Red Hat CodeReady Workspaces 2 · 2020. 11. 19. · C A T R C FG RNGC DER A YWORK P C S 4.1. ADVANCED CONFIGURATION OPTIONS FOR THE CODEREADY WORKSPACES SERVER COMPONENT 4.1.1. Understanding

Red Hat CodeReady Workspaces 2.4

Installation Guide

Installing Red Hat CodeReady Workspaces 2.4

Last Updated: 2020-12-18

Red Hat CodeReady Workspaces 2.4 Installation Guide

Installing Red Hat CodeReady Workspaces 2.4

Robert [email protected]

Michal Maléř[email protected]

Fabrice Flore-Thé[email protected]

Yana [email protected]

Legal Notice

Copyright © 2020 Red Hat, Inc.

The text of and illustrations in this document are licensed by Red Hat under a Creative CommonsAttribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA isavailable athttp://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you mustprovide the URL for the original version.

Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert,Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.

Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift,Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United Statesand other countries.

Linux ® is the registered trademark of Linus Torvalds in the United States and other countries.

Java ® is a registered trademark of Oracle and/or its affiliates.

XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United Statesand/or other countries.

MySQL ® is a registered trademark of MySQL AB in the United States, the European Union andother countries.

Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by theofficial Joyent Node.js open source or commercial project.

The OpenStack ® Word Mark and OpenStack logo are either registered trademarks/service marksor trademarks/service marks of the OpenStack Foundation, in the United States and othercountries and are used with the OpenStack Foundation's permission. We are not affiliated with,endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.

All other trademarks are the property of their respective owners.

Abstract

Information for administrators installing Red Hat CodeReady Workspaces.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Table of Contents

CHAPTER 1. SUPPORTED PLATFORMS

CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION2.1. UNDERSTANDING THE CHECLUSTER CUSTOM RESOURCE2.2. CHECLUSTER CUSTOM RESOURCE FIELDS REFERENCE

CHAPTER 3. INSTALLING CODEREADY WORKSPACES3.1. INSTALLING CODEREADY WORKSPACES ON OPENSHIFT 4 USING OPERATORHUB

3.1.1. Creating a project in OpenShift Web Console3.1.2. Installing the Red Hat CodeReady Workspaces Operator3.1.3. Creating an instance of the Red Hat CodeReady Workspaces Operator

3.2. INSTALLING CODEREADY WORKSPACES ON OPENSHIFT CONTAINER PLATFORM 3.113.2.1. Installing the crwctl CLI management tool3.2.2. Installing CodeReady Workspaces on OpenShift 3 using the Operator

3.3. INSTALLING CODEREADY WORKSPACES IN A RESTRICTED ENVIROMENT3.3.1. Installing CodeReady Workspaces in a restricted environment using OperatorHub3.3.2. Installing CodeReady Workspaces in a restricted environment using CLI management tool

3.3.2.1. Preparing a private registry3.3.2.2. Preparing CodeReady Workspaces Custom Resource for restricted environment

3.3.2.2.1. Downloading the default CheCluster Custom Resource3.3.2.2.2. Customizing the CheCluster Custom Resource for restricted environment

3.3.2.3. Starting CodeReady Workspaces installation in a restricted environment using CodeReadyWorkspaces CLI management tool

3.3.3. Preparing CodeReady Workspaces Custom Resource for installing behind a proxy

CHAPTER 4. CONFIGURING CODEREADY WORKSPACES4.1. ADVANCED CONFIGURATION OPTIONS FOR THE CODEREADY WORKSPACES SERVER COMPONENT

4.1.1. Understanding CodeReady Workspaces server advanced configuration using the Operator4.1.2. CodeReady Workspaces server component system properties reference

4.2. CONFIGURING PROJECT STRATEGIES4.2.1. One project per workspace strategy4.2.2. One project for all workspaces strategy4.2.3. One project per user strategy4.2.4. Allowing user-defined workspace projects

4.3. RUNNING MORE THAN ONE WORKSPACE AT A TIME4.4. CONFIGURING WORKSPACE EXPOSURE STRATEGIES

4.4.1. Workspace exposure strategies4.4.1.1. Multi-host strategy

4.4.2. Security considerations4.4.2.1. JSON web token (JWT) proxy4.4.2.2. Secured plug-ins and editors4.4.2.3. Secured container-image components4.4.2.4. Cross-site request forgery attacks4.4.2.5. Phishing attacks

4.5. CONFIGURING WORKSPACES NODESELECTOR4.6. CONFIGURING RED HAT CODEREADY WORKSPACES SERVER HOSTNAME4.7. DEPLOYING CODEREADY WORKSPACES WITH SUPPORT FOR GIT REPOSITORIES WITH SELF-SIGNEDCERTIFICATES4.8. INSTALLING CODEREADY WORKSPACES USING STORAGE CLASSES4.9. CONFIGURING STORAGE TYPES

4.9.1. Persistent storage

4

555

1515151516171718

20202121272727

2728

30

303031

6565666666666767686868686869696970

71727676

Table of Contents

1

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

4.9.2. Ephemeral storage4.9.3. Asynchronous storage4.9.4. Configuring storage type defaults for CodeReady Workspaces dashboard4.9.5. Idling asynchronous storage Pods

4.10. IMPORTING TLS CERTIFICATES TO CODEREADY WORKSPACES SERVER JAVA TRUSTSTORE

CHAPTER 5. UPGRADING CODEREADY WORKSPACES5.1. UPGRADING CODEREADY WORKSPACES USING OPERATORHUB5.2. UPGRADING CODEREADY WORKSPACES USING THE CLI MANAGEMENT TOOL5.3. UPGRADING CODEREADY WORKSPACES USING THE CLI MANAGEMENT TOOL IN RESTRICTEDENVIRONMENT

5.3.1. Understanding network connectivity in restricted environments5.3.2. Preparing a private registry5.3.3. Upgrading CodeReady Workspaces using the CLI management tool in restricted environment

CHAPTER 6. UNINSTALLING CODEREADY WORKSPACES6.1. UNINSTALLING CODEREADY WORKSPACES AFTER OPERATORHUB INSTALLATION USING THEOPENSHIFT WEB CONSOLE6.2. UNINSTALLING CODEREADY WORKSPACES AFTER OPERATORHUB INSTALLATION USINGOPENSHIFT CLI6.3. UNINSTALLING CODEREADY WORKSPACES AFTER CRWCTL INSTALLATION

7677788080

828282

83838489

91

91

9293


2

Table of Contents

3

CHAPTER 1. SUPPORTED PLATFORMSThis section describes the availability and the supported installation methods of CodeReadyWorkspaces 2.4 on OpenShift Container Platform and OpenShift Dedicated.

The minimal OpenShift Container Platform version supporting Red Hat CodeReady Workspaces isOpenShift Container Platform 3.11.

Table 1.1. Supported deployment environments for CodeReady Workspaces 2.4 on OpenShiftContainer Platform and OpenShift Dedicated

Platform Architecture Deployment method

OpenShift Container Platform3.11

AMD64 and Intel 64 (x86_64) crwctl


AMD64 and Intel 64 (x86_64) OperatorHub


IBM Z (s390x) OperatorHub


AMD64 and Intel 64 (x86_64) OperatorHub

OpenShift Dedicated 4.3 AMD64 and Intel 64 (x86_64) Add-On

NOTE

On OpenShift Container Platform 4.4 and 4.5, when the OperatorHubinstallation method is not available, consider using crwctl as an unofficial backupinstallation method.


4

CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACESINSTALLATION

The following section describes configuration options to install Red Hat CodeReady Workspaces usingthe Operator.

2.1. UNDERSTANDING THE CHECLUSTER CUSTOM RESOURCE

A default deployment of CodeReady Workspaces consist in the application of a parametrized CheCluster Custom Resource by the Red Hat CodeReady Workspaces Operator.

CheCluster Custom Resource

A YAML document describing the configuration of the overall CodeReady Workspacesinstallation.

Contains sections to configure each component: auth, database, server, storage.

Role of the Red Hat CodeReady Workspaces Operator

To translate the CheCluster Custom Resource into configuration (ConfigMap) usable byeach component of the CodeReady Workspaces installation.

Role of the OpenShift platform

To apply the configuration (ConfigMap) for each component.

To create the necessary Pods.

When OpenShift detects a change in the configuration of a component, it restarts the Podsaccordingly.

Example 2.1. Configuring the main properties of the CodeReady Workspaces server component

1. The user applies a CheCluster Custom Resource containing some configuration related tothe server.

2. The Operator generates a necessary ConfigMap, called che.

3. OpenShift detects change in the ConfigMap and triggers a restart of the CodeReadyWorkspaces Pod.

Additional resources

Understanding Operators.

Understanding Custom Resources .

To learn how to modify the CheCluster Custom Resource, see the chosen installationprocedure.

2.2. CHECLUSTER CUSTOM RESOURCE FIELDS REFERENCE

CHAPTER 2. CONFIGURING THE CODEREADY WORKSPACES INSTALLATION

5

https://docs.openshift.com/container-platform/latest/operators/olm-what-operators-are.htmlhttps://docs.openshift.com/container-platform/latest/operators/understanding/crds/crd-managing-resources-from-crds.html

This section describes all fields available to customize the CheCluster Custom Resource.

Example 2.2, “A minimal CheCluster Custom Resource example.”

