Red Hat CodeReady Workspaces 2.4 Installation Guide Installing Red Hat CodeReady Workspaces 2.4 Last Updated: 2020-12-18
Red Hat CodeReady Workspaces 2.4
Installation Guide
Installing Red Hat CodeReady Workspaces 2.4
Last Updated: 2020-12-18
Red Hat CodeReady Workspaces 2.4 Installation Guide
Installing Red Hat CodeReady Workspaces 2.4
Robert [email protected]
Michal Maléř[email protected]
Fabrice Flore-Thé[email protected]
Yana [email protected]
Legal Notice
Copyright © 2020 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative CommonsAttribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA isavailable athttp://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you mustprovide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift,Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United Statesand other countries.
Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.
Java ® is a registered trademark of Oracle and/or its affiliates.
XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United Statesand/or other countries.
MySQL ® is a registered trademark of MySQL AB in the United States, the European Union andother countries.
Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by theofficial Joyent Node.js open source or commercial project.
The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marksor trademarks/service marks of the OpenStack Foundation, in the United States and othercountries and are used with the OpenStack Foundation's permission. We are not affiliated with,endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Abstract
Information for administrators installing Red Hat CodeReady Workspaces.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Table of Contents
CHAPTER 1. SUPPORTED PLATFORMS
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION2.1. UNDERSTANDING THE CHECLUSTER CUSTOM RESOURCE2.2. CHECLUSTER CUSTOM RESOURCE FIELDS REFERENCE
CHAPTER 3. INSTALLING CODEREADY WORKSPACES3.1. INSTALLING CODEREADY WORKSPACES ON OPENSHIFT 4 USING OPERATORHUB
3.1.1. Creating a project in OpenShift Web Console3.1.2. Installing the Red Hat CodeReady Workspaces Operator3.1.3. Creating an instance of the Red Hat CodeReady Workspaces Operator
3.2. INSTALLING CODEREADY WORKSPACES ON OPENSHIFT CONTAINER PLATFORM 3.113.2.1. Installing the crwctl CLI management tool3.2.2. Installing CodeReady Workspaces on OpenShift 3 using the Operator
3.3. INSTALLING CODEREADY WORKSPACES IN A RESTRICTED ENVIROMENT3.3.1. Installing CodeReady Workspaces in a restricted environment using OperatorHub3.3.2. Installing CodeReady Workspaces in a restricted environment using CLI management tool
3.3.2.1. Preparing a private registry3.3.2.2. Preparing CodeReady Workspaces Custom Resource for restricted environment
3.3.2.2.1. Downloading the default CheCluster Custom Resource3.3.2.2.2. Customizing the CheCluster Custom Resource for restricted environment
3.3.2.3. Starting CodeReady Workspaces installation in a restricted environment using CodeReadyWorkspaces CLI management tool
3.3.3. Preparing CodeReady Workspaces Custom Resource for installing behind a proxy
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES4.1. ADVANCED CONFIGURATION OPTIONS FOR THE CODEREADY WORKSPACES SERVER COMPONENT
4.1.1. Understanding CodeReady Workspaces server advanced configuration using the Operator4.1.2. CodeReady Workspaces server component system properties reference
4.2. CONFIGURING PROJECT STRATEGIES4.2.1. One project per workspace strategy4.2.2. One project for all workspaces strategy4.2.3. One project per user strategy4.2.4. Allowing user-defined workspace projects
4.3. RUNNING MORE THAN ONE WORKSPACE AT A TIME4.4. CONFIGURING WORKSPACE EXPOSURE STRATEGIES
4.4.1. Workspace exposure strategies4.4.1.1. Multi-host strategy
4.4.2. Security considerations4.4.2.1. JSON web token (JWT) proxy4.4.2.2. Secured plug-ins and editors4.4.2.3. Secured container-image components4.4.2.4. Cross-site request forgery attacks4.4.2.5. Phishing attacks
4.5. CONFIGURING WORKSPACES NODESELECTOR4.6. CONFIGURING RED HAT CODEREADY WORKSPACES SERVER HOSTNAME4.7. DEPLOYING CODEREADY WORKSPACES WITH SUPPORT FOR GIT REPOSITORIES WITH SELF-SIGNEDCERTIFICATES4.8. INSTALLING CODEREADY WORKSPACES USING STORAGE CLASSES4.9. CONFIGURING STORAGE TYPES
4.9.1. Persistent storage
4
555
1515151516171718
20202121272727
2728
30
303031
6565666666666767686868686869696970
71727676
Table of Contents
1
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4.9.2. Ephemeral storage4.9.3. Asynchronous storage4.9.4. Configuring storage type defaults for CodeReady Workspaces dashboard4.9.5. Idling asynchronous storage Pods
4.10. IMPORTING TLS CERTIFICATES TO CODEREADY WORKSPACES SERVER JAVA TRUSTSTORE
CHAPTER 5. UPGRADING CODEREADY WORKSPACES5.1. UPGRADING CODEREADY WORKSPACES USING OPERATORHUB5.2. UPGRADING CODEREADY WORKSPACES USING THE CLI MANAGEMENT TOOL5.3. UPGRADING CODEREADY WORKSPACES USING THE CLI MANAGEMENT TOOL IN RESTRICTEDENVIRONMENT
5.3.1. Understanding network connectivity in restricted environments5.3.2. Preparing a private registry5.3.3. Upgrading CodeReady Workspaces using the CLI management tool in restricted environment
CHAPTER 6. UNINSTALLING CODEREADY WORKSPACES6.1. UNINSTALLING CODEREADY WORKSPACES AFTER OPERATORHUB INSTALLATION USING THEOPENSHIFT WEB CONSOLE6.2. UNINSTALLING CODEREADY WORKSPACES AFTER OPERATORHUB INSTALLATION USINGOPENSHIFT CLI6.3. UNINSTALLING CODEREADY WORKSPACES AFTER CRWCTL INSTALLATION
7677788080
828282
83838489
91
91
9293
Red Hat CodeReady Workspaces 2.4 Installation Guide
2
Table of Contents
3
CHAPTER 1. SUPPORTED PLATFORMSThis section describes the availability and the supported installation methods of CodeReadyWorkspaces 2.4 on OpenShift Container Platform and OpenShift Dedicated.
The minimal OpenShift Container Platform version supporting Red Hat CodeReady Workspaces isOpenShift Container Platform 3.11.
Table 1.1. Supported deployment environments for CodeReady Workspaces 2.4 on OpenShiftContainer Platform and OpenShift Dedicated
Platform Architecture Deployment method
OpenShift Container Platform3.11
AMD64 and Intel 64 (x86_64) crwctl
OpenShift Container Platform4.4
AMD64 and Intel 64 (x86_64) OperatorHub
OpenShift Container Platform4.4
IBM Z (s390x) OperatorHub
OpenShift Container Platform4.5
AMD64 and Intel 64 (x86_64) OperatorHub
OpenShift Dedicated 4.3 AMD64 and Intel 64 (x86_64) Add-On
NOTE
On OpenShift Container Platform 4.4 and 4.5, when the OperatorHubinstallation method is not available, consider using crwctl as an unofficial backupinstallation method.
Red Hat CodeReady Workspaces 2.4 Installation Guide
4
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACESINSTALLATION
The following section describes configuration options to install Red Hat CodeReady Workspaces usingthe Operator.
2.1. UNDERSTANDING THE CHECLUSTER CUSTOM RESOURCE
A default deployment of CodeReady Workspaces consist in the application of a parametrized CheCluster Custom Resource by the Red Hat CodeReady Workspaces Operator.
CheCluster Custom Resource
A YAML document describing the configuration of the overall CodeReady Workspacesinstallation.
Contains sections to configure each component: auth, database, server, storage.
Role of the Red Hat CodeReady Workspaces Operator
To translate the CheCluster Custom Resource into configuration (ConfigMap) usable byeach component of the CodeReady Workspaces installation.
Role of the OpenShift platform
To apply the configuration (ConfigMap) for each component.
To create the necessary Pods.
When OpenShift detects a change in the configuration of a component, it restarts the Podsaccordingly.
Example 2.1. Configuring the main properties of the CodeReady Workspaces server component
1. The user applies a CheCluster Custom Resource containing some configuration related tothe server.
2. The Operator generates a necessary ConfigMap, called che.
3. OpenShift detects change in the ConfigMap and triggers a restart of the CodeReadyWorkspaces Pod.
Additional resources
Understanding Operators.
Understanding Custom Resources .
To learn how to modify the CheCluster Custom Resource, see the chosen installationprocedure.
2.2. CHECLUSTER CUSTOM RESOURCE FIELDS REFERENCE
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION
5
https://docs.openshift.com/container-platform/latest/operators/olm-what-operators-are.htmlhttps://docs.openshift.com/container-platform/latest/operators/understanding/crds/crd-managing-resources-from-crds.html
This section describes all fields available to customize the CheCluster Custom Resource.
Example 2.2, “A minimal CheCluster Custom Resource example.”
Table 2.3, “CheCluster Custom Resource auth configuration settings related to authenticationused by CodeReady Workspaces installation”
Table 2.2, “CheCluster Custom Resource database configuration settings related to thedatabase used by CodeReady Workspaces”
Table 2.1, “CheCluster Custom Resource server settings, related to the CodeReadyWorkspaces server component.”
Table 2.4, “CheCluster Custom Resource storage configuration settings related to persistentstorage used by CodeReady Workspaces”
Table 2.5, “CheCluster Custom Resource k8s configuration settings specific to CodeReadyWorkspaces installations on OpenShift”
Table 2.6, “CheCluster Custom Resource status defines the observed state of CodeReadyWorkspaces installation”
Example 2.2. A minimal CheCluster Custom Resource example.
