Google Git
Sign in
eclipse / www.eclipse.org / che / a71aec8bcf84d4cc1317f8237067c4b6b11d262b / . / docs / next / administration-guide / advanced-configuration-options-for-the-che-server-component / index.html
blob: cbb3e04fd117fa10a71127401af12db3f8cbc2f9 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Advanced configuration options for the Che server component :: Eclipse Che Documentation</title>
<meta name="description" content="Advanced deployment and configuration methods for the Che server component.">
<meta name="keywords" content="administration guide, configuring, configuration, Che server">
<meta name="generator" content="Antora 3.0.2">
<link rel="stylesheet" href="../../../../docs/_/css/site.css">
<link rel="stylesheet" href="../../../../docs/_/css/extra.css">
<link rel="stylesheet" href="../../../../docs/_/font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="icon" href="../../../../docs/_/img/favicon.ico" type="image/x-icon">
<meta name="robots" content="noindex">
<script>var uiRootPath = '../../../../docs/_'</script>
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script>
<script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script>
<script>var uiRootPath = '../../../../docs/_'</script>
</head>
<body class="article">
<header class="header">
<nav class="navbar">
<div class="navbar-brand">
<div class="navbar-item">
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
<img src="../../../../docs/_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo">
<a href="https://www.eclipse.org/che/docs/index.html">Eclipse Che Documentation</a>
</div>
</div>
<div id="topbar-nav" class="navbar-menu">
<div class="navbar-end">
<div class="navbar-item search hide-for-print">
<div id="search-field" class="field">
<input id="search-input" type="text" placeholder="Search the docs">
</div>
</div>
<a class="navbar-item" href="https://www.eclipse.org/che/">Home</a>
<a class="navbar-item" href="https://che.eclipseprojects.io/">Blog</a>
<a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a>
</div>
</div>
</nav>
</header>
<div class="body">
<div class="nav-container" data-component="docs" data-version="next">
<aside class="nav">
<div class="panels">
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../hosted-che/hosted-che/">Eclipse Che hosted by Red Hat</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../hosted-che/try-in-web-ide-github-action/">Try in Web IDE GitHub action</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">User Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/adopting-che/">Adopting Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/developer-workspaces/">Developer workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/first-time-contributors/">Badge for first-time contributors</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/benefits-of-pull-requests-review-in-che/">Reviewing pull and merge requests</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/supported-languages/">Supported languages</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/user-onboarding/">User onboarding</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/starting-a-new-workspace-with-a-clone-of-a-git-repository/">Starting a new workspace with a clone of a Git repository</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/optional-parameters-for-the-urls-for-starting-a-new-workspace/">Optional parameters for the URLs for starting a new workspace</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/url-parameter-concatenation/">URL parameter concatenation</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-workspace-ide/">URL parameter for the workspace IDE</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-starting-duplicate-workspaces/">URL parameter for starting duplicate workspaces</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-devfile-file-name/">URL parameter for the devfile file name</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/url-parameter-for-the-devfile-file-path/">URL parameter for the devfile file path</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/basic-actions-you-can-perform-on-a-workspace/">Basic actions you can perform on a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/authenticating-to-a-git-server-from-a-workspace/">Authenticating to a Git server from a workspace</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../end-user-guide/customizing-workspace-components/">Customizing workspace components</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/selecting-a-workspace-ide/">Selecting a workspace IDE</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/selecting-an-ide-by-using-a-url-parameter/">Selecting an in-browser IDE for a new workspace by using a URL parameter</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/specifying-an-in-browser-ide-for-a-git-repository-by-using-che-editor.yaml/">Specifying an in-browser IDE for a Git repository by using <code>che-editor.yaml</code></a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-credentials-and-configurations-in-workspaces/">Using credentials and configurations in workspaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-git-credentials/">Using Git credentials</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/enabling-artifact-repositories-in-a-restricted-environment/">Enabling artifact repositories in a restricted environment</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-maven-artifact-repositories/">Maven</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-gradle-artifact-repositories/">Gradle</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-npm-artifact-repositories/">npm</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-python-artifact-repositories/">Python</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-go-artifact-repositories/">Go</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../end-user-guide/enabling-nuget-artifact-repositories/">NuGet</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-image-pull-secrets/">Creating image pull Secrets</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/mounting-secrets/">Mounting Secrets</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/mounting-configmaps/">Mounting ConfigMaps</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../end-user-guide/requesting-persistent-storage-for-workspaces/">Requesting persistent storage for workspaces</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/integrating-with-kubernetes/">Integrating with Kubernetes</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/automatic-token-injection/">Automatic Kubernetes token injection</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/navigating-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/navigating-openshift-web-console-from-che/">Navigating OpenShift web console from Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/viewing-che-workspaces-logs/">Viewing Che workspaces logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/investigating-failures-at-a-workspace-start-using-the-verbose-mode/">Troubleshooting workspace start failures</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../end-user-guide/adding-a-vscode-extension/">Adding a Visual Studio Code extension to a workspace</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Administration Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../preparing-the-installation/">Preparing the installation</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../supported-platforms/">Supported platforms</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../architecture-overview/">Architecture</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../server-components/">Server components</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../che-operator/">Che operator</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../devworkspace-operator/">Dev Workspace operator</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../gateway/">Gateway</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../dashboard/">User dashboard</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../devfile-registries/">Devfile registries</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../che-server/">Che server</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../postgresql/">PostgreSQL</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../plug-in-registry/">Plug-in registry</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../user-workspaces/">User workspaces</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../calculating-che-resource-requirements/">Calculating Che resource requirements</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che/">Installing Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-the-chectl-management-tool/">Installing the chectl management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-che-on-openshift-using-cli/">Installing Che on OpenShift using CLI</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-che-on-openshift-using-the-web-console/">Installing Che on OpenShift using the web console</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../installing-che-in-a-restricted-environment/">Installing Che in a restricted environment</a>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../installing-che-locally/">Installing Che locally</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-red-hat-openshift-local/">Installing Che on Red Hat OpenShift Local</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-on-minikube/">Installing Che on Minikube</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-che/">Configuring Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../understanding-the-checluster-custom-resource/">Understanding the <code>CheCluster</code> Custom Resource</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../using-chectl-to-configure-the-checluster-custom-resource-during-installation/">Using chectl to configure the <code>CheCluster</code> Custom Resource during installation</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../using-the-cli-to-configure-the-checluster-custom-resource/">Using the CLI to configure the CheCluster Custom Resource</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../checluster-custom-resource-fields-reference/"><code>CheCluster</code> Custom Resource fields reference</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-namespace-provisioning/">Configuring namespaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-workspace-target-namespace/">Configuring namespace name</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../provisioning-namespaces-in-advance/">Provisioning namespaces in advance</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-server-components/">Configuring server components</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../mounting-a-secret-as-a-file-or-an-environment-variable-into-a-container/">Mounting a Secret or a ConfigMap as a file or an environment variable into a Eclipse&#160;Che container</a>
</li>
<li class="nav-item is-current-page" data-depth="3">
<a class="nav-link" href="./">Advanced configuration options for Che server</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-workspaces-globally/">Configuring workspaces globally</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-the-number-of-workspaces-that-a-user-can-create/">Configuring the number of workspaces that a user can create</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Git with self-signed certificates</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../defining-the-list-of-images-to-pull/">Defining the list of images</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../defining-the-memory-parameters-for-the-image-puller/">Defining the memory settings</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-image-puller-on-openshift-using-the-web-console/">Installing Image Puller on OpenShift using the web console</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-image-puller-on-openshift-using-cli/">Installing Image Puller on OpenShift using CLI</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-observability/">Configuring observability</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../che-theia-workspaces/">Che-Theia workspaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../the-woopra-telemetry-plugin/">The Woopra telemetry plug-in</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../creating-a-telemetry-plugin/">Creating a telemetry plug-in</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-server-logging/">Configuring server logging</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../collecting-logs-using-chectl/">Collecting logs using chectl</a>