Table 2.3, “CheCluster Custom Resource auth configuration settings related to authenticationused by CodeReady Workspaces installation”

Table 2.2, “CheCluster Custom Resource database configuration settings related to thedatabase used by CodeReady Workspaces”

Table 2.1, “CheCluster Custom Resource server settings, related to the CodeReadyWorkspaces server component.”

Table 2.4, “CheCluster Custom Resource storage configuration settings related to persistentstorage used by CodeReady Workspaces”

Table 2.5, “CheCluster Custom Resource k8s configuration settings specific to CodeReadyWorkspaces installations on OpenShift”

Table 2.6, “CheCluster Custom Resource status defines the observed state of CodeReadyWorkspaces installation”

Example 2.2. A minimal CheCluster Custom Resource example.

Table 2.1. CheCluster Custom Resource server settings, related to the CodeReady Workspacesserver component.

Property Default value Description

airGapContainerRegistryHostname

omit An optional host name or URL to an alternative containerregistry to pull images from. This value overrides the containerregistry host name defined in all default container imagesinvolved in a CodeReady Workspaces deployment. This isparticularly useful to install CodeReady Workspaces in an air-gapped environment.

apiVersion: org.eclipse.che/v1kind: CheClustermetadata: name: codeready-workspacesspec: auth: externalIdentityProvider: false database: externalDb: false server: selfSignedCert: false gitSelfSignedCert: false tlsSupport: true storage: pvcStrategy: 'common' pvcClaimSize: '1Gi'


6

airGapContainerRegistryOrganization

omit Optional repository name of an alternative container registry topull images from. This value overrides the container registryorganization defined in all the default container images involvedin a CodeReady Workspaces deployment. This is particularlyuseful to install CodeReady Workspaces in an air-gappedenvironment.

cheDebug false Enables the debug mode for CodeReady Workspaces server.

cheFlavor codeready-workspaces

Flavor of the installation.

cheHost The Operatorautomatically setsthe value.

A public host name of the installed CodeReady Workspacesserver.

cheImagePullPolicy

Always for nightly or latestimages, and IfNotPresent inother cases

Overrides the image pull policy used in CodeReady Workspacesdeployment.

cheImageTag omit Overrides the tag of the container image used in CodeReadyWorkspaces deployment. Omit it or leave it empty to use thedefault image tag provided by the Operator.

cheImage omit Overrides the container image used in CodeReady Workspacesdeployment. This does not include the container image tag.Omit it or leave it empty to use the default container imageprovided by the Operator.

cheLogLevel INFO Log level for the CodeReady Workspaces server: INFO or DEBUG.

cheWorkspaceClusterRole

omit Custom cluster role bound to the user for the CodeReadyWorkspaces workspaces. Omit or leave empty to use the defaultroles.

customCheProperties

omit Map of additional environment variables that will be applied inthe generated codeready-workspaces ConfigMap to beused by the CodeReady Workspaces server, in addition to thevalues already generated from other fields of the CheClusterCustom Resource (CR). If customCheProperties contains aproperty that would be normally generated in codeready-workspaces ConfigMap from other CR fields, then the valuedefined in the customCheProperties will be used instead.



7

devfileRegistryImage

omit Overrides the container image used in the Devfile registrydeployment. This includes the image tag. Omit it or leave itempty to use the default container image provided by theOperator.

devfileRegistryMemoryLimit

256Mi Overrides the memory limit used in the Devfile registrydeployment.

devfileRegistryMemoryRequest

16Mi Overrides the memory request used in the Devfile registrydeployment.

devfileRegistryPullPolicy


Overrides the image pull policy used in the Devfile registrydeployment.

devfileRegistryUrl

The Operatorautomatically setsthe value.

Public URL of the Devfile registry that serves sample, ready-to-use devfiles. Set it if you use an external devfile registry (see the externalDevfileRegistry field).

externalDevfileRegistry

false Instructs the Operator to deploy a dedicated Devfile registryserver. By default a dedicated devfile registry server is started. IfexternalDevfileRegistry set to true, the Operator does notstart a dedicated registry server automatically and you need toset the devfileRegistryUrl field manually.

externalPluginRegistry

false Instructs the Operator to deploy a dedicated Plugin registryserver. By default, a dedicated plug-in registry server is started.If externalPluginRegistry set to true, the Operator does notdeploy a dedicated server automatically and you need to set the pluginRegistryUrl field manually.

nonProxyHosts omit List of hosts that will not use the configured proxy. Use |` asdelimiter, for example localhost|my.host.com|123.42.12.32Only use when configuring a proxy is required (see also the proxyURL field).

pluginRegistryImage

omit Overrides the container image used in the Plugin registrydeployment. This includes the image tag. Omit it or leave itempty to use the default container image provided by theOperator.

pluginRegistryMemoryLimit

256Mi Overrides the memory limit used in the Plugin registrydeployment.



8

pluginRegistryMemoryRequest

16Mi Overrides the memory request used in the Plugin registrydeployment.

pluginRegistryPullPolicy


Overrides the image pull policy used in the Plugin registrydeployment.

pluginRegistryUrl

the Operator setsthe valueautomatically

Public URL of the Plugin registry that serves sample ready-to-use devfiles. Set it only when using an external devfile registry(see the externalPluginRegistry field).

proxyPassword omit Password of the proxy server. Only use when proxy configurationis required.

proxyPort omit Port of the proxy server. Only use when configuring a proxy isrequired (see also the proxyURL field).

proxyURL omit URL (protocol+host name) of the proxy server. This drives theappropriate changes in the JAVA_OPTS and https(s)_proxyvariables in the CodeReady Workspaces server and workspacescontainers. Only use when configuring a proxy is required.

proxyUser omit User name of the proxy server. Only use when configuring aproxy is required (see also the proxyURL field).

serverMemoryLimit

1Gi Overrides the memory limit used in the CodeReady Workspacesserver deployment.

serverMemoryRequest

512Mi Overrides the memory request used in the CodeReadyWorkspaces server deployment.

tlsSupport true Instructs the Operator to deploy CodeReady Workspaces in TLSmode.


Table 2.2. CheCluster Custom Resource database configuration settings related to the databaseused by CodeReady Workspaces


chePostgresDb dbche PostgreSQL database name that the CodeReady Workspacesserver uses to connect to the database.


9

chePostgresHostName


PostgreSQL Database host name that the CodeReadyWorkspaces server uses to connect to. Defaults to postgres.Override this value only when using an external database. (Seethe field externalDb.)

chePostgresPassword

auto-generatedvalue

PostgreSQL password that the CodeReady Workspaces serveruses to connect to the database.

chePostgresPort

5432 PostgreSQL Database port that the CodeReady Workspacesserver uses to connect to. Override this value only when using anexternal database (see field externalDb).

chePostgresUser

pgche PostgreSQL user that the CodeReady Workspaces server usesto connect to the database.

externalDb false Instructs the Operator to deploy a dedicated database. Bydefault, a dedicated PostgreSQL database is deployed as partof the CodeReady Workspaces installation. If set to true, theOperator does not deploy a dedicated database automatically,you need to provide connection details to an external database.See all the fields starting with: chePostgres.

postgresImagePullPolicy

Always` for nightly or latestimages, and IfNotPresent inother cases

Overrides the image pull policy used in the PostgreSQLdatabase deployment.

postgresImage omit Overrides the container image used in the PostgreSQLdatabase deployment. This includes the image tag. Omit it orleave it empty to use the default container image provided bythe Operator.


Table 2.3. CheCluster Custom Resource auth configuration settings related to authentication usedby CodeReady Workspaces installation


externalIdentityProvider

false By default, a dedicated Identity Provider server is deployed aspart of the CodeReady Workspaces installation. But if externalIdentityProvider is true, then no dedicated identityprovider will be deployed by the Operator and you might needto provide details about the external identity provider you wantto use. See also all the other fields starting with: identityProvider.

identityProviderAdminUserName

admin Overrides the name of the Identity Provider admin user.


10

identityProviderClientId

omit Name of an Identity provider (RH-SSO / RH SSO) client-idthat must be used for CodeReady Workspaces. This is useful tooverride it ONLY if you use an external Identity Provider (see theexternalIdentityProvider field). If omitted or left blank, it willbe set to the value of the flavor field suffixed with -public.

identityProviderImagePullPolicy


Overrides the image pull policy used in the Identity Provider(RH-SSO / RH SSO) deployment.

identityProviderImage

omit Overrides the container image used in the Identity Provider(RH-SSO / RH SSO) deployment. This includes the image tag.Omit it or leave it empty to use the default container imageprovided by the Operator.

identityProviderPassword

omit Overrides the password of RH-SSO admin user. Override it onlywhen using an external Identity Provider (see the externalIdentityProvider field). Omit or leave empty to setan auto-generated password.

identityProviderPostgresPassword


Password for The Identity Provider (RH-SSO / RH SSO) toconnect to the database. This is useful to override it ONLY if youuse an external Identity Provider (see the externalIdentityProvider field).

identityProviderRealm

omit Name of an Identity provider (RH-SSO / RH SSO) realm.Override it only when using an external Identity Provider (see theexternalIdentityProvider field). Omit or leave empty blank toset it to the value of the flavor field.

identityProviderURL


Instructs the Operator to deploy a dedicated Identity Provider(RH-SSO or RH SSO instance). Public URL of the IdentityProvider server (RH-SSO / RH SSO server). Set it only whenusing an external Identity Provider (see the externalIdentityProvider field).

oAuthClientName


Name of the OpenShift OAuthClient resource used to setupidentity federation on the OpenShift side. See also the OpenShiftoAuth field.

oAuthSecret the Operator setsthe valueautomatically

Name of the secret set in the OpenShift OAuthClient resourceused to setup identity federation on the OpenShift side. Seealso the OAuthClientName field.