Table 2.1. CheCluster Custom Resource server settings, related to the CodeReady Workspacesserver component.
Property Default value Description
airGapContainerRegistryHostname
omit An optional host name or URL to an alternative containerregistry to pull images from. This value overrides the containerregistry host name defined in all default container imagesinvolved in a CodeReady Workspaces deployment. This isparticularly useful to install CodeReady Workspaces in an air-gapped environment.
apiVersion: org.eclipse.che/v1kind: CheClustermetadata: name: codeready-workspacesspec: auth: externalIdentityProvider: false database: externalDb: false server: selfSignedCert: false gitSelfSignedCert: false tlsSupport: true storage: pvcStrategy: 'common' pvcClaimSize: '1Gi'
Red Hat CodeReady Workspaces 2.4 Installation Guide
6
airGapContainerRegistryOrganization
omit Optional repository name of an alternative container registry topull images from. This value overrides the container registryorganization defined in all the default container images involvedin a CodeReady Workspaces deployment. This is particularlyuseful to install CodeReady Workspaces in an air-gappedenvironment.
cheDebug false Enables the debug mode for CodeReady Workspaces server.
cheFlavor codeready-workspaces
Flavor of the installation.
cheHost The Operatorautomatically setsthe value.
A public host name of the installed CodeReady Workspacesserver.
cheImagePullPolicy
Always for nightly or latestimages, and IfNotPresent inother cases
Overrides the image pull policy used in CodeReady Workspacesdeployment.
cheImageTag omit Overrides the tag of the container image used in CodeReadyWorkspaces deployment. Omit it or leave it empty to use thedefault image tag provided by the Operator.
cheImage omit Overrides the container image used in CodeReady Workspacesdeployment. This does not include the container image tag.Omit it or leave it empty to use the default container imageprovided by the Operator.
cheLogLevel INFO Log level for the CodeReady Workspaces server: INFO or DEBUG.
cheWorkspaceClusterRole
omit Custom cluster role bound to the user for the CodeReadyWorkspaces workspaces. Omit or leave empty to use the defaultroles.
customCheProperties
omit Map of additional environment variables that will be applied inthe generated codeready-workspaces ConfigMap to beused by the CodeReady Workspaces server, in addition to thevalues already generated from other fields of the CheClusterCustom Resource (CR). If customCheProperties contains aproperty that would be normally generated in codeready-workspaces ConfigMap from other CR fields, then the valuedefined in the customCheProperties will be used instead.
Property Default value Description
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION
7
devfileRegistryImage
omit Overrides the container image used in the Devfile registrydeployment. This includes the image tag. Omit it or leave itempty to use the default container image provided by theOperator.
devfileRegistryMemoryLimit
256Mi Overrides the memory limit used in the Devfile registrydeployment.
devfileRegistryMemoryRequest
16Mi Overrides the memory request used in the Devfile registrydeployment.
devfileRegistryPullPolicy
Always for nightly or latestimages, and IfNotPresent inother cases
Overrides the image pull policy used in the Devfile registrydeployment.
devfileRegistryUrl
The Operatorautomatically setsthe value.
Public URL of the Devfile registry that serves sample, ready-to-use devfiles. Set it if you use an external devfile registry (see the externalDevfileRegistry field).
externalDevfileRegistry
false Instructs the Operator to deploy a dedicated Devfile registryserver. By default a dedicated devfile registry server is started. IfexternalDevfileRegistry set to true, the Operator does notstart a dedicated registry server automatically and you need toset the devfileRegistryUrl field manually.
externalPluginRegistry
false Instructs the Operator to deploy a dedicated Plugin registryserver. By default, a dedicated plug-in registry server is started.If externalPluginRegistry set to true, the Operator does notdeploy a dedicated server automatically and you need to set the pluginRegistryUrl field manually.
nonProxyHosts omit List of hosts that will not use the configured proxy. Use |` asdelimiter, for example localhost|my.host.com|123.42.12.32Only use when configuring a proxy is required (see also the proxyURL field).
pluginRegistryImage
omit Overrides the container image used in the Plugin registrydeployment. This includes the image tag. Omit it or leave itempty to use the default container image provided by theOperator.
pluginRegistryMemoryLimit
256Mi Overrides the memory limit used in the Plugin registrydeployment.
Property Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
8
pluginRegistryMemoryRequest
16Mi Overrides the memory request used in the Plugin registrydeployment.
pluginRegistryPullPolicy
Always for nightly or latestimages, and IfNotPresent inother cases
Overrides the image pull policy used in the Plugin registrydeployment.
pluginRegistryUrl
the Operator setsthe valueautomatically
Public URL of the Plugin registry that serves sample ready-to-use devfiles. Set it only when using an external devfile registry(see the externalPluginRegistry field).
proxyPassword omit Password of the proxy server. Only use when proxy configurationis required.
proxyPort omit Port of the proxy server. Only use when configuring a proxy isrequired (see also the proxyURL field).
proxyURL omit URL (protocol+host name) of the proxy server. This drives theappropriate changes in the JAVA_OPTS and https(s)_proxyvariables in the CodeReady Workspaces server and workspacescontainers. Only use when configuring a proxy is required.
proxyUser omit User name of the proxy server. Only use when configuring aproxy is required (see also the proxyURL field).
serverMemoryLimit
1Gi Overrides the memory limit used in the CodeReady Workspacesserver deployment.
serverMemoryRequest
512Mi Overrides the memory request used in the CodeReadyWorkspaces server deployment.
tlsSupport true Instructs the Operator to deploy CodeReady Workspaces in TLSmode.
Property Default value Description
Table 2.2. CheCluster Custom Resource database configuration settings related to the databaseused by CodeReady Workspaces
Property Default value Description
chePostgresDb dbche PostgreSQL database name that the CodeReady Workspacesserver uses to connect to the database.
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION
9
chePostgresHostName
the Operator setsthe valueautomatically
PostgreSQL Database host name that the CodeReadyWorkspaces server uses to connect to. Defaults to postgres.Override this value only when using an external database. (Seethe field externalDb.)
chePostgresPassword
auto-generatedvalue
PostgreSQL password that the CodeReady Workspaces serveruses to connect to the database.
chePostgresPort
5432 PostgreSQL Database port that the CodeReady Workspacesserver uses to connect to. Override this value only when using anexternal database (see field externalDb).
chePostgresUser
pgche PostgreSQL user that the CodeReady Workspaces server usesto connect to the database.
externalDb false Instructs the Operator to deploy a dedicated database. Bydefault, a dedicated PostgreSQL database is deployed as partof the CodeReady Workspaces installation. If set to true, theOperator does not deploy a dedicated database automatically,you need to provide connection details to an external database.See all the fields starting with: chePostgres.
postgresImagePullPolicy
Always` for nightly or latestimages, and IfNotPresent inother cases
Overrides the image pull policy used in the PostgreSQLdatabase deployment.
postgresImage omit Overrides the container image used in the PostgreSQLdatabase deployment. This includes the image tag. Omit it orleave it empty to use the default container image provided bythe Operator.
Property Default value Description
Table 2.3. CheCluster Custom Resource auth configuration settings related to authentication usedby CodeReady Workspaces installation
Property Default value Description
externalIdentityProvider
false By default, a dedicated Identity Provider server is deployed aspart of the CodeReady Workspaces installation. But if externalIdentityProvider is true, then no dedicated identityprovider will be deployed by the Operator and you might needto provide details about the external identity provider you wantto use. See also all the other fields starting with: identityProvider.
identityProviderAdminUserName
admin Overrides the name of the Identity Provider admin user.
Red Hat CodeReady Workspaces 2.4 Installation Guide
10
identityProviderClientId
omit Name of an Identity provider (RH-SSO / RH SSO) client-idthat must be used for CodeReady Workspaces. This is useful tooverride it ONLY if you use an external Identity Provider (see theexternalIdentityProvider field). If omitted or left blank, it willbe set to the value of the flavor field suffixed with -public.
identityProviderImagePullPolicy
Always for nightly or latestimages, and IfNotPresent inother cases
Overrides the image pull policy used in the Identity Provider(RH-SSO / RH SSO) deployment.
identityProviderImage
omit Overrides the container image used in the Identity Provider(RH-SSO / RH SSO) deployment. This includes the image tag.Omit it or leave it empty to use the default container imageprovided by the Operator.
identityProviderPassword
omit Overrides the password of RH-SSO admin user. Override it onlywhen using an external Identity Provider (see the externalIdentityProvider field). Omit or leave empty to setan auto-generated password.
identityProviderPostgresPassword
the Operator setsthe valueautomatically
Password for The Identity Provider (RH-SSO / RH SSO) toconnect to the database. This is useful to override it ONLY if youuse an external Identity Provider (see the externalIdentityProvider field).
identityProviderRealm
omit Name of an Identity provider (RH-SSO / RH SSO) realm.Override it only when using an external Identity Provider (see theexternalIdentityProvider field). Omit or leave empty blank toset it to the value of the flavor field.
identityProviderURL
the Operator setsthe valueautomatically
Instructs the Operator to deploy a dedicated Identity Provider(RH-SSO or RH SSO instance). Public URL of the IdentityProvider server (RH-SSO / RH SSO server). Set it only whenusing an external Identity Provider (see the externalIdentityProvider field).
oAuthClientName
the Operator setsthe valueautomatically
Name of the OpenShift OAuthClient resource used to setupidentity federation on the OpenShift side. See also the OpenShiftoAuth field.
oAuthSecret the Operator setsthe valueautomatically
Name of the secret set in the OpenShift OAuthClient resourceused to setup identity federation on the OpenShift side. Seealso the OAuthClientName field.