</li>
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../monitoring-with-prometheus-and-grafana/">Monitoring with Prometheus and Grafana</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../installing-prometheus-and-grafana/">Installing Prometheus and Grafana</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../monitoring-the-dev-workspace-operator/">Monitoring the Dev Workspace Operator</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../monitoring-che/">Monitoring Che Server</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-networking/">Configuring networking</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-che-hostname/">Configuring Che hostname</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../importing-untrusted-tls-certificates/">Importing untrusted TLS certificates to Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-ingresses/">Configuring Kubernetes Ingress</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-routes/">Configuring OpenShift Route</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../configuring-storage/">Configuring storage</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../installing-che-using-storage-classes/">Installing Che using storage classes</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../branding/">Branding</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../branding-che-theia/">Branding Che-Theia</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../managing-identities-and-authorizations/">Managing identities and authorizations</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../oauth-for-github-gitlab-or-bitbucket/">OAuth for GitHub, GitLab, or Bitbucket</a>
<ul class="nav-list">
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-github/">Configuring OAuth 2.0 for GitHub</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-2-for-gitlab/">Configuring OAuth 2.0 for GitLab</a>
</li>
<li class="nav-item" data-depth="4">
<a class="nav-link" href="../configuring-oauth-1-for-bitbucket/">Configuring OAuth 1.0 for Bitbucket</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../configuring-the-administrative-user/">Configuring the administrative user</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../removing-user-data/">Removing user data</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../managing-workloads-using-the-che-server-api/">Using the Che server API</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../upgrading-che/">Upgrading Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-the-chectl-management-tool/">Upgrading the chectl management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-7-41-on-openshift/">Upgrading Che 7.41 on Red Hat OpenShift</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../specifying-the-update-approval-strategy/">Specifying the update approval strategy</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-web-console/">Upgrading Che using the OpenShift web console</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../upgrading-che-using-the-cli-management-tool-in-restricted-environment/">Upgrading Che in a restricted environment</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../uninstalling-che/">Uninstalling Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/extensions/">Extensions</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Documentation</span>
<span class="version">next</span>
</div>
<ul class="components">
<li class="component is-current">
<a class="title" href="../../../stable/overview/introduction-to-eclipse-che/">Documentation</a>
<ul class="versions">
<li class="version is-current">
<a href="../../overview/introduction-to-eclipse-che/">next</a>
</li>
<li class="version">
<a href="../../../che-7/overview/introduction-to-eclipse-che/">old (7.41)</a>
</li>
<li class="version is-latest">
<a href="../../../stable/overview/introduction-to-eclipse-che/">stable</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main class="article">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../../stable/overview/introduction-to-eclipse-che/" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="../../overview/introduction-to-eclipse-che/">Documentation</a></li>
<li>Administration Guide</li>
<li><a href="../configuring-che/">Configuring Che</a></li>
<li><a href="../configuring-server-components/">Configuring server components</a></li>
<li><a href="./">Advanced configuration options for Che server</a></li>
</ul>
</nav>
<div class="page-versions">
<button class="version-menu-toggle" title="Show other versions of page">next</button>
<div class="version-menu">
<a class="version is-current" href="./">next</a>
<a class="version" href="../../../che-7/installation-guide/advanced-configuration-options-for-the-che-server-component/">old (7.41)</a>
<a class="version is-missing" href="../../../stable/overview/introduction-to-eclipse-che/">stable</a>
</div>
</div>
<div class="edit-this-page"><a href="https://github.com/eclipse/che-docs/edit/main/modules/administration-guide/pages/advanced-configuration-options-for-the-che-server-component.adoc">Edit this Page</a></div>
</div>
<div class="content">
<aside class="toc sidebar" data-title="Contents" data-levels="2">
<div class="toc-menu"></div>
</aside>
<article class="doc">
<h1 class="page">Advanced configuration options for the Che server component</h1>
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>The following section describes advanced deployment and configuration methods for the Che server component.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="understanding-che-server-advanced-configuration_che"><a class="anchor" href="#understanding-che-server-advanced-configuration_che"></a>Understanding Che server advanced configuration</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The following section describes the Che server component advanced configuration method for a deployment.</p>
</div>
<div class="paragraph">
<p>Advanced configuration is necessary to:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Add environment variables not automatically generated by the Operator from the standard <code>CheCluster</code> Custom Resource fields.</p>
</li>
<li>
<p>Override the properties automatically generated by the Operator from the standard <code>CheCluster</code> Custom Resource fields.</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>The <code>customCheProperties</code> field, part of the <code>CheCluster</code> Custom Resource <code>server</code> settings, contains a
map of additional environment variables to apply to the Che server component.</p>
</div>
<div class="exampleblock">
<div class="title">Example 1. Override the default memory limit for workspaces</div>
<div class="content">
<div class="ulist">
<ul>
<li>
<p>Configure the <code>CheCluster</code> Custom Resource. See <a href="../using-the-cli-to-configure-the-checluster-custom-resource/" class="xref page">Using the CLI to configure the CheCluster Custom Resource</a>.</p>
<div class="listingblock">
<div class="content">
<pre class="highlightjs highlight"><code class="language-yaml hljs" data-lang="yaml">spec:
components:
cheServer:
extraProperties:
CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB: "2048"</code></pre>
</div>
</div>
</li>
</ul>
</div>
</div>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
<div class="paragraph">
<p>Previous versions of the Che Operator had a ConfigMap named <code>custom</code> to fulfill this role. If the Che Operator finds a <code>configMap</code> with the name <code>custom</code>, it adds the data it contains into the <code>customCheProperties</code> field, redeploys Che, and deletes the <code>custom</code> <code>configMap</code>.</p>
</div>
</td>
</tr>
</table>
</div>
<div class="ulist">
<div class="title">Additional resources</div>
<ul>
<li>
<p><a href="../checluster-custom-resource-fields-reference/" class="xref page"><code>CheCluster</code> Custom Resource fields reference</a>.</p>
</li>
<li>
<p><a href="#che-server-component-system-properties-reference_che">Che server component system properties reference</a>.</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="che-server-component-system-properties-reference_che"><a class="anchor" href="#che-server-component-system-properties-reference_che"></a>Che server component system properties reference</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The following document describes all possible configuration properties of the Che server component.</p>
</div>
<div class="paragraph">
<p><!-- vale off --></p>
</div>
<div class="sect2">
<h3 id="che-server"><a class="anchor" href="#che-server"></a>Che server</h3>
<div class="sect3">
<h4 id="_che_api"><a class="anchor" href="#_che_api"></a><code>CHE_API</code></h4>
<div class="paragraph">
<p>API service. Browsers initiate REST communications to Che server with this URL.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>http://${CHE_HOST}:${CHE_PORT}/api</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_api_internal"><a class="anchor" href="#_che_api_internal"></a><code>CHE_API_INTERNAL</code></h4>
<div class="paragraph">
<p>API service internal network URL. Back-end services should initiate REST communications to Che server with this URL</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_websocket_endpoint"><a class="anchor" href="#_che_websocket_endpoint"></a><code>CHE_WEBSOCKET_ENDPOINT</code></h4>
<div class="paragraph">
<p>Che WebSocket major endpoint. Provides basic communication endpoint for major WebSocket interactions and messaging.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>ws://${CHE_HOST}:${CHE_PORT}/api/websocket</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_websocket_internal_endpoint"><a class="anchor" href="#_che_websocket_internal_endpoint"></a><code>CHE_WEBSOCKET_INTERNAL_ENDPOINT</code></h4>
<div class="paragraph">
<p>Che WebSocket major internal endpoint. Provides basic communication endpoint for major WebSocket interactions and messaging.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_projects_storage"><a class="anchor" href="#_che_workspace_projects_storage"></a><code>CHE_WORKSPACE_PROJECTS_STORAGE</code></h4>
<div class="paragraph">
<p>Your projects are synchronized from the Che server into the machine running each workspace. This is the directory in the machine where your projects are placed.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>/projects</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_projects_storage_default_size"><a class="anchor" href="#_che_workspace_projects_storage_default_size"></a><code>CHE_WORKSPACE_PROJECTS_STORAGE_DEFAULT_SIZE</code></h4>
<div class="paragraph">
<p>Used when Kubernetes-type components in a devfile request project PVC creation (Applied in case of <code>unique</code> and <code>per workspace</code> PVC strategy. In case of the <code>common</code> PVC strategy, it is rewritten with the value of the <code>che.infra.kubernetes.pvc.quantity</code> property.)</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>1Gi</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_logs_root_dir"><a class="anchor" href="#_che_workspace_logs_root_dir"></a><code>CHE_WORKSPACE_LOGS_ROOT__DIR</code></h4>