11

openShiftoAuth true on OpenShift Enables the integration of the identity provider (RH-SSO /RHSSO) with OpenShift OAuth. This allows users to log in withtheir OpenShift login and have their workspaces created underpersonal OpenShift projects. The kubeadmin user is notsupported, and logging through does not allow access to theCodeReady Workspaces Dashboard.

updateAdminPassword

false Forces the default admin CodeReady Workspaces user toupdate password on first login.


Table 2.4. CheCluster Custom Resource storage configuration settings related to persistentstorage used by CodeReady Workspaces


postgresPVCStorageClassName

omit Storage class for the Persistent Volume Claim dedicated to thePostgreSQL database. Omitted or leave empty to use a defaultstorage class.

preCreateSubPaths

false Instructs the CodeReady Workspaces server to launch a specialPod to pre-create a subpath in the Persistent Volumes. Enable itaccording to the configuration of your K8S cluster.

pvcClaimSize 1Gi Size of the persistent volume claim for workspaces.

pvcJobsImage omit Overrides the container image used to create sub-paths in thePersistent Volumes. This includes the image tag. Omit it or leaveit empty to use the default container image provided by theOperator. See also the preCreateSubPaths field.

pvcStrategy common Available options:`common` (all workspaces PVCs in onevolume), per-workspace (one PVC per workspace for alldeclared volumes) and unique (one PVC per declared volume).

workspacePVCStorageClassName

omit Storage class for the Persistent Volume Claims dedicated to theCodeReady Workspaces workspaces. Omit or leave empty touse a default storage class.

Table 2.5. CheCluster Custom Resource k8s configuration settings specific to CodeReadyWorkspaces installations on OpenShift


ingressClass nginx Ingress class that defines which controller manages ingresses.


12

ingressDomain omit Global ingress domain for a K8S cluster. This field must beexplicitly specified. This drives the is kubernetes.io/ingress.class annotation on CodeReadyWorkspaces-related ingresses.

ingressStrategy multi-host Strategy for ingress creation. This can be multi-host (host isexplicitly provided in ingress), single-host (host is provided,path-based rules) and default-host.*(no host is provided,path-based rules).

securityContextFsGroup,omitempty

1724 FSGroup the CodeReady Workspaces Pod and Workspace Podscontainers run in.

securityContextRunAsUser

1724 ID of the user the CodeReady Workspaces Pod and WorkspacePods containers run as.

tlsSecretName omit Name of a secret that is used to set ingress TLS termination ifTLS is enabled. See also the tlsSupport field.


Table 2.6. CheCluster Custom Resource status defines the observed state of CodeReadyWorkspaces installation

Property Description

cheClusterRunning Status of a CodeReady Workspaces installation. Can be Available, Unavailable,or Available, Rolling Update in Progress.

cheURL Public URL to the CodeReady Workspaces server.

cheVersion Currently installed CodeReady Workspaces version.

dbProvisioned Indicates whether a PostgreSQL instance has been correctly provisioned.

devfileRegistryURL Public URL to the Devfile registry.

helpLink A URL to where to find help related to the current Operator status.

keycloakProvisioned Indicates whether an Identity Provider instance (RH-SSO / RH SSO) has beenprovisioned with realm, client and user.

keycloakURL Public URL to the Identity Provider server (RH-SSO / RH SSO).

message A human-readable message with details about why the Pod is in this state.


13

openShiftoAuthProvisioned

Indicates whether an Identity Provider instance (RH-SSO / RH SSO) has beenconfigured to integrate with the OpenShift OAuth.

pluginRegistryURL Public URL to the Plugin registry.

reason A brief CamelCase message with details about why the Pod is in this state.

Property Description


14

CHAPTER 3. INSTALLING CODEREADY WORKSPACESThis section contains instructions to install Red Hat CodeReady Workspaces. The installation methoddepends on the target platform and the environment restrictions.

3.1. INSTALLING CODEREADY WORKSPACES ON OPENSHIFT 4 USINGOPERATORHUB

This section describes how to install CodeReady Workspaces using the CodeReady WorkspacesOperator available in OpenShift 4 web console.

Operators are a method of packaging, deploying, and managing an OpenShift application which alsoprovide the following:

Repeatability of installation and upgrade.

Constant health checks of every system component.

Over-the-air (OTA) updates for OpenShift components and independent software vendor(ISV) content.

A place to encapsulate knowledge from field engineers and spread it to all users.

Prerequisites

An administrator account on a running instance of OpenShift 4.

3.1.1. Creating a project in OpenShift Web Console

A project allows to organize and manage different resources on the cluster in an isolated unit. Create aproject first to host the Red Hat CodeReady Workspaces Operator.

Procedure

1. Open the OpenShift web console, in the left panel navigate to the Home → Projects section.

2. Click Create Project.

3. Specify the project details:

Name: openshift-workspaces

Display Name: Red Hat CodeReady Workspaces

Description: Red Hat CodeReady Workspaces

3.1.2. Installing the Red Hat CodeReady Workspaces Operator

Red Hat CodeReady Workspaces Operator provides all the resources for running CodeReadyWorkspaces, such as PostgreSQL, RH-SSO, image registries, and the CodeReady Workspaces server,and also configures all these services.

Prerequisites

CHAPTER 3. INSTALLING CODEREADY WORKSPACES

15

Access to the Web Console on the cluster.

Procedure

1. To install the Red Hat CodeReady Workspaces Operator, in the left panel, navigate to theOperators → OperatorHub section.

2. In the Filter by keyword field, type Red Hat CodeReady Workspaces and click the Red HatCodeReady Workspaces tile.

3. In the Red Hat CodeReady Workspaces pop-up window, click the Install button.

4. On the Install Operator screen, specify the following options:

Installation mode: A specific project on the cluster

Installed Namespace: *Pick an existing project → openshift-workspaces

Verification steps

1. To verify the Red Hat CodeReady Workspaces Operator has installed correctly, in the left panelnavigate to the Operators → Installed Operators section.

2. In the Installed Operators screen, click the Red Hat CodeReady Workspaces name andnavigate to the Details tab.

3. In the ClusterServiceVersion Details section at the bottom of the page, wait for thesemessages:

Status: Succeeded

Status Reason: install strategy completed with no errors

4. Navigate to the Events tab and wait for this message: install strategy completed with no errors.

3.1.3. Creating an instance of the Red Hat CodeReady Workspaces Operator

Follow this procedure to install Red Hat CodeReady Workspaces with the default configuration. Tomodify the configuration, see Chapter 2, Configuring the CodeReady Workspaces installation .

Procedure

1. To create an instance of the Red Hat CodeReady Workspaces Operator, in the left panel,navigate to the Operators → Installed Operators section.

2. In the Installed Operators screen, click the Red Hat CodeReady Workspaces name.

3. In the Operator Details screen, in the Details tab, inside of the Provided APIs section, click theCreate Instance link.

4. The Create CheCluster page contains the configuration of the overall CodeReady Workspacesinstance to create. It is the CheCluster Custom Resource. Keep the default values.

5. To create the codeready-workspaces cluster, click the Create button in the lower left corner ofthe window.


16

6. On the Operator Details screen, in the Red Hat CodeReady Workspaces Cluster tab, click onthe codeready-workspaces link.

7. To navigate to the codeready-workspaces instance, click the link under Red Hat CodeReadyWorkspaces URL.

NOTE

The installation might take more than 5 minutes. The URL appears after the RedHat CodeReady Workspaces installation finishes.

Verification steps

1. To verify that the Red Hat CodeReady Workspaces instance has installed correctly, navigate tothe CodeReady Workspaces Cluster tab. The CheClusters screen displays the list of Red HatCodeReady Workspaces instances and their status.

2. Click codeready-workspaces CheCluster in the table and navigate to the Details tab.

3. See the content of following fields:

Message: the field contains error messages, if any. The expected content is None.

Red Hat CodeReady Workspaces URL: displays the URL of the Red Hat CodeReadyWorkspaces instance, once the deployment is successful.

4. Navigate to the Resources tab. The screen displays the list of the resources assigned to theCodeReady Workspaces deployment.

5. To see more details about the state of a resource, click its name and inspect the content of theavailable tabs.


https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/end-user_guide/index#navigating-codeready-workspaces-using-the-dashboard_crw.

https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/administration_guide/index#viewing-operator-events.adoc.

It is possible to use the crwctl utility script for deploying CodeReady Workspaces on OpenShiftContainer Platform and OpenShift Dedicated versions 4.5. This method is unofficial and servesas a backup installation method for situations where the installation method using OperatorHubis not available. See the Section 3.2.2, “Installing CodeReady Workspaces on OpenShift 3 usingthe Operator” section.

3.2. INSTALLING CODEREADY WORKSPACES ON OPENSHIFTCONTAINER PLATFORM 3.11

3.2.1. Installing the crwctl CLI management tool

This section describes how to install crwctl, the CodeReady Workspaces CLI management tool.