Property Default value Description
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION
11
openShiftoAuth true on OpenShift Enables the integration of the identity provider (RH-SSO /RHSSO) with OpenShift OAuth. This allows users to log in withtheir OpenShift login and have their workspaces created underpersonal OpenShift projects. The kubeadmin user is notsupported, and logging through does not allow access to theCodeReady Workspaces Dashboard.
updateAdminPassword
false Forces the default admin CodeReady Workspaces user toupdate password on first login.
Property Default value Description
Table 2.4. CheCluster Custom Resource storage configuration settings related to persistentstorage used by CodeReady Workspaces
Property Default value Description
postgresPVCStorageClassName
omit Storage class for the Persistent Volume Claim dedicated to thePostgreSQL database. Omitted or leave empty to use a defaultstorage class.
preCreateSubPaths
false Instructs the CodeReady Workspaces server to launch a specialPod to pre-create a subpath in the Persistent Volumes. Enable itaccording to the configuration of your K8S cluster.
pvcClaimSize 1Gi Size of the persistent volume claim for workspaces.
pvcJobsImage omit Overrides the container image used to create sub-paths in thePersistent Volumes. This includes the image tag. Omit it or leaveit empty to use the default container image provided by theOperator. See also the preCreateSubPaths field.
pvcStrategy common Available options:`common` (all workspaces PVCs in onevolume), per-workspace (one PVC per workspace for alldeclared volumes) and unique (one PVC per declared volume).
workspacePVCStorageClassName
omit Storage class for the Persistent Volume Claims dedicated to theCodeReady Workspaces workspaces. Omit or leave empty touse a default storage class.
Table 2.5. CheCluster Custom Resource k8s configuration settings specific to CodeReadyWorkspaces installations on OpenShift
Property Default value Description
ingressClass nginx Ingress class that defines which controller manages ingresses.
Red Hat CodeReady Workspaces 2.4 Installation Guide
12
ingressDomain omit Global ingress domain for a K8S cluster. This field must beexplicitly specified. This drives the is kubernetes.io/ingress.class annotation on CodeReadyWorkspaces-related ingresses.
ingressStrategy multi-host Strategy for ingress creation. This can be multi-host (host isexplicitly provided in ingress), single-host (host is provided,path-based rules) and default-host.*(no host is provided,path-based rules).
securityContextFsGroup,omitempty
1724 FSGroup the CodeReady Workspaces Pod and Workspace Podscontainers run in.
securityContextRunAsUser
1724 ID of the user the CodeReady Workspaces Pod and WorkspacePods containers run as.
tlsSecretName omit Name of a secret that is used to set ingress TLS termination ifTLS is enabled. See also the tlsSupport field.
Property Default value Description
Table 2.6. CheCluster Custom Resource status defines the observed state of CodeReadyWorkspaces installation
Property Description
cheClusterRunning Status of a CodeReady Workspaces installation. Can be Available, Unavailable,or Available, Rolling Update in Progress.
cheURL Public URL to the CodeReady Workspaces server.
cheVersion Currently installed CodeReady Workspaces version.
dbProvisioned Indicates whether a PostgreSQL instance has been correctly provisioned.
devfileRegistryURL Public URL to the Devfile registry.
helpLink A URL to where to find help related to the current Operator status.
keycloakProvisioned Indicates whether an Identity Provider instance (RH-SSO / RH SSO) has beenprovisioned with realm, client and user.
keycloakURL Public URL to the Identity Provider server (RH-SSO / RH SSO).
message A human-readable message with details about why the Pod is in this state.
CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION
13
openShiftoAuthProvisioned
Indicates whether an Identity Provider instance (RH-SSO / RH SSO) has beenconfigured to integrate with the OpenShift OAuth.
pluginRegistryURL Public URL to the Plugin registry.
reason A brief CamelCase message with details about why the Pod is in this state.
Property Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
14
CHAPTER 3. INSTALLING CODEREADY WORKSPACESThis section contains instructions to install Red Hat CodeReady Workspaces. The installation methoddepends on the target platform and the environment restrictions.
3.1. INSTALLING CODEREADY WORKSPACES ON OPENSHIFT 4 USINGOPERATORHUB
This section describes how to install CodeReady Workspaces using the CodeReady WorkspacesOperator available in OpenShift 4 web console.
Operators are a method of packaging, deploying, and managing an OpenShift application which alsoprovide the following:
Repeatability of installation and upgrade.
Constant health checks of every system component.
Over-the-air (OTA) updates for OpenShift components and independent software vendor(ISV) content.
A place to encapsulate knowledge from field engineers and spread it to all users.
Prerequisites
An administrator account on a running instance of OpenShift 4.
3.1.1. Creating a project in OpenShift Web Console
A project allows to organize and manage different resources on the cluster in an isolated unit. Create aproject first to host the Red Hat CodeReady Workspaces Operator.
Procedure
1. Open the OpenShift web console, in the left panel navigate to the Home → Projects section.
2. Click Create Project.
3. Specify the project details:
Name: openshift-workspaces
Display Name: Red Hat CodeReady Workspaces
Description: Red Hat CodeReady Workspaces
3.1.2. Installing the Red Hat CodeReady Workspaces Operator
Red Hat CodeReady Workspaces Operator provides all the resources for running CodeReadyWorkspaces, such as PostgreSQL, RH-SSO, image registries, and the CodeReady Workspaces server,and also configures all these services.
Prerequisites
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
15
Access to the Web Console on the cluster.
Procedure
1. To install the Red Hat CodeReady Workspaces Operator, in the left panel, navigate to theOperators → OperatorHub section.
2. In the Filter by keyword field, type Red Hat CodeReady Workspaces and click the Red HatCodeReady Workspaces tile.
3. In the Red Hat CodeReady Workspaces pop-up window, click the Install button.
4. On the Install Operator screen, specify the following options:
Installation mode: A specific project on the cluster
Installed Namespace: *Pick an existing project → openshift-workspaces
Verification steps
1. To verify the Red Hat CodeReady Workspaces Operator has installed correctly, in the left panelnavigate to the Operators → Installed Operators section.
2. In the Installed Operators screen, click the Red Hat CodeReady Workspaces name andnavigate to the Details tab.
3. In the ClusterServiceVersion Details section at the bottom of the page, wait for thesemessages:
Status: Succeeded
Status Reason: install strategy completed with no errors
4. Navigate to the Events tab and wait for this message: install strategy completed with no errors.
3.1.3. Creating an instance of the Red Hat CodeReady Workspaces Operator
Follow this procedure to install Red Hat CodeReady Workspaces with the default configuration. Tomodify the configuration, see Chapter 2, Configuring the CodeReady Workspaces installation .
Procedure
1. To create an instance of the Red Hat CodeReady Workspaces Operator, in the left panel,navigate to the Operators → Installed Operators section.
2. In the Installed Operators screen, click the Red Hat CodeReady Workspaces name.
3. In the Operator Details screen, in the Details tab, inside of the Provided APIs section, click theCreate Instance link.
4. The Create CheCluster page contains the configuration of the overall CodeReady Workspacesinstance to create. It is the CheCluster Custom Resource. Keep the default values.
5. To create the codeready-workspaces cluster, click the Create button in the lower left corner ofthe window.
Red Hat CodeReady Workspaces 2.4 Installation Guide
16
6. On the Operator Details screen, in the Red Hat CodeReady Workspaces Cluster tab, click onthe codeready-workspaces link.
7. To navigate to the codeready-workspaces instance, click the link under Red Hat CodeReadyWorkspaces URL.
NOTE
The installation might take more than 5 minutes. The URL appears after the RedHat CodeReady Workspaces installation finishes.
Verification steps
1. To verify that the Red Hat CodeReady Workspaces instance has installed correctly, navigate tothe CodeReady Workspaces Cluster tab. The CheClusters screen displays the list of Red HatCodeReady Workspaces instances and their status.
2. Click codeready-workspaces CheCluster in the table and navigate to the Details tab.
3. See the content of following fields:
Message: the field contains error messages, if any. The expected content is None.
Red Hat CodeReady Workspaces URL: displays the URL of the Red Hat CodeReadyWorkspaces instance, once the deployment is successful.
4. Navigate to the Resources tab. The screen displays the list of the resources assigned to theCodeReady Workspaces deployment.
5. To see more details about the state of a resource, click its name and inspect the content of theavailable tabs.
Additional resources
https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/end-user_guide/index#navigating-codeready-workspaces-using-the-dashboard_crw.
https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/administration_guide/index#viewing-operator-events.adoc.
It is possible to use the crwctl utility script for deploying CodeReady Workspaces on OpenShiftContainer Platform and OpenShift Dedicated versions 4.5. This method is unofficial and servesas a backup installation method for situations where the installation method using OperatorHubis not available. See the Section 3.2.2, “Installing CodeReady Workspaces on OpenShift 3 usingthe Operator” section.
3.2. INSTALLING CODEREADY WORKSPACES ON OPENSHIFTCONTAINER PLATFORM 3.11
3.2.1. Installing the crwctl CLI management tool
This section describes how to install crwctl, the CodeReady Workspaces CLI management tool.
