| .Che server | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_DATABASE+`,"`+${che.home}/storage+`","Folder where {prod-short} will store internal data objects" | |
| `+CHE_API+`,"`+http://${CHE_HOST}:${CHE_PORT}/api+`","API service. Browsers initiate REST communications to {prod-short} server with this URL" | |
| `+CHE_WEBSOCKET_ENDPOINT+`,"`+ws://${CHE_HOST}:${CHE_PORT}/api/websocket+`","{prod-short} websocket major endpoint. Provides basic communication endpointfor major websocket interaction/messaging." | |
| `+CHE_WEBSOCKET_ENDPOINT__MINOR+`,"`+ws://${CHE_HOST}:${CHE_PORT}/api/websocket-minor+`","{prod-short} websocket minor endpoint. Provides basic communication endpointfor minor websocket interaction/messaging." | |
| `+CHE_WORKSPACE_STORAGE+`,"`+${che.home}/workspaces+`","Your projects are synchronized from the {prod-short} server into the machine running eachworkspace. This is the directory in the ws runtime where your projects are mounted." | |
| `+CHE_WORKSPACE_PROJECTS_STORAGE+`,"`+/projects+`","Your projects are synchronized from the {prod-short} server into the machine running eachworkspace. This is the directory in the machine where your projects are placed." | |
| `+CHE_WORKSPACE_PROJECTS_STORAGE_DEFAULT_SIZE+`,"`+1Gi+`","Used when devfile k8s/os type components requests project PVC creation(applied in case of unique and perWorkspace PVC strategy. In case of common PVC strategy,it will be rewritten with value of che.infra.kubernetes.pvc.quantity property)" | |
| `+CHE_WORKSPACE_LOGS_ROOT__DIR+`,"`+/workspace_logs+`","Defines the directory inside the machine where all the workspace logs are placed.The value of this folder should be provided into machine e.g. like environment variableso agents developers can use this directory for backup agents logs." | |
| `+CHE_WORKSPACE_HTTP__PROXY+`,"`++`","Configures proxies used by runtimes powering workspaces" | |
| `+CHE_WORKSPACE_HTTPS__PROXY+`,"`++`","Configures proxies used by runtimes powering workspaces" | |
| `+CHE_WORKSPACE_NO__PROXY+`,"`++`","Configures proxies used by runtimes powering workspaces" | |
| `+CHE_WORKSPACE_AUTO__START+`,"`+true+`","By default, when users access to a workspace with its URL the workspaceautomatically starts if it is stopped. You can set this to false to disable this." | |
| `+CHE_WORKSPACE_POOL_TYPE+`,"`+fixed+`","Workspace threads pool configuration, this pool is used for workspace relatedoperations that require asynchronous execution e.g. starting/stopping.Possible values are 'fixed', 'cached'" | |
| `+CHE_WORKSPACE_POOL_EXACT__SIZE+`,"`+30+`","This property is ignored when pool type is different from 'fixed'.Configures the exact size of the pool, if it's set multiplier property is ignored.If this property is not set(0, < 0, NULL) then pool sized to number of cores,it can be modified within multiplier" | |
| `+CHE_WORKSPACE_POOL_CORES__MULTIPLIER+`,"`+2+`","This property is ignored when pool type is different from 'fixed' or exact pool size is set.If it's set the pool size will be N_CORES * multiplier" | |
| `+CHE_WORKSPACE_PROBE__POOL__SIZE+`,"`+10+`","This property specifies how much threads to use for workspaces servers liveness probes" | |
| `+CHE_WORKSPACE_HTTP__PROXY__JAVA__OPTIONS+`,"`+NULL+`","Http proxy setting for workspace JVM" | |
| `+CHE_WORKSPACE_JAVA__OPTIONS+`,"`+-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom+`","Java command line options to be added to JVM's that running within workspaces." | |
| `+CHE_WORKSPACE_MAVEN__OPTIONS+`,"`+-XX:MaxRAM=150m -XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom+`","Maven command line options added to JVM's that run agents within workspaces." | |
| `+CHE_WORKSPACE_MAVEN__SERVER__JAVA__OPTIONS+`,"`+-XX:MaxRAM=128m -XX:MaxRAMFraction=1 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom+`","Default java command line options to be added to JVM that run maven server." | |
| `+CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB+`,"`+1024+`","RAM limit default for each machine that has no RAM settings in environment." | |
| `+CHE_WORKSPACE_DEFAULT__MEMORY__REQUEST__MB+`,"`+200+`","RAM request default for each container that has no explicit RAM settings in environment.this amount will be allocated on workspace container creationthis property might not be supported by all infrastructure implementations:currently it is supported by k8s and openshiftif default memory request is more than the memory limit, request will be ignored,and only limit will be used" | |
| `+CHE_WORKSPACE_DEFAULT__CPU__LIMIT__CORES+`,"`+2+`","CPU limit default for each container that has no CPU settings in environment.Can be specified either in floating point cores number, e.g. 0.125 or in K8S format integer millicores e.g. 125m" | |
| `+CHE_WORKSPACE_DEFAULT__CPU__REQUEST__CORES+`,"`+0.125+`","CPU request default for each container that has no CPU settings in environment.if default CPU request is more than the CPU limit, request will be ignored,and only limit will be used" | |
| `+CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB+`,"`+128+`","RAM limit and request default for each sidecar that has no RAM settings in {prod-short} plugin configuration." | |
| `+CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__REQUEST__MB+`,"`+64+`","RAM limit and request default for each sidecar that has no RAM settings in `+{prod-short}+` plugin configuration." | |
