che-server-template.yaml

#
# Copyright (c) 2012-2018 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#

---
kind: Template
apiVersion: v1
metadata:
  name: che
  annotations:
    description: Che
objects:
- apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: che
- apiVersion: v1
  kind: RoleBinding
  metadata:
    name: che
  roleRef:
    name: edit
  subjects:
  - kind: ServiceAccount
    name: che
- apiVersion: v1
  kind: Service
  metadata:
    name: che-host
  spec:
    ports:
    - name: http
      port: 8080
      protocol: TCP
      targetPort: 8080
    - name: metrics
      port: 8087
      protocol: TCP
      targetPort: 8087
    selector:
      app: che
- apiVersion: v1
  kind: Route
  metadata:
    name: che
  spec:
    to:
      kind: Service
      name: che-host
    port:
      targetPort: http
- apiVersion: v1
  kind: DeploymentConfig
  metadata:
    name: che
  spec:
    replicas: 1
    revisionHistoryLimit: 2
    selector:
      app: che
    strategy:
      type: ${STRATEGY}
    template:
      metadata:
        labels:
          app: che
      spec:
        containers:
        - env:
          - name: OPENSHIFT_KUBE_PING_NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: NAMESPACE
            valueFrom:
              fieldRef:
                fieldPath: metadata.namespace
          - name: CHE_MULTIUSER
            value: "${CHE_MULTIUSER}"
          - name: CHE_WORKSPACE_HTTP__PROXY
            value: "${CHE_WORKSPACE_HTTP__PROXY}"
          - name: CHE_WORKSPACE_HTTPS__PROXY
            value: "${CHE_WORKSPACE_HTTPS__PROXY}"
          - name: CHE_WORKSPACE_NO__PROXY
            value: "${CHE_WORKSPACE_NO__PROXY}"
          - name: CHE_HOST
            value: "che-${NAMESPACE}.${ROUTING_SUFFIX}"
          - name: CHE_PORT
            value: "8080"
          - name: CHE_API
            value: "${PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/api"
          - name: CHE_WEBSOCKET_ENDPOINT
            value: "${WS_PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/api/websocket"
          - name: CHE_WEBSOCKET_ENDPOINT__MINOR
            value: "${WS_PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/api/websocket-minor"
          - name: CHE_DEBUG_SERVER
            value: "${CHE_DEBUG_SERVER}"
          - name: CHE_INFRASTRUCTURE_ACTIVE
            value: "openshift"
          - name: CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL
            value: "${PROTOCOL}://che-${NAMESPACE}.${ROUTING_SUFFIX}/agent-binaries/linux_amd64/bootstrapper/bootstrapper"
          - name: CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN
            value: "5"
          - name: CHE_INFRA_KUBERNETES_MASTER__URL
            value: "${CHE_INFRA_KUBERNETES_MASTER__URL}"
          - name: CHE_INFRA_OPENSHIFT_PROJECT
            value: "${CHE_INFRA_OPENSHIFT_PROJECT}"
          - name: CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME
            value: "${CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME}"
          - name: CHE_INFRA_KUBERNETES_PVC_STRATEGY
            value: "${CHE_INFRA_KUBERNETES_PVC_STRATEGY}"
          - name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
            value: "${CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS}"
          - name: CHE_INFRA_OPENSHIFT_TLS__ENABLED
            value: "${TLS}"
          - name: CHE_INFRA_KUBERNETES_TRUST__CERTS
            value: "${TLS}"
          - name: CHE_LOCAL_CONF_DIR
            value: "/etc/conf"
          - name: CHE_LOGS_DIR
            value: "/data/logs"
          - name: CHE_LOG_LEVEL
            value: "INFO"
          - name: CHE_KEYCLOAK_REALM
            value: "${CHE_KEYCLOAK_REALM}"
          - name: CHE_KEYCLOAK_AUTH__SERVER__URL
            value: "${CHE_KEYCLOAK_AUTH__SERVER__URL}"
          - name: CHE_KEYCLOAK_CLIENT__ID
            value: "${CHE_KEYCLOAK_CLIENT__ID}"
          - name: CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER
            value: "${CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER}"
          - name: CHE_OAUTH_GITHUB_CLIENTID
            value: "${CHE_OAUTH_GITHUB_CLIENTID}"
          - name: CHE_OAUTH_GITHUB_CLIENTSECRET
            value: "${CHE_OAUTH_GITHUB_CLIENTSECRET}"
          - name: JAVA_OPTS
            value: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10
              -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90
              -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true
              -Xms20m -Djava.security.egd=file:/dev/./urandom"
          - name: CHE_WORKSPACE_AUTO_START
            value: "false"
          - name: CHE_INFRA_KUBERNETES_PVC_QUANTITY
            value: "${CHE_INFRA_KUBERNETES_PVC_QUANTITY}"
          - name: PROTOCOL
            value: "${PROTOCOL}"
          - name: CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB
            value: "${CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB}"