Procedure
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
17
https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/end-user_guide/index#navigating-codeready-workspaces-using-the-dashboard_crwhttps://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/administration_guide/index#viewing-operator-events.adoc
1. Navigate to https://developers.redhat.com/products/codeready-workspaces/download.
2. Download the CodeReady Workspaces CLI management tool archive for version 2.4.
3. Extract the archive to a folder, such as ${HOME}/crwctl or /opt/crwctl.
4. Run the crwctl executable from the extracted folder. In this example, ${HOME}/crwctl/bin/crwctl version.
5. Optionally, add the bin folder to your $PATH, for example, PATH=${PATH}:${HOME}/crwctl/bin to enable running crwctl without the full pathspecification.
Verification step
Running crwctl version displays the current version of the tool.
3.2.2. Installing CodeReady Workspaces on OpenShift 3 using the Operator
This section describes how to install CodeReady Workspaces on OpenShift 3 with the crwctl CLImanagement tool. The method of installation is using the Operator and enable TLS (HTTPS).
NOTE
Methods for updating from a previous CodeReady Workspaces installation and enablingmultiple instances in the same OpenShift Container Platform 3.11 cluster are providedbelow the installation procedure.
Operators are a method of packaging, deploying, and managing a OpenShift application which alsoprovide the following:
Repeatability of installation and upgrade.
Constant health checks of every system component.
Over-the-air (OTA) updates for OpenShift components and independent software vendor(ISV) content.
A place to encapsulate knowledge from field engineers and spread it to all users.
TIP
This approach is only supported for use with OpenShift Container Platform and OpenShift Dedicatedversion 3.11, but also work for newer versions of OpenShift Container Platform and OpenShiftDedicated, and serves as a backup installation method for situations when the installation method usingOperatorHub is not available.
Prerequisites
Administrator rights on a running instance of OpenShift 3.11.
An installation of the oc OpenShift 3.11 CLI management tool. See Installing the OpenShift 3.11CLI.
An installation of the crwctl management tool. See Section 3.2.1, “Installing the crwctl CLImanagement tool”.
Red Hat CodeReady Workspaces 2.4 Installation Guide
18
https://developers.redhat.com/products/codeready-workspaces/downloadhttps://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html#installing-the-cli
To apply settings that the main crwctl command-line parameters cannot set, prepare aconfiguration file operator-cr-patch.yaml that will override the default values in the CheCluster Custom Resource used by the Operator. See Chapter 2, Configuring theCodeReady Workspaces installation.
represents the project of the target installation.
Procedure
1. Log in to OpenShift. See Basic Setup and Login .
$ oc login
2. Run the following command to verify that the version of the oc OpenShift CLI managementtool is 3.11:
$ oc versionoc v3.11.0+0cbc58b
3. Run the following command to create the CodeReady Workspaces instance
In the user-defined :
$ crwctl server:start -n -p openshift
In the default project called openshift-workspaces:
$ crwctl server:start -p openshift
Verification steps
1. The output of the previous command ends with:
Command server:start has completed successfully.
2. Navigate to the CodeReady Workspaces cluster instance: https://codeready-..
Upgrading from a previous CodeReady Workspaces installation
To upgrade from a previous CodeReady Workspaces installation in the same OpenShiftContainer Platform 3.11 cluster, remove the Custom Resource Definition and the Cluster Roles:
$ oc delete customresourcedefinition/checlusters.org.eclipse.che$ oc patch customresourcedefinition/checlusters.org.eclipse.che \ --type merge \ -p '{ "metadata": { "finalizers": null }}'$ oc delete clusterrole codeready-operator
Having multiple CodeReady Workspaces deployments
To have multiple CodeReady Workspaces deployments in parallel using different versions in thesame OpenShift Container Platform 3.11 cluster, create a new service account for the new
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
19
https://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html#basic-setup-and-login
deployment. It is, however, strongly recommended that you update all your old CodeReadyWorkspaces deployments to the latest version instead, as this mix of versions may causeunexpected and unsupported results.
$ oc patch clusterrolebinding codeready-operator \ --type='json' \ -p '[{"op": "add", "path": "/subjects/0", "value": {"kind":"ServiceAccount", "namespace": "", "name": "codeready-operator"} }]'
3.3. INSTALLING CODEREADY WORKSPACES IN A RESTRICTEDENVIROMENT
By default, Red Hat CodeReady Workspaces uses various external resources, mainly container imagesavailable in public registries.
To deploy CodeReady Workspaces in an environment where these external resources are not available(for example, on a cluster that is not exposed to the public Internet):
1. Identify the image registry used by the OpenShift cluster, and ensure you can push to it.
2. Push all the images needed for running CodeReady Workspaces to this registry.
3. Configure CodeReady Workspaces to use the images that have been pushed to the registry.
4. Proceed to the CodeReady Workspaces installation.
The procedure for installing CodeReady Workspaces in restricted environments is different based onthe installation method you use:
Installation using OperatorHub on Openshift 4.3 and above
Installation using the crwctl management tool on both OpenShift 3.11 or 4.x
Notes on network connectivity in restricted environments
Restricted network environments range from a private subnet in a cloud provider to a separate networkowned by a company, disconnected from the public Internet. Regardless of the network configuration,CodeReady Workspaces works provided that the Routes that are created for CodeReadyWorkspaces components (codeready-workspaces-server, identity provider, devfile and pluginregistries) are accessible from inside the OpenShift cluster.
Take into account the network topology of the environment to determine how best to accomplish this.For example, on a network owned by a company or an organization, the network administrators mustensure that traffic bound from the cluster can be routed to Route hostnames. In other cases, forexample, on AWS, create a proxy configuration allowing the traffic to leave the node to reach anexternal-facing Load Balancer.
When the restricted network involves a proxy, follow the instructions provided in Section 3.3.3,“Preparing CodeReady Workspaces Custom Resource for installing behind a proxy”.
3.3.1. Installing CodeReady Workspaces in a restricted environment usingOperatorHub
Prerequisites
A running OpenShift cluster. See the OpenShift Container Platform 4.3 documentation for
Red Hat CodeReady Workspaces 2.4 Installation Guide
20
A running OpenShift cluster. See the OpenShift Container Platform 4.3 documentation forinstructions on how to install an OpenShift cluster on a restricted network.
Access to the mirror registry used to installed the OpenShift disconnected cluster in restrictednetwork. See the Related OpenShift Container Platform 4.3 documentation about creating amirror registry for installation in a restricted network.
On disconnected OpenShift 4 clusters running on restricted networks, an Operator can be successfullyinstalled from OperatorHub only if it meets the additional requirements defined in Enabling yourOperator for restricted network environments.
The CodeReady Workspaces operator meets these requirements and is therefore compatible with theofficial documentation about OLM on a restricted network .
Procedure
To install CodeReady Workspaces from OperatorHub:
1. Build a redhat-operators catalog image. See Building an Operator catalog image .
2. Configure OperatorHub to use this catalog image for operator installations. See ConfiguringOperatorHub for restricted networks.
3. Proceed to the CodeReady Workspaces installation as usual as described in Section 3.1,“Installing CodeReady Workspaces on OpenShift 4 using OperatorHub”.
3.3.2. Installing CodeReady Workspaces in a restricted environment using CLImanagement tool
NOTE
Use CodeReady Workspaces CLI management tool to install CodeReady Workspaces onrestricted networks if installation through OperatorHub is not available. This method issupported for OpenShift Container Platform 3.11.
Prerequisites
A running OpenShift cluster. See the OpenShift Container Platform 3.11 documentation forinstructions on how to install an OpenShift cluster.
3.3.2.1. Preparing a private registry
Prerequisites
The oc tool is available.
The skopeo tool, version 0.1.40 or later, is available.
The podman tool is available.
An image registry accessible from the OpenShift cluster and supporting the format of the V2image manifest, schema version 2. Ensure you can push to it from a location having, at leasttemporarily, access to the internet.
Table 3.1. Placeholders used in examples
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
21
https://docs.openshift.com/container-platform/4.3/welcome/index.htmlhttps://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html#installing-restricted-networks-preparationshttps://docs.openshift.com/container-platform/4.3/operators/operator_sdk/osdk-generating-csvs.html#olm-enabling-operator-for-restricted-network_osdk-generating-csvshttps://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.htmlhttps://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html#olm-building-operator-catalog-image_olm-restricted-networkshttps://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html#olm-restricted-networks-operatorhub_olm-restricted-networkshttps://docs.openshift.com/container-platform/3.11/welcome/index.html
Full coordinates of the source image, including registry, organization, anddigest.
Host name and port of the target container-image registry.
Organization in the target container-image registry
Image name and digest in the target container-image registry.
User name in the target container-image registry.
User password in the target container-image registry.
