-
Notifications
You must be signed in to change notification settings - Fork 97
Expand file tree
/
Copy pathche-operator.Deployment.yaml
More file actions
169 lines (168 loc) · 5.84 KB
/
che-operator.Deployment.yaml
File metadata and controls
169 lines (168 loc) · 5.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
#
# Copyright (c) 2019-2024 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
#
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: che-operator
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
name: che-operator
namespace: eclipse-che
spec:
replicas: 1
selector:
matchLabels:
app: che-operator
strategy:
type: RollingUpdate
template:
metadata:
labels:
app: che-operator
app.kubernetes.io/component: che-operator
app.kubernetes.io/instance: che
app.kubernetes.io/name: che
app.kubernetes.io/part-of: che.eclipse.org
spec:
containers:
- args:
- --leader-elect
command:
- /manager
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: che-operator
- name: CHE_VERSION
value: 7.102.0
- name: RELATED_IMAGE_che_server
value: quay.io/eclipse/che-server:7.102.0
- name: RELATED_IMAGE_dashboard
value: quay.io/eclipse/che-dashboard:7.102.0
- name: RELATED_IMAGE_plugin_registry
value: quay.io/eclipse/che-plugin-registry:7.102.0
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:9f9d4a6
- name: RELATED_IMAGE_single_host_gateway
value: quay.io/eclipse/che--traefik:v3.3.5-104204dadedf5d1284f8ef8f97f705649ac81aa6f7a6c9abf13e2c59245b8abc
- name: RELATED_IMAGE_single_host_gateway_config_sidecar
value: quay.io/che-incubator/configbump:7.102.0
- name: RELATED_IMAGE_gateway_authentication_sidecar
value: quay.io/openshift/origin-oauth-proxy:4.9
- name: RELATED_IMAGE_gateway_authorization_sidecar
value: quay.io/openshift/origin-kube-rbac-proxy:4.9
- name: RELATED_IMAGE_gateway_authentication_sidecar_k8s
value: quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
- name: RELATED_IMAGE_gateway_authorization_sidecar_k8s
value: quay.io/brancz/kube-rbac-proxy:v0.13.1
- name: RELATED_IMAGE_gateway_header_sidecar
value: quay.io/che-incubator/header-rewrite-proxy:latest
- name: CHE_FLAVOR
value: che
- name: CONSOLE_LINK_NAME
value: che
- name: CONSOLE_LINK_DISPLAY_NAME
value: Eclipse Che
- name: CONSOLE_LINK_SECTION
value: Red Hat Applications
- name: CONSOLE_LINK_IMAGE
value: /dashboard/assets/branding/loader.svg
- name: MAX_CONCURRENT_RECONCILES
value: "1"
- name: CHE_DEFAULT_SPEC_COMPONENTS_DASHBOARD_HEADERMESSAGE_TEXT
value: ""
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTEDITOR
value: che-incubator/che-code/latest
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS
value: '[{"name": "universal-developer-image", "container": {"image": "quay.io/devfile/universal-developer-image:ubi8-latest"}}]'
- name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL
value: https://open-vsx.org
- name: CHE_DEFAULT_SPEC_COMPONENTS_DEVFILEREGISTRY_EXTERNAL_DEVFILE_REGISTRIES
value: '[{"url": "https://registry.devfile.io"}]'
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES
value: "false"
- name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
"SETUID"]}}'
- name: CHE_OPERATOR_WORKSPACES_CONFIG_CONTROLLER_LABELS_TO_REMOVE_BEFORE_SYNC_REGEXP
value: argocd[.]argoproj[.]io/.+
- name: CHE_OPERATOR_WORKSPACES_CONFIG_CONTROLLER_ANNOTATIONS_TO_REMOVE_BEFORE_SYNC_REGEXP
value: ""
image: quay.io/eclipse/che-operator:7.102.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 10
httpGet:
path: /healthz
port: 6789
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: che-operator
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 60000
name: metrics
readinessProbe:
failureThreshold: 10
httpGet:
path: /readyz
port: 6789
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
resources:
limits:
cpu: 500m
memory: 2Gi
requests:
cpu: 100m
memory: 128Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: false
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-tls-certs
readOnly: true
hostIPC: false
hostNetwork: false
hostPID: false
restartPolicy: Always
securityContext:
fsGroup: 1724
runAsUser: 1724
serviceAccountName: che-operator
terminationGracePeriodSeconds: 20
volumes:
- name: webhook-tls-certs
secret:
defaultMode: 420
secretName: che-operator-service-cert