Procedure


17

https://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/end-user_guide/index#navigating-codeready-workspaces-using-the-dashboard_crwhttps://access.redhat.com/documentation/en-us/red_hat_codeready_workspaces/2.4/html-single/administration_guide/index#viewing-operator-events.adoc

1. Navigate to https://developers.redhat.com/products/codeready-workspaces/download.

2. Download the CodeReady Workspaces CLI management tool archive for version 2.4.

3. Extract the archive to a folder, such as ${HOME}/crwctl or /opt/crwctl.

4. Run the crwctl executable from the extracted folder. In this example, ${HOME}/crwctl/bin/crwctl version.

5. Optionally, add the bin folder to your $PATH, for example, PATH=${PATH}:${HOME}/crwctl/bin to enable running crwctl without the full pathspecification.

Verification step

Running crwctl version displays the current version of the tool.

3.2.2. Installing CodeReady Workspaces on OpenShift 3 using the Operator

This section describes how to install CodeReady Workspaces on OpenShift 3 with the crwctl CLImanagement tool. The method of installation is using the Operator and enable TLS (HTTPS).

NOTE

Methods for updating from a previous CodeReady Workspaces installation and enablingmultiple instances in the same OpenShift Container Platform 3.11 cluster are providedbelow the installation procedure.

Operators are a method of packaging, deploying, and managing a OpenShift application which alsoprovide the following:

Repeatability of installation and upgrade.

Constant health checks of every system component.

Over-the-air (OTA) updates for OpenShift components and independent software vendor(ISV) content.

A place to encapsulate knowledge from field engineers and spread it to all users.

TIP

This approach is only supported for use with OpenShift Container Platform and OpenShift Dedicatedversion 3.11, but also work for newer versions of OpenShift Container Platform and OpenShiftDedicated, and serves as a backup installation method for situations when the installation method usingOperatorHub is not available.

Prerequisites

Administrator rights on a running instance of OpenShift 3.11.

An installation of the oc OpenShift 3.11 CLI management tool. See Installing the OpenShift 3.11CLI.

An installation of the crwctl management tool. See Section 3.2.1, “Installing the crwctl CLImanagement tool”.


18

https://developers.redhat.com/products/codeready-workspaces/downloadhttps://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html#installing-the-cli

To apply settings that the main crwctl command-line parameters cannot set, prepare aconfiguration file operator-cr-patch.yaml that will override the default values in the CheCluster Custom Resource used by the Operator. See Chapter 2, Configuring theCodeReady Workspaces installation.

represents the project of the target installation.

Procedure

1. Log in to OpenShift. See Basic Setup and Login .

$ oc login

2. Run the following command to verify that the version of the oc OpenShift CLI managementtool is 3.11:

$ oc versionoc v3.11.0+0cbc58b

3. Run the following command to create the CodeReady Workspaces instance

In the user-defined :

$ crwctl server:start -n -p openshift

In the default project called openshift-workspaces:

$ crwctl server:start -p openshift

Verification steps

1. The output of the previous command ends with:

Command server:start has completed successfully.

2. Navigate to the CodeReady Workspaces cluster instance: https://codeready-..

Upgrading from a previous CodeReady Workspaces installation

To upgrade from a previous CodeReady Workspaces installation in the same OpenShiftContainer Platform 3.11 cluster, remove the Custom Resource Definition and the Cluster Roles:

$ oc delete customresourcedefinition/checlusters.org.eclipse.che$ oc patch customresourcedefinition/checlusters.org.eclipse.che \ --type merge \ -p '{ "metadata": { "finalizers": null }}'$ oc delete clusterrole codeready-operator

Having multiple CodeReady Workspaces deployments

To have multiple CodeReady Workspaces deployments in parallel using different versions in thesame OpenShift Container Platform 3.11 cluster, create a new service account for the new


19

https://docs.openshift.com/container-platform/3.11/cli_reference/get_started_cli.html#basic-setup-and-login

deployment. It is, however, strongly recommended that you update all your old CodeReadyWorkspaces deployments to the latest version instead, as this mix of versions may causeunexpected and unsupported results.

$ oc patch clusterrolebinding codeready-operator \ --type='json' \ -p '[{"op": "add", "path": "/subjects/0", "value": {"kind":"ServiceAccount", "namespace": "", "name": "codeready-operator"} }]'

3.3. INSTALLING CODEREADY WORKSPACES IN A RESTRICTEDENVIROMENT

By default, Red Hat CodeReady Workspaces uses various external resources, mainly container imagesavailable in public registries.

To deploy CodeReady Workspaces in an environment where these external resources are not available(for example, on a cluster that is not exposed to the public Internet):

1. Identify the image registry used by the OpenShift cluster, and ensure you can push to it.

2. Push all the images needed for running CodeReady Workspaces to this registry.

3. Configure CodeReady Workspaces to use the images that have been pushed to the registry.

4. Proceed to the CodeReady Workspaces installation.

The procedure for installing CodeReady Workspaces in restricted environments is different based onthe installation method you use:

Installation using OperatorHub on Openshift 4.3 and above

Installation using the crwctl management tool on both OpenShift 3.11 or 4.x

Notes on network connectivity in restricted environments

Restricted network environments range from a private subnet in a cloud provider to a separate networkowned by a company, disconnected from the public Internet. Regardless of the network configuration,CodeReady Workspaces works provided that the Routes that are created for CodeReadyWorkspaces components (codeready-workspaces-server, identity provider, devfile and pluginregistries) are accessible from inside the OpenShift cluster.

Take into account the network topology of the environment to determine how best to accomplish this.For example, on a network owned by a company or an organization, the network administrators mustensure that traffic bound from the cluster can be routed to Route hostnames. In other cases, forexample, on AWS, create a proxy configuration allowing the traffic to leave the node to reach anexternal-facing Load Balancer.

When the restricted network involves a proxy, follow the instructions provided in Section 3.3.3,“Preparing CodeReady Workspaces Custom Resource for installing behind a proxy”.

3.3.1. Installing CodeReady Workspaces in a restricted environment usingOperatorHub

Prerequisites

A running OpenShift cluster. See the OpenShift Container Platform 4.3 documentation for


20

A running OpenShift cluster. See the OpenShift Container Platform 4.3 documentation forinstructions on how to install an OpenShift cluster on a restricted network.

Access to the mirror registry used to installed the OpenShift disconnected cluster in restrictednetwork. See the Related OpenShift Container Platform 4.3 documentation about creating amirror registry for installation in a restricted network.

On disconnected OpenShift 4 clusters running on restricted networks, an Operator can be successfullyinstalled from OperatorHub only if it meets the additional requirements defined in Enabling yourOperator for restricted network environments.

The CodeReady Workspaces operator meets these requirements and is therefore compatible with theofficial documentation about OLM on a restricted network .

Procedure

To install CodeReady Workspaces from OperatorHub:

1. Build a redhat-operators catalog image. See Building an Operator catalog image .

2. Configure OperatorHub to use this catalog image for operator installations. See ConfiguringOperatorHub for restricted networks.

3. Proceed to the CodeReady Workspaces installation as usual as described in Section 3.1,“Installing CodeReady Workspaces on OpenShift 4 using OperatorHub”.

3.3.2. Installing CodeReady Workspaces in a restricted environment using CLImanagement tool

NOTE

Use CodeReady Workspaces CLI management tool to install CodeReady Workspaces onrestricted networks if installation through OperatorHub is not available. This method issupported for OpenShift Container Platform 3.11.

Prerequisites

A running OpenShift cluster. See the OpenShift Container Platform 3.11 documentation forinstructions on how to install an OpenShift cluster.

3.3.2.1. Preparing a private registry

Prerequisites

The oc tool is available.

The skopeo tool, version 0.1.40 or later, is available.

The podman tool is available.

An image registry accessible from the OpenShift cluster and supporting the format of the V2image manifest, schema version 2. Ensure you can push to it from a location having, at leasttemporarily, access to the internet.

Table 3.1. Placeholders used in examples


21

https://docs.openshift.com/container-platform/4.3/welcome/index.htmlhttps://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html#installing-restricted-networks-preparationshttps://docs.openshift.com/container-platform/4.3/operators/operator_sdk/osdk-generating-csvs.html#olm-enabling-operator-for-restricted-network_osdk-generating-csvshttps://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.htmlhttps://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html#olm-building-operator-catalog-image_olm-restricted-networkshttps://docs.openshift.com/container-platform/4.3/operators/olm-restricted-networks.html#olm-restricted-networks-operatorhub_olm-restricted-networkshttps://docs.openshift.com/container-platform/3.11/welcome/index.html

Full coordinates of the source image, including registry, organization, anddigest.

Host name and port of the target container-image registry.

Organization in the target container-image registry

Image name and digest in the target container-image registry.

User name in the target container-image registry.

User password in the target container-image registry.