Procedure
1. Log into the internal image registry:
$ podman login --username --password
TIP
If you meet an error, such as x509: certificate signed by unknown authority, when attemptingto push to the internal registry, try one of these workarounds:
add the OpenShift cluster’s certificate to /etc/containers/certs.d/
add the registry as an insecure registry by adding the following lines to the Podmanconfiguration file located at /etc/containers/registries.conf:
[registries.insecure]registries = ['']
2. Copy images without changing their digest. Repeat this step for every image in the followingtable:
$ skopeo copy --all docker:// \ docker:////
NOTE
Red Hat CodeReady Workspaces 2.4 Installation Guide
22
NOTE
Table 3.2. Understanding the usage of the container-images from the prefixor keyword they include in their name
Usage Prefix or keyword
Essential not stacks-, plugin-, or -openj-
Workspaces stacks-, plugin-
Z and Power -openj-
Table 3.3. Images to copy in the private registry
registry.redhat.io/codeready-workspaces/crw-2-rhel8-operator@sha256:89763ddec38a5925a052fa7ea75fc5a0db39124cada1e2d33b6eba3e32e8a7c6
crw-2-rhel8-operator@sha256:89763ddec38a5925a052fa7ea75fc5a0db39124cada1e2d33b6eba3e32e8a7c6
registry.redhat.io/codeready-workspaces/devfileregistry-rhel8@sha256:7702adb0ed28b635e45804e87fe5dd98bdd3aa766fed7845a8ce509b91c22e36
devfileregistry-rhel8@sha256:7702adb0ed28b635e45804e87fe5dd98bdd3aa766fed7845a8ce509b91c22e36
registry.redhat.io/codeready-workspaces/jwtproxy-rhel8@sha256:8afecd5b0edc7734532ee76ff9eac1fc4814d8aaa6c9be440a2a88a20c014e4e
jwtproxy-rhel8@sha256:8afecd5b0edc7734532ee76ff9eac1fc4814d8aaa6c9be440a2a88a20c014e4e
registry.redhat.io/codeready-workspaces/machineexec-rhel8@sha256:c9bebc895e5fa5a0bd4ecaedfd5384ab75a45a96b6314ba5d4a6f4c1e8e109f9
machineexec-rhel8@sha256:c9bebc895e5fa5a0bd4ecaedfd5384ab75a45a96b6314ba5d4a6f4c1e8e109f9
registry.redhat.io/codeready-workspaces/plugin-java11-openj9-rhel8@sha256:27a71612f9bd3bee77adb4e164c44c61cf5085458d592215b2fe74c55d11abc6
plugin-java11-openj9-rhel8@sha256:27a71612f9bd3bee77adb4e164c44c61cf5085458d592215b2fe74c55d11abc6
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
23
registry.redhat.io/codeready-workspaces/plugin-java11-rhel8@sha256:e9deebbc320d28a2f425e858ed3dcf87fc67a40f6654d6eb7c2b6feea022b7d6
plugin-java11-rhel8@sha256:e9deebbc320d28a2f425e858ed3dcf87fc67a40f6654d6eb7c2b6feea022b7d6
registry.redhat.io/codeready-workspaces/plugin-java8-openj9-rhel8@sha256:14f2774e92b70d85280e506f81e2ea9a89c26490fd53a4421df8a694bd944d2d
plugin-java8-openj9-rhel8@sha256:14f2774e92b70d85280e506f81e2ea9a89c26490fd53a4421df8a694bd944d2d
registry.redhat.io/codeready-workspaces/plugin-java8-rhel8@sha256:d04f70c8340abaee1a282b77158d054f4faf2225bc17c79aafb413396c367782
plugin-java8-rhel8@sha256:d04f70c8340abaee1a282b77158d054f4faf2225bc17c79aafb413396c367782
registry.redhat.io/codeready-workspaces/plugin-kubernetes-rhel8@sha256:d87aed64704369a50d1e54a57815b699f74d4efad1401d1a638808e655a37e48
plugin-kubernetes-rhel8@sha256:d87aed64704369a50d1e54a57815b699f74d4efad1401d1a638808e655a37e48
registry.redhat.io/codeready-workspaces/plugin-openshift-rhel8@sha256:9c43a02b0dd0f66744359c5ccdb1f1780ecd92c3dc31b14d73b553ba763af8ab
plugin-openshift-rhel8@sha256:9c43a02b0dd0f66744359c5ccdb1f1780ecd92c3dc31b14d73b553ba763af8ab
registry.redhat.io/codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:d0eebf2c8b460adb75dc6bc5200aa9fd40d030b7b17c6b1c3b9d3c879f4652ee
pluginbroker-artifacts-rhel8@sha256:d0eebf2c8b460adb75dc6bc5200aa9fd40d030b7b17c6b1c3b9d3c879f4652ee
registry.redhat.io/codeready-workspaces/pluginbroker-metadata-rhel8@sha256:cff23432d1d397bbbc7df65be9d6ddf4a97a3ef1801708bb7bb7d2fa72dbcce3
pluginbroker-metadata-rhel8@sha256:cff23432d1d397bbbc7df65be9d6ddf4a97a3ef1801708bb7bb7d2fa72dbcce3
registry.redhat.io/codeready-workspaces/pluginregistry-rhel8@sha256:9f37917122c20fc83e6558a5484efab42650958b513a22920f449f948e50cd51
pluginregistry-rhel8@sha256:9f37917122c20fc83e6558a5484efab42650958b513a22920f449f948e50cd51
Red Hat CodeReady Workspaces 2.4 Installation Guide
24
registry.redhat.io/codeready-workspaces/server-rhel8@sha256:63bf304cd04576048012693e7e8544a5a703790f99551554a75798bc799b112b
server-rhel8@sha256:63bf304cd04576048012693e7e8544a5a703790f99551554a75798bc799b112b
registry.redhat.io/codeready-workspaces/stacks-cpp-rhel8@sha256:56543cfeeeac030821557ac4937db40f6845e874193c79c30267a680f9b2cbe7
stacks-cpp-rhel8@sha256:56543cfeeeac030821557ac4937db40f6845e874193c79c30267a680f9b2cbe7
registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:13628110b96de0e516ff2dfa29cdcaee64cd8f8978052c8160c294c332dba9f0
stacks-dotnet-rhel8@sha256:13628110b96de0e516ff2dfa29cdcaee64cd8f8978052c8160c294c332dba9f0
registry.redhat.io/codeready-workspaces/stacks-golang-rhel8@sha256:fef91718ccebc4cd9b89999f6b5df83bf3d60fce657f6f44eda092100549af2c
stacks-golang-rhel8@sha256:fef91718ccebc4cd9b89999f6b5df83bf3d60fce657f6f44eda092100549af2c
registry.redhat.io/codeready-workspaces/stacks-php-rhel8@sha256:b75f498954fbe858c74f80a89d132ba3560f40c0f697b0cd9550ed5663078ef6
stacks-php-rhel8@sha256:b75f498954fbe858c74f80a89d132ba3560f40c0f697b0cd9550ed5663078ef6
registry.redhat.io/codeready-workspaces/theia-endpoint-rhel8@sha256:942e1e6328169508e3fff8fd96c575d7a423339ced17dbf5813d61d1971adaef
theia-endpoint-rhel8@sha256:942e1e6328169508e3fff8fd96c575d7a423339ced17dbf5813d61d1971adaef
registry.redhat.io/codeready-workspaces/theia-rhel8@sha256:78edc9f75680cbe7f63774d9dfbbc505401486a73c8e420380e1d3078bdf9f2a
theia-rhel8@sha256:78edc9f75680cbe7f63774d9dfbbc505401486a73c8e420380e1d3078bdf9f2a
registry.redhat.io/jboss-eap-7/eap-xp1-openj9-11-openshift-rhel8@sha256:d6a7bdbf4726fe0e0e54c0bce9b2257bbd2a165c37cb4ec68e1f994716ffb15c
eap-xp1-openj9-11-openshift-rhel8@sha256:d6a7bdbf4726fe0e0e54c0bce9b2257bbd2a165c37cb4ec68e1f994716ffb15c
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
25
registry.redhat.io/jboss-eap-7/eap-xp1-openjdk11-openshift-rhel8@sha256:94e1cd4eb4196a358e301c1992663258c0016c80247f507fd1c39cf9a73da833
eap-xp1-openjdk11-openshift-rhel8@sha256:94e1cd4eb4196a358e301c1992663258c0016c80247f507fd1c39cf9a73da833
registry.redhat.io/jboss-eap-7/eap73-openjdk8-openshift-rhel7@sha256:24dea0cfc154a23c1aeb6b46ade182d0f981362f36b7e6fb9c7d8531ac639fe0
eap73-openjdk8-openshift-rhel7@sha256:24dea0cfc154a23c1aeb6b46ade182d0f981362f36b7e6fb9c7d8531ac639fe0
registry.redhat.io/rh-sso-7/sso74-openj9-openshift-rhel8@sha256:8e6c7874247053df431c25552c6e2edb050b2627ae21907149f419e0d9909135
sso74-openj9-openshift-rhel8@sha256:8e6c7874247053df431c25552c6e2edb050b2627ae21907149f419e0d9909135
registry.redhat.io/rh-sso-7/sso74-openshift-rhel8@sha256:ec6801343eb1ca085154d8d7481552f2e9debc414125413d25e42216aa5922af
sso74-openshift-rhel8@sha256:ec6801343eb1ca085154d8d7481552f2e9debc414125413d25e42216aa5922af
registry.redhat.io/rhel8/postgresql-96@sha256:fdc2398a25530547354714f2538c691d91b700e0cedef5361a3e7d96ddfd4e11
postgresql-96@sha256:fdc2398a25530547354714f2538c691d91b700e0cedef5361a3e7d96ddfd4e11
registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73
mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73
registry.redhat.io/ubi8-minimal@sha256:5cfbaf45ca96806917830c183e9f37df2e913b187aadb32e89fd83fa455ebaa6
ubi8-minimal@sha256:5cfbaf45ca96806917830c183e9f37df2e913b187aadb32e89fd83fa455ebaa6
3. Verify the images have the same digests:
$ skopeo inspect docker://$ skopeo inspect docker:////
4. Set the digests explicitly when different:
$ skopeo copy --all docker:// \ docker:////
Red Hat CodeReady Workspaces 2.4 Installation Guide
26
Additional resources
To find the sources of the images list, see the values of the relatedImages attribute in theCodeReady Workspaces Operator ClusterServiceVersion sources.
3.3.2.2. Preparing CodeReady Workspaces Custom Resource for restricted environment
When installing CodeReady Workspaces in a restricted environment using crwctl or OperatorHub,provide a CheCluster custom resource with additional information.