<div class="paragraph">
<p>Defines the directory inside the machine where all the workspace logs are placed. Provide this value into the machine, for example, as an environment variable. This is to ensure that agent developers can use this directory to back up agent logs.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>/workspace_logs</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_http_proxy"><a class="anchor" href="#_che_workspace_http_proxy"></a><code>CHE_WORKSPACE_HTTP__PROXY</code></h4>
<div class="paragraph">
<p>Configures environment variable HTTP_PROXY to a specified value in containers powering workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_https_proxy"><a class="anchor" href="#_che_workspace_https_proxy"></a><code>CHE_WORKSPACE_HTTPS__PROXY</code></h4>
<div class="paragraph">
<p>Configures environment variable HTTPS_PROXY to a specified value in containers powering workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_no_proxy"><a class="anchor" href="#_che_workspace_no_proxy"></a><code>CHE_WORKSPACE_NO__PROXY</code></h4>
<div class="paragraph">
<p>Configures environment variable NO_PROXY to a specified value in containers powering workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_auto_start"><a class="anchor" href="#_che_workspace_auto_start"></a><code>CHE_WORKSPACE_AUTO__START</code></h4>
<div class="paragraph">
<p>By default, when users access a workspace with its URL, the workspace automatically starts (if currently stopped). Set this to <code>false</code> to disable this behavior.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_pool_type"><a class="anchor" href="#_che_workspace_pool_type"></a><code>CHE_WORKSPACE_POOL_TYPE</code></h4>
<div class="paragraph">
<p>Workspace threads pool configuration. This pool is used for workspace-related operations that require asynchronous execution, for example, starting and stopping. Possible values are <code>fixed</code> and <code>cached</code>.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>fixed</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_pool_exact_size"><a class="anchor" href="#_che_workspace_pool_exact_size"></a><code>CHE_WORKSPACE_POOL_EXACT__SIZE</code></h4>
<div class="paragraph">
<p>This property is ignored when pool type is different from <code>fixed</code>. It configures the exact size of the pool. When set, the <code>multiplier</code> property is ignored. If this property is not set (<code>0</code>, <code>&lt;0</code>, <code>NULL</code>), then the pool size equals the number of cores. See also <code>che.workspace.pool.cores_multiplier</code>.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>30</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_pool_cores_multiplier"><a class="anchor" href="#_che_workspace_pool_cores_multiplier"></a><code>CHE_WORKSPACE_POOL_CORES__MULTIPLIER</code></h4>
<div class="paragraph">
<p>This property is ignored when pool type is not set to <code>fixed</code>, <code>che.workspace.pool.exact_size</code> is set. When set, the pool size is <code>N_CORES * multiplier</code>.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>2</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_probe_pool_size"><a class="anchor" href="#_che_workspace_probe_pool_size"></a><code>CHE_WORKSPACE_PROBE__POOL__SIZE</code></h4>
<div class="paragraph">
<p>This property specifies how many threads to use for workspace server liveness probes.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>10</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_http_proxy_java_options"><a class="anchor" href="#_che_workspace_http_proxy_java_options"></a><code>CHE_WORKSPACE_HTTP__PROXY__JAVA__OPTIONS</code></h4>
<div class="paragraph">
<p>HTTP proxy setting for workspace JVM.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_java_options"><a class="anchor" href="#_che_workspace_java_options"></a><code>CHE_WORKSPACE_JAVA__OPTIONS</code></h4>
<div class="paragraph">
<p>Java command-line options added to JVMs running in workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-XX:MaxRAM=150m-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_maven_options"><a class="anchor" href="#_che_workspace_maven_options"></a><code>CHE_WORKSPACE_MAVEN__OPTIONS</code></h4>
<div class="paragraph">
<p>Maven command-line options added to JVMs running agents in workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-XX:MaxRAM=150m-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -Dsun.zip.disableMemoryMapping=true -Xms20m -Djava.security.egd=file:/dev/./urandom</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_default_memory_limit_mb"><a class="anchor" href="#_che_workspace_default_memory_limit_mb"></a><code>CHE_WORKSPACE_DEFAULT__MEMORY__LIMIT__MB</code></h4>
<div class="paragraph">
<p>RAM limit default for each machine that has no RAM settings in its environment. Value less or equal to 0 is interpreted as disabling the limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>1024</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_default_memory_request_mb"><a class="anchor" href="#_che_workspace_default_memory_request_mb"></a><code>CHE_WORKSPACE_DEFAULT__MEMORY__REQUEST__MB</code></h4>
<div class="paragraph">
<p>RAM request for each container that has no explicit RAM settings in its environment. This amount is allocated when the workspace container is created. This property may not be supported by all infrastructure implementations. Currently it is supported by Kubernetes. A memory request exceeding the memory limit is ignored, and only the limit size is used. Value less or equal to 0 is interpreted as disabling the limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>200</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_default_cpu_limit_cores"><a class="anchor" href="#_che_workspace_default_cpu_limit_cores"></a><code>CHE_WORKSPACE_DEFAULT__CPU__LIMIT__CORES</code></h4>
<div class="paragraph">
<p>CPU limit for each container that has no CPU settings in its environment. Specify either in floating point cores number, for example, <code>0.125</code>, or using the Kubernetes format, integer millicores, for example, <code>125m</code>. Value less or equal to 0 is interpreted as disabling the limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_default_cpu_request_cores"><a class="anchor" href="#_che_workspace_default_cpu_request_cores"></a><code>CHE_WORKSPACE_DEFAULT__CPU__REQUEST__CORES</code></h4>
<div class="paragraph">
<p>CPU request for each container that has no CPU settings in environment. A CPU request exceeding the CPU limit is ignored, and only limit number is used. Value less or equal to 0 is interpreted as disabling the limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_sidecar_default_memory_limit_mb"><a class="anchor" href="#_che_workspace_sidecar_default_memory_limit_mb"></a><code>CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__LIMIT__MB</code></h4>
<div class="paragraph">
<p>RAM limit for each sidecar that has no RAM settings in the Che plug-in configuration. Value less or equal to 0 is interpreted as disabling the limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>128</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_sidecar_default_memory_request_mb"><a class="anchor" href="#_che_workspace_sidecar_default_memory_request_mb"></a><code>CHE_WORKSPACE_SIDECAR_DEFAULT__MEMORY__REQUEST__MB</code></h4>
<div class="paragraph">
<p>RAM request for each sidecar that has no RAM settings in the Che plug-in configuration.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>64</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_sidecar_default_cpu_limit_cores"><a class="anchor" href="#_che_workspace_sidecar_default_cpu_limit_cores"></a><code>CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__LIMIT__CORES</code></h4>
<div class="paragraph">
<p>CPU limit default for each sidecar that has no CPU settings in the Che plug-in configuration. Specify either in floating point cores number, for example, <code>0.125</code>, or using the Kubernetes format, integer millicores, for example, <code>125m</code>. Value less or equal to 0 is interpreted as disabling the limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_sidecar_default_cpu_request_cores"><a class="anchor" href="#_che_workspace_sidecar_default_cpu_request_cores"></a><code>CHE_WORKSPACE_SIDECAR_DEFAULT__CPU__REQUEST__CORES</code></h4>
<div class="paragraph">
<p>CPU request default for each sidecar that has no CPU settings in the Che plug-in configuration. Specify either in floating point cores number, for example, <code>0.125</code>, or using the Kubernetes format, integer millicores, for example, <code>125m</code>.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_sidecar_image_pull_policy"><a class="anchor" href="#_che_workspace_sidecar_image_pull_policy"></a><code>CHE_WORKSPACE_SIDECAR_IMAGE__PULL__POLICY</code></h4>
<div class="paragraph">
<p>Defines image-pulling strategy for sidecars. Possible values are: <code>Always</code>, <code>Never</code>, <code>IfNotPresent</code>. For any other value, <code>Always</code> is assumed for images with the <code>:latest</code> tag, or <code>IfNotPresent</code> for all other cases.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>Always</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_activity_check_scheduler_period_s"><a class="anchor" href="#_che_workspace_activity_check_scheduler_period_s"></a><code>CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__PERIOD__S</code></h4>
<div class="paragraph">
<p>Period of inactive workspaces suspend job execution.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>60</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_activity_cleanup_scheduler_period_s"><a class="anchor" href="#_che_workspace_activity_cleanup_scheduler_period_s"></a><code>CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__PERIOD__S</code></h4>
<div class="paragraph">
<p>The period of the cleanup of the activity table. The activity table can contain invalid or stale data if some unforeseen errors happen, as a server failure at a peculiar point in time. The default is to run the cleanup job every hour.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>3600</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_activity_cleanup_scheduler_initial_delay_s"><a class="anchor" href="#_che_workspace_activity_cleanup_scheduler_initial_delay_s"></a><code>CHE_WORKSPACE_ACTIVITY__CLEANUP__SCHEDULER__INITIAL__DELAY__S</code></h4>
<div class="paragraph">
<p>The delay after server startup to start the first activity clean up job.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>60</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_activity_check_scheduler_delay_s"><a class="anchor" href="#_che_workspace_activity_check_scheduler_delay_s"></a><code>CHE_WORKSPACE_ACTIVITY__CHECK__SCHEDULER__DELAY__S</code></h4>
<div class="paragraph">
<p>Delay before first workspace idleness check job started to avoid mass suspend if Che server was unavailable for period close to inactivity timeout.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>180</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_cleanup_temporary_initial_delay_min"><a class="anchor" href="#_che_workspace_cleanup_temporary_initial_delay_min"></a><code>CHE_WORKSPACE_CLEANUP__TEMPORARY__INITIAL__DELAY__MIN</code></h4>
<div class="paragraph">
<p>Time to delay the first execution of temporary workspaces cleanup job.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>5</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_cleanup_temporary_period_min"><a class="anchor" href="#_che_workspace_cleanup_temporary_period_min"></a><code>CHE_WORKSPACE_CLEANUP__TEMPORARY__PERIOD__MIN</code></h4>
<div class="paragraph">