| `+CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__LIMIT__CORES+`,"`+1+`","CPU limit and request default for each sidecar that has no CPU settings in {prod-short} plugin configuration.Can be specified either in floating point cores number, e.g. 0.125 or in K8S format integer millicores e.g. 125m" | |
| `+CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__REQUEST__CORES+`,"`+0.115+`","CPU limit and request default for each sidecar that has no CPU settings in `+{prod-short}+` plugin configuration.Can be specified either in floating point cores number, e.g. 0.125 or in K8S format integer millicores e.g. 125m" | |
| `+CHE_WORKSPACE_SIDECAR_IMAGE__PULL__POLICY+`,"`+Always+`","Define image pulling strategy for sidecars.Possible values are: Always, Never, IfNotPresent. Any other valuewill be interpreted as unspecified policy (Always if :latest tag is specified,or IfNotPresent otherwise.)" | |
| `+CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__PERIOD__S+`,"`+60+`","Period of inactive workspaces suspend job execution." | |
| `+CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__PERIOD__S+`,"`+3600+`","The period of the cleanup of the activity table. The activity table can contain invalid or stale dataif some unforeseen errors happen, like a server crash at a peculiar point in time. The default is torun the cleanup job every hour." | |
| `+CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__INITIAL__DELAY__S+`,"`+60+`","The delay after server startup to start the first activity clean up job." | |
| `+CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__DELAY__S+`,"`+180+`","Delay before first workspace idleness check job started to avoidmass suspend if ws master was unavailable for period close toinactivity timeout." | |
| `+CHE_WORKSPACE_CLEANUP__TEMPORARY__INITIAL__DELAY__MIN+`,"`+5+`","Period of stopped temporary workspaces cleanup job execution." | |
| `+CHE_WORKSPACE_CLEANUP__TEMPORARY__PERIOD__MIN+`,"`+180+`","Period of stopped temporary workspaces cleanup job execution." | |
| `+CHE_WORKSPACE_SERVER_PING__SUCCESS__THRESHOLD+`,"`+1+`","Number of sequential successful pings to server after which it is treated as available.Note: the property is common for all servers e.g. workspace agent, terminal, exec etc." | |
| `+CHE_WORKSPACE_SERVER_PING__INTERVAL__MILLISECONDS+`,"`+3000+`","Interval, in milliseconds, between successive pings to workspace server." | |
| `+CHE_WORKSPACE_SERVER_LIVENESS__PROBES+`,"`+wsagent/http,exec-agent/http,terminal,theia,jupyter,dirigible,cloud-shell+`","List of servers names which require liveness probes" | |
| `+CHE_WORKSPACE_STARTUP__DEBUG__LOG__LIMIT__BYTES+`,"`+10485760+`","Limit size of the logs collected from single container that can be observed by che-server whendebugging workspace startup.default 10MB=10485760" | |
| `+CHE_WORKSPACE_STOP_ROLE_ENABLED+`,"`+false+`","If true, 'stop-workspace' role with the edit privileges will be granted to the 'che' ServiceAccount.This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled." | |
| ,=== | |
| .Templates | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_TEMPLATE_STORAGE+`,"`+${che.home}/templates+`","Folder that contains JSON files with code templates and samples" | |
| ,=== | |
| .Authentication parameters | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_AUTH_USER__SELF__CREATION+`,"`+false+`","{prod-short} has a single identity implementation, so this does not change the user experience.If true, enables user creation at API level" | |
| `+CHE_AUTH_ACCESS__DENIED__ERROR__PAGE+`,"`+/error-oauth+`","Authentication error page address" | |
| `+CHE_AUTH_RESERVED__USER__NAMES+`,"`++`","Reserved user names" | |
| `+CHE_OAUTH_GITHUB_CLIENTID+`,"`+NULL+`","You can setup GitHub OAuth to automate authentication to remote repositories.You need to first register this application with GitHub OAuth." | |
| `+CHE_OAUTH_GITHUB_CLIENTSECRET+`,"`+NULL+`","You can setup GitHub OAuth to automate authentication to remote repositories.You need to first register this application with GitHub OAuth." | |
| `+CHE_OAUTH_GITHUB_AUTHURI+`,"`+ https://github.com/login/oauth/authorize+`","You can setup GitHub OAuth to automate authentication to remote repositories.You need to first register this application with GitHub OAuth." | |
| `+CHE_OAUTH_GITHUB_TOKENURI+`,"`+ https://github.com/login/oauth/access_token+`","You can setup GitHub OAuth to automate authentication to remote repositories.You need to first register this application with GitHub OAuth." | |
| `+CHE_OAUTH_GITHUB_REDIRECTURIS+`,"`+ http://localhost:${CHE_PORT}/api/oauth/callback+`","You can setup GitHub OAuth to automate authentication to remote repositories.You need to first register this application with GitHub OAuth." | |
| `+CHE_OAUTH_OPENSHIFT_CLIENTID+`,"`+NULL+`","Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token." | |
| `+CHE_OAUTH_OPENSHIFT_CLIENTSECRET+`,"`+NULL+`","Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token." | |
| `+CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT+`,"`+ NULL+`","Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token." | |
| `+CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL+`,"`+ NULL+`","Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token." | |
| ,=== | |
