-
Language:
English
-
Language:
English
Chapter 5. Advanced configuration options
The following section describes advanced deployment and configuration methods for Red Hat CodeReady Workspaces.
5.1. CodeReady Workspaces configMaps and their behavior
The following section describes CodeReady Workspaces configMaps and how they behave.
A configMap is provided as an editable file that lists options to customize the CodeReady Workspaces environment. Based on the CodeReady Workspaces installation method, configMaps can be used to customize the working environment. The type of configMaps available in your CodeReady Workspaces environment varies based on the method used for installing CodeReady Workspaces.
5.1.1. CodeReady Workspaces installed using an Operator
Operators are software extensions to OpenShift that use custom resources to manage applications and their components.
CodeReady Workspaces installed using the Operator provides the user with an automatically generated configMap called workspaces.
The workspaces configMap contains the main properties for the CodeReady Workspaces server, and is in sync with the information stored in the CheCluster Custom Resource file. User modifications of the workspaces configMap after installing CodeReady Workspaces using the Operator are automatically overwritten by values that the Operator obtains from the CheCluster Custom Resource.
To edit the workspaces configMap, edit the Custom Resource manually. The configMap derives values from the CheCluster field. User modifications of the CheCluster Custom Resource field cause the Operator to change the attributes of the workspaces configMap accordingly. The configMap changes automatically trigger a restart of the CodeReady Workspaces Pod.
To add custom properties to the CodeReady Workspaces server, such as environment variables that are not automatically generated in the workspaces configMap by the Operator, or to override automatically generated properties, the CheCluster Custom Resource has a customCheProperties field, which expects a map.
For example, to overrride the default memory limit for workspaces, add the CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB property to customCheProperties:
apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
name: eclipse-che
namespace: che
spec:
server:
cheImageTag: ''
devfileRegistryImage: ''
pluginRegistryImage: ''
tlsSupport: false
selfSignedCert: false
customCheProperties:
CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "2048"
auth:
...
Previous versions of the CodeReady Workspaces Operator had a configMap named custom to fulfill this role. If the CodeReady Workspaces Operator finds a configMap with the name custom, it adds the data it contains into the customCheProperties field, redeploys CodeReady Workspaces, and deletes the custom configMap.
5.2. Configuring namespace strategies
The term namespace (Kubernetes) is used interchangeably with project (OpenShift).
The namespace strategies are configured using the CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT environment variable.
There are legacy variables CHE_INFRA_KUBERNETES_NAMESPACE and CHE_INFRA_OPENSHIFT_PROJECT. These should be left unset for new instalations. Changing these variables during update can lead to data loss.
5.2.1. One namespace per workspace strategy
The strategy creates a new namespace for each new workspace.
To use the strategy, the CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT variable value must contain the <workspaceid> identifier. It can be used alone or combined with other identifiers or any string.
Example 5.1. One namespace per workspace
To assign namespace names composed of a che-ws prefix and workspace id, set:
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT=che-ws-<workspaceid>5.2.2. One namespace for all workspaces strategy
The strategy uses one predefined namespace for all workspaces.
To use the strategy, the CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT variable value must be the name of the desired namespace to use.
Example 5.2. One namespace for all workspaces
To have all workspaces created in che-workspaces namespace, set:
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT=che-workspaces
To run more than one workspace at a time when using this strategy together with the common PVC strategy, configure persistent volumes to use ReadWriteMany access mode.
5.2.3. One namespace per user strategy
The strategy isolates each user in their own namespace.
To use the strategy, the CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT variable value must contain one or more user identifiers. Currently supported identifiers are <username> and <userid>.
Example 5.3. One namespace per user
To assign namespace names composed of a che-ws prefix and individual usernames (che-ws-user1, che-ws-user2), set:
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT=che-ws-<username>
To run more than one workspace at a time when using this strategy together with the common PVC strategy, configure persistent volumes to use ReadWriteMany access mode.
To limit the number of concurrently running workspaces per user to one, set the CHE_LIMITS_USER_WORKSPACES_RUN_COUNT environment variable to 1.