<p>Time to delay between the termination of one execution and the commencement of the next execution of temporary workspaces cleanup job</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>180</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_server_ping_success_threshold"><a class="anchor" href="#_che_workspace_server_ping_success_threshold"></a><code>CHE_WORKSPACE_SERVER_PING__SUCCESS__THRESHOLD</code></h4>
<div class="paragraph">
<p>Number of sequential successful pings to server after which it is treated as available. the Che Operator: the property is common for all servers, for example, workspace agent, terminal, exec.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_server_ping_interval_milliseconds"><a class="anchor" href="#_che_workspace_server_ping_interval_milliseconds"></a><code>CHE_WORKSPACE_SERVER_PING__INTERVAL__MILLISECONDS</code></h4>
<div class="paragraph">
<p>Interval, in milliseconds, between successive pings to workspace server.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>3000</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_server_liveness_probes"><a class="anchor" href="#_che_workspace_server_liveness_probes"></a><code>CHE_WORKSPACE_SERVER_LIVENESS__PROBES</code></h4>
<div class="paragraph">
<p>List of servers names which require liveness probes</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>wsagent/http,exec-agent/http,terminal,theia,jupyter,dirigible,cloud-shell,intellij</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_startup_debug_log_limit_bytes"><a class="anchor" href="#_che_workspace_startup_debug_log_limit_bytes"></a><code>CHE_WORKSPACE_STARTUP__DEBUG__LOG__LIMIT__BYTES</code></h4>
<div class="paragraph">
<p>Limit size of the logs collected from single container that can be observed by che-server when debugging workspace startup. default 10MB=10485760</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>10485760</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_stop_role_enabled"><a class="anchor" href="#_che_workspace_stop_role_enabled"></a><code>CHE_WORKSPACE_STOP_ROLE_ENABLED</code></h4>
<div class="paragraph">
<p>If true, 'stop-workspace' role with the edit privileges will be granted to the 'che' ServiceAccount if OpenShift OAuth is enabled. This configuration is mainly required for workspace idling when the OpenShift OAuth is enabled.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_devworkspaces_enabled"><a class="anchor" href="#_che_devworkspaces_enabled"></a><code>CHE_DEVWORKSPACES_ENABLED</code></h4>
<div class="paragraph">
<p>Specifies whether Che is deployed with DevWorkspaces enabled. This property is set by the Che Operator if it also installed the support for DevWorkspaces. This property is used to advertise this fact to the Che dashboard. It does not make sense to change the value of this property manually.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="authentication-parameters"><a class="anchor" href="#authentication-parameters"></a>Authentication parameters</h3>
<div class="sect3">
<h4 id="_che_auth_user_self_creation"><a class="anchor" href="#_che_auth_user_self_creation"></a><code>CHE_AUTH_USER__SELF__CREATION</code></h4>
<div class="paragraph">
<p>Che has a single identity implementation, so this does not change the user experience. If true, enables user creation at API level</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_auth_access_denied_error_page"><a class="anchor" href="#_che_auth_access_denied_error_page"></a><code>CHE_AUTH_ACCESS__DENIED__ERROR__PAGE</code></h4>
<div class="paragraph">
<p>Authentication error page address</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>/error-oauth</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_auth_reserved_user_names"><a class="anchor" href="#_che_auth_reserved_user_names"></a><code>CHE_AUTH_RESERVED__USER__NAMES</code></h4>
<div class="paragraph">
<p>Reserved user names</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth2_github_clientid_filepath"><a class="anchor" href="#_che_oauth2_github_clientid_filepath"></a><code>CHE_OAUTH2_GITHUB_CLIENTID__FILEPATH</code></h4>
<div class="paragraph">
<p>Configuration of GitHub OAuth2 client. Used to obtain Personal access tokens. Location of the file with GitHub client id.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth2_github_clientsecret_filepath"><a class="anchor" href="#_che_oauth2_github_clientsecret_filepath"></a><code>CHE_OAUTH2_GITHUB_CLIENTSECRET__FILEPATH</code></h4>
<div class="paragraph">
<p>Location of the file with GitHub client secret.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_github_authuri"><a class="anchor" href="#_che_oauth_github_authuri"></a><code>CHE_OAUTH_GITHUB_AUTHURI</code></h4>
<div class="paragraph">
<p>GitHub OAuth authorization URI.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>https://github.com/login/oauth/authorize</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_github_tokenuri"><a class="anchor" href="#_che_oauth_github_tokenuri"></a><code>CHE_OAUTH_GITHUB_TOKENURI</code></h4>
<div class="paragraph">
<p>GitHub OAuth token URI.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>https://github.com/login/oauth/access_token</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_github_redirecturis"><a class="anchor" href="#_che_oauth_github_redirecturis"></a><code>CHE_OAUTH_GITHUB_REDIRECTURIS</code></h4>
<div class="paragraph">
<p>GitHub OAuth redirect URIs. Separate multiple values with comma, for example: URI,URI,URI</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>http://localhost:${CHE_PORT}/api/oauth/callback</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_openshift_clientid"><a class="anchor" href="#_che_oauth_openshift_clientid"></a><code>CHE_OAUTH_OPENSHIFT_CLIENTID</code></h4>
<div class="paragraph">
<p>Configuration of OpenShift OAuth client. Used to obtain OpenShift OAuth token. OpenShift OAuth client ID.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_openshift_clientsecret"><a class="anchor" href="#_che_oauth_openshift_clientsecret"></a><code>CHE_OAUTH_OPENSHIFT_CLIENTSECRET</code></h4>
<div class="paragraph">
<p>Configurationof OpenShift OAuth client. Used to obtain OpenShift OAuth token. OpenShift OAuth client ID. OpenShift OAuth client secret.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_openshift_oauth_endpoint"><a class="anchor" href="#_che_oauth_openshift_oauth_endpoint"></a><code>CHE_OAUTH_OPENSHIFT_OAUTH__ENDPOINT</code></h4>
<div class="paragraph">
<p>ConfigurationofOpenShift OAuth client. Used to obtain OpenShift OAuth token. OpenShift OAuth client ID. OpenShift OAuth client secret. OpenShift OAuth endpoint.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_openshift_verify_token_url"><a class="anchor" href="#_che_oauth_openshift_verify_token_url"></a><code>CHE_OAUTH_OPENSHIFT_VERIFY__TOKEN__URL</code></h4>
<div class="paragraph">
<p>ConfigurationofOpenShiftOAuth client. Used to obtain OpenShift OAuth token. OpenShift OAuth client ID. OpenShift OAuth client secret. OpenShift OAuth endpoint. OpenShift OAuth verification token URL.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth1_bitbucket_consumerkeypath"><a class="anchor" href="#_che_oauth1_bitbucket_consumerkeypath"></a><code>CHE_OAUTH1_BITBUCKET_CONSUMERKEYPATH</code></h4>
<div class="paragraph">
<p>Configuration of Bitbucket Server OAuth1 client. Used to obtain Personal access tokens. Location of the file with Bitbucket Server application consumer key (equivalent to a username).</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth1_bitbucket_privatekeypath"><a class="anchor" href="#_che_oauth1_bitbucket_privatekeypath"></a><code>CHE_OAUTH1_BITBUCKET_PRIVATEKEYPATH</code></h4>
<div class="paragraph">
<p>Configurationof Bitbucket Server OAuth1 client. Used to obtain Personal access tokens. Location of the file with Bitbucket Server application consumer key (equivalent to a username). Location of the file with Bitbucket Server application private key</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth1_bitbucket_endpoint"><a class="anchor" href="#_che_oauth1_bitbucket_endpoint"></a><code>CHE_OAUTH1_BITBUCKET_ENDPOINT</code></h4>
<div class="paragraph">
<p>ConfigurationofBitbucket Server OAuth1 client. Used to obtain Personal access tokens. Location of the file with Bitbucket Server application consumer key (equivalent to a username). Location of the file with Bitbucket Server application private key Bitbucket Server URL. To work correctly with factories the same URL has to be part of <code>che.integration.bitbucket.server_endpoints</code> too.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="internal"><a class="anchor" href="#internal"></a>Internal</h3>
<div class="sect3">
<h4 id="_schedule_core_pool_size"><a class="anchor" href="#_schedule_core_pool_size"></a><code>SCHEDULE_CORE__POOL__SIZE</code></h4>
<div class="paragraph">
<p>Che extensions can be scheduled executions on a time basis. This configures the size of the thread pool allocated to extensions that are launched on a recurring schedule.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>10</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_db_schema_flyway_baseline_enabled"><a class="anchor" href="#_db_schema_flyway_baseline_enabled"></a><code>DB_SCHEMA_FLYWAY_BASELINE_ENABLED</code></h4>
<div class="paragraph">
<p>DB initialization and migration configuration If true, ignore scripts up to the version configured by baseline.version.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_db_schema_flyway_baseline_version"><a class="anchor" href="#_db_schema_flyway_baseline_version"></a><code>DB_SCHEMA_FLYWAY_BASELINE_VERSION</code></h4>
<div class="paragraph">
<p>Scripts with version up to this are ignored. Note that scripts with version equal to baseline version are also ignored.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>5.0.0.8.1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_db_schema_flyway_scripts_prefix"><a class="anchor" href="#_db_schema_flyway_scripts_prefix"></a><code>DB_SCHEMA_FLYWAY_SCRIPTS_PREFIX</code></h4>
<div class="paragraph">
<p>Prefix of migration scripts.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_db_schema_flyway_scripts_suffix"><a class="anchor" href="#_db_schema_flyway_scripts_suffix"></a><code>DB_SCHEMA_FLYWAY_SCRIPTS_SUFFIX</code></h4>
<div class="paragraph">
<p>Suffix of migration scripts.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>.sql</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_db_schema_flyway_scripts_version_separator"><a class="anchor" href="#_db_schema_flyway_scripts_version_separator"></a><code>DB_SCHEMA_FLYWAY_SCRIPTS_VERSION__SEPARATOR</code></h4>
<div class="paragraph">
<p>Separator of version from the other part of script name.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>__</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_db_schema_flyway_scripts_locations"><a class="anchor" href="#_db_schema_flyway_scripts_locations"></a><code>DB_SCHEMA_FLYWAY_SCRIPTS_LOCATIONS</code></h4>
<div class="paragraph">
<p>Locations where to search migration scripts.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>classpath:che-schema</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="kubernetes-infra-parameters"><a class="anchor" href="#kubernetes-infra-parameters"></a>Kubernetes Infra parameters</h3>
<div class="sect3">
<h4 id="_che_infra_kubernetes_master_url"><a class="anchor" href="#_che_infra_kubernetes_master_url"></a><code>CHE_INFRA_KUBERNETES_MASTER__URL</code></h4>
<div class="paragraph">
<p>Configuration of Kubernetes client master URL that Infra will use.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_trust_certs"><a class="anchor" href="#_che_infra_kubernetes_trust_certs"></a><code>CHE_INFRA_KUBERNETES_TRUST__CERTS</code></h4>
<div class="paragraph">
<p>Boolean to configure Kubernetes client to use trusted certificates.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_cluster_domain"><a class="anchor" href="#_che_infra_kubernetes_cluster_domain"></a><code>CHE_INFRA_KUBERNETES_CLUSTER__DOMAIN</code></h4>
<div class="paragraph">