| .Internal | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+SCHEDULE_CORE__POOL__SIZE+`,"`+10+`","{prod-short} extensions can be scheduled executions on a time basis.This configures the size of the thread pool allocated to extensions that are launched ona recurring schedule." | |
| `+ORG_EVERREST_ASYNCHRONOUS+`,"`+false+`","Everrest is a Java Web Services toolkit that manages JAX-RS & web socket communicationsUsers should rarely need to configure this.Disable asynchronous mechanism that is embedded in everrest." | |
| `+ORG_EVERREST_ASYNCHRONOUS_POOL_SIZE+`,"`+20+`","Quantity of asynchronous requests which may be processed at the same time" | |
| `+ORG_EVERREST_ASYNCHRONOUS_QUEUE_SIZE+`,"`+500+`","Size of queue. If asynchronous request can't be processed after consuming it will be added in queue." | |
| `+ORG_EVERREST_ASYNCHRONOUS_JOB_TIMEOUT+`,"`+10+`","Timeout in minutes for request. If after timeout request is not done or client did not come yet to get result of request it may be discarded." | |
| `+ORG_EVERREST_ASYNCHRONOUS_CACHE_SIZE+`,"`+1024+`","Size of cache for waiting, running and ended request." | |
| `+ORG_EVERREST_ASYNCHRONOUS_SERVICE_PATH+`,"`+/async/+`","Path to asynchronous service" | |
| `+DB_SCHEMA_FLYWAY_BASELINE_ENABLED+`,"`+true+`","DB initialization and migration configuration" | |
| `+DB_SCHEMA_FLYWAY_BASELINE_VERSION+`,"`+5.0.0.8.1+`","DB initialization and migration configuration" | |
| `+DB_SCHEMA_FLYWAY_SCRIPTS_PREFIX+`,"`++`","DB initialization and migration configuration" | |
| `+DB_SCHEMA_FLYWAY_SCRIPTS_SUFFIX+`,"`+.sql+`","DB initialization and migration configuration" | |
| `+DB_SCHEMA_FLYWAY_SCRIPTS_VERSION__SEPARATOR+`,"`+__+`","DB initialization and migration configuration" | |
| `+DB_SCHEMA_FLYWAY_SCRIPTS_LOCATIONS+`,"`+classpath:che-schema+`","DB initialization and migration configuration" | |
| ,=== | |
| .Kubernetes Infra parameters | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_INFRA_KUBERNETES_MASTER__URL+`,"`++`","Configuration of Kubernetes client that Infra will use" | |
| `+CHE_INFRA_KUBERNETES_TRUST__CERTS+`,"`++`","Configuration of Kubernetes client that Infra will use" | |
| `+CHE_INFRA_KUBERNETES_SERVER__STRATEGY+`,"`+default-host+`","Defines the way how servers are exposed to the world in k8s infra.List of strategies implemented in {prod-short}: default-host, multi-host, single-host" | |
| `+CHE_INFRA_KUBERNETES_INGRESS_DOMAIN+`,"`++`","Used to generate domain for a server in a workspace in case property `che.infra.kubernetes.server_strategy` is set to `multi-host`" | |
| `+CHE_INFRA_KUBERNETES_NAMESPACE+`,"`++`","DEPRECATED - please do not change the value of this property otherwise the existing workspaces will loose data. Do notset it on new installations.Defines Kubernetes namespace in which all workspaces will be created.If not set, every workspace will be created in a new namespace, where namespace = workspace idIt's possible to use <username> and <userid> placeholders (e.g.: che-workspace-<username>).In that case, new namespace will be created for each user. Service account with permissionto create new namespace must be used.Ignored for OpenShift infra. Use `che.infra.openshift.project` insteadIf the namespace pointed to by this property exists, it will be used for all workspaces. If it does not exist,the namespace specified by the che.infra.kubernetes.namespace.default will be created and used." | |
| `+CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT+`,"`+<username>-che+`","Defines Kubernetes default namespace in which user's workspaces are createdif user does not override it.It's possible to use <username>, <userid> and <workspaceid> placeholders (e.g.: che-workspace-<username>).In that case, new namespace will be created for each user (or workspace).Is used by OpenShift infra as well to specify Project" | |
| `+CHE_INFRA_KUBERNETES_NAMESPACE_ALLOW__USER__DEFINED+`,"`+false+`","Defines if a user is able to specify Kubernetes namespace (or OpenShift project) different from the default.It's NOT RECOMMENDED to configured true without OAuth configured. This property is also used by the OpenShift infra." | |
| `+CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME+`,"`+NULL+`","Defines Kubernetes Service Account name which should be specified to be bound to all workspaces pods.Note that Kubernetes Infrastructure won't create the service account and it should exist.OpenShift infrastructure will check if project is predefined(if `che.infra.openshift.project` is not empty): - if it is predefined then service account must exist there - if it is 'NULL' or empty string then infrastructure will create new OpenShift project per workspace and prepare workspace service account with needed roles there" | |
| `+CHE_INFRA_KUBERNETES_CLUSTER__ROLE__NAME+`,"`+NULL+`","Specifies an optional, additional cluster role to use with the workspace service account, to allow for additionNote that the cluster role name must already exist, and the {prod-short} service account needs to be able to create a Role Bindingto associate this cluster role with the workspace service account." | |
| `+CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN+`,"`+8+`","Defines time frame that limits the Kubernetes workspace start time" | |
| `+CHE_INFRA_KUBERNETES_INGRESS__START__TIMEOUT__MIN+`,"`+5+`","Defines the timeout in minutes that limits the period for which Kubernetes Ingress become ready" | |
