Che components.
@@ -35,9 +42,11 @@ spec:
     proxyURL: ''
     # Port of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL` and `nonProxyHosts` fields.
     proxyPort: ''
-    # The secret that contains `user` and `password` for a proxy server.
-    # The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
-    proxySecret: ''
+    # User name of the proxy server. Only use when configuring a proxy is required. See also the `proxyURL`, `proxyPassword` and `proxySecret` fields.
+    proxyUser: ''
+    # Password of the proxy server.
+    # Only use when proxy configuration is required. See the `proxyURL`, `proxyUser` and `proxySecret` fields.
+    proxyPassword: ''
     # List of hosts that will be reached directly, bypassing the proxy.
     # Specify wild card domain use the following form `.<DOMAIN>` and `|` as delimiter, for example: `localhost|.my.host.com|123.42.12.32`
     # Only use when configuring a proxy is required. Operator respects OpenShift cluster wide proxy configuration and no additional configuration is required,
@@ -48,6 +57,16 @@ spec:
     # It's possible to use `<username>`, `<userid>` and `<workspaceid>` placeholders, such as che-workspace-<username>.
     # In that case, a new namespace will be created for each user or workspace.
     workspaceNamespaceDefault: "<username>-che"
+    # Defines that a user is allowed to specify a Kubernetes namespace, or an OpenShift project, which differs from the default.
+    # It's NOT RECOMMENDED to set to `true` without OpenShift OAuth configured. The OpenShift infrastructure also uses this property.
+    allowUserDefinedWorkspaceNamespaces: false
+    # Sets the server and workspaces exposure type.
+    # Possible values are `multi-host`, `single-host`, `default-host`. Defaults to `multi-host`, which creates a separate ingress, or OpenShift routes, for every required endpoint.
+    # `single-host` makes Che exposed on a single host name with workspaces exposed on subpaths.
+    # Read the docs to learn about the limitations of this approach.
+    # Also consult the `singleHostExposureType` property to further configure how the Operator and the Che server make that happen on Kubernetes.
+    # `default-host` exposes the Che server on the host of the cluster. Read the docs to learn about the limitations of this approach.
+    serverExposureStrategy: ''
   database:
     # Instructs the Operator on whether to deploy a dedicated database.
     # By default, a dedicated PostgreSQL database is deployed as part of the Che installation. When `externalDb` is `true`, no dedicated database will be deployed by the
@@ -60,9 +79,10 @@ spec:
     # PostgreSQL Database port that the Che server uses to connect to. Defaults to 5432.
     # Override this value ONLY when using an external database. See field `externalDb`. In the default case it will be automatically set by the Operator.
     chePostgresPort: ''
-    # The secret that contains PostgreSQL `user` and `password` that the Che server uses to connect to the DB.
-    # The secret must have `app.kubernetes.io/part-of=che.eclipse.org` label.
-    chePostgresSecret: ''
+    # PostgreSQL user that the Che server uses to connect to the DB. Defaults to `pgche`.
+    chePostgresUser: ''
+    # PostgreSQL password that the Che server uses to connect to the DB. When omitted or left blank, it will be set to an automatically generated value.
+    chePostgresPassword: ''
     # PostgreSQL database name that the Che server uses to connect to the DB. Defaults to `dbche`.
     chePostgresDb: ''
   storage:
@@ -77,9 +97,39 @@ spec:
     postgresPVCStorageClassName: ''
     # Storage class for the Persistent Volume Claims dedicated to the Che workspaces. When omitted or left blank, a default storage class is used.
     workspacePVCStorageClassName: ''
+
   auth:
+    # For operating with the OpenShift OAuth authentication, create a new user account since the kubeadmin can not be used.
+    # If the value is true, then a new OpenShift OAuth user will be created for the HTPasswd identity provider.
+    # If the value is false and the user has already been created, then it will be removed.
+    # If value is an empty, then do nothing.
+    # The user's credentials are stored in the `openshift-oauth-user-credentials` secret by Operator.
+    # Note that this solution is Openshift 4 platform-specific.
+    initialOpenShiftOAuthUser: true
+    # Instructs the Operator on whether or not to deploy a dedicated Identity Provider (Keycloak or RH SSO instance).