          - name: ROUTING_SUFFIX
            value: "${ROUTING_SUFFIX}"
          - name: CHE_SELF__SIGNED__CERT
            valueFrom:
              secretKeyRef:
                key: ca.crt
                name: self-signed-certificate
                optional: true
          - name: CHE_WORKSPACE_PLUGIN__REGISTRY__URL
            value: "${CHE_WORKSPACE_PLUGIN__REGISTRY__URL}"
          - name: CHE_WORKSPACE_DEVFILE__REGISTRY__URL
            value: "${CHE_WORKSPACE_DEVFILE__REGISTRY__URL}"
          - name: CHE_TRACING_ENABLED
            value: "${CHE_TRACING_ENABLED}"
          - name: CHE_METRICS_ENABLED
            value: "${CHE_METRICS_ENABLED}"
          - name: CHE_CORS_ENABLED
            value: "${CHE_CORS_ENABLED}"
          - name: CHE_CORS_ALLOW__CREDENTIALS
            value: "${CHE_CORS_ALLOW__CREDENTIALS}"
          - name: CHE_CORS_ALLOWED__ORIGINS
            value: "${CHE_CORS_ALLOWED__ORIGINS}"
          - name: CHE_WSAGENT_CORS_ENABLED
            value: "${CHE_WSAGENT_CORS_ENABLED}"
          - name: CHE_WSAGENT_CORS_ALLOWED__ORIGINS
            value: "${CHE_WSAGENT_CORS_ALLOWED__ORIGINS}"
          - name: CHE_WSAGENT_CORS_ALLOW__CREDENTIALS
            value: "${CHE_WSAGENT_CORS_ALLOW__CREDENTIALS}"
          - name: CHE_INFRA_KUBERNETES_CLUSTER__ROLE__NAME
            value: "${CHE_INFRA_KUBERNETES_CLUSTER__ROLE__NAME}"
          image: ${IMAGE_CHE}:${CHE_VERSION}
          imagePullPolicy: "${PULL_POLICY}"
          livenessProbe:
            httpGet:
              path: /api/system/state
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 50
            failureThreshold: 3
            timeoutSeconds: 2
          readinessProbe:
            httpGet:
              path: /api/system/state
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 25
            timeoutSeconds: 5
            failureThreshold: 5
          name: che
          ports:
          - containerPort: 8080
            name: http
            protocol: TCP
          - containerPort: 8087
            name: metrics
            protocol: TCP
          - containerPort: 8000
            name: http-debug
          - containerPort: 8888
            name: jgroups-ping
            protocol: TCP
          resources:
            limits:
              memory: 1Gi
            requests:
              memory: 256Mi
          terminationMessagePath: "/dev/termination-log"
          terminationMessagePolicy: File
        restartPolicy: Always
        serviceAccountName: che
        terminationGracePeriodSeconds: 360
    triggers:
    - type: ConfigChange

parameters:
- name: CHE_WORKSPACE_HTTP__PROXY
  displayName: http_proxy for workspace containers
  description:
  value: ''
- name: CHE_WORKSPACE_HTTPS__PROXY
  displayName: https_proxy for workspace containers
  description:
  value: ''
- name: CHE_WORKSPACE_NO__PROXY
  displayName: no_proxy for workspace containers
  description:
  value: ''
- name: ROUTING_SUFFIX
  displayName: Routing suffix of your OpenShift cluster
  description: This is the suffix appended to routes in your OpenShift cluster <route>-<project>.<routing_suffix>
- name: CHE_VERSION
  displayName: Eclipse Che version
  description: Eclipse Che version which defaults to nightly
  value: nightly
- name: IMAGE_CHE
  displayName: Eclipse Che server image
  description: Che server Docker image. Defaults to eclipse/che-server
  value: eclipse/che-server
- name: CHE_MULTIUSER
  displayName: Che Multi-user flavor
  description: False i.e. single user by default
  value: 'false'
- name: PROTOCOL
  displayName: HTTP protocol
  description: Protocol to be used in Che communications
  value: http
- name: WS_PROTOCOL
  displayName: Websocket protocol
  description: Websocket protocol to be used in Che communications. Defaults to ws. Set to wss only if TLS is true and https protocol is defined
  value: ws
- name: TLS
  displayName: HTTPS support
  description: HTTPS support in Che
  value: 'false'
- name: CHE_INFRA_OPENSHIFT_PROJECT
  displayName: OpenShift namespace to create workspace objects
  description: Che server namespace by default. When empty, each workspace gets own namespace. In this case a privileged sa or credentials/token need to be used.
  value: '${NAMESPACE}'
- name: CHE_INFRA_KUBERNETES_PVC_QUANTITY
  displayName: Default PVC claim
  description: Default PVC claim for storage. Defaults to 1Gi
  value: '1Gi'
- name: CHE_INFRA_KUBERNETES_PVC_STRATEGY
  displayName: PVC strategy
  description: PVC strategy. Unique implies creating PVC per workspace. Common uses one PVC with subpaths in PV. Defaults to unique
  value: 'unique'
- name: CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME
  displayName: Workspace service account name
  description: Service accont name that should be specified to be bound to workspaces pods. Defauls to 'NULL' that means that Che Server won't specify any and default one will be bound.