| `+CHE_INFRA_KUBERNETES_WORKSPACE__UNRECOVERABLE__EVENTS+`,"`+FailedMount,FailedScheduling,MountVolume.SetUp failed,Failed to pull image,FailedCreate+`","If during workspace startup an unrecoverable event defined in the property occurs,terminate workspace immediately instead of waiting until timeoutNote that this SHOULD NOT include a mere 'Failed' reason, because that might catch events that are not unrecoverable.A failed container startup is handled explicitly by {prod-short} server." | |
| `+CHE_INFRA_KUBERNETES_PVC_ENABLED+`,"`+true+`","Defines whether use the Persistent Volume Claim for che workspace needse.g backup projects, logs etc or disable it." | |
| `+CHE_INFRA_KUBERNETES_PVC_STRATEGY+`,"`+common+`","Defined which strategy will be used while choosing PVC for workspaces.Supported strategies:- 'common' All workspaces in the same Kubernetes Namespace will reuse the same PVC. Name of PVC may be configured with 'che.infra.kubernetes.pvc.name'. Existing PVC will be used or new one will be created if it doesn't exist.- 'unique' Separate PVC for each workspace's volume will be used. Name of PVC is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + `+{generated_8_chars}+`'. Existing PVC will be used or a new one will be created if it doesn't exist.- 'per-workspace' Separate PVC for each workspace will be used. Name of PVC is evaluated as '{che.infra.kubernetes.pvc.name} + '-' + `+{WORKSPACE_ID}+`'. Existing PVC will be used or a new one will be created if it doesn't exist." | |
| `+CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS+`,"`+true+`","Defines whether to run a job that creates workspace's subpath directories in persistent volume for the 'common' strategy before launching a workspace.Necessary in some versions of OpenShift/Kubernetes as workspace subpath volume mounts are created with root permissions,and thus cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in {prod-short}).The default is 'true', but should be set to false if the version of Openshift/Kubernetes creates subdirectories with user permissions.Relevant issue: https://github.com/kubernetes/kubernetes/issues/41638Note that this property has effect only if the 'common' PVC strategy used." | |
| `+CHE_INFRA_KUBERNETES_PVC_NAME+`,"`+claim-che-workspace+`","Defines the settings of PVC name for che workspaces.Each PVC strategy suplies this value differently.See doc for che.infra.kubernetes.pvc.strategy property" | |
| `+CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME+`,"`++`","Defines the storage class of Persistent Volume Claim for the workspaces.Empty strings means 'use default'." | |
| `+CHE_INFRA_KUBERNETES_PVC_QUANTITY+`,"`+10Gi+`","Defines the size of Persistent Volume Claim of che workspace.Format described here:https://docs.openshift.com/container-platform/latest/dev_guide/compute_resources.htmldev-compute-resources" | |
| `+CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE+`,"`+centos:centos7+`","Pod that is launched when performing persistent volume claim maintenance jobs on OpenShift" | |
| `+CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE_PULL__POLICY+`,"`+IfNotPresent+`","Image pull policy of container that used for the maintenance jobs on Kubernetes/OpenShift cluster" | |
| `+CHE_INFRA_KUBERNETES_PVC_JOBS_MEMORYLIMIT+`,"`+250Mi+`","Defines pod memory limit for persistent volume claim maintenance jobs" | |
| `+CHE_INFRA_KUBERNETES_PVC_ACCESS__MODE+`,"`+ReadWriteOnce+`","Defines Persistent Volume Claim access mode.Note that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces.If OpenShift flavor where che running is using PVs with RWX access mode then a limit of running workspaces at the same timebounded only by che limits configuration like(RAM, CPU etc).Detailed information about access mode is described here:https://docs.openshift.com/container-platform/latest/architecture/additional_concepts/storage.htmlpv-access-modes" | |
| `+CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND+`,"`+true+`","Defines whether {prod-short} Server should wait workspaces PVCs to become bound after creating.It's used by all PVC strategies.It should be set to `false` in case if `volumeBindingMode` is configured to `WaitForFirstConsumer`otherwise workspace starts will hangs up on phase of waiting PVCs.Default value is true (means that PVCs should be waited to be bound)" | |
| `+CHE_INFRA_KUBERNETES_INSTALLER__SERVER__MIN__PORT+`,"`+10000+`","Defined range of ports for installers serversBy default, installer will use own port, but if it conflicts with another installer serversthen OpenShift infrastructure will reconfigure installer to use first available from this range" | |
| `+CHE_INFRA_KUBERNETES_INSTALLER__SERVER__MAX__PORT+`,"`+20000+`","Defined range of ports for installers serversBy default, installer will use own port, but if it conflicts with another installer serversthen OpenShift infrastructure will reconfigure installer to use first available from this range" | |
| `+CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON+`,"`+NULL+`","Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingresscontroller.OpenShift infrastructure ignores this property because it uses Routes instead of ingresses.Note that for a single-host deployment strategy to work, a controller supporting URL rewriting has to beused (so that URLs can point to different servers while the servers don't need to support changing the app root).The che.infra.kubernetes.ingress.path.rewrite_transform property defines how the path of the ingress should betransformed to support the URL rewriting and this property defines the set of annotations on the ingress itselfthat instruct the chosen ingress controller to actually do the URL rewriting, potentially building on the pathtransformation (if required by the chosen ingress controller).For example for nginx ingress controller 0.22.0 and later the following value is recommended:{'ingress.kubernetes.io/rewrite-target': '/$1','ingress.kubernetes.io/ssl-redirect': 'false',\ 'ingress.kubernetes.io/proxy-connect-timeout': '3600','ingress.kubernetes.io/proxy-read-timeout': '3600'}and the che.infra.kubernetes.ingress.path.rewrite_transform should be set to '%s(.*)'For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely '/' and the path transformto '%s' (see the the che.infra.kubernetes.ingress.path.rewrite_transform property).Please consult the nginx ingress controller documentation for the explanation of how the ingress controller usesthe regular expression present in the ingress path and how it achieves the URL rewriting." | |
| `+CHE_INFRA_KUBERNETES_INGRESS_PATH__TRANSFORM+`,"`+NULL+`","Defines a 'recipe' on how to declare the path of the ingress that should expose a server.The '%s' represents the base public URL of the server and is guaranteed to end with a forward slash. This propertymust be a valid input to the String.format() method and contain exactly one reference to '%s'.Please see the description of the che.infra.kubernetes.ingress.annotations_json property to see how these twoproperties interplay when specifying the ingress annotations and path.If not defined, this property defaults to '%s' (without the quotes) which means that the path is not transformed inany way for use with the ingress controller." | |
| `+CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER+`,"`+NULL+`","Defines security context for pods that will be created by Kubernetes InfraThis is ignored by OpenShift infra" | |
| `+CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP+`,"`+NULL+`","Defines security context for pods that will be created by Kubernetes InfraThis is ignored by OpenShift infra" | |
| `+CHE_INFRA_KUBERNETES_POD_TERMINATION__GRACE__PERIOD__SEC+`,"`+0+`","Defines grace termination period for pods that will be created by Kubernetes / OpenShift infrastructuresGrace termination period of Kubernetes / OpenShift workspace's pods defaults '0', which allows to terminatepods almost instantly and significantly decrease the time required for stopping a workspace.Note: if `terminationGracePeriodSeconds` have been explicitly set in Kubernetes / OpenShift recipe it will not be overridden." | |
| `+CHE_INFRA_KUBERNETES_CLIENT_HTTP_ASYNC__REQUESTS_MAX+`,"`+1000+`","Number of maximum concurrent async web requests(http requests or ongoing web socket calls)supported in the underlying shared http clientof the `KubernetesClient` instances.Default values are 64, and 5 per-host, whichdoesn't seem correct for multi-user scenariosknowing that {prod-short} keeps a number of connectionsopened (e.g. for command or ws-agent logs)" | |
| `+CHE_INFRA_KUBERNETES_CLIENT_HTTP_ASYNC__REQUESTS_MAX__PER__HOST+`,"`+1000+`","Number of maximum concurrent async web requests(http requests or ongoing web socket calls)supported in the underlying shared http clientof the `KubernetesClient` instances.Default values are 64, and 5 per-host, whichdoesn't seem correct for multi-user scenariosknowing that `+{prod-short}+` keeps a number of connectionsopened (e.g. for command or ws-agent logs)" | |
| `+CHE_INFRA_KUBERNETES_CLIENT_HTTP_CONNECTION__POOL_MAX__IDLE+`,"`+5+`","Max number of idle connections in the connection poolof the Kubernetes-client shared http client" | |
| `+CHE_INFRA_KUBERNETES_CLIENT_HTTP_CONNECTION__POOL_KEEP__ALIVE__MIN+`,"`+5+`","Keep-alive timeout of the connection poolof the Kubernetes-client shared http clientin minutes" | |
| `+CHE_INFRA_KUBERNETES_TLS__ENABLED+`,"`+false+`","Creates Ingresses with Transport Layer Security (TLS) enabledIn OpenShift infrastructure, Routes will be TLS-enabled" | |
| `+CHE_INFRA_KUBERNETES_TLS__SECRET+`,"`++`","Name of a secret that should be used when creating workspace ingresses with TLSIgnored by OpenShift infrastructure" | |
| `+CHE_INFRA_KUBERNETES_TLS__KEY+`,"`+NULL+`","Data for TLS Secret that should be used for workspaces Ingressescert and key should be encoded with Base64 algorithmThese properties are ignored by OpenShift infrastructure" | |
| `+CHE_INFRA_KUBERNETES_TLS__CERT+`,"`+NULL+`","Data for TLS Secret that should be used for workspaces Ingressescert and key should be encoded with Base64 algorithmThese properties are ignored by OpenShift infrastructure" | |
| `+CHE_INFRA_KUBERNETES_RUNTIMES__CONSISTENCY__CHECK__PERIOD__MIN+`,"`+-1+`","Defines the period with which runtimes consistency checks will be performed.If runtime has inconsistent state then runtime will be stopped automatically.Value must be more than 0 or `-1`, where `-1` means that checks won't be performed at all.It is disabled by default because there is possible {prod-short} Server configuration when {prod-short} Serverdoesn't have an ability to interact with Kubernetes API when operation is not invoked by user.It DOES work on the following configurations:- workspaces objects are created in the same namespace where {prod-short} Server is located;- cluster-admin service account token is mount to {prod-short} Server pod;It DOES NOT work on the following configurations:- {prod-short} Server communicates with Kubernetes API using token from OAuth provider;" | |