<p>Kubernetes cluster domain. If not set, svc names will not contain information about the cluster domain.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_server_strategy"><a class="anchor" href="#_che_infra_kubernetes_server_strategy"></a><code>CHE_INFRA_KUBERNETES_SERVER__STRATEGY</code></h4>
<div class="paragraph">
<p>Defines the way how servers are exposed to the world in Kubernetes infra. List of strategies implemented in Che: <code>default-host</code>, <code>multi-host</code>, <code>single-host</code>.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>multi-host</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_singlehost_workspace_exposure"><a class="anchor" href="#_che_infra_kubernetes_singlehost_workspace_exposure"></a><code>CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_EXPOSURE</code></h4>
<div class="paragraph">
<p>Defines the way in which the workspace plugins and editors are exposed in the single-host mode. Supported exposures: <code>native</code>: Exposes servers using Kubernetes Ingresses. Works only on Kubernetes. <code>gateway</code>: Exposes servers using reverse-proxy gateway.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>native</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_singlehost_workspace_devfile_endpoint_exposure"><a class="anchor" href="#_che_infra_kubernetes_singlehost_workspace_devfile_endpoint_exposure"></a><code>CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_DEVFILE__ENDPOINT__EXPOSURE</code></h4>
<div class="paragraph">
<p>Defines the way how to expose devfile endpoints, as end-user&#8217;s applications, in single-host server strategy. They can either follow the single-host strategy and be exposed on subpaths, or they can be exposed on subdomains. <code>multi-host</code>: expose on subdomains <code>single-host</code>: expose on subpaths</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>multi-host</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_singlehost_gateway_configmap_labels"><a class="anchor" href="#_che_infra_kubernetes_singlehost_gateway_configmap_labels"></a><code>CHE_INFRA_KUBERNETES_SINGLEHOST_GATEWAY_CONFIGMAP__LABELS</code></h4>
<div class="paragraph">
<p>Defines labels which will be set to ConfigMaps configuring single-host gateway.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>app=che,component=che-gateway-config</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_ingress_domain"><a class="anchor" href="#_che_infra_kubernetes_ingress_domain"></a><code>CHE_INFRA_KUBERNETES_INGRESS_DOMAIN</code></h4>
<div class="paragraph">
<p>Used to generate domain for a server in a workspace in case property <code>che.infra.kubernetes.server_strategy</code> is set to <code>multi-host</code></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_namespace_creation_allowed"><a class="anchor" href="#_che_infra_kubernetes_namespace_creation_allowed"></a><code>CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED</code></h4>
<div class="paragraph">
<p>Indicates whether Che server is allowed to create namespace for user workspaces, or they&#8217;re intended to be created manually by cluster administrator. This property is also used by the OpenShift infra.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_namespace_default"><a class="anchor" href="#_che_infra_kubernetes_namespace_default"></a><code>CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT</code></h4>
<div class="paragraph">
<p>Defines Kubernetes default namespace in which user&#8217;s workspaces are created if user does not override it. It&#8217;s possible to use <code>&lt;username&gt;</code> and <code>&lt;userid&gt;</code> placeholders (for example: <code>che-workspace-&lt;username&gt;</code>). In that case, new namespace will be created for each user. Used by OpenShift infra as well to specify a Project. The <code>&lt;username&gt;</code> or <code>&lt;userid&gt;</code> placeholder is mandatory.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>&lt;username&gt;-che</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_namespace_label"><a class="anchor" href="#_che_infra_kubernetes_namespace_label"></a><code>CHE_INFRA_KUBERNETES_NAMESPACE_LABEL</code></h4>
<div class="paragraph">
<p>Defines whether che-server should try to label the workspace namespaces. NOTE: It is strongly recommended to keep the value of this property set to true. If false, the new workspace namespaces will not be labeled automatically and therefore not recognized by the Che operator making some features of DevWorkspaces not working. If false, an administrator is required to label the namespaces manually using the labels specified in che.infra.kubernetes.namespace.labels. If you want to manage the namespaces yourself, make sure to follow https://www.eclipse.org/che/docs/stable/administration-guide/provisioning-namespaces-in-advance/. Any additional labels present on the namespace are kept in place and do not affect the functionality. Also note that the the administrator is free to pre-create and label the namespaces manually even if this property is true. No updates to the namespaces are done if they already conform to the labeling requirements.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_namespace_annotate"><a class="anchor" href="#_che_infra_kubernetes_namespace_annotate"></a><code>CHE_INFRA_KUBERNETES_NAMESPACE_ANNOTATE</code></h4>
<div class="paragraph">
<p>Defines whether che-server should try to annotate the workspace namespaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_namespace_labels"><a class="anchor" href="#_che_infra_kubernetes_namespace_labels"></a><code>CHE_INFRA_KUBERNETES_NAMESPACE_LABELS</code></h4>
<div class="paragraph">
<p>List of labels to find namespace that are used for Che Workspaces. They are used to: - find prepared namespace for users in combination with <code>che.infra.kubernetes.namespace.annotations</code>. - actively label namespace with any workspace. NOTE: It is strongly recommended not to change the value of this property because the Che operator relies on these labels and their precise values when reconciling DevWorkspaces. If this configuration is changed, the namespaces will not be automatically recognized by the Che operator as workspace namespaces unless manually labeled as such using the default labels and values. Additional labels on the namespace do not affect the functionality.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspaces-namespace</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_namespace_annotations"><a class="anchor" href="#_che_infra_kubernetes_namespace_annotations"></a><code>CHE_INFRA_KUBERNETES_NAMESPACE_ANNOTATIONS</code></h4>
<div class="paragraph">
<p>List of annotations to find namespace prepared for Che users workspaces. Only namespace matching the <code>che.infra.kubernetes.namespace.labels</code> will be matched against these annotations. namespace that matches both <code>che.infra.kubernetes.namespace.labels</code> and <code>che.infra.kubernetes.namespace.annotations</code> will be preferentially used for User&#8217;s workspaces. It&#8217;s possible to use <code>&lt;username&gt;</code> placeholder to specify the namespace to concrete user. They are used to: - find prepared namespace for users in combination with <code>che.infra.kubernetes.namespace.labels</code>. - actively annotate namespace with any workspace.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>che.eclipse.org/username=&lt;username&gt;</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_service_account_name"><a class="anchor" href="#_che_infra_kubernetes_service_account_name"></a><code>CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME</code></h4>
<div class="paragraph">
<p>Defines Kubernetes Service Account name which should be specified to be bound to all workspaces Pods. the Che Operator that Kubernetes Infrastructure will not create the service account and it should exist. OpenShift infrastructure will check if project is predefined(if <code>che.infra.openshift.project</code> is not empty): - if it is predefined then service account must exist there - if it is 'NULL' or empty string then infrastructure will create new OpenShift project per workspace and prepare workspace service account with needed roles there</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_workspace_sa_cluster_roles"><a class="anchor" href="#_che_infra_kubernetes_workspace_sa_cluster_roles"></a><code>CHE_INFRA_KUBERNETES_WORKSPACE__SA__CLUSTER__ROLES</code></h4>
<div class="paragraph">
<p>Specifies optional, additional cluster roles to use with the workspace service account. the Che Operator that the cluster role names must already exist, and the Che service account needs to be able to create a Role Binding to associate these cluster roles with the workspace service account. The names are comma separated. This property deprecates <code>che.infra.kubernetes.cluster_role_name</code>.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_user_cluster_roles"><a class="anchor" href="#_che_infra_kubernetes_user_cluster_roles"></a><code>CHE_INFRA_KUBERNETES_USER__CLUSTER__ROLES</code></h4>
<div class="paragraph">
<p>Cluster roles to assign to user in his namespace</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_workspace_start_timeout_min"><a class="anchor" href="#_che_infra_kubernetes_workspace_start_timeout_min"></a><code>CHE_INFRA_KUBERNETES_WORKSPACE__START__TIMEOUT__MIN</code></h4>
<div class="paragraph">
<p>Defines wait time that limits the Kubernetes workspace start time.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>8</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_ingress_start_timeout_min"><a class="anchor" href="#_che_infra_kubernetes_ingress_start_timeout_min"></a><code>CHE_INFRA_KUBERNETES_INGRESS__START__TIMEOUT__MIN</code></h4>
<div class="paragraph">
<p>Defines the timeout in minutes that limits the period for which Kubernetes Ingress become ready</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>5</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_workspace_unrecoverable_events"><a class="anchor" href="#_che_infra_kubernetes_workspace_unrecoverable_events"></a><code>CHE_INFRA_KUBERNETES_WORKSPACE__UNRECOVERABLE__EVENTS</code></h4>
<div class="paragraph">
<p>If during workspace startup an unrecoverable event defined in the property occurs, stop the workspace immediately rather than waiting until timeout. the Che Operator that this SHOULD NOT include a mere "Failed" reason, because that might catch events that are not unrecoverable. A failed container startup is handled explicitly by Che server.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>FailedMount,FailedScheduling,MountVolume.SetUpfailed,Failed to pull image,FailedCreate,ReplicaSetCreateError</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_enabled"><a class="anchor" href="#_che_infra_kubernetes_pvc_enabled"></a><code>CHE_INFRA_KUBERNETES_PVC_ENABLED</code></h4>
<div class="paragraph">
<p>Defines whether use the Persistent Volume Claim for Che workspace needs, for example: backup projects, logs, or disable it.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_strategy"><a class="anchor" href="#_che_infra_kubernetes_pvc_strategy"></a><code>CHE_INFRA_KUBERNETES_PVC_STRATEGY</code></h4>
<div class="paragraph">
<p>Defined which strategy will be used while choosing PVC for workspaces. Supported strategies: <code>common</code>: All workspaces in the same namespace will reuse the same PVC. Name of PVC may be configured with <code>che.infra.kubernetes.pvc.name</code>. Existing PVC will be used or a new one will be created if it does not exist. <code>unique</code>: Separate PVC for each workspace&#8217;s volume will be used. Name of PVC is evaluated as <code>'{che.infra.kubernetes.pvc.name} + '-' + {generated_8_chars}'</code>. Existing PVC will be used or a new one will be created if it does not exist. <code>per-workspace</code>: Separate PVC for each workspace will be used. Name of PVC is evaluated as <code>'{che.infra.kubernetes.pvc.name} + '-' + {WORKSPACE_ID}'</code>. Existing PVC will be used or a new one will be created if it doesn&#8217;t exist.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>common</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_precreate_subpaths"><a class="anchor" href="#_che_infra_kubernetes_pvc_precreate_subpaths"></a><code>CHE_INFRA_KUBERNETES_PVC_PRECREATE__SUBPATHS</code></h4>