+    # Instructs the Operator on whether to deploy a dedicated Identity Provider (Keycloak or RH-SSO instance).
+    # By default, a dedicated Identity Provider server is deployed as part of the Che installation. When `externalIdentityProvider` is `true`,
+    # no dedicated identity provider will be deployed by the Operator and you will need to provide details about the external identity provider you are about to use.
+    # See also all the other fields starting with: `identityProvider`.
+    externalIdentityProvider: false
     # Public URL of the Identity Provider server (Keycloak / RH-SSO server).
+    # Set this ONLY when a use of an external Identity Provider is needed.
+    # See the `externalIdentityProvider` field. By default, this will be automatically calculated and set by the Operator.
     identityProviderURL: ''
+    # Overrides the name of the Identity Provider administrator user. Defaults to `admin`.
+    identityProviderAdminUserName: ''
+    # Overrides the password of Keycloak administrator user.
+    # Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
+    # When omitted or left blank, it is set to an auto-generated password.
+    identityProviderPassword: ''
+    # Name of a Identity provider, Keycloak or RH-SSO, realm that is used for Che.
+    # Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
+    # When omitted or left blank, it is set to the value of the `flavour` field.
+    identityProviderRealm: ''
+    # Name of a Identity provider, Keycloak or RH-SSO, `client-id` that is used for Che.
+    # Override this when an external Identity Provider is in use. See the `externalIdentityProvider` field.
+    # When omitted or left blank, it is set to the value of the `flavour` field suffixed with `-public`.
+    identityProviderClientId: ''
     # Name of the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OpenShiftoAuth` field.
     oAuthClientName: ''
     # Name of the secret set in the OpenShift `OAuthClient` resource used to setup identity federation on the OpenShift side. Auto-generated when left blank. See also the `OAuthClientName` field.
@@ -90,18 +140,28 @@ spec:
     # Ingress class that will define the which controller will manage ingresses. Defaults to `nginx`.
     # NB: This drives the `kubernetes.io/ingress.class` annotation on Che-related ingresses.
     ingressClass: ''
+    # Strategy for ingress creation. Options are: `multi-host` (host is explicitly provided in ingress),
+    # `single-host` (host is provided, path-based rules) and `default-host` (no host is provided, path-based rules).
+    # Defaults to `multi-host` Deprecated in favor of `serverExposureStrategy` in the `server` section,
+    # which defines this regardless of the cluster type. When both are defined, the `serverExposureStrategy` option takes precedence.
+    ingressStrategy: ''
     # Name of a secret that will be used to setup ingress TLS termination when TLS is enabled.
-    # When the field is empty string, the default cluster certificate will be used.
+    # When the field is empty string, the default cluster certificate will be used. See also the `tlsSupport` field.
     tlsSecretName: 'che-tls'
     # The FSGroup in which the Che Pod and workspace Pods containers runs in. Default value is `1724`.
     securityContextFsGroup: ''
     # ID of the user the Che Pod and workspace Pods containers run as. Default value is `1724`.
     securityContextRunAsUser: ''
+    # When the serverExposureStrategy is set to `single-host`, the way the server, registries and workspaces are exposed is further configured by this property.
+    # The possible values are `native`, which means that the server and workspaces are exposed using ingresses on K8s
+    # or `gateway` where the server and workspaces are exposed using a custom gateway based on link:https://doc.traefik.io/traefik/[Traefik].
+    # All the endpoints whether backed by the ingress or gateway `route` always point to the subpaths on the same domain. Defaults to `native`.
+    singleHostExposureType: ''
   metrics:
     # Enables `metrics` the Che server endpoint.
     enable: true
   devWorkspace:
     # Deploys the DevWorkspace Operator in the cluster.
     # Does nothing when a matching version of the Operator is already installed.
     # Fails when a non-matching version of the Operator is already installed.
-    enable: true
+    enable: false
diff --git a/helmcharts/next/templates/manager.yaml b/helmcharts/next/templates/manager.yaml
@@ -123,6 +123,8 @@ spec:
               value: ca-certs
             - name: MAX_CONCURRENT_RECONCILES
               value: "1"
+            - name: ALLOW_DEVWORKSPACE_ENGINE
+              value: 'true'
             - name: ADD_COMPONENT_READINESS_INIT_CONTAINERS
               value: "false"
           livenessProbe: