-
Notifications
You must be signed in to change notification settings - Fork 88
/
org_v1_che_cr.yaml
132 lines (129 loc) · 6.42 KB
/
org_v1_che_cr.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
name: eclipse-che
spec:
server:
# server image used in Che deployment
cheImage: ''
# tag of an image used in Che deployment
cheImageTag: 'nightly'
# image:tag used in Devfile registry deployment
devfileRegistryImage: 'quay.io/eclipse/che-devfile-registry:nightly'
# image:tag used in plugin registry deployment
pluginRegistryImage: 'quay.io/eclipse/che-plugin-registry:nightly'
# defaults to `che`. When set to `codeready`, CodeReady Workspaces is deployed
# the difference is in images, labels, exec commands
cheFlavor: ''
# specifies a custom cluster role to user for the Che workspaces
# Uses the default roles if left blank.
cheWorkspaceClusterRole: ''
# when set to true the operator will attempt to get a secret in OpenShift router namespace
# to add it to Java trust store of Che server. Requires cluster-admin privileges for operator service account
selfSignedCert: false
## If enabled then the certificate from `che-git-self-signed-cert` config map
## will be propagated to the Che components and provide particular configuration for Git.
gitSelfSignedCert: false
# TLS mode for Che. Make sure you either have public cert, or set selfSignedCert to true
tlsSupport: true
# protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy
# to Che server and workspaces containers
proxyURL: ''
# port of a proxy server
proxyPort: ''
# username for a proxy server
proxyUser: ''
# password for a proxy user
proxyPassword: ''
# a list of non-proxy hosts. Use | as delimiter, eg localhost|my.host.com|123.42.12.32
nonProxyHosts: ''
# sets mem request for server deployment. Defaults to 512Mi
serverMemoryRequest: ''
# sets mem limit for server deployment. Defaults to 1Gi
serverMemoryLimit: ''
# sets default namespace where new workspaces will be created
workspaceNamespaceDefault: ''
# defines if user is able to specify namespace different from the default
allowUserDefinedWorkspaceNamespaces: false
database:
# when set to true, the operator skips deploying Postgres, and passes connection details of existing DB to Che server
# otherwise a Postgres deployment is created
externalDb: false
# Postgres Database hostname that Che server uses to connect to. Defaults to postgres
chePostgresHostName: ''
# Postgres Database port that Che server uses to connect to. Defaults to 5432
chePostgresPort: ''
# Postgres user that Che server when making a db connection. Defaults to pgche
chePostgresUser: ''
# password of a postgres user. Auto-generated when left blank
chePostgresPassword: ''
# Postgres database name that Che server uses to connect to. Defaults to dbche
chePostgresDb: ''
# Postgres deployment in format image:tag. Defaults to registry.redhat.io/rhscl/postgresql-96-rhel7 (see pkg/deploy/defaults.go for latest tag)
postgresImage: ''
storage:
# persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume),
# per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common
pvcStrategy: 'common'
# size of a persistent volume claim for workspaces. Defaults to 1Gi
pvcClaimSize: '1Gi'
# instruct Che server to launch a special pod to precreate a subpath in a PV
preCreateSubPaths: true
# image:tag for preCreateSubPaths jobs
pvcJobsImage: ''
# keep blank unless you need to use a non default storage class for Postgres PVC
postgresPVCStorageClassName: ''
# keep blank unless you need to use a non default storage class for workspace PVC(s)
workspacePVCStorageClassName: ''
auth:
# instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details
externalIdentityProvider: false
# retrieved from respective route/ingress unless explicitly specified in CR (when ExternalKeycloak is true)
identityProviderURL: ''
# password for keycloak database user. Auto generated if left blank
keycloakPostgresPassword: ''
# desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false)
identityProviderAdminUserName: ''
# desired password of Keycloak admin user (applicable only when externalIdentityProvider is false)
identityProviderPassword: 'admin'
# name of a keycloak realm. This realm will be created, when externalIdentityProvider is true, otherwise passed to Che server
identityProviderRealm: ''
# id of a keycloak client. This client will be created, when externalIdentityProvider is false, otherwise passed to Che server
identityProviderClientId: ''
# instructs an Operator to enable OpenShift v3 identity provider in Keycloak,
# as well as create respective oAuthClient and configure Che configMap accordingly
openShiftoAuth: false
# name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank
oAuthClientName: ''
# secret used in oAuthClient. Auto generated if left blank
oAuthSecret: ''
# image:tag used in Keycloak deployment
identityProviderImage: 'quay.io/eclipse/che-keycloak:nightly'
k8s:
# your global ingress domain
ingressDomain: '192.168.99.101.nip.io'
# kubernetes.io/ingress.class, defaults to nginx
ingressClass: ''
# IngressStrategy is the way ingresses are created.
# Can be multi-host (host is explicitly provided in ingress, <ingress-name>-<namespace>.<global-ingress-domain>),
# single-host (host is provided, path based rules, <ingress-domain>/path) and default-host *(no host is provided, path based rules)
ingressStrategy: ''
# secret name used for tls termination
tlsSecretName: ''
# FSGroup the Che POD and Workspace pod containers should run in
securityContextFsGroup: ''
# User the Che POD and Workspace pod containers should run as
securityContextRunAsUser: ''
metrics:
# Enables '/metrics' endpoint of Che server.
enable: false