<div class="paragraph">
<p>Defines whether to run a job that creates workspace&#8217;s subpath directories in persistent volume for the <code>common</code> strategy before launching a workspace. Necessary in some versions of Kubernetes as workspace subpath volume mounts are created with root permissions, and therefore cannot be modified by workspaces running as a user (presents an error importing projects into a workspace in Che). The default is <code>true</code>, but should be set to <code>false</code> if the version of Kubernetes creates subdirectories with user permissions. See: <a href="https://github.com/kubernetes/kubernetes/issues/41638">subPath in volumeMount is not writable for non-root users #41638</a> the Che Operator that this property has effect only if the <code>common</code> PVC strategy used.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_name"><a class="anchor" href="#_che_infra_kubernetes_pvc_name"></a><code>CHE_INFRA_KUBERNETES_PVC_NAME</code></h4>
<div class="paragraph">
<p>Defines the settings of PVC name for Che workspaces. Each PVC strategy supplies this value differently. See documentation for <code>che.infra.kubernetes.pvc.strategy</code> property</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>claim-che-workspace</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_storage_class_name"><a class="anchor" href="#_che_infra_kubernetes_pvc_storage_class_name"></a><code>CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME</code></h4>
<div class="paragraph">
<p>Defines the storage class of Persistent Volume Claim for the workspaces. Empty strings means "use default".</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_quantity"><a class="anchor" href="#_che_infra_kubernetes_pvc_quantity"></a><code>CHE_INFRA_KUBERNETES_PVC_QUANTITY</code></h4>
<div class="paragraph">
<p>Defines the size of Persistent Volume Claim of Che workspace. See: <a href="https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html">Understanding persistent storage</a></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>10Gi</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_jobs_image"><a class="anchor" href="#_che_infra_kubernetes_pvc_jobs_image"></a><code>CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE</code></h4>
<div class="paragraph">
<p>Pod that is launched when performing persistent volume claim maintenance jobs on OpenShift</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>registry.access.redhat.com/ubi8-minimal:8.3-230</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_jobs_image_pull_policy"><a class="anchor" href="#_che_infra_kubernetes_pvc_jobs_image_pull_policy"></a><code>CHE_INFRA_KUBERNETES_PVC_JOBS_IMAGE_PULL__POLICY</code></h4>
<div class="paragraph">
<p>Image pull policy of container that used for the maintenance jobs on Kubernetes cluster</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>IfNotPresent</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_jobs_memorylimit"><a class="anchor" href="#_che_infra_kubernetes_pvc_jobs_memorylimit"></a><code>CHE_INFRA_KUBERNETES_PVC_JOBS_MEMORYLIMIT</code></h4>
<div class="paragraph">
<p>Defines Pod memory limit for persistent volume claim maintenance jobs</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>250Mi</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_access_mode"><a class="anchor" href="#_che_infra_kubernetes_pvc_access_mode"></a><code>CHE_INFRA_KUBERNETES_PVC_ACCESS__MODE</code></h4>
<div class="paragraph">
<p>Defines Persistent Volume Claim access mode. the Che Operator that for common PVC strategy changing of access mode affects the number of simultaneously running workspaces. If the OpenShift instance running Che is using Persistent Volumes with RWX access mode, then a limit of running workspaces at the same time is bounded only by Che limits configuration: RAM, CPU, and so on. See: <a href="https://docs.openshift.com/container-platform/4.4/storage/understanding-persistent-storage.html">Understanding persistent storage</a></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>ReadWriteOnce</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pvc_wait_bound"><a class="anchor" href="#_che_infra_kubernetes_pvc_wait_bound"></a><code>CHE_INFRA_KUBERNETES_PVC_WAIT__BOUND</code></h4>
<div class="paragraph">
<p>Defines if Che Server should wait workspaces Persistent Volume Claims to become bound after creating. Default value is <code>true</code>. The parameter is used by all Persistent Volume Claim strategies. It should be set to <code>false</code> when <code>volumeBindingMode</code> is configured to <code>WaitForFirstConsumer</code> otherwise workspace starts will hangs up on phase of waiting PVCs.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_ingress_annotations_json"><a class="anchor" href="#_che_infra_kubernetes_ingress_annotations_json"></a><code>CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON</code></h4>
<div class="paragraph">
<p>Defines annotations for ingresses which are used for servers exposing. Value depends on the kind of ingress controller. OpenShift infrastructure ignores this property because it uses Routes rather than Ingresses. the Che Operator that for a single-host deployment strategy to work, a controller supporting URL rewriting has to be used (so that URLs can point to different servers while the servers do not need to support changing the app root). The <code>che.infra.kubernetes.ingress.path.rewrite_transform</code> property defines how the path of the ingress should be transformed to support the URL rewriting and this property defines the set of annotations on the ingress itself that instruct the chosen ingress controller to actually do the URL rewriting, potentially building on the path transformation (if required by the chosen ingress controller). For example for Nginx ingress controller 0.22.0 and later the following value is recommended: <code>{"ingress.kubernetes.io/rewrite-target": "/$1","ingress.kubernetes.io/ssl-redirect": "false",\ "ingress.kubernetes.io/proxy-connect-timeout": "3600","ingress.kubernetes.io/proxy-read-timeout": "3600", "nginx.org/websocket-services": "&lt;service-name&gt;"}</code> and the <code>che.infra.kubernetes.ingress.path.rewrite_transform</code> should be set to <code>"%s(.*)"</code>. For nginx ingress controller older than 0.22.0, the rewrite-target should be set to merely <code>/</code> and the path transform to <code>%s</code> (see the <code>che.infra.kubernetes.ingress.path.rewrite_transform</code> property). See the Nginx ingress controller documentation for the explanation of how the ingress controller uses the regular expression available in the ingress path and how it achieves the URL rewriting.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_ingress_path_transform"><a class="anchor" href="#_che_infra_kubernetes_ingress_path_transform"></a><code>CHE_INFRA_KUBERNETES_INGRESS_PATH__TRANSFORM</code></h4>
<div class="paragraph">
<p>Defines a recipe on how to declare the path of the ingress that should expose a server. The <code>%s</code> represents the base public URL of the server and is guaranteed to end with a forward slash. This property must be a valid input to the <code>String.format()</code> method and contain exactly one reference to <code>%s</code>. See the description of the <code>che.infra.kubernetes.ingress.annotations_json</code> property to see how these two properties interplay when specifying the ingress annotations and path. If not defined, this property defaults to <code>%s</code> (without the quotes) which means that the path is not transformed in any way for use with the ingress controller.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_ingress_labels"><a class="anchor" href="#_che_infra_kubernetes_ingress_labels"></a><code>CHE_INFRA_KUBERNETES_INGRESS_LABELS</code></h4>
<div class="paragraph">
<p>Additional labels to add into every Ingress created by Che server to allow clear identification.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pod_security_context_run_as_user"><a class="anchor" href="#_che_infra_kubernetes_pod_security_context_run_as_user"></a><code>CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_RUN__AS__USER</code></h4>
<div class="paragraph">
<p>Defines security context for Pods that will be created by Kubernetes Infra This is ignored by OpenShift infra</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pod_security_context_fs_group"><a class="anchor" href="#_che_infra_kubernetes_pod_security_context_fs_group"></a><code>CHE_INFRA_KUBERNETES_POD_SECURITY__CONTEXT_FS__GROUP</code></h4>
<div class="paragraph">
<p>Defines security context for Pods that will be created by Kubernetes Infra. A special supplemental group that applies to all containers in a Pod. This is ignored by OpenShift infra.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_pod_termination_grace_period_sec"><a class="anchor" href="#_che_infra_kubernetes_pod_termination_grace_period_sec"></a><code>CHE_INFRA_KUBERNETES_POD_TERMINATION__GRACE__PERIOD__SEC</code></h4>
<div class="paragraph">
<p>Defines grace termination period for Pods that will be created by Kubernetes infrastructures. Default value: <code>0</code>. It allows to stop Pods quickly and significantly decrease the time required for stopping a workspace. the Che Operator: if <code>terminationGracePeriodSeconds</code> have been explicitly set in Kubernetes recipe it will not be overridden.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>0</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_tls_enabled"><a class="anchor" href="#_che_infra_kubernetes_tls_enabled"></a><code>CHE_INFRA_KUBERNETES_TLS__ENABLED</code></h4>
<div class="paragraph">
<p>Creates Ingresses with Transport Layer Security (TLS) enabled. In OpenShift infrastructure, Routes will be TLS-enabled.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_tls_secret"><a class="anchor" href="#_che_infra_kubernetes_tls_secret"></a><code>CHE_INFRA_KUBERNETES_TLS__SECRET</code></h4>
<div class="paragraph">
<p>Name of a secret that should be used when creating workspace ingresses with TLS. This property is ignored by OpenShift infrastructure.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_tls_key"><a class="anchor" href="#_che_infra_kubernetes_tls_key"></a><code>CHE_INFRA_KUBERNETES_TLS__KEY</code></h4>
<div class="paragraph">
<p>Data for TLS Secret that should be used for workspaces Ingresses. <code>cert</code> and <code>key</code> should be encoded with Base64 algorithm. These properties are ignored by OpenShift infrastructure.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_tls_cert"><a class="anchor" href="#_che_infra_kubernetes_tls_cert"></a><code>CHE_INFRA_KUBERNETES_TLS__CERT</code></h4>
<div class="paragraph">
<p>Certificate data for TLS Secret that should be used for workspaces Ingresses. Certificate should be encoded with Base64 algorithm. This property is ignored by OpenShift infrastructure.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_runtimes_consistency_check_period_min"><a class="anchor" href="#_che_infra_kubernetes_runtimes_consistency_check_period_min"></a><code>CHE_INFRA_KUBERNETES_RUNTIMES__CONSISTENCY__CHECK__PERIOD__MIN</code></h4>
<div class="paragraph">