3.3.2.2.1. Downloading the default CheCluster Custom Resource
Procedure
1. Download the default custom resource YAML file.
2. Name the downloaded custom resource org_v1_che_cr.yaml. Keep it for further modificationand usage.
3.3.2.2.2. Customizing the CheCluster Custom Resource for restricted environment
Prerequisites
All required images available in an image registry that is visible to the OpenShift cluster whereCodeReady Workspaces is to be deployed. This is described in Section 3.3.2.1, “Preparing aprivate registry”, where the placeholders used in the following examples are also defined.
Procedure
1. In the CheCluster Custom Resource, which is managed by the CodeReady WorkspacesOperator, add the fields used to facilitate deploying an instance of CodeReady Workspaces in arestricted environment:
3.3.2.3. Starting CodeReady Workspaces installation in a restricted environment usingCodeReady Workspaces CLI management tool
This sections describes how to start the CodeReady Workspaces installation in a restricted environmentusing the CodeReady Workspaces CLI management tool.
Prerequisites
CodeReady Workspaces CLI management tool is installed. See Section 3.2.1, “Installing thecrwctl CLI management tool”.
The oc tool is installed.
Access to an OpenShift instance.
# [...]spec: server: airGapContainerRegistryHostname: '' airGapContainerRegistryOrganization: ''# [...]
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
27
https://github.com/redhat-developer/codeready-workspaces-operator/blob/crw-2.4-rhel-8/manifests/codeready-workspaces.csv.yamlhttps://github.com/redhat-developer/codeready-workspaces-operator/blob/2.4.0/deploy/crds/org_v1_che_cr.yaml
Procedure
1. Log in to OpenShift Container Platform:
$ oc login ${OPENSHIFT_API_URL} --username ${OPENSHIFT_USERNAME} \ --password ${OPENSHIFT_PASSWORD}
2. Install CodeReady Workspaces with a customized Custom Resource to add fields related to therestricted environment:
$ crwctl server:start \ --che-operator-image=//crw-2-rhel8-operator:2.4 \ --che-operator-cr-yaml=org_v1_che_cr.yaml
NOTE
For slow systems or internet connections, add the --k8spodwaittimeout=1800000option to the crwctl server:start command to extend the Pod timeout period to1800000 ms or longer.
3.3.3. Preparing CodeReady Workspaces Custom Resource for installing behind aproxy
This procedure describes how to provide necessary additional information to the CheCluster customresource when installing CodeReady Workspaces behind a proxy.
Procedure
1. In the CheCluster Custom Resource, which is managed by the CodeReady WorkspacesOperator, add the fields used to facilitate deploying an instance of CodeReady Workspaces in arestricted environment:
2. In addition to those basic settings, the proxy configuration usually requires adding the host ofthe external OpenShift cluster API URL in the list of the hosts to be accessed from CodeReadyWorkspaces without using the proxy.To retrieve this cluster API host, run the following command against the OpenShift cluster:
$ oc whoami --show-server | sed 's#https://##' | sed 's#:.*$##'
The corresponding field of the CheCluster Custom Resource is nonProxyHosts. If a hostalready exists in this field, use | as a delimiter to add the cluster API host:
# [...]spec: server: proxyURL: '' proxyPort: ''# [...]
# [...]spec: server:
Red Hat CodeReady Workspaces 2.4 Installation Guide
28
nonProxyHosts: 'anotherExistingHost|'# [...]
CHAPTER 3. INSTALLING CODEREADY WORKSPACES
29
CHAPTER 4. CONFIGURING CODEREADY WORKSPACESThe following chapter describes configuration methods and options for Red Hat CodeReadyWorkspaces, with some user stories as example.
Section 4.1, “Advanced configuration options for the CodeReady Workspaces servercomponent” describes advanced configuration methods to use when the previous method is notapplicable.
The next sections describe some specific user stories.
Section 4.2, “Configuring project strategies”
Section 4.3, “Running more than one workspace at a time”
Section 4.5, “Configuring workspaces nodeSelector”
Section 4.6, “Configuring Red Hat CodeReady Workspaces server hostname”
Section 4.7, “Deploying CodeReady Workspaces with support for Git repositories with self-signed certificates”
Section 4.8, “Installing CodeReady Workspaces using storage classes”
Section 4.9, “Configuring storage types”
Section 4.10, “Importing TLS certificates to CodeReady Workspaces server Java truststore”
4.1. ADVANCED CONFIGURATION OPTIONS FOR THE CODEREADYWORKSPACES SERVER COMPONENT
The following section describes advanced deployment and configuration methods for the CodeReadyWorkspaces server component.
4.1.1. Understanding CodeReady Workspaces server advanced configuration usingthe Operator
The following section describes the CodeReady Workspaces server component advanced configurationmethod for a deployment using the Operator.
Advanced configuration is necessary to:
Add environment variables not automatically generated by the Operator from the standard CheCluster Custom Resource fields.
Override the properties automatically generated by the Operator from the standard CheCluster Custom Resource fields.
The customCheProperties field, part of the CheCluster Custom Resource server settings, contains amap of additional environment variables to apply to the CodeReady Workspaces server component.
Example 4.1. Override the default memory limit for workspaces
Add the CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB property to customCheProperties:
Red Hat CodeReady Workspaces 2.4 Installation Guide
30
NOTE
Previous versions of the CodeReady Workspaces Operator had a configMap named custom to fulfill this role. If the CodeReady Workspaces Operator finds a configMap withthe name custom, it adds the data it contains into the customCheProperties field,redeploys CodeReady Workspaces, and deletes the custom configMap.
Additional resources
For the list of all parameters available in the CheCluster Custom Resource, see Chapter 2,Configuring the CodeReady Workspaces installation .
For the list of all parameters available to configure customCheProperties, see Section 4.1.2,“CodeReady Workspaces server component system properties reference”.
4.1.2. CodeReady Workspaces server component system properties reference
The following document describes all possible configuration properties of the CodeReady Workspacesserver component.
Table 4.1. Che server
Environment Variable Name Default value Description
CHE_DATABASE ${che.home}/storage Folder where CodeReadyWorkspaces will store internaldata objects
CHE_API http://${CHE_HOST}:${CHE_PORT}/api
API service. Browsers initiateREST communications toCodeReady Workspaces serverwith this URL
apiVersion: org.eclipse.che/v1kind: CheClustermetadata: name: codeready-workspaces namespace: spec: server: cheImageTag: '' devfileRegistryImage: '' pluginRegistryImage: '' tlsSupport: true selfSignedCert: false customCheProperties: CHE_WORKSPACE_DEFAULTMEMORYLIMIT__MB: "2048" auth:# [...]
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
31
CHE_WEBSOCKET_ENDPOINT
ws://${CHE_HOST}:${CHE_PORT}/api/websocket
CodeReady Workspaceswebsocket major endpoint.Provides basic communicationendpoint for major websocketinteraction/messaging.
CHE_WEBSOCKET_ENDPOINT__MINOR
ws://${CHE_HOST}:${CHE_PORT}/api/websocket-minor
CodeReady Workspaceswebsocket minor endpoint.Provides basic communicationendpoint for minor websocketinteraction/messaging.
CHE_WORKSPACE_STORAGE
${che.home}/workspaces Your projects are synchronizedfrom the CodeReady Workspacesserver into the machine runningeach workspace. This is thedirectory in the ws runtime whereyour projects are mounted.
CHE_WORKSPACE_PROJECTS_STORAGE
/projects Your projects are synchronizedfrom the CodeReady Workspacesserver into the machine runningeach workspace. This is thedirectory in the machine whereyour projects are placed.
CHE_WORKSPACE_PROJECTS_STORAGE_DEFAULT_SIZE
1Gi Used when devfile OpenShift/ostype components requestsproject PVC creation (applied incase of unique and perWorkspacePVC strategy. In case of commonPVC strategy, it will be rewrittenwith value ofche.infra.kubernetes.pvc.quantityproperty)
CHE_WORKSPACE_LOGS_ROOT__DIR
/workspace_logs Defines the directory inside themachine where all the workspacelogs are placed. The value of thisfolder should be provided intomachine e.g. like environmentvariable so agents developers canuse this directory for backupagents logs.
CHE_WORKSPACE_HTTP__PROXY
Configures proxies used byruntimes powering workspaces
CHE_WORKSPACE_HTTPS__PROXY
Configuresproxies used byruntimes powering workspaces
Environment Variable Name Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
32
CHE_WORKSPACE_NO__PROXY
Configuresproxiesused byruntimes powering workspaces
CHE_TRUSTED__CA__BUNDLES__CONFIGMAP
NULL When cluster wide proxy isconfigured, che-operator createsspecial configmap and allowsOpenShift Network operator toinject ca-bundle into it. Inaddition, it adds the keyCHE_TRUSTEDCABUNDLES__CONFIGMAP with name of thisconfigmap into CodeReadyWorkspaces server configmap(and corresponding ENVvariable). So by its presence wecan detect if proxy mode isenabled or not. This property isnot supposed to be set manuallyunless that specifically required.
CHE_WORKSPACE_AUTO__START
true By default, when users access to aworkspace with its URL theworkspace automatically starts ifit is stopped. You can set this tofalse to disable this.