Procedure

1. Log into the internal image registry:

$ podman login --username --password

TIP

If you meet an error, such as x509: certificate signed by unknown authority, when attemptingto push to the internal registry, try one of these workarounds:

add the OpenShift cluster’s certificate to /etc/containers/certs.d/

add the registry as an insecure registry by adding the following lines to the Podmanconfiguration file located at /etc/containers/registries.conf:

[registries.insecure]registries = ['']

2. Copy images without changing their digest. Repeat this step for every image in the followingtable:

$ skopeo copy --all docker:// \ docker:////

NOTE


22

NOTE

Table 3.2. Understanding the usage of the container-images from the prefixor keyword they include in their name

Usage Prefix or keyword

Essential not stacks-, plugin-, or -openj-

Workspaces stacks-, plugin-

Z and Power -openj-

Table 3.3. Images to copy in the private registry

registry.redhat.io/codeready-workspaces/crw-2-rhel8-operator@sha256:89763ddec38a5925a052fa7ea75fc5a0db39124cada1e2d33b6eba3e32e8a7c6

crw-2-rhel8-operator@sha256:89763ddec38a5925a052fa7ea75fc5a0db39124cada1e2d33b6eba3e32e8a7c6

registry.redhat.io/codeready-workspaces/devfileregistry-rhel8@sha256:7702adb0ed28b635e45804e87fe5dd98bdd3aa766fed7845a8ce509b91c22e36

devfileregistry-rhel8@sha256:7702adb0ed28b635e45804e87fe5dd98bdd3aa766fed7845a8ce509b91c22e36

registry.redhat.io/codeready-workspaces/jwtproxy-rhel8@sha256:8afecd5b0edc7734532ee76ff9eac1fc4814d8aaa6c9be440a2a88a20c014e4e

jwtproxy-rhel8@sha256:8afecd5b0edc7734532ee76ff9eac1fc4814d8aaa6c9be440a2a88a20c014e4e

registry.redhat.io/codeready-workspaces/machineexec-rhel8@sha256:c9bebc895e5fa5a0bd4ecaedfd5384ab75a45a96b6314ba5d4a6f4c1e8e109f9

machineexec-rhel8@sha256:c9bebc895e5fa5a0bd4ecaedfd5384ab75a45a96b6314ba5d4a6f4c1e8e109f9

registry.redhat.io/codeready-workspaces/plugin-java11-openj9-rhel8@sha256:27a71612f9bd3bee77adb4e164c44c61cf5085458d592215b2fe74c55d11abc6

plugin-java11-openj9-rhel8@sha256:27a71612f9bd3bee77adb4e164c44c61cf5085458d592215b2fe74c55d11abc6


23

registry.redhat.io/codeready-workspaces/plugin-java11-rhel8@sha256:e9deebbc320d28a2f425e858ed3dcf87fc67a40f6654d6eb7c2b6feea022b7d6

plugin-java11-rhel8@sha256:e9deebbc320d28a2f425e858ed3dcf87fc67a40f6654d6eb7c2b6feea022b7d6

registry.redhat.io/codeready-workspaces/plugin-java8-openj9-rhel8@sha256:14f2774e92b70d85280e506f81e2ea9a89c26490fd53a4421df8a694bd944d2d

plugin-java8-openj9-rhel8@sha256:14f2774e92b70d85280e506f81e2ea9a89c26490fd53a4421df8a694bd944d2d

registry.redhat.io/codeready-workspaces/plugin-java8-rhel8@sha256:d04f70c8340abaee1a282b77158d054f4faf2225bc17c79aafb413396c367782

plugin-java8-rhel8@sha256:d04f70c8340abaee1a282b77158d054f4faf2225bc17c79aafb413396c367782

registry.redhat.io/codeready-workspaces/plugin-kubernetes-rhel8@sha256:d87aed64704369a50d1e54a57815b699f74d4efad1401d1a638808e655a37e48

plugin-kubernetes-rhel8@sha256:d87aed64704369a50d1e54a57815b699f74d4efad1401d1a638808e655a37e48

registry.redhat.io/codeready-workspaces/plugin-openshift-rhel8@sha256:9c43a02b0dd0f66744359c5ccdb1f1780ecd92c3dc31b14d73b553ba763af8ab

plugin-openshift-rhel8@sha256:9c43a02b0dd0f66744359c5ccdb1f1780ecd92c3dc31b14d73b553ba763af8ab

registry.redhat.io/codeready-workspaces/pluginbroker-artifacts-rhel8@sha256:d0eebf2c8b460adb75dc6bc5200aa9fd40d030b7b17c6b1c3b9d3c879f4652ee

pluginbroker-artifacts-rhel8@sha256:d0eebf2c8b460adb75dc6bc5200aa9fd40d030b7b17c6b1c3b9d3c879f4652ee

registry.redhat.io/codeready-workspaces/pluginbroker-metadata-rhel8@sha256:cff23432d1d397bbbc7df65be9d6ddf4a97a3ef1801708bb7bb7d2fa72dbcce3

pluginbroker-metadata-rhel8@sha256:cff23432d1d397bbbc7df65be9d6ddf4a97a3ef1801708bb7bb7d2fa72dbcce3

registry.redhat.io/codeready-workspaces/pluginregistry-rhel8@sha256:9f37917122c20fc83e6558a5484efab42650958b513a22920f449f948e50cd51

pluginregistry-rhel8@sha256:9f37917122c20fc83e6558a5484efab42650958b513a22920f449f948e50cd51


24

registry.redhat.io/codeready-workspaces/server-rhel8@sha256:63bf304cd04576048012693e7e8544a5a703790f99551554a75798bc799b112b

server-rhel8@sha256:63bf304cd04576048012693e7e8544a5a703790f99551554a75798bc799b112b

registry.redhat.io/codeready-workspaces/stacks-cpp-rhel8@sha256:56543cfeeeac030821557ac4937db40f6845e874193c79c30267a680f9b2cbe7

stacks-cpp-rhel8@sha256:56543cfeeeac030821557ac4937db40f6845e874193c79c30267a680f9b2cbe7

registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:13628110b96de0e516ff2dfa29cdcaee64cd8f8978052c8160c294c332dba9f0

stacks-dotnet-rhel8@sha256:13628110b96de0e516ff2dfa29cdcaee64cd8f8978052c8160c294c332dba9f0

registry.redhat.io/codeready-workspaces/stacks-golang-rhel8@sha256:fef91718ccebc4cd9b89999f6b5df83bf3d60fce657f6f44eda092100549af2c

stacks-golang-rhel8@sha256:fef91718ccebc4cd9b89999f6b5df83bf3d60fce657f6f44eda092100549af2c

registry.redhat.io/codeready-workspaces/stacks-php-rhel8@sha256:b75f498954fbe858c74f80a89d132ba3560f40c0f697b0cd9550ed5663078ef6

stacks-php-rhel8@sha256:b75f498954fbe858c74f80a89d132ba3560f40c0f697b0cd9550ed5663078ef6

registry.redhat.io/codeready-workspaces/theia-endpoint-rhel8@sha256:942e1e6328169508e3fff8fd96c575d7a423339ced17dbf5813d61d1971adaef

theia-endpoint-rhel8@sha256:942e1e6328169508e3fff8fd96c575d7a423339ced17dbf5813d61d1971adaef

registry.redhat.io/codeready-workspaces/theia-rhel8@sha256:78edc9f75680cbe7f63774d9dfbbc505401486a73c8e420380e1d3078bdf9f2a

theia-rhel8@sha256:78edc9f75680cbe7f63774d9dfbbc505401486a73c8e420380e1d3078bdf9f2a

registry.redhat.io/jboss-eap-7/eap-xp1-openj9-11-openshift-rhel8@sha256:d6a7bdbf4726fe0e0e54c0bce9b2257bbd2a165c37cb4ec68e1f994716ffb15c

eap-xp1-openj9-11-openshift-rhel8@sha256:d6a7bdbf4726fe0e0e54c0bce9b2257bbd2a165c37cb4ec68e1f994716ffb15c


25

registry.redhat.io/jboss-eap-7/eap-xp1-openjdk11-openshift-rhel8@sha256:94e1cd4eb4196a358e301c1992663258c0016c80247f507fd1c39cf9a73da833

eap-xp1-openjdk11-openshift-rhel8@sha256:94e1cd4eb4196a358e301c1992663258c0016c80247f507fd1c39cf9a73da833

registry.redhat.io/jboss-eap-7/eap73-openjdk8-openshift-rhel7@sha256:24dea0cfc154a23c1aeb6b46ade182d0f981362f36b7e6fb9c7d8531ac639fe0

eap73-openjdk8-openshift-rhel7@sha256:24dea0cfc154a23c1aeb6b46ade182d0f981362f36b7e6fb9c7d8531ac639fe0

registry.redhat.io/rh-sso-7/sso74-openj9-openshift-rhel8@sha256:8e6c7874247053df431c25552c6e2edb050b2627ae21907149f419e0d9909135

sso74-openj9-openshift-rhel8@sha256:8e6c7874247053df431c25552c6e2edb050b2627ae21907149f419e0d9909135

registry.redhat.io/rh-sso-7/sso74-openshift-rhel8@sha256:ec6801343eb1ca085154d8d7481552f2e9debc414125413d25e42216aa5922af

sso74-openshift-rhel8@sha256:ec6801343eb1ca085154d8d7481552f2e9debc414125413d25e42216aa5922af

registry.redhat.io/rhel8/postgresql-96@sha256:fdc2398a25530547354714f2538c691d91b700e0cedef5361a3e7d96ddfd4e11

postgresql-96@sha256:fdc2398a25530547354714f2538c691d91b700e0cedef5361a3e7d96ddfd4e11

registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73

mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73

registry.redhat.io/ubi8-minimal@sha256:5cfbaf45ca96806917830c183e9f37df2e913b187aadb32e89fd83fa455ebaa6

ubi8-minimal@sha256:5cfbaf45ca96806917830c183e9f37df2e913b187aadb32e89fd83fa455ebaa6

3. Verify the images have the same digests:

$ skopeo inspect docker://$ skopeo inspect docker:////

4. Set the digests explicitly when different:

$ skopeo copy --all docker:// \ docker:////


26


To find the sources of the images list, see the values of the relatedImages attribute in theCodeReady Workspaces Operator ClusterServiceVersion sources.

3.3.2.2. Preparing CodeReady Workspaces Custom Resource for restricted environment

When installing CodeReady Workspaces in a restricted environment using crwctl or OperatorHub,provide a CheCluster custom resource with additional information.