<p>Defines the period with which runtimes consistency checks will be performed. If runtime has inconsistent state then runtime will be stopped automatically. Value must be more than 0 or <code>-1</code>, where <code>-1</code> means that checks won&#8217;t be performed at all. It is disabled by default because there is possible Che Server configuration when Che Server doesn&#8217;t have an ability to interact with Kubernetes API when operation is not invoked by user. It DOES work on the following configurations: - workspaces objects are created in the same namespace where Che Server is located; - <code>cluster-admin</code> service account token is mounted to Che Server Pod. It DOES NOT work on the following configurations: - Che Server communicates with Kubernetes API using token from OAuth provider.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_trusted_ca_src_configmap"><a class="anchor" href="#_che_infra_kubernetes_trusted_ca_src_configmap"></a><code>CHE_INFRA_KUBERNETES_TRUSTED__CA_SRC__CONFIGMAP</code></h4>
<div class="paragraph">
<p>Name of the ConfigMap in Che server namespace with additional CA TLS certificates to be propagated into all user&#8217;s workspaces. If the property is set on OpenShift 4 infrastructure, and <code>che.infra.openshift.trusted_ca.dest_configmap_labels</code> includes the <code>config.openshift.io/inject-trusted-cabundle=true</code> label, then cluster CA bundle will be propagated too.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_trusted_ca_dest_configmap"><a class="anchor" href="#_che_infra_kubernetes_trusted_ca_dest_configmap"></a><code>CHE_INFRA_KUBERNETES_TRUSTED__CA_DEST__CONFIGMAP</code></h4>
<div class="paragraph">
<p>Name of the ConfigMap in a workspace namespace with additional CA TLS certificates. Holds the copy of <code>che.infra.kubernetes.trusted_ca.src_configmap</code> but in a workspace namespace. Content of this ConfigMap is mounted into all workspace containers including plugin brokers. Do not change the ConfigMap name unless it conflicts with the already existing ConfigMap. the Che Operator that the resulting ConfigMap name can be adjusted eventually to make it unique in namespace. The original name would be stored in <code>che.original_name</code> label.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>ca-certs</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_trusted_ca_mount_path"><a class="anchor" href="#_che_infra_kubernetes_trusted_ca_mount_path"></a><code>CHE_INFRA_KUBERNETES_TRUSTED__CA_MOUNT__PATH</code></h4>
<div class="paragraph">
<p>Configures path on workspace containers where the CA bundle should be mounted. Content of ConfigMap specified by <code>che.infra.kubernetes.trusted_ca.dest_configmap</code> is mounted.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>/public-certs</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_trusted_ca_dest_configmap_labels"><a class="anchor" href="#_che_infra_kubernetes_trusted_ca_dest_configmap_labels"></a><code>CHE_INFRA_KUBERNETES_TRUSTED__CA_DEST__CONFIGMAP__LABELS</code></h4>
<div class="paragraph">
<p>Comma separated list of labels to add to the CA certificates ConfigMap in user workspace. See the <code>che.infra.kubernetes.trusted_ca.dest_configmap</code> property.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p>empty</p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="openshift-infra-parameters"><a class="anchor" href="#openshift-infra-parameters"></a>OpenShift Infra parameters</h3>
<div class="sect3">
<h4 id="_che_infra_openshift_trusted_ca_dest_configmap_labels"><a class="anchor" href="#_che_infra_openshift_trusted_ca_dest_configmap_labels"></a><code>CHE_INFRA_OPENSHIFT_TRUSTED__CA_DEST__CONFIGMAP__LABELS</code></h4>
<div class="paragraph">
<p>Comma separated list of labels to add to the CA certificates ConfigMap in user workspace. See <code>che.infra.kubernetes.trusted_ca.dest_configmap</code> property. This default value is used for automatic cluster CA bundle injection in OpenShift 4.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>config.openshift.io/inject-trusted-cabundle=true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_openshift_route_labels"><a class="anchor" href="#_che_infra_openshift_route_labels"></a><code>CHE_INFRA_OPENSHIFT_ROUTE_LABELS</code></h4>
<div class="paragraph">
<p>Additional labels to add into every Route created by Che server to allow clear identification.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_openshift_route_host_domain_suffix"><a class="anchor" href="#_che_infra_openshift_route_host_domain_suffix"></a><code>CHE_INFRA_OPENSHIFT_ROUTE_HOST_DOMAIN__SUFFIX</code></h4>
<div class="paragraph">
<p>The hostname that should be used as a suffix for the workspace routes. For example: Using <code>domain_suffix=<em>&lt;che-host&gt;</em></code>, the route resembles: <code>routed3qrtk.<em>&lt;che-host&gt;</em></code>. It has to be a valid DNS name.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_openshift_project_init_with_server_sa"><a class="anchor" href="#_che_infra_openshift_project_init_with_server_sa"></a><code>CHE_INFRA_OPENSHIFT_PROJECT_INIT__WITH__SERVER__SA</code></h4>
<div class="paragraph">
<p>Initialize OpenShift project with Che server&#8217;s service account if OpenShift OAuth is enabled.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="experimental-properties"><a class="anchor" href="#experimental-properties"></a>Experimental properties</h3>
<div class="sect3">
<h4 id="_che_workspace_plugin_broker_metadata_image"><a class="anchor" href="#_che_workspace_plugin_broker_metadata_image"></a><code>CHE_WORKSPACE_PLUGIN__BROKER_METADATA_IMAGE</code></h4>
<div class="paragraph">
<p>Docker image of Che plugin broker app that resolves workspace tools configuration and copies plugins dependencies to a workspace. The Che Operator overrides these images by default. Changing the images here will not have an effect if Che is installed using the Operator.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>quay.io/eclipse/che-plugin-metadata-broker:v3.4.0</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_plugin_broker_artifacts_image"><a class="anchor" href="#_che_workspace_plugin_broker_artifacts_image"></a><code>CHE_WORKSPACE_PLUGIN__BROKER_ARTIFACTS_IMAGE</code></h4>
<div class="paragraph">
<p>Docker image of Che plugin artifacts broker. This broker runs as an init container on the workspace Pod. Its job is to take in a list of plugin identifiers (either references to a plugin in the registry or a link to a plugin meta.yaml) and ensure that the correct .vsix and .theia extensions are downloaded into the /plugins directory, for each plugin requested for the workspace.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>quay.io/eclipse/che-plugin-artifacts-broker:v3.4.0</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_plugin_broker_default_merge_plugins"><a class="anchor" href="#_che_workspace_plugin_broker_default_merge_plugins"></a><code>CHE_WORKSPACE_PLUGIN__BROKER_DEFAULT__MERGE__PLUGINS</code></h4>
<div class="paragraph">
<p>Configures the default behavior of the plugin brokers when provisioning plugins into a workspace. If set to true, the plugin brokers will attempt to merge plugins when possible: they run in the same sidecar image and do not have conflicting settings. This value is the default setting used when the devfile does not specify the <code>mergePlugins</code> attribute.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_plugin_broker_pull_policy"><a class="anchor" href="#_che_workspace_plugin_broker_pull_policy"></a><code>CHE_WORKSPACE_PLUGIN__BROKER_PULL__POLICY</code></h4>
<div class="paragraph">
<p>Docker image of Che plugin broker app that resolves workspace tools configuration and copies plugins dependencies to a workspace</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>Always</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_plugin_broker_wait_timeout_min"><a class="anchor" href="#_che_workspace_plugin_broker_wait_timeout_min"></a><code>CHE_WORKSPACE_PLUGIN__BROKER_WAIT__TIMEOUT__MIN</code></h4>
<div class="paragraph">
<p>Defines the timeout in minutes that limits the max period of result waiting for plugin broker.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>3</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_plugin_registry_url"><a class="anchor" href="#_che_workspace_plugin_registry_url"></a><code>CHE_WORKSPACE_PLUGIN__REGISTRY__URL</code></h4>
<div class="paragraph">
<p>Workspace plug-ins registry endpoint. Should be a valid HTTP URL. Example: http://che-plugin-registry-eclipse-che.192.168.65.2.nip.io In case Che plug-ins registry is not needed value 'NULL' should be used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>https://che-plugin-registry.prod-preview.openshift.io/v3</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_plugin_registry_internal_url"><a class="anchor" href="#_che_workspace_plugin_registry_internal_url"></a><code>CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL</code></h4>
<div class="paragraph">
<p>Workspace plugins registry internal endpoint. Should be a valid HTTP URL. Example: http://devfile-registry.che.svc.cluster.local:8080 In case Che plug-ins registry is not needed value 'NULL' should be used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_devfile_registry_url"><a class="anchor" href="#_che_workspace_devfile_registry_url"></a><code>CHE_WORKSPACE_DEVFILE__REGISTRY__URL</code></h4>
<div class="paragraph">
<p>Devfile Registry endpoint. Should be a valid HTTP URL. Example: http://che-devfile-registry-eclipse-che.192.168.65.2.nip.io In case Che plug-ins registry is not needed value 'NULL' should be used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>https://che-devfile-registry.prod-preview.openshift.io/</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_devfile_registry_internal_url"><a class="anchor" href="#_che_workspace_devfile_registry_internal_url"></a><code>CHE_WORKSPACE_DEVFILE__REGISTRY__INTERNAL__URL</code></h4>
<div class="paragraph">
<p>Devfile Registry "internal" endpoint. Should be a valid HTTP URL. Example: http://plugin-registry.che.svc.cluster.local:8080 In case Che plug-ins registry is not needed value 'NULL' should be used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_storage_available_types"><a class="anchor" href="#_che_workspace_storage_available_types"></a><code>CHE_WORKSPACE_STORAGE_AVAILABLE__TYPES</code></h4>
<div class="paragraph">
<p>The configuration property that defines available values for storage types that clients such as the Dashboard should propose to users during workspace creation and update. Available values: - <code>persistent</code>: Persistent Storage slow I/O but persistent. - <code>ephemeral</code>: Ephemeral Storage allows for faster I/O but may have limited storage and is not persistent. - <code>async</code>: Experimental feature: Asynchronous storage is combination of Ephemeral and Persistent storage. Allows for faster I/O and keep your changes, will backup on stop and restore on start workspace. Will work only if: - <code>che.infra.kubernetes.pvc.strategy='common'</code> - <code>che.limits.user.workspaces.run.count=1</code> - <code>che.infra.kubernetes.namespace.default</code> contains <code>&lt;username&gt;</code> in other cases remove <code>async</code> from the list.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>persistent,ephemeral,async</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_storage_preferred_type"><a class="anchor" href="#_che_workspace_storage_preferred_type"></a><code>CHE_WORKSPACE_STORAGE_PREFERRED__TYPE</code></h4>
<div class="paragraph">
<p>The configuration property that defines a default value for storage type that clients such as the Dashboard should propose to users during workspace creation and update. The <code>async</code> value is an experimental feature, not recommended as default type.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>persistent</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer"><a class="anchor" href="#_che_server_secure_exposer"></a><code>CHE_SERVER_SECURE__EXPOSER</code></h4>
<div class="paragraph">