| ,=== | |
| .OpenShift Infra parameters | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_INFRA_OPENSHIFT_PROJECT+`,"`++`","DEPRECATED - please do not change the value of this property otherwise the existing workspaces will loose data. Do notset it on new installations.Defines OpenShift namespace in which all workspaces will be created.If not set, every workspace will be created in a new project, where project name = workspace idIt's possible to use <username> and <userid> placeholders (e.g.: che-workspace-<username>).In that case, new project will be created for each user. OpenShift oauth or service account withpermission to create new projects must be used.If the project pointed to by this property exists, it will be used for all workspaces. If it does not exist,the namespace specified by the che.infra.kubernetes.namespace.default will be created and used." | |
| `+CHE_SINGLEPORT_WILDCARD__DOMAIN_HOST+`,"`+NULL+`","Single port mode wildcard domain host & port. nip.io is used by default" | |
| `+CHE_SINGLEPORT_WILDCARD__DOMAIN_PORT+`,"`+NULL+`","Single port mode wildcard domain host & port. nip.io is used by default" | |
| `+CHE_SINGLEPORT_WILDCARD__DOMAIN_IPLESS+`,"`+false+`","Enable single port custom DNS without inserting the IP" | |
| ,=== | |
| .Experimental properties | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_WORKSPACE_PLUGIN__BROKER_METADATA_IMAGE+`,"`+quay.io/eclipse/che-plugin-metadata-broker:v3.1.2+`","Docker image of {prod-short} plugin broker app that resolves workspace tooling configuration and copiesplugins dependencies to a workspace" | |
| `+CHE_WORKSPACE_PLUGIN__BROKER_ARTIFACTS_IMAGE+`,"`+quay.io/eclipse/che-plugin-artifacts-broker:v3.1.2+`","Docker image of `+{prod-short}+` plugin broker app that resolves workspace tooling configuration and copiesplugins dependencies to a workspace" | |
| `+CHE_WORKSPACE_PLUGIN__BROKER_PULL__POLICY+`,"`+Always+`","Docker image of {prod-short} plugin broker app that resolves workspace tooling configuration and copiesplugins dependencies to a workspace" | |
| `+CHE_WORKSPACE_PLUGIN__BROKER_WAIT__TIMEOUT__MIN+`,"`+3+`","Defines the timeout in minutes that limits the max period of result waiting for plugin broker." | |
| `+CHE_WORKSPACE_PLUGIN__REGISTRY__URL+`,"`+https://che-plugin-registry.prod-preview.openshift.io/v3+`","Workspace tooling plugins registry endpoint. Should be a valid HTTP URL.Example: http://che-plugin-registry-eclipse-che.192.168.65.2.nip.ioIn case {prod-short} plugins tooling is not needed value 'NULL' should be used" | |
| `+CHE_WORKSPACE_DEVFILE__REGISTRY__URL+`,"`+https://che-devfile-registry.prod-preview.openshift.io/+`","Devfile Registry endpoint. Should be a valid HTTP URL.Example: http://che-devfile-registry-eclipse-che.192.168.65.2.nip.ioIn case {prod-short} plugins tooling is not needed value 'NULL' should be used" | |
| `+CHE_WORKSPACE_PERSIST__VOLUMES_DEFAULT+`,"`+true+`","Defines a default value for persist volumes that clients like Dashboardshould propose for users during workspace creation.Possible values: true or falseIn case of true - PersistentVolumeClaims are used by declared volumes by user and plugins. `true`value is supposed not to be set explicitly in Devfile attributes since it's default fixed behaviour.In case of false - emptyDir is used instead of PVCs. Note that data will be lost after workspace restart." | |
| `+CHE_SERVER_SECURE__EXPOSER+`,"`+default+`","Configures in which way secure servers will be protected with authentication.Suitable values: - 'default': jwtproxy is configured in a pass-through mode. So, servers should authenticate requests themselves. - 'jwtproxy': jwtproxy will authenticate requests. So, servers will receive only authenticated ones." | |
| `+CHE_SERVER_SECURE__EXPOSER_JWTPROXY_TOKEN_ISSUER+`,"`+wsmaster+`","Jwtproxy issuer string, token lifetime and optional auth page path to route unsigned requests to." | |
| `+CHE_SERVER_SECURE__EXPOSER_JWTPROXY_TOKEN_TTL+`,"`+8800h+`","Jwtproxy issuer string, token lifetime and optional auth page path to route unsigned requests to." | |
| `+CHE_SERVER_SECURE__EXPOSER_JWTPROXY_AUTH_LOADER_PATH+`,"`+/_app/loader.html+`","Jwtproxy issuer string, token lifetime and optional auth page path to route unsigned requests to." | |
| `+CHE_SERVER_SECURE__EXPOSER_JWTPROXY_IMAGE+`,"`+quay.io/eclipse/che-jwtproxy:fd94e60+`","Jwtproxy issuer string, token lifetime and optional auth page path to route unsigned requests to." | |
| `+CHE_SERVER_SECURE__EXPOSER_JWTPROXY_MEMORY__LIMIT+`,"`+128mb+`","Jwtproxy issuer string, token lifetime and optional auth page path to route unsigned requests to." | |
| ,=== | |
| .Configuration of major "/websocket" endpoint | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_CORE_JSONRPC_PROCESSOR__MAX__POOL__SIZE+`,"`+50+`","Maximum size of the JSON RPC processing poolin case if pool size would be exceeded message execution will be rejected" | |
| `+CHE_CORE_JSONRPC_PROCESSOR__CORE__POOL__SIZE+`,"`+5+`","Initial json processing pool. Minimum number of threads that used to process major JSON RPC messages." | |
| `+CHE_CORE_JSONRPC_PROCESSOR__QUEUE__CAPACITY+`,"`+100000+`","Configuration of queue used to process Json RPC messages." | |