3.3.2.2.1. Downloading the default CheCluster Custom Resource

Procedure

1. Download the default custom resource YAML file.

2. Name the downloaded custom resource org_v1_che_cr.yaml. Keep it for further modificationand usage.

3.3.2.2.2. Customizing the CheCluster Custom Resource for restricted environment

Prerequisites

All required images available in an image registry that is visible to the OpenShift cluster whereCodeReady Workspaces is to be deployed. This is described in Section 3.3.2.1, “Preparing aprivate registry”, where the placeholders used in the following examples are also defined.

Procedure

1. In the CheCluster Custom Resource, which is managed by the CodeReady WorkspacesOperator, add the fields used to facilitate deploying an instance of CodeReady Workspaces in arestricted environment:

3.3.2.3. Starting CodeReady Workspaces installation in a restricted environment usingCodeReady Workspaces CLI management tool

This sections describes how to start the CodeReady Workspaces installation in a restricted environmentusing the CodeReady Workspaces CLI management tool.

Prerequisites

CodeReady Workspaces CLI management tool is installed. See Section 3.2.1, “Installing thecrwctl CLI management tool”.

The oc tool is installed.

Access to an OpenShift instance.

# [...]spec: server: airGapContainerRegistryHostname: '' airGapContainerRegistryOrganization: ''# [...]


27

https://github.com/redhat-developer/codeready-workspaces-operator/blob/crw-2.4-rhel-8/manifests/codeready-workspaces.csv.yamlhttps://github.com/redhat-developer/codeready-workspaces-operator/blob/2.4.0/deploy/crds/org_v1_che_cr.yaml

Procedure

1. Log in to OpenShift Container Platform:

$ oc login ${OPENSHIFT_API_URL} --username ${OPENSHIFT_USERNAME} \ --password ${OPENSHIFT_PASSWORD}

2. Install CodeReady Workspaces with a customized Custom Resource to add fields related to therestricted environment:

$ crwctl server:start \ --che-operator-image=//crw-2-rhel8-operator:2.4 \ --che-operator-cr-yaml=org_v1_che_cr.yaml

NOTE

For slow systems or internet connections, add the --k8spodwaittimeout=1800000option to the crwctl server:start command to extend the Pod timeout period to1800000 ms or longer.

3.3.3. Preparing CodeReady Workspaces Custom Resource for installing behind aproxy

This procedure describes how to provide necessary additional information to the CheCluster customresource when installing CodeReady Workspaces behind a proxy.

Procedure

1. In the CheCluster Custom Resource, which is managed by the CodeReady WorkspacesOperator, add the fields used to facilitate deploying an instance of CodeReady Workspaces in arestricted environment:

2. In addition to those basic settings, the proxy configuration usually requires adding the host ofthe external OpenShift cluster API URL in the list of the hosts to be accessed from CodeReadyWorkspaces without using the proxy.To retrieve this cluster API host, run the following command against the OpenShift cluster:

$ oc whoami --show-server | sed 's#https://##' | sed 's#:.*$##'

The corresponding field of the CheCluster Custom Resource is nonProxyHosts. If a hostalready exists in this field, use | as a delimiter to add the cluster API host:

# [...]spec: server: proxyURL: '' proxyPort: ''# [...]

# [...]spec: server:


28

nonProxyHosts: 'anotherExistingHost|'# [...]


29

CHAPTER 4. CONFIGURING CODEREADY WORKSPACESThe following chapter describes configuration methods and options for Red Hat CodeReadyWorkspaces, with some user stories as example.

Section 4.1, “Advanced configuration options for the CodeReady Workspaces servercomponent” describes advanced configuration methods to use when the previous method is notapplicable.

The next sections describe some specific user stories.

Section 4.2, “Configuring project strategies”

Section 4.3, “Running more than one workspace at a time”

Section 4.5, “Configuring workspaces nodeSelector”

Section 4.6, “Configuring Red Hat CodeReady Workspaces server hostname”

Section 4.7, “Deploying CodeReady Workspaces with support for Git repositories with self-signed certificates”

Section 4.8, “Installing CodeReady Workspaces using storage classes”

Section 4.9, “Configuring storage types”

Section 4.10, “Importing TLS certificates to CodeReady Workspaces server Java truststore”

4.1. ADVANCED CONFIGURATION OPTIONS FOR THE CODEREADYWORKSPACES SERVER COMPONENT

The following section describes advanced deployment and configuration methods for the CodeReadyWorkspaces server component.

4.1.1. Understanding CodeReady Workspaces server advanced configuration usingthe Operator

The following section describes the CodeReady Workspaces server component advanced configurationmethod for a deployment using the Operator.

Advanced configuration is necessary to:

Add environment variables not automatically generated by the Operator from the standard CheCluster Custom Resource fields.

Override the properties automatically generated by the Operator from the standard CheCluster Custom Resource fields.

The customCheProperties field, part of the CheCluster Custom Resource server settings, contains amap of additional environment variables to apply to the CodeReady Workspaces server component.

Example 4.1. Override the default memory limit for workspaces

Add the CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB property to customCheProperties:


30

NOTE

Previous versions of the CodeReady Workspaces Operator had a configMap named custom to fulfill this role. If the CodeReady Workspaces Operator finds a configMap withthe name custom, it adds the data it contains into the customCheProperties field,redeploys CodeReady Workspaces, and deletes the custom configMap.


For the list of all parameters available in the CheCluster Custom Resource, see Chapter 2,Configuring the CodeReady Workspaces installation .

For the list of all parameters available to configure customCheProperties, see Section 4.1.2,“CodeReady Workspaces server component system properties reference”.

4.1.2. CodeReady Workspaces server component system properties reference

The following document describes all possible configuration properties of the CodeReady Workspacesserver component.

Table 4.1. Che server

Environment Variable Name Default value Description

CHE_DATABASE ${che.home}/storage Folder where CodeReadyWorkspaces will store internaldata objects

CHE_API http://${CHE_HOST}:${CHE_PORT}/api

API service. Browsers initiateREST communications toCodeReady Workspaces serverwith this URL

apiVersion: org.eclipse.che/v1kind: CheClustermetadata: name: codeready-workspaces namespace: spec: server: cheImageTag: '' devfileRegistryImage: '' pluginRegistryImage: '' tlsSupport: true selfSignedCert: false customCheProperties: CHE_WORKSPACE_DEFAULTMEMORYLIMIT__MB: "2048" auth:# [...]

CHAPTER 4. CONFIGURING CODEREADY WORKSPACES

31

CHE_WEBSOCKET_ENDPOINT

ws://${CHE_HOST}:${CHE_PORT}/api/websocket

CodeReady Workspaceswebsocket major endpoint.Provides basic communicationendpoint for major websocketinteraction/messaging.

CHE_WEBSOCKET_ENDPOINT__MINOR

ws://${CHE_HOST}:${CHE_PORT}/api/websocket-minor

CodeReady Workspaceswebsocket minor endpoint.Provides basic communicationendpoint for minor websocketinteraction/messaging.

CHE_WORKSPACE_STORAGE

${che.home}/workspaces Your projects are synchronizedfrom the CodeReady Workspacesserver into the machine runningeach workspace. This is thedirectory in the ws runtime whereyour projects are mounted.

CHE_WORKSPACE_PROJECTS_STORAGE

/projects Your projects are synchronizedfrom the CodeReady Workspacesserver into the machine runningeach workspace. This is thedirectory in the machine whereyour projects are placed.

CHE_WORKSPACE_PROJECTS_STORAGE_DEFAULT_SIZE

1Gi Used when devfile OpenShift/ostype components requestsproject PVC creation (applied incase of unique and perWorkspacePVC strategy. In case of commonPVC strategy, it will be rewrittenwith value ofche.infra.kubernetes.pvc.quantityproperty)

CHE_WORKSPACE_LOGS_ROOT__DIR

/workspace_logs Defines the directory inside themachine where all the workspacelogs are placed. The value of thisfolder should be provided intomachine e.g. like environmentvariable so agents developers canuse this directory for backupagents logs.

CHE_WORKSPACE_HTTP__PROXY

Configures proxies used byruntimes powering workspaces

CHE_WORKSPACE_HTTPS__PROXY

Configuresproxies used byruntimes powering workspaces



32

CHE_WORKSPACE_NO__PROXY

Configuresproxiesused byruntimes powering workspaces

CHE_TRUSTED__CA__BUNDLES__CONFIGMAP

NULL When cluster wide proxy isconfigured, che-operator createsspecial configmap and allowsOpenShift Network operator toinject ca-bundle into it. Inaddition, it adds the keyCHE_TRUSTEDCABUNDLES__CONFIGMAP with name of thisconfigmap into CodeReadyWorkspaces server configmap(and corresponding ENVvariable). So by its presence wecan detect if proxy mode isenabled or not. This property isnot supposed to be set manuallyunless that specifically required.

CHE_WORKSPACE_AUTO__START

true By default, when users access to aworkspace with its URL theworkspace automatically starts ifit is stopped. You can set this tofalse to disable this.