To limit the number of concurrently running workspaces per user to one (1):
-
For Helm Chart deployments: set the
.global.workspace.numberparameter to1. -
For Operator deployments: set the
spec.server.cheCustomProperties.CHE_LIMITS_USER_WORKSPACE_RUN_COUNTvariable of the CheCluster Custom Resource (CR) to1.
5.2.4. Allowing user-defined workspace namespaces
Che server can be configured to honor the user selection of a namespace when a workspace is created. This feature is disabled by default. To allow user-defined workspace namespaces, set:
CHE_INFRA_KUBERNETES_NAMESPACE_ALLOWUSERDEFINED=true5.3. Deploying CodeReady Workspaces with support for Git repositories with self-signed certificates
This procedure describes how to configure CodeReady Workspaces for deployment with support for Git operations on repositories that use self-signed certificates.
Prerequisites
- Git version 2 or later.
Configuring support for self-signed Git repositories on OpenShift
Deploying CodeReady Workspaces using a Helm Chart
Configure the workspace exposure strategy using the
global.useGitSelfSignedCertsproperty. To do that, add the following option to thehelm upgradecommand:$ helm upgrade che --set global.useGitSelfSignedCerts=true
Create a new configMap with details about the Git server:
$ oc create configmap che-git-self-signed-cert --from-file=<ca.crt> \ --from-literal=githost=<host:port> -n=che
In the command, substitute
<ca.crt>for the self-signed certificate and `<host:port>` for the host and port of the HTTPS connection on the Git server (optional).NoteWhen
githostis not specified, the given certificate is used for all HTTPS repositories.
Create and start new workspace. Every container used by the workspace mounts a special volume that contains a file with the self-signed certificate. The repository’s .git/config file contains information about the Git server host (its URL) and the path to the certificate in the http section (see Git documentation about git-config). For example:
[http "https://10.33.177.118:3000"]
sslCAInfo = /etc/che/git/cert/ca.crt5.4. CodeReady Workspaces configMaps fields reference
5.4.1. server settings related to the CodeReady Workspaces server
| Property | Default value | Description |
|---|---|---|
|
| omit | Optional hostname or URL to an alternate container registry to pull images from. This value overrides the container registry hostname defined in all default container images involved in a CodeReady Workspaces deployment. This is particularly useful to install CodeReady Workspaces in an air-gapped environment. |
|
| omit | Optional repository name of an alternate container registry to pull images from. This value overrides the container registry organization defined in all the default container images involved in a CodeReady Workspaces deployment. This is particularly useful to install CodeReady Workspaces in an air-gapped environment. |
|
|
| Enables the debug mode for CodeReady Workspaces server. |
|
|
| Flavor of the installation. |
|
| The Operator automatically sets the value. | Public hostname of the installed CodeReady Workspaces server. |
|
|
| Overrides the image pull policy used in CodeReady Workspaces deployment. |
|
| omit | Overrides the tag of the container image used in CodeReady Workspaces deployment. Omit it or leave it empty to use the default image tag provided by the Operator. |
|
| omit | Overrides the container image used in CodeReady Workspaces deployment. This does not include the container image tag. Omit it or leave it empty to use the defaut container image provided by the Operator. |
|
|
|
Log level for the CodeReady Workspaces server: |
|
| omit | Custom cluster role bound to the user for the workspaces. Omit or leave empty to use the default roles. |
|
| omit |
Map of additional environment variables that will be applied in the generated |
|
| omit | Overrides the container image used in the Devfile registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. |
|
|
| Overrides the memory limit used in the Devfile registry deployment. |
|
|
| Overrides the memory request used in the Devfile registry deployment. |
|
|
| Overrides the image pull policy used in the Devfile registry deployment. |
|
| The Operator automatically sets the value. |
Public URL of the Devfile registry that serves sample, ready-to-use devfiles. Set it if you use an external devfile registry (see the |
|
|
|
Instructs the Operator to deploy a dedicated Devfile registry server. By default a dedicated devfile registry server is started. If |
|
|
|
Instructs the Operator to deploy a dedicated Plugin registry server. By default, a dedicated plug-in registry server is started. If |
|
| omit |
List of hosts that should not use the configured proxy. Use |
|