  value: 'NULL'
- name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD
  displayName: Admin password update
  description: Force an admin to update password after 1st login. True by default
  value: 'true'
- name: CHE_KEYCLOAK_REALM
  displayName: Identity provider Realm
  description: Identity provider Realm. Defaults to che
  value: 'che'
- name: CHE_KEYCLOAK_CLIENT__ID
  displayName: Identity provider Client ID
  description: Identity provider Client ID. Defaults to che-public
  value: 'che-public'
- name: CHE_KEYCLOAK_AUTH__SERVER__URL
  displayName: Identity provider URL
  description: URL of a remote identity provider. Defaults to Keycloak bundled with Che multi user
  value: '${PROTOCOL}://keycloak-${NAMESPACE}.${ROUTING_SUFFIX}/auth'
- name: CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER
  displayName: Alias of the Openshift identity provider in Keycloak
  description: Alias of the Openshift identity provider registered in Keycloak, that should be used to create workspace OpenShift resources in Openshift namespaces owned by the current Che user.
  value: 'NULL'
- name: STRATEGY
  displayName: Update Strategy
  description: Che server update strategy. Defaults to Recreate. Use Rolling only if Che deployment does not use PVC
  value: 'Recreate'
- name: PULL_POLICY
  displayName: Che server image pull policy
  description: Always pull by default. Can be IfNotPresent
  value: 'Always'
- name: CHE_INFRA_KUBERNETES_MASTER__URL
  displayName: OpenShift master URL
  description: Required only in case of multi-cluster setup. Empty string by default.
  value: ''
- name: CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
  displayName: Pre-create subpaths in PV
  description: Applied only if a common strategy is used. Required for Kubernetes versions before 1.6
  value: 'true'
- name: CHE_OAUTH_GITHUB_CLIENTID
  displayName: GitHub Client ID
  description: GitHub OAuth app client ID. Applicable to Che single user only!
  value: ''
- name: CHE_OAUTH_GITHUB_CLIENTSECRET
  displayName: GitHub Client Secret
  description: GitHub OAuth app client servet. Applicable to Che single user only!
  value: ''
- name: CHE_WORKSPACE_PLUGIN__REGISTRY__URL
  displayName: Eclipse Che plugin registry URL
  description: Url that used to get meta information about Eclipse Che tooling
  value: 'NULL'
- name: CHE_WORKSPACE_DEVFILE__REGISTRY__URL
  displayName: Eclipse Che devfile registry URL
  description: Url that used to get meta information about predefined devfiles for workspaces
  value: 'NULL'
- name: CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB
  displayName: Plugin sidecar default memory limit
  description: Plugin sidecar default memory limit in megabytes
  value: '128'
- name: CHE_TRACING_ENABLED
  displayName: Eclipse Che tracing
  description: Enable or disable tracing in Eclipse Che
  value: 'false'
- name: CHE_METRICS_ENABLED
  displayName: Eclipse Che metrics collection
  description: Enable or disable metrics collection in Eclipse Che
  value: 'false'
- name: CHE_DEBUG_SERVER
  displayName: Deploy Che in a debug mode
  description: Enable or disable java debug mode on Eclipse Che server
  value: 'false'
- name: CHE_CORS_ENABLED
  displayName: CORS filter for WS Master
  description: Enable or disable CORS filter for Eclipse Che WS Master
  value: 'true'
- name: CHE_CORS_ALLOW__CREDENTIALS
  displayName: CORS credentials support for WS Master
  description: Allow requests with credentials for CORS filter
  value: 'false'
- name: CHE_CORS_ALLOWED__ORIGINS
  displayName: CORS allowed origins for WS Master
  description: defines allowed origins in requests for CORS filter
  value: '*'
- name: CHE_WSAGENT_CORS_ENABLED
  displayName: CORS filter for WS Agent
  description: Enable or disable CORS filter for Eclipse Che WS Agent
  value: 'true'
- name: CHE_WSAGENT_CORS_ALLOWED__ORIGINS
  displayName: CORS allowed origins for WS Agent
  description: defines allowed origins in requests for CORS filter, that will be propagated as corresponding env variable on WS Agent. Only if its value is not null or empty
  value: 'NULL'
- name: CHE_WSAGENT_CORS_ALLOW__CREDENTIALS
  displayName: CORS credentials support for WS Agent
  description: Allow requests with credentials for CORS filter on WS Agent.
  value: 'true'
- name: CHE_INFRA_KUBERNETES_CLUSTER__ROLE__NAME
  displayName: Cluster role to bind to workspace
  description: Binds the specified Cluster role to the workspace service account.
  value: ''
labels:
  app: che
  template: che