CHE_WORKSPACE_POOL_TYPE

fixed Workspace threads poolconfiguration, this pool is used forworkspace related operations thatrequire asynchronous executione.g. starting/stopping. Possiblevalues are 'fixed', 'cached'

CHE_WORKSPACE_POOL_EXACT__SIZE

30 This property is ignored whenpool type is different from 'fixed'.Configures the exact size of thepool, if it’s set multiplier propertyis ignored. If this property is notset(0, < 0, NULL) then pool sizedto number of cores, it can bemodified within multiplier

CHE_WORKSPACE_POOL_CORES__MULTIPLIER

2 This property is ignored whenpool type is different from 'fixed'or exact pool size is set. If it’s setthe pool size will be N_CORES *multiplier



33

CHE_WORKSPACE_PROBE__POOL__SIZE

10 This property specifies how muchthreads to use for workspacesservers liveness probes

CHE_WORKSPACE_HTTP__PROXY__JAVA__OPTIONS

NULL Http proxy setting for workspaceJVM

CHE_WORKSPACE_JAVA__OPTIONS

-XX:MaxRAM=150m-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom

Java command line options to beadded to JVM’s that runningwithin workspaces.

CHE_WORKSPACE_MAVEN__OPTIONS


Maven command line optionsadded to JVM’s that run agentswithin workspaces.

CHE_WORKSPACE_MAVEN__SERVER__JAVA__OPTIONS


Default java command lineoptions to be added to JVM thatrun maven server.



34

CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB

1024 RAM limit default for eachmachine that has no RAMsettings in environment. Valueless or equal to 0 interpreted aslimit disabling.

CHE_WORKSPACE_DEFAULT__MEMORY__REQUEST__MB

200 RAM request default for eachcontainer that has no explicitRAM settings in environment. thisamount will be allocated onworkspace container creation thisproperty might not be supportedby all infrastructureimplementations: currently it issupported by OpenShift andOpenShift Container Platform ifdefault memory request is morethan the memory limit, request willbe ignored, and only limit will beused. Value less or equal to 0interpreted as disabling request.

CHE_WORKSPACE_DEFAULT__CPU__LIMIT__CORES

-1 CPU limit default for eachcontainer that has no CPUsettings in environment. Can bespecified either in floating pointcores number, e.g. 0.125 or in K8Sformat integer millicores e.g. 125mValue less or equal to 0interpreted as limit disabling.

CHE_WORKSPACE_DEFAULT__CPU__REQUEST__CORES

-1 CPU request default for eachcontainer that has no CPUsettings in environment. if defaultCPU request is more than theCPU limit, request will be ignored,and only limit will be used. Valueless or equal to 0 interpreted asdisabling this request.

CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB

128 RAM limit and request default foreach sidecar that has no RAMsettings in CodeReadyWorkspaces plugin configuration.Value less or equal to 0interpreted as limit disabling.



35

CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__REQUEST__MB

64 RAMlimit and request default foreach sidecar that has no RAMsettings in {prod-short} pluginconfiguration. Value less or equalto 0 interpreted as limit disabling.

CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__LIMIT__CORES

-1 CPU limit and request default foreach sidecar that has no CPUsettings in CodeReadyWorkspaces plugin configuration.Can be specified either in floatingpoint cores number, e.g. 0.125 orin K8S format integer millicorese.g. 125m Value less or equal to 0interpreted as disabling limit.

CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__REQUEST__CORES

-1 CPUlimit and request default foreach sidecar that has no CPUsettings in {prod-short} pluginconfiguration. Can be specifiedeither in floating point coresnumber, e.g. 0.125 or in K8Sformat integer millicores e.g. 125mValue less or equal to 0interpreted as disabling limit.

CHE_WORKSPACE_SIDECAR_IMAGE__PULL__POLICY

Always Define image pulling strategy forsidecars. Possible values are:Always, Never, IfNotPresent. Anyother value will be interpreted asunspecified policy (Always if:latest tag is specified, orIfNotPresent otherwise.)

CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__PERIOD__S

60 Period of inactive workspacessuspend job execution.

CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__PERIOD__S

3600 The period of the cleanup of theactivity table. The activity tablecan contain invalid or stale data ifsome unforeseen errors happen,like a server crash at a peculiarpoint in time. The default is to runthe cleanup job every hour.



36

CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__INITIAL__DELAY__S

60 The delay after server startup tostart the first activity clean up job.

CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__DELAY__S

180 Delay before first workspaceidleness check job started toavoid mass suspend if ws masterwas unavailable for period closeto inactivity timeout.

CHE_WORKSPACE_CLEANUP__TEMPORARY__INITIAL__DELAY__MIN

5 Period of stopped temporaryworkspaces cleanup jobexecution.

CHE_WORKSPACE_CLEANUP__TEMPORARY__PERIOD__MIN

180 Periodof stopped temporaryworkspaces cleanup jobexecution.

CHE_WORKSPACE_SERVER_PING__SUCCESS__THRESHOLD

1 Number of sequential successfulpings to server after which it istreated as available. Note: theproperty is common for all serverse.g. workspace agent, terminal,exec etc.

CHE_WORKSPACE_SERVER_PING__INTERVAL__MILLISECONDS

3000 Interval, in milliseconds, betweensuccessive pings to workspaceserver.

CHE_WORKSPACE_SERVER_LIVENESS__PROBES

wsagent/http,exec-agent/http,terminal,theia,jupyter,dirigible,cloud-shell

List of servers names whichrequire liveness probes

CHE_WORKSPACE_STARTUP__DEBUG__LOG__LIMIT__BYTES

10485760 Limit size of the logs collectedfrom single container that can beobserved by che-server whendebugging workspace startup.default 10MB=10485760

CHE_WORKSPACE_STOP_ROLE_ENABLED

true If true, 'stop-workspace' role withthe edit privileges will be grantedto the 'che' ServiceAccount ifOpenShift OAuth is enabled. Thisconfiguration is mainly requiredfor workspace idling when theOpenShift OAuth is enabled.



37

Table 4.2. Templates


CHE_TEMPLATE_STORAGE ${che.home}/templates Folder that contains JSON fileswith code templates and samples

Table 4.3. Authentication parameters


CHE_AUTH_USER__SELF__CREATION

false CodeReady Workspaces has asingle identity implementation, sothis does not change the userexperience. If true, enables usercreation at API level

CHE_AUTH_ACCESS__DENIED__ERROR__PAGE

/error-oauth Authentication error page address

CHE_AUTH_RESERVED__USER__NAMES

Reserved user names

CHE_OAUTH_GITHUB_CLIENTID

NULL You can setup GitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.

CHE_OAUTH_GITHUB_CLIENTSECRET

NULL Youcan setup GitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.

CHE_OAUTH_GITHUB_AUTHURI

https://github.com/login/oauth/authorize

Youcansetup GitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.

CHE_OAUTH_GITHUB_TOKENURI

https://github.com/login/oauth/access_token

YoucansetupGitHub OAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.


38

CHE_OAUTH_GITHUB_REDIRECTURIS

http://localhost:${CHE_PORT}/api/oauth/callback

YoucansetupGitHubOAuth toautomate authentication toremote repositories. You need tofirst register this application withGitHub OAuth.

CHE_OAUTH_OPENSHIFT_CLIENTID

NULL Configuration of OpenShiftOAuth client. Used to obtainOpenShift OAuth token.

CHE_OAUTH_OPENSHIFT_CLIENTSECRET

NULL Configurationof OpenShift OAuthclient. Used to obtain OpenShiftOAuth token.

CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT

NULL ConfigurationofOpenShift OAuthclient. Used to obtain OpenShiftOAuth token.

CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL

NULL ConfigurationofOpenShiftOAuthclient. Used to obtain OpenShiftOAuth token.


Table 4.4. Internal


SCHEDULE_CORE__POOL__SIZE

10 CodeReady Workspacesextensions can be scheduledexecutions on a time basis. Thisconfigures the size of the threadpool allocated to extensions thatare launched on a recurringschedule.

ORG_EVERREST_ASYNCHRONOUS

false Everrest is a Java Web Servicestoolkit that manages JAX-RS &web socket communicationsUsers should rarely need toconfigure this. Disableasynchronous mechanism that isembedded in everrest.

ORG_EVERREST_ASYNCHRONOUS_POOL_SIZE

20 Quantity of asynchronousrequests which may be processedat the same time


39

ORG_EVERREST_ASYNCHRONOUS_QUEUE_SIZE

500 Size of queue. If asynchronousrequest can’t be processed afterconsuming it will be added inqueue.

ORG_EVERREST_ASYNCHRONOUS_JOB_TIMEOUT

10 Timeout in minutes for request. Ifafter timeout request is not doneor client did not come yet to getresult of request it may bediscarded.

ORG_EVERREST_ASYNCHRONOUS_CACHE_SIZE

1024 Size of cache for waiting, runningand ended request.

ORG_EVERREST_ASYNCHRONOUS_SERVICE_PATH

/async/ Path to asynchronous service

DB_SCHEMA_FLYWAY_BASELINE_ENABLED

true DB initialization and migrationconfiguration

DB_SCHEMA_FLYWAY_BASELINE_VERSION

5.0.0.8.1 DBinitialization and migrationconfiguration

DB_SCHEMA_FLYWAY_SCRIPTS_PREFIX

DBinitializationand migrationconfiguration

DB_SCHEMA_FLYWAY_SCRIPTS_SUFFIX

.sql DBinitializationandmigrationconfiguration

DB_SCHEMA_FLYWAY_SCRIPTS_VERSION__SEPARATOR

__ DBinitializationandmigrationconfiguration

DB_SCHEMA_FLYWAY_SCRIPTS_LOCATIONS

classpath:che-schema DBinitializationandmigrationconfiguration


Table 4.5. OpenShift Infra parameters


CHE_INFRA_KUBERNETES_MASTER__URL

Configuration of OpenShift clientthat Infra will use

CHE_INFRA_KUBERNETES_TRUST__CERTS

Configurationof OpenShift clientthat Infra will use


40

CHE_INFRA_KUBERNETES_SERVER__STRATEGY

default-host Defines the way how servers areexposed to the world inOpenShift infra. List of strategiesimplemented in CodeReadyWorkspaces: default-host, multi-host, single-host

CHE_INFRA_KUBERNETES_SINGLE__HOST_WORKSPACE_EXPOSURE

native Defines the way in which theworkspace plugins and editors areexposed in the single-host mode.Supported exposures: - 'native':Exposes servers using OpenShiftIngresses. Works only onOpenShift.