| ,=== | |
| .Configuration of major "/websocket-minor" endpoint | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_CORE_JSONRPC_MINOR__PROCESSOR__MAX__POOL__SIZE+`,"`+100+`","Maximum size of the JSON RPC processing poolin case if pool size would be exceeded message execution will be rejected" | |
| `+CHE_CORE_JSONRPC_MINOR__PROCESSOR__CORE__POOL__SIZE+`,"`+15+`","Initial json processing pool. Minimum number of threads that used to process minor JSON RPC messages." | |
| `+CHE_CORE_JSONRPC_MINOR__PROCESSOR__QUEUE__CAPACITY+`,"`+10000+`","Configuration of queue used to process Json RPC messages." | |
| `+CHE_METRICS_PORT+`,"`+8087+`","Port the the http server endpoint that would be exposed with Prometheus metrics" | |
| ,=== | |
| .CORS settings | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_CORS_ALLOWED__ORIGINS+`,"`+*+`","CORS filter on WS Master is turned off by default.Use environment variable 'CHE_CORS_ENABLED=true' to turn it on'cors.allowed.origins' indicates which request origins are allowed" | |
| `+CHE_CORS_ALLOW__CREDENTIALS+`,"`+false+`","'cors.support.credentials' indicates if it allows processing of requests with credentials(in cookies, headers, TLS client certificates)" | |
| ,=== | |
| .Factory defaults | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_FACTORY_DEFAULT__EDITOR+`,"`+eclipse/che-theia/next+`","Editor and plugin which will be used for factories which are created from remote git repositorywhich doesn't contain any {prod-short}-specific workspace descriptors (like .devfile of .factory.json)Multiple plugins must be comma-separated, for example:pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion" | |
| `+CHE_FACTORY_DEFAULT__PLUGINS+`,"`+eclipse/che-machine-exec-plugin/nightly+`","Editor and plugin which will be used for factories which are created from remote git repositorywhich doesn't contain any `+{prod-short}+`-specific workspace descriptors (like .devfile of .factory.json)Multiple plugins must be comma-separated, for example:pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion" | |
| ,=== | |
| .Devfile defaults | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_WORKSPACE_DEVFILE_DEFAULT__EDITOR+`,"`+eclipse/che-theia/next+`","Default Editor that should be provisioned into Devfile if there is no specified EditorFormat is `editorPublisher/editorName/editorVersion` value.`NULL` or absence of value means that default editor should not be provisioned." | |
| `+CHE_WORKSPACE_DEVFILE_DEFAULT__EDITOR_PLUGINS+`,"`+eclipse/che-machine-exec-plugin/nightly #+`","Default Plugins which should be provisioned for Default Editor.All the plugins from this list that are not explicitly mentioned in the user-defined devfilewill be provisioned but only when the default editor is used or if the user-defined editor isthe same as the default one (even if in different version).Format is comma-separated `pluginPublisher/pluginName/pluginVersion` values, and URLs. For example:eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yamlIf the plugin is a URL, the plugin's meta.yaml is retrieved from that URL." | |
| ,=== | |
| .Che system | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_SYSTEM_SUPER__PRIVILEGED__MODE+`,"`+false+`","System Super Privileged Mode.Grants users with the manageSystem permission additional permissions forgetByKey, getByNameSpace, stopWorkspaces, and getResourcesInformation.These are not given to admins by default and these permissions allowadmins gain visibility to any workspace along with naming themselveswith admin privileges to those workspaces." | |
| `+CHE_SYSTEM_ADMIN__NAME+`,"`+admin+`","Grant system permission for 'che.admin.name' user. If the user already exists it'll happen oncomponent startup, if not - during the first login when user is persisted in the database." | |
| ,=== | |
| .Workspace limits | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_LIMITS_WORKSPACE_ENV_RAM+`,"`+16gb+`","Workspaces are the fundamental runtime for users when doing development. You can setparameters that limit how workspaces are created and the resources that are consumed.The maximum amount of RAM that a user can allocate to a workspace when theycreate a new workspace. The RAM slider is adjusted to this maximum value." | |
| `+CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT+`,"`+1800000+`","The length of time that a user is idle with their workspace when the system willsuspend the workspace and then stopping it. Idleness is thelength of time that the user has not interacted with the workspace, meaning thatone of our agents has not received interaction. Leaving a browser window opencounts toward idleness." | |
| ,=== | |
| .Users workspace limits | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_LIMITS_USER_WORKSPACES_RAM+`,"`+-1+`","The total amount of RAM that a single user is allowed to allocate to runningworkspaces. A user can allocate this RAM to a single workspace or spread itacross multiple workspaces." | |
| `+CHE_LIMITS_USER_WORKSPACES_COUNT+`,"`+-1+`","The maximum number of workspaces that a user is allowed to create. The user willbe presented with an error message if they try to create additional workspaces.This applies to the total number of both running and stopped workspaces." | |