| omit | Overrides the container image used in the Plugin registry deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. |
|
|
| Overrides the memory limit used in the Plugin registry deployment. |
|
|
| Overrides the memory request used in the Plugin registry deployment. |
|
|
| Overrides the image pull policy used in the Plugin registry deployment. |
|
| the Operator sets the value automatically |
Public URL of the Plugin registry that serves sample ready-to-use devfiles. Set it only when using an external devfile registry (see the |
|
| omit | Password of the proxy server. Only use when proxy configuration is required. |
|
| omit |
Port of the proxy server. Only use when configuring a proxy is required (see also the |
|
| omit |
URL (protocol+hostname) of the proxy server. This drives the appropriate changes in the |
|
| omit |
User name of the proxy server. Only use when configuring a proxy is required (see also the |
|
|
|
Enables the support of OpenShift clusters with routers that use self-signed certificates. When enabled, the Operator retrieves the default self-signed certificate of OpenShift routes and adds it to the Java trust store of the CodeReady Workspaces server. Required when activating the |
|
|
| Overrides the memory limit used in the CodeReady Workspaces server deployment. |
|
|
| Overrides the memory request used in the CodeReady Workspaces server deployment. |
|
|
|
Instructs the Operator to deploy CodeReady Workspaces in TLS mode. Enabling TLS requires enabling the |
5.4.2. database configuration settings related to the database used by CodeReady Workspaces
| Property | Default value | Description |
|---|---|---|
|
|
| Postgres database name that the CodeReady Workspaces server uses to connect to the database. |
|
| the Operator sets the value automatically |
Postgres Database hostname that the CodeReady Workspaces server uses to connect to. Defaults to postgres. Override this value only when using an external database. (See the field |
|
| auto-generated value | Postgres password that the CodeReady Workspaces server uses to connect to the database. |
|
|
|
Postgres Database port that the CodeReady Workspaces server uses to connect to. Override this value only when using an external database (see field |
|
|
| Postgres user that the CodeReady Workspaces server uses to connect to the database. |
|
|
|
Instructs the Operator to deploy a dedicated database. By default, a dedicated Postgres database is deployed as part of the CodeReady Workspaces installation. If set to |
|
|
Always` for | Overrides the image pull policy used in the Postgres database deployment. |
|
| omit | Overrides the container image used in the Postgres database deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. |
5.4.3. auth configuration settings related to authentication used by CodeReady Workspaces installation
| Property | Default value | Description |
|---|---|---|
|
|
|
By default, a dedicated Identity Provider server is deployed as part of the CodeReady Workspaces installation. But if |
|
|
| Overrides the name of the Identity Provider admin user. |
|
| omit |
Name of an Identity provider (Keycloak / RH SSO) |
|
|
| Overrides the image pull policy used in the Identity Provider (Keycloak / RH SSO) deployment. |
|
| omit | Overrides the container image used in the Identity Provider (Keycloak / RH SSO) deployment. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. |
|
| omit |
Overrides the password of Keycloak admin user. Override it only when using an external Identity Provider (see the |
|
| the Operator sets the value automatically |
Password for The Identity Provider (Keycloak / RH SSO) to connect to the database. This is useful to override it ONLY if you use an external Identity Provider (see the |
|
| omit |
Name of an Identity provider (Keycloak / RH SSO) realm. Override it only when using an external Identity Provider (see the |
|
| the Operator sets the value automatically |
Instructs the Operator to deploy a dedicated Identity Provider (Keycloak or RH SSO instance). Public URL of the Identity Provider server (Keycloak / RH SSO server). Set it only when using an external Identity Provider (see the |
|
| the Operator sets the value automatically |
Name of the OpenShift |
|
| the Operator sets the value automatically |
Name of the secret set in the OpenShift |
|
|
|
Enables the integration of the identity provider (Keycloak / RHSSO) with OpenShift OAuth. This allows users to login with their Openshift login and have their workspaces created under personnal OpenShift namespaces. The |
|
|
|
Forces the default |
5.4.4. storage configuration settings related to persistent storage used by CodeReady Workspaces
| Property | Default value | Description |
|---|---|---|
|