CHE_WORKSPACE_POOL_TYPE
fixed Workspace threads poolconfiguration, this pool is used forworkspace related operations thatrequire asynchronous executione.g. starting/stopping. Possiblevalues are 'fixed', 'cached'
CHE_WORKSPACE_POOL_EXACT__SIZE
30 This property is ignored whenpool type is different from 'fixed'.Configures the exact size of thepool, if it’s set multiplier propertyis ignored. If this property is notset(0, < 0, NULL) then pool sizedto number of cores, it can bemodified within multiplier
CHE_WORKSPACE_POOL_CORES__MULTIPLIER
2 This property is ignored whenpool type is different from 'fixed'or exact pool size is set. If it’s setthe pool size will be N_CORES *multiplier
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
33
CHE_WORKSPACE_PROBE__POOL__SIZE
10 This property specifies how muchthreads to use for workspacesservers liveness probes
CHE_WORKSPACE_HTTP__PROXY__JAVA__OPTIONS
NULL Http proxy setting for workspaceJVM
CHE_WORKSPACE_JAVA__OPTIONS
-XX:MaxRAM=150m-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
Java command line options to beadded to JVM’s that runningwithin workspaces.
CHE_WORKSPACE_MAVEN__OPTIONS
-XX:MaxRAM=150m-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
Maven command line optionsadded to JVM’s that run agentswithin workspaces.
CHE_WORKSPACE_MAVEN__SERVER__JAVA__OPTIONS
-XX:MaxRAM=128m-XX:MaxRAMFraction=1 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom
Default java command lineoptions to be added to JVM thatrun maven server.
Environment Variable Name Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
34
CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB
1024 RAM limit default for eachmachine that has no RAMsettings in environment. Valueless or equal to 0 interpreted aslimit disabling.
CHE_WORKSPACE_DEFAULT__MEMORY__REQUEST__MB
200 RAM request default for eachcontainer that has no explicitRAM settings in environment. thisamount will be allocated onworkspace container creation thisproperty might not be supportedby all infrastructureimplementations: currently it issupported by OpenShift andOpenShift Container Platform ifdefault memory request is morethan the memory limit, request willbe ignored, and only limit will beused. Value less or equal to 0interpreted as disabling request.
CHE_WORKSPACE_DEFAULT__CPU__LIMIT__CORES
-1 CPU limit default for eachcontainer that has no CPUsettings in environment. Can bespecified either in floating pointcores number, e.g. 0.125 or in K8Sformat integer millicores e.g. 125mValue less or equal to 0interpreted as limit disabling.
CHE_WORKSPACE_DEFAULT__CPU__REQUEST__CORES
-1 CPU request default for eachcontainer that has no CPUsettings in environment. if defaultCPU request is more than theCPU limit, request will be ignored,and only limit will be used. Valueless or equal to 0 interpreted asdisabling this request.
CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB
128 RAM limit and request default foreach sidecar that has no RAMsettings in CodeReadyWorkspaces plugin configuration.Value less or equal to 0interpreted as limit disabling.
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
35
CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__REQUEST__MB
64 RAMlimit and request default foreach sidecar that has no RAMsettings in {prod-short} pluginconfiguration. Value less or equalto 0 interpreted as limit disabling.
CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__LIMIT__CORES
-1 CPU limit and request default foreach sidecar that has no CPUsettings in CodeReadyWorkspaces plugin configuration.Can be specified either in floatingpoint cores number, e.g. 0.125 orin K8S format integer millicorese.g. 125m Value less or equal to 0interpreted as disabling limit.
CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__REQUEST__CORES
-1 CPUlimit and request default foreach sidecar that has no CPUsettings in {prod-short} pluginconfiguration. Can be specifiedeither in floating point coresnumber, e.g. 0.125 or in K8Sformat integer millicores e.g. 125mValue less or equal to 0interpreted as disabling limit.
CHE_WORKSPACE_SIDECAR_IMAGE__PULL__POLICY
Always Define image pulling strategy forsidecars. Possible values are:Always, Never, IfNotPresent. Anyother value will be interpreted asunspecified policy (Always if:latest tag is specified, orIfNotPresent otherwise.)
CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__PERIOD__S
60 Period of inactive workspacessuspend job execution.
CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__PERIOD__S
3600 The period of the cleanup of theactivity table. The activity tablecan contain invalid or stale data ifsome unforeseen errors happen,like a server crash at a peculiarpoint in time. The default is to runthe cleanup job every hour.
Environment Variable Name Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
36
CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__INITIAL__DELAY__S
60 The delay after server startup tostart the first activity clean up job.
CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__DELAY__S
180 Delay before first workspaceidleness check job started toavoid mass suspend if ws masterwas unavailable for period closeto inactivity timeout.
CHE_WORKSPACE_CLEANUP__TEMPORARY__INITIAL__DELAY__MIN
5 Period of stopped temporaryworkspaces cleanup jobexecution.
CHE_WORKSPACE_CLEANUP__TEMPORARY__PERIOD__MIN
180 Periodof stopped temporaryworkspaces cleanup jobexecution.
CHE_WORKSPACE_SERVER_PING__SUCCESS__THRESHOLD
1 Number of sequential successfulpings to server after which it istreated as available. Note: theproperty is common for all serverse.g. workspace agent, terminal,exec etc.
CHE_WORKSPACE_SERVER_PING__INTERVAL__MILLISECONDS
3000 Interval, in milliseconds, betweensuccessive pings to workspaceserver.
CHE_WORKSPACE_SERVER_LIVENESS__PROBES
wsagent/http,exec-agent/http,terminal,theia,jupyter,dirigible,cloud-shell
List of servers names whichrequire liveness probes
CHE_WORKSPACE_STARTUP__DEBUG__LOG__LIMIT__BYTES
10485760 Limit size of the logs collectedfrom single container that can beobserved by che-server whendebugging workspace startup.default 10MB=10485760
CHE_WORKSPACE_STOP_ROLE_ENABLED
true If true, 'stop-workspace' role withthe edit privileges will be grantedto the 'che' ServiceAccount ifOpenShift OAuth is enabled. Thisconfiguration is mainly requiredfor workspace idling when theOpenShift OAuth is enabled.
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
37
Table 4.2. Templates
Environment Variable Name Default value Description
CHE_TEMPLATE_STORAGE ${che.home}/templates Folder that contains JSON fileswith code templates and samples
Table 4.3. Authentication parameters
Environment Variable Name Default value Description
CHE_AUTH_USER__SELF__CREATION
false CodeReady Workspaces has asingle identity implementation, sothis does not change the userexperience. If true, enables usercreation at API level
CHE_AUTH_ACCESS__DENIED__ERROR__PAGE
/error-oauth Authentication error page address
CHE_AUTH_RESERVED__USER__NAMES
Reserved user names
CHE_OAUTH_GITHUB_CLIENTID
NULL You can setup GitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.
CHE_OAUTH_GITHUB_CLIENTSECRET
NULL Youcan setup GitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.
CHE_OAUTH_GITHUB_AUTHURI
https://github.com/login/oauth/authorize
Youcansetup GitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.
CHE_OAUTH_GITHUB_TOKENURI
https://github.com/login/oauth/access_token
YoucansetupGitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.
Red Hat CodeReady Workspaces 2.4 Installation Guide
38
CHE_OAUTH_GITHUB_REDIRECTURIS
http://localhost:${CHE_PORT}/api/oauth/callback
YoucansetupGitHubOAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.
CHE_OAUTH_OPENSHIFT_CLIENTID
NULL Configuration of OpenShiftOAuth client. Used to obtainOpenShift OAuth token.
CHE_OAUTH_OPENSHIFT_CLIENTSECRET
NULL Configurationof OpenShift OAuthclient. Used to obtain OpenShiftOAuth token.
CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT
NULL ConfigurationofOpenShift OAuthclient. Used to obtain OpenShiftOAuth token.
CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL
NULL ConfigurationofOpenShiftOAuthclient. Used to obtain OpenShiftOAuth token.
Environment Variable Name Default value Description
Table 4.4. Internal
Environment Variable Name Default value Description
SCHEDULE_CORE__POOL__SIZE
10 CodeReady Workspacesextensions can be scheduledexecutions on a time basis. Thisconfigures the size of the threadpool allocated to extensions thatare launched on a recurringschedule.
ORG_EVERREST_ASYNCHRONOUS
false Everrest is a Java Web Servicestoolkit that manages JAX-RS &web socket communicationsUsers should rarely need toconfigure this. Disableasynchronous mechanism that isembedded in everrest.
ORG_EVERREST_ASYNCHRONOUS_POOL_SIZE
20 Quantity of asynchronousrequests which may be processedat the same time
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
39
ORG_EVERREST_ASYNCHRONOUS_QUEUE_SIZE
500 Size of queue. If asynchronousrequest can’t be processed afterconsuming it will be added inqueue.
ORG_EVERREST_ASYNCHRONOUS_JOB_TIMEOUT
10 Timeout in minutes for request. Ifafter timeout request is not doneor client did not come yet to getresult of request it may bediscarded.
ORG_EVERREST_ASYNCHRONOUS_CACHE_SIZE
1024 Size of cache for waiting, runningand ended request.
ORG_EVERREST_ASYNCHRONOUS_SERVICE_PATH
/async/ Path to asynchronous service
DB_SCHEMA_FLYWAY_BASELINE_ENABLED
true DB initialization and migrationconfiguration
DB_SCHEMA_FLYWAY_BASELINE_VERSION
5.0.0.8.1 DBinitialization and migrationconfiguration
DB_SCHEMA_FLYWAY_SCRIPTS_PREFIX
DBinitializationand migrationconfiguration
DB_SCHEMA_FLYWAY_SCRIPTS_SUFFIX
.sql DBinitializationandmigrationconfiguration
DB_SCHEMA_FLYWAY_SCRIPTS_VERSION__SEPARATOR
__ DBinitializationandmigrationconfiguration
DB_SCHEMA_FLYWAY_SCRIPTS_LOCATIONS
classpath:che-schema DBinitializationandmigrationconfiguration
Environment Variable Name Default value Description
Table 4.5. OpenShift Infra parameters
Environment Variable Name Default value Description
CHE_INFRA_KUBERNETES_MASTER__URL
Configuration of OpenShift clientthat Infra will use
CHE_INFRA_KUBERNETES_TRUST__CERTS
Configurationof OpenShift clientthat Infra will use
Red Hat CodeReady Workspaces 2.4 Installation Guide
40
CHE_INFRA_KUBERNETES_SERVER__STRATEGY
default-host Defines the way how servers areexposed to the world inOpenShift infra. List of strategiesimplemented in CodeReadyWorkspaces: default-host, multi-host, single-host
CHE_INFRA_KUBERNETES_SINGLE__HOST_WORKSPACE_EXPOSURE
native Defines the way in which theworkspace plugins and editors areexposed in the single-host mode.Supported exposures: - 'native':Exposes servers using OpenShiftIngresses. Works only onOpenShift.