| `+CHE_LIMITS_USER_WORKSPACES_RUN_COUNT+`,"`+1+`","The maximum number of running workspaces that a single user is allowed to have.If the user has reached this threshold and they try to start an additionalworkspace, they will be prompted with an error message. The user will need tostop a running workspace to activate another." | |
| ,=== | |
| .Organizations workspace limits | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_LIMITS_ORGANIZATION_WORKSPACES_RAM+`,"`+-1+`","The total amount of RAM that a single organization (team) is allowed to allocateto running workspaces. An organization owner can allocate this RAM however theysee fit across the team's workspaces." | |
| `+CHE_LIMITS_ORGANIZATION_WORKSPACES_COUNT+`,"`+-1+`","The maximum number of workspaces that a organization is allowed to own. Theorganization will be presented an error message if they try to createadditional workspaces. This applies to the total number of both runningand stopped workspaces." | |
| `+CHE_LIMITS_ORGANIZATION_WORKSPACES_RUN_COUNT+`,"`+-1+`","The maximum number of running workspaces that a single organization is allowed.If the organization has reached this threshold and they try to start anadditional workspace, they will be prompted with an error message. Theorganization will need to stop a running workspace to activate another." | |
| `+CHE_MAIL_FROM__EMAIL__ADDRESS+`,"`+che@noreply.com+`","Address that will be used as from email for email notifications" | |
| ,=== | |
| .Organizations notifications settings | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_ORGANIZATION_EMAIL_MEMBER__ADDED__SUBJECT+`,"`+You've been added to a Che Organization+`","Organization notifications sunjects and templates" | |
| `+CHE_ORGANIZATION_EMAIL_MEMBER__ADDED__TEMPLATE+`,"`+st-html-templates/user_added_to_organization+`","Organization notifications sunjects and templates" | |
| `+CHE_ORGANIZATION_EMAIL_MEMBER__REMOVED__SUBJECT+`,"`+You've been removed from a Che Organization+`","" | |
| `+CHE_ORGANIZATION_EMAIL_MEMBER__REMOVED__TEMPLATE+`,"`+st-html-templates/user_removed_from_organization+`","" | |
| `+CHE_ORGANIZATION_EMAIL_ORG__REMOVED__SUBJECT+`,"`+Che Organization deleted+`","" | |
| `+CHE_ORGANIZATION_EMAIL_ORG__REMOVED__TEMPLATE+`,"`+st-html-templates/organization_deleted+`","" | |
| `+CHE_ORGANIZATION_EMAIL_ORG__RENAMED__SUBJECT+`,"`+Che Organization renamed+`","" | |
| `+CHE_ORGANIZATION_EMAIL_ORG__RENAMED__TEMPLATE+`,"`+st-html-templates/organization_renamed+`","" | |
| ,=== | |
| .Multi-user-specific OpenShift infrastructure configuration | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER+`,"`+NULL+`","Alias of the Openshift identity provider registered in Keycloak,that should be used to create workspace OpenShift resources inOpenshift namespaces owned by the current {prod-short} user.Should be set to NULL if `che.infra.openshift.project`is set to a non-empty value.For more information see the following documentation:https://www.keycloak.org/docs/3.3/server_admin/topics/identity-broker/social/openshift.html" | |
| ,=== | |
| .Keycloak configuration | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_KEYCLOAK_AUTH__SERVER__URL+`,"`+http://${CHE_HOST}:5050/auth+`","Url to keycloak identity provider serverCan be set to NULL only if `che.keycloak.oidcProvider`is used" | |
| `+CHE_KEYCLOAK_REALM+`,"`+che+`","Keycloak realm is used to authenticate usersCan be set to NULL only if `che.keycloak.oidcProvider`is used" | |
| `+CHE_KEYCLOAK_CLIENT__ID+`,"`+che-public+`","Keycloak client id in che.keycloak.realm that is used by dashboard, ide and cli to authenticate users" | |
| ,=== | |
| .RedHat Che specific configuration | |
| ,=== | |
| Environment Variable Name,Default value, Description | |
| `+CHE_KEYCLOAK_OSO_ENDPOINT+`,"`+NULL+`","URL to access OSO oauth tokens" | |
| `+CHE_KEYCLOAK_GITHUB_ENDPOINT+`,"`+NULL+`","URL to access Github oauth tokens" | |
| `+CHE_KEYCLOAK_ALLOWED__CLOCK__SKEW__SEC+`,"`+3+`","The number of seconds to tolerate for clock skew when verifying exp or nbf claims." | |
| `+CHE_KEYCLOAK_USE__NONCE+`,"`+true+`","Use the OIDC optional `nonce` feature to increase security." | |
| `+CHE_KEYCLOAK_JS__ADAPTER__URL+`,"`+NULL+`","URL to the Keycloak Javascript adapter we want to use.if set to NULL, then the default used value is`$++{che.keycloak.auth_server_url}++/js/keycloak.js`,or `<che-server>/api/keycloak/OIDCKeycloak.js`if an alternate `oidc_provider` is used" | |
| `+CHE_KEYCLOAK_OIDC__PROVIDER+`,"`+NULL+`","Base URL of an alternate OIDC provider that providesa discovery endpoint as detailed in the following specificationhttps://openid.net/specs/openid-connect-discovery-1_0.htmlProviderConfig" | |
| `+CHE_KEYCLOAK_USE__FIXED__REDIRECT__URLS+`,"`+false+`","Set to true when using an alternate OIDC provider thatonly supports fixed redirect UrlsThis property is ignored when `che.keycloak.oidc_provider` is NULL" | |
| `+CHE_KEYCLOAK_USERNAME__CLAIM+`,"`+NULL+`","Username claim to be used as user display namewhen parsing JWT tokenif not defined the fallback value is 'preferred_username'" | |
| `+CHE_OAUTH_SERVICE__MODE+`,"`+delegated+`","Configuration of OAuth Authentication Service that can be used in 'embedded' or 'delegated' mode.If set to 'embedded', then the service work as a wrapper to {prod-short}'s OAuthAuthenticator ( as in Single User mode).If set to 'delegated', then the service will use Keycloak IdentityProvider mechanism.Runtime Exception wii be thrown, in case if this property is not set properly." | |
| ,=== | |