| omit | Storage class for the Persistent Volume Claim dedicated to the Postgres database. Omitted or leave empty to use a default storage class. |
|
|
| Instructs the CodeReady Workspaces server to launch a special Pod to pre-create a subpath in the Persistent Volumes. Enable it according to the configuration of your K8S cluster. |
|
|
| Size of the persistent volume claim for workspaces. |
|
| omit |
Overrides the container image used to create sub-paths in the Persistent Volumes. This includes the image tag. Omit it or leave it empty to use the default container image provided by the Operator. See also the |
|
|
|
Available options:`common` (all workspaces PVCs in one volume), |
|
| omit | Storage class for the Persistent Volume Claims dedicated to the workspaces. Omit or leave empty to use a default storage class. |
5.4.5. k8s configuration settings specific to CodeReady Workspaces installations on OpenShift
| Property | Default value | Description |
|---|---|---|
|
|
| Ingress class that defines which controller manages ingresses. |
|
| omit |
Global ingress domain for a K8S cluster. This field must be explicitly specified. This drives the |
|
|
|
Strategy for ingress creation. This can be |
|
|
| FSGroup the CodeReady Workspaces Pod and Workspace Pods containers should run in. |
|
|
| ID of the user the CodeReady Workspaces Pod and Workspace Pods containers should run as. |
|
| omit |
Name of a secret that is used to set ingress TLS termination if TLS is enabled. See also the |
5.4.6. installation defines the observed state of CodeReady Workspaces installation
| Property | Description |
|---|---|
|
|
Status of a CodeReady Workspaces installation. Can be |
|
| Public URL to the CodeReady Workspaces server. |
|
| Currently installed CodeReady Workspaces version. |
|
| Indicates whether a Postgres instance has been correctly provisioned. |
|
| Public URL to the Devfile registry. |
|
| A URL to where to find help related to the current Operator status. |
|
| Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been provisioned with realm, client and user. |
|
| Public URL to the Identity Provider server (Keycloak / RH SSO). |
|
| A human-readable message with details about why the Pod is in this state. |
|
| Indicates whether an Identity Provider instance (Keycloak / RH SSO) has been configured to integrate with the OpenShift OAuth. |
|
| Public URL to the Plugin registry. |
|
| A brief CamelCase message with details about why the Pod is in this state. |
5.4.7. Limits for workspaces
| Property | Default value | Description |
|---|---|---|
|
|
| The maximum amount of RAM that a user can allocate to a workspace when they create a new workspace. The RAM slider is adjusted to this maximum value. |
|
|
| The length of time that a user is idle with their workspace when the system will suspend the workspace and then stopping it. Idleness is the length of time that the user has not interacted with the workspace, meaning that one of our agents has not received interaction. Leaving a browser window open counts toward idleness. |
5.4.8. Limits for the workspaces of an user
| Property | Default value | Description |
|---|---|---|
|
|
| he total amount of RAM that a single user is allowed to allocate to running workspaces. A user can allocate this RAM to a single workspace or spread it across multiple workspaces. |
|
|
| The maximum number of workspaces that a user is allowed to create. The user will be presented with an error message if they try to create additional workspaces. This applies to the total number of both running and stopped workspaces. |
|
|
| The maximum number of running workspaces that a single user is allowed to have. If the user has reached this threshold and they try to start an additional workspace, they will be prompted with an error message. The user will need to stop a running workspace to activate another. |
5.4.9. Limits for for the workspaces of an organization
| Property | Default value | Description |
|---|---|---|
|
|
| The total amount of RAM that a single organization (team) is allowed to allocate to running workspaces. An organization owner can allocate this RAM however they see fit across the team’s workspaces. |
|
|
| The maximum number of workspaces that a organization is allowed to own. The organization will be presented an error message if they try to create additional workspaces. This applies to the total number of both running and stopped workspaces. |
|
|
| The maximum number of running workspaces that a single organization is allowed. If the organization has reached this threshold and they try to start an additional workspace, they will be prompted with an error message. The organization will need to stop a running workspace to activate another. |