CHE_INFRA_KUBERNETES_INGRESS_DOMAIN
Used to generate domain for aserver in a workspace in caseproperty che.infra.kubernetes.server_strategy is set to multi-host
CHE_INFRA_KUBERNETES_NAMESPACE
DEPRECATED - please do notchange the value of this propertyotherwise the existing workspaceswill loose data. Do not set it onnew installations. DefinesOpenShift namespace in which allworkspaces will be created. If notset, every workspace will becreated in a new namespace,where namespace = workspace idIt’s possible to use and placeholders (e.g.:che-workspace-). Inthat case, new namespace will becreated for each user. Serviceaccount with permission to createnew namespace must be used.Ignored for OpenShift infra. Use che.infra.openshift.projectinstead If the namespace pointedto by this property exists, it will beused for all workspaces. If it doesnot exist, the namespacespecified by theche.infra.kubernetes.namespace.default will be created and used.
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
41
CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT
-che Defines OpenShift defaultnamespace in which user’sworkspaces are created if userdoes not override it. It’s possibleto use , and placeholders (e.g.:che-workspace-). Inthat case, new namespace will becreated for each user (orworkspace). Is used by OpenShiftinfra as well to specify Project
CHE_INFRA_KUBERNETES_NAMESPACE_ALLOW__USER__DEFINED
false Defines if a user is able to specifyOpenShift namespace (orOpenShift project) different fromthe default. It’s NOTRECOMMENDED to configuredtrue without OAuth configured.This property is also used by theOpenShift infra.
CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME
NULL Defines OpenShift ServiceAccount name which should bespecified to be bound to allworkspaces pods. Note thatOpenShift Infrastructure won’tcreate the service account and itshould exist. OpenShiftinfrastructure will check if projectis predefined(if che.infra.openshift.project isnot empty): - if it is predefinedthen service account must existthere - if it is 'NULL' or emptystring then infrastructure willcreate new OpenShift project perworkspace and prepareworkspace service account withneeded roles there
Environment Variable Name Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
42
CHE_INFRA_KUBERNETES_WORKSPACE__SA__CLUSTER__ROLES
NULL Specifies optional, additionalcluster roles to use with theworkspace service account. Notethat the cluster role names mustalready exist, and the CodeReadyWorkspaces service accountneeds to be able to create a RoleBinding to associate these clusterroles with the workspace serviceaccount. The names are commaseparated. This propertydeprecates'che.infra.kubernetes.cluster_role_name'.
CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN
8 Defines time frame that limits theOpenShift workspace start time
CHE_INFRA_KUBERNETES_INGRESS__START__TIMEOUT__MIN
5 Defines the timeout in minutesthat limits the period for whichOpenShift Ingress become ready
CHE_INFRA_KUBERNETES_WORKSPACE__UNRECOVERABLE__EVENTS
FailedMount,FailedScheduling,MountVolume.SetUpfailed,Failed to pull image,FailedCreate
If during workspace startup anunrecoverable event defined inthe property occurs, terminateworkspace immediately instead ofwaiting until timeout Note thatthis SHOULD NOT include a mere'Failed' reason, because thatmight catch events that are notunrecoverable. A failed containerstartup is handled explicitly byCodeReady Workspaces server.
CHE_INFRA_KUBERNETES_PVC_ENABLED
true Defines whether use thePersistent Volume Claim for cheworkspace needs e.g backupprojects, logs etc or disable it.
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
43
CHE_INFRA_KUBERNETES_PVC_STRATEGY
common Defined which strategy will beused while choosing PVC forworkspaces. Supportedstrategies: - 'common' Allworkspaces in the sameOpenShift Namespace will reusethe same PVC. Name of PVC maybe configured with'che.infra.kubernetes.pvc.name'.Existing PVC will be used or newone will be created if it doesn’texist. - 'unique' Separate PVC foreach workspace’s volume will beused. Name of PVC is evaluatedas'{che.infra.kubernetes.pvc.name}+ '-' + `{generated_8_chars}’.Existing PVC will be used or a newone will be created if it doesn’texist. - 'per-workspace' SeparatePVC for each workspace will beused. Name of PVC is evaluatedas'{che.infra.kubernetes.pvc.name}+ '-' + `{WORKSPACE_ID}’.Existing PVC will be used or a newone will be created if it doesn’texist.
Environment Variable Name Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
44
CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS
true Defines whether to run a job thatcreates workspace’s subpathdirectories in persistent volumefor the 'common' strategy beforelaunching a workspace. Necessaryin some versions ofOpenShift/OpenShift asworkspace subpath volumemounts are created with rootpermissions, and thus cannot bemodified by workspaces runningas a user (presents an errorimporting projects into aworkspace in CodeReadyWorkspaces). The default is 'true',but should be set to false if theversion of Openshift/OpenShiftcreates subdirectories with userpermissions. Relevant issue:https://github.com/kubernetes/kubernetes/issues/41638 Notethat this property has effect onlyif the 'common' PVC strategyused.
CHE_INFRA_KUBERNETES_PVC_NAME
claim-che-workspace Defines the settings of PVC namefor che workspaces. Each PVCstrategy supplies this valuedifferently. See doc forche.infra.kubernetes.pvc.strategyproperty
CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME
Defines the storage class ofPersistent Volume Claim for theworkspaces. Empty strings means'use default'.
CHE_INFRA_KUBERNETES_PVC_QUANTITY
10Gi Defines the size of PersistentVolume Claim of che workspace.Format described here:https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html
CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE
centos:centos7 Pod that is launched whenperforming persistent volumeclaim maintenance jobs onOpenShift
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING CODEREADY WORKSPACES
45
https://github.com/kubernetes/kubernetes/issues/41638https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html
CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE_PULL__POLICY
IfNotPresent Image pull policy of container thatused for the maintenance jobs onOpenShift/OpenShift cluster
CHE_INFRA_KUBERNETES_PVC_JOBS_MEMORYLIMIT
250Mi Defines pod memory limit forpersistent volume claimmaintenance jobs
CHE_INFRA_KUBERNETES_PVC_ACCESS__MODE
ReadWriteOnce Defines Persistent Volume Claimaccess mode. Note that forcommon PVC strategy changingof access mode affects thenumber of simultaneously runningworkspaces. If OpenShift flavorwhere che running is using PVswith RWX access mode then alimit of running workspaces at thesame time bounded only by chelimits configuration like(RAM,CPU etc). Detailed informationabout access mode is describedhere:https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html
CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND
true Defines whether CodeReadyWorkspaces Server should waitworkspaces PVCs to becomebound after creating. It’s used byall PVC strategies. It should beset to false in case if volumeBindingMode isconfigured to WaitForFirstConsumerotherwise workspace starts willhangs up on phase of waitingPVCs. Default value is true(means that PVCs should bewaited to be bound)
CHE_INFRA_KUBERNETES_INSTALLER__SERVER__MIN__PORT
10000 Defined range of ports forinstallers servers By default,installer will use own port, but if itconflicts with another installerservers then OpenShiftinfrastructure will reconfigureinstaller to use first available fromthis range
Environment Variable Name Default value Description
Red Hat CodeReady Workspaces 2.4 Installation Guide
46
https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html
CHE_INFRA_KUBERNETES_INSTALLER__SERVER__MAX__PORT
20000 Definedrange of ports forinstallers servers By default,installer will use own port, but if itconflicts with another installerservers then OpenShiftinfrastructure will reconfigureinstaller to use first available fromthis range
CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON
NULL Defines annotations for ingresseswhich are used for serversexposing. Value depends on thekind of ingress controller.OpenShift infrastructure ignoresthis property because it usesRoutes instead of ingresses. Notethat for a single-host deploymentstrategy to work, a controllersupporting URL rewriting has tobe used (so that URLs can pointto different servers while theservers don’t need to supportchanging the app root). Theche.infra.kubernetes.ingress.path.rewrite_transform propertydefines how the path of theingress should be transformed tosupport the URL rewriting and thisproperty defines the set ofannotations on the ingress itselfthat instruct the chosen ingresscontroller to actually do the URLrewriting, potentially building onthe path transformation (ifrequired by the chosen ingresscontroller). For example for nginxingress controller 0.22.0 and laterthe following value isrecommended: {'ingress.kubernetes.io/rewrite-target': '/$1','ingress.kubernetes.io/ssl-redirect': 'false',\ 'ingress.kubernetes.io/proxy-connect-timeout': '3600','ingress.kubernetes.io/proxy-read-timeout': '3600'}and theche.infra.kubernetes.ingress.path.rewrite_transform should be setto '%s(.*)' For nginx ingresscontroller older than 0.22.0, therewrite-target should be set to
Environment Variable Name Default value Description
CHAPTER 4. CONFIGURING COD