CHE_INFRA_KUBERNETES_INGRESS_DOMAIN

Used to generate domain for aserver in a workspace in caseproperty che.infra.kubernetes.server_strategy is set to multi-host

CHE_INFRA_KUBERNETES_NAMESPACE

DEPRECATED - please do notchange the value of this propertyotherwise the existing workspaceswill loose data. Do not set it onnew installations. DefinesOpenShift namespace in which allworkspaces will be created. If notset, every workspace will becreated in a new namespace,where namespace = workspace idIt’s possible to use and placeholders (e.g.:che-workspace-). Inthat case, new namespace will becreated for each user. Serviceaccount with permission to createnew namespace must be used.Ignored for OpenShift infra. Use che.infra.openshift.projectinstead If the namespace pointedto by this property exists, it will beused for all workspaces. If it doesnot exist, the namespacespecified by theche.infra.kubernetes.namespace.default will be created and used.



41

CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT

-che Defines OpenShift defaultnamespace in which user’sworkspaces are created if userdoes not override it. It’s possibleto use , and placeholders (e.g.:che-workspace-). Inthat case, new namespace will becreated for each user (orworkspace). Is used by OpenShiftinfra as well to specify Project

CHE_INFRA_KUBERNETES_NAMESPACE_ALLOW__USER__DEFINED

false Defines if a user is able to specifyOpenShift namespace (orOpenShift project) different fromthe default. It’s NOTRECOMMENDED to configuredtrue without OAuth configured.This property is also used by theOpenShift infra.

CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME

NULL Defines OpenShift ServiceAccount name which should bespecified to be bound to allworkspaces pods. Note thatOpenShift Infrastructure won’tcreate the service account and itshould exist. OpenShiftinfrastructure will check if projectis predefined(if che.infra.openshift.project isnot empty): - if it is predefinedthen service account must existthere - if it is 'NULL' or emptystring then infrastructure willcreate new OpenShift project perworkspace and prepareworkspace service account withneeded roles there



42

CHE_INFRA_KUBERNETES_WORKSPACE__SA__CLUSTER__ROLES

NULL Specifies optional, additionalcluster roles to use with theworkspace service account. Notethat the cluster role names mustalready exist, and the CodeReadyWorkspaces service accountneeds to be able to create a RoleBinding to associate these clusterroles with the workspace serviceaccount. The names are commaseparated. This propertydeprecates'che.infra.kubernetes.cluster_role_name'.

CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN

8 Defines time frame that limits theOpenShift workspace start time

CHE_INFRA_KUBERNETES_INGRESS__START__TIMEOUT__MIN

5 Defines the timeout in minutesthat limits the period for whichOpenShift Ingress become ready

CHE_INFRA_KUBERNETES_WORKSPACE__UNRECOVERABLE__EVENTS

FailedMount,FailedScheduling,MountVolume.SetUpfailed,Failed to pull image,FailedCreate

If during workspace startup anunrecoverable event defined inthe property occurs, terminateworkspace immediately instead ofwaiting until timeout Note thatthis SHOULD NOT include a mere'Failed' reason, because thatmight catch events that are notunrecoverable. A failed containerstartup is handled explicitly byCodeReady Workspaces server.

CHE_INFRA_KUBERNETES_PVC_ENABLED

true Defines whether use thePersistent Volume Claim for cheworkspace needs e.g backupprojects, logs etc or disable it.



43

CHE_INFRA_KUBERNETES_PVC_STRATEGY

common Defined which strategy will beused while choosing PVC forworkspaces. Supportedstrategies: - 'common' Allworkspaces in the sameOpenShift Namespace will reusethe same PVC. Name of PVC maybe configured with'che.infra.kubernetes.pvc.name'.Existing PVC will be used or newone will be created if it doesn’texist. - 'unique' Separate PVC foreach workspace’s volume will beused. Name of PVC is evaluatedas'{che.infra.kubernetes.pvc.name}+ '-' + `{generated_8_chars}’.Existing PVC will be used or a newone will be created if it doesn’texist. - 'per-workspace' SeparatePVC for each workspace will beused. Name of PVC is evaluatedas'{che.infra.kubernetes.pvc.name}+ '-' + `{WORKSPACE_ID}’.Existing PVC will be used or a newone will be created if it doesn’texist.



44

CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS

true Defines whether to run a job thatcreates workspace’s subpathdirectories in persistent volumefor the 'common' strategy beforelaunching a workspace. Necessaryin some versions ofOpenShift/OpenShift asworkspace subpath volumemounts are created with rootpermissions, and thus cannot bemodified by workspaces runningas a user (presents an errorimporting projects into aworkspace in CodeReadyWorkspaces). The default is 'true',but should be set to false if theversion of Openshift/OpenShiftcreates subdirectories with userpermissions. Relevant issue:https://github.com/kubernetes/kubernetes/issues/41638 Notethat this property has effect onlyif the 'common' PVC strategyused.

CHE_INFRA_KUBERNETES_PVC_NAME

claim-che-workspace Defines the settings of PVC namefor che workspaces. Each PVCstrategy supplies this valuedifferently. See doc forche.infra.kubernetes.pvc.strategyproperty

CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME

Defines the storage class ofPersistent Volume Claim for theworkspaces. Empty strings means'use default'.

CHE_INFRA_KUBERNETES_PVC_QUANTITY

10Gi Defines the size of PersistentVolume Claim of che workspace.Format described here:https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html

CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE

centos:centos7 Pod that is launched whenperforming persistent volumeclaim maintenance jobs onOpenShift



45

https://github.com/kubernetes/kubernetes/issues/41638https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html

CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE_PULL__POLICY

IfNotPresent Image pull policy of container thatused for the maintenance jobs onOpenShift/OpenShift cluster

CHE_INFRA_KUBERNETES_PVC_JOBS_MEMORYLIMIT

250Mi Defines pod memory limit forpersistent volume claimmaintenance jobs

CHE_INFRA_KUBERNETES_PVC_ACCESS__MODE

ReadWriteOnce Defines Persistent Volume Claimaccess mode. Note that forcommon PVC strategy changingof access mode affects thenumber of simultaneously runningworkspaces. If OpenShift flavorwhere che running is using PVswith RWX access mode then alimit of running workspaces at thesame time bounded only by chelimits configuration like(RAM,CPU etc). Detailed informationabout access mode is describedhere:https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html

CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND

true Defines whether CodeReadyWorkspaces Server should waitworkspaces PVCs to becomebound after creating. It’s used byall PVC strategies. It should beset to false in case if volumeBindingMode isconfigured to WaitForFirstConsumerotherwise workspace starts willhangs up on phase of waitingPVCs. Default value is true(means that PVCs should bewaited to be bound)

CHE_INFRA_KUBERNETES_INSTALLER__SERVER__MIN__PORT

10000 Defined range of ports forinstallers servers By default,installer will use own port, but if itconflicts with another installerservers then OpenShiftinfrastructure will reconfigureinstaller to use first available fromthis range



46

https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html

CHE_INFRA_KUBERNETES_INSTALLER__SERVER__MAX__PORT

20000 Definedrange of ports forinstallers servers By default,installer will use own port, but if itconflicts with another installerservers then OpenShiftinfrastructure will reconfigureinstaller to use first available fromthis range

CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON

NULL Defines annotations for ingresseswhich are used for serversexposing. Value depends on thekind of ingress controller.OpenShift infrastructure ignoresthis property because it usesRoutes instead of ingresses. Notethat for a single-host deploymentstrategy to work, a controllersupporting URL rewriting has tobe used (so that URLs can pointto different servers while theservers don’t need to supportchanging the app root). Theche.infra.kubernetes.ingress.path.rewrite_transform propertydefines how the path of theingress should be transformed tosupport the URL rewriting and thisproperty defines the set ofannotations on the ingress itselfthat instruct the chosen ingresscontroller to actually do the URLrewriting, potentially building onthe path transformation (ifrequired by the chosen ingresscontroller). For example for nginxingress controller 0.22.0 and laterthe following value isrecommended: {'ingress.kubernetes.io/rewrite-target': '/$1','ingress.kubernetes.io/ssl-redirect': 'false',\ 'ingress.kubernetes.io/proxy-connect-timeout': '3600','ingress.kubernetes.io/proxy-read-timeout': '3600'}and theche.infra.kubernetes.ingress.path.rewrite_transform should be setto '%s(.*)' For nginx ingresscontroller older than 0.22.0, therewrite-target should be set to


CHAPTER 4. CONFIGURING COD

Red Hat CodeReady Workspaces 2 · 2020. 11. 19. · C A T R C FG RNGC DER A YWORK P C S 4.1. ADVANCED CONFIGURATION OPTIONS FOR THE CODEREADY WORKSPACES SERVER COMPONENT 4.1.1. Understanding

Documents