<p>Configures in which way secure servers will be protected with authentication. Suitable values: - <code>default</code>: <code>jwtproxy</code> is configured in a pass-through mode. Servers should authenticate requests themselves. - <code>jwtproxy</code>: <code>jwtproxy</code> will authenticate requests. Servers will receive only authenticated requests.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>jwtproxy</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_token_issuer"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_token_issuer"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_TOKEN_ISSUER</code></h4>
<div class="paragraph">
<p><code>Jwtproxy</code> issuer string, token lifetime, and optional auth page path to route unsigned requests to.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>wsmaster</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_token_ttl"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_token_ttl"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_TOKEN_TTL</code></h4>
<div class="paragraph">
<p>JWTProxy issuer token lifetime.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>8800h</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_auth_loader_path"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_auth_loader_path"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_AUTH_LOADER_PATH</code></h4>
<div class="paragraph">
<p>Optional authentication page path to route unsigned requests to.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>/_app/loader.html</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_image"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_image"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_IMAGE</code></h4>
<div class="paragraph">
<p>JWTProxy image.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>quay.io/eclipse/che-jwtproxy:0.10.0</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_memory_request"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_memory_request"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_MEMORY__REQUEST</code></h4>
<div class="paragraph">
<p>JWTProxy memory request.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>15mb</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_memory_limit"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_memory_limit"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_MEMORY__LIMIT</code></h4>
<div class="paragraph">
<p>JWTProxy memory limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>128mb</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_cpu_request"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_cpu_request"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_CPU__REQUEST</code></h4>
<div class="paragraph">
<p>JWTProxy CPU request.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>0.03</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_server_secure_exposer_jwtproxy_cpu_limit"><a class="anchor" href="#_che_server_secure_exposer_jwtproxy_cpu_limit"></a><code>CHE_SERVER_SECURE__EXPOSER_JWTPROXY_CPU__LIMIT</code></h4>
<div class="paragraph">
<p>JWTProxy CPU limit.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>0.5</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="configuration-of-the-major-websocket-endpoint"><a class="anchor" href="#configuration-of-the-major-websocket-endpoint"></a>Configuration of the major WebSocket endpoint</h3>
<div class="sect3">
<h4 id="_che_core_jsonrpc_processor_max_pool_size"><a class="anchor" href="#_che_core_jsonrpc_processor_max_pool_size"></a><code>CHE_CORE_JSONRPC_PROCESSOR__MAX__POOL__SIZE</code></h4>
<div class="paragraph">
<p>Maximum size of the JSON RPC processing pool in case if pool size would be exceeded message execution will be rejected</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>50</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_core_jsonrpc_processor_core_pool_size"><a class="anchor" href="#_che_core_jsonrpc_processor_core_pool_size"></a><code>CHE_CORE_JSONRPC_PROCESSOR__CORE__POOL__SIZE</code></h4>
<div class="paragraph">
<p>Initial JSON processing pool. Minimum number of threads that used to process major JSON RPC messages.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>5</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_core_jsonrpc_processor_queue_capacity"><a class="anchor" href="#_che_core_jsonrpc_processor_queue_capacity"></a><code>CHE_CORE_JSONRPC_PROCESSOR__QUEUE__CAPACITY</code></h4>
<div class="paragraph">
<p>Configuration of queue used to process JSON RPC messages.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>100000</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_metrics_port"><a class="anchor" href="#_che_metrics_port"></a><code>CHE_METRICS_PORT</code></h4>
<div class="paragraph">
<p>Port the HTTP server endpoint that would be exposed with Prometheus metrics.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>8087</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="cors-settings"><a class="anchor" href="#cors-settings"></a>CORS settings</h3>
<div class="sect3">
<h4 id="_che_cors_allowed_origins"><a class="anchor" href="#_che_cors_allowed_origins"></a><code>CHE_CORS_ALLOWED__ORIGINS</code></h4>
<div class="paragraph">
<p>Indicates which request origins are allowed. CORS filter on WS Master is turned off by default. Use environment variable "CHE_CORS_ENABLED=true" to turn it on.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>*</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_cors_allow_credentials"><a class="anchor" href="#_che_cors_allow_credentials"></a><code>CHE_CORS_ALLOW__CREDENTIALS</code></h4>
<div class="paragraph">
<p>Indicates if it allows processing of requests with credentials (in cookies, headers, TLS client certificates).</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="factory-defaults"><a class="anchor" href="#factory-defaults"></a>Factory defaults</h3>
<div class="sect3">
<h4 id="_che_factory_default_plugins"><a class="anchor" href="#_che_factory_default_plugins"></a><code>CHE_FACTORY_DEFAULT__PLUGINS</code></h4>
<div class="paragraph">
<p>Editor and plugin which will be used for factories that are created from a remote Git repository which does not contain any Che-specific workspace descriptor Multiple plugins must be comma-separated, for example: <code>pluginFooPublisher/pluginFooName/pluginFooVersion,pluginBarPublisher/pluginBarName/pluginBarVersion</code></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>redhat/vscode-commons/latest</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_factory_default_devfile_filenames"><a class="anchor" href="#_che_factory_default_devfile_filenames"></a><code>CHE_FACTORY_DEFAULT__DEVFILE__FILENAMES</code></h4>
<div class="paragraph">
<p>Devfile filenames to look on repository-based factories (for example GitHub). Factory will try to locate those files in the order they enumerated in the property.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>devfile.yaml,.devfile.yaml</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="devfile-defaults"><a class="anchor" href="#devfile-defaults"></a>Devfile defaults</h3>
<div class="sect3">
<h4 id="_che_factory_default_editor"><a class="anchor" href="#_che_factory_default_editor"></a><code>CHE_FACTORY_DEFAULT__EDITOR</code></h4>
<div class="paragraph">
<p>Editor that will be used for factories that are created from a remote Git repository which does not contain any Che-specific workspace descriptor.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>eclipse/che-theia/latest</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_factory_scm_file_fetcher_limit_bytes"><a class="anchor" href="#_che_factory_scm_file_fetcher_limit_bytes"></a><code>CHE_FACTORY_SCM__FILE__FETCHER__LIMIT__BYTES</code></h4>
<div class="paragraph">
<p>File size limit for the URL fetcher which fetch files from the SCM repository.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>102400</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_factory_devfile2_files_resolution_list"><a class="anchor" href="#_che_factory_devfile2_files_resolution_list"></a><code>CHE_FACTORY_DEVFILE2__FILES__RESOLUTION__LIST</code></h4>
<div class="paragraph">
<p>Additional files which may be present in repository to complement devfile v2, and should be referenced as links to SCM resolver service in factory to retrieve them.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>.che/che-editor.yaml,.che/che-theia-plugins.yaml,.vscode/extensions.json</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_devfile_default_editor"><a class="anchor" href="#_che_workspace_devfile_default_editor"></a><code>CHE_WORKSPACE_DEVFILE_DEFAULT__EDITOR</code></h4>
<div class="paragraph">
<p>Default Editor that should be provisioned into Devfile if there is no specified Editor Format is <code>editorPublisher/editorName/editorVersion</code> value. <code>NULL</code> or absence of value means that default editor should not be provisioned.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>eclipse/che-theia/latest</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_devfile_default_editor_plugins"><a class="anchor" href="#_che_workspace_devfile_default_editor_plugins"></a><code>CHE_WORKSPACE_DEVFILE_DEFAULT__EDITOR_PLUGINS</code></h4>
<div class="paragraph">
<p>Default Plug-ins which should be provisioned for Default Editor. All the plugins from this list that are not explicitly mentioned in the user-defined devfile will be provisioned but only when the default editor is used or if the user-defined editor is the same as the default one (even if in different version). Format is comma-separated <code>pluginPublisher/pluginName/pluginVersion</code> values, and URLs. For example: <code>eclipse/che-theia-exec-plugin/0.0.1,eclipse/che-theia-terminal-plugin/0.0.1,https://cdn.pluginregistry.com/vi-mode/meta.yaml</code> If the plugin is a URL, the plugin&#8217;s <code>meta.yaml</code> is retrieved from that URL.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_provision_secret_labels"><a class="anchor" href="#_che_workspace_provision_secret_labels"></a><code>CHE_WORKSPACE_PROVISION_SECRET_LABELS</code></h4>
<div class="paragraph">
<p>Defines comma-separated list of labels for selecting secrets from a user namespace, which will be mount into workspace containers as a files or environment variables. Only secrets that match ALL given labels will be selected.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>app.kubernetes.io/part-of=che.eclipse.org,app.kubernetes.io/component=workspace-secret</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_devfile_async_storage_plugin"><a class="anchor" href="#_che_workspace_devfile_async_storage_plugin"></a><code>CHE_WORKSPACE_DEVFILE_ASYNC_STORAGE_PLUGIN</code></h4>
<div class="paragraph">
<p>Plugin is added in case asynchronous storage feature will be enabled in workspace configuration and supported by environment</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>eclipse/che-async-pv-plugin/latest</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_async_storage_image"><a class="anchor" href="#_che_infra_kubernetes_async_storage_image"></a><code>CHE_INFRA_KUBERNETES_ASYNC_STORAGE_IMAGE</code></h4>
<div class="paragraph">
<p>Docker image for the Che asynchronous storage</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>quay.io/eclipse/che-workspace-data-sync-storage:0.0.1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_pod_node_selector"><a class="anchor" href="#_che_workspace_pod_node_selector"></a><code>CHE_WORKSPACE_POD_NODE__SELECTOR</code></h4>
<div class="paragraph">
<p>Optionally configures node selector for workspace Pod. Format is comma-separated key=value pairs, for example: <code>disktype=ssd,cpu=xlarge,foo=bar</code></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_workspace_pod_tolerations_json"><a class="anchor" href="#_che_workspace_pod_tolerations_json"></a><code>CHE_WORKSPACE_POD_TOLERATIONS__JSON</code></h4>
<div class="paragraph">
<p>Optionally configures tolerations for workspace Pod. Format is a string representing a JSON Array of taint tolerations, or <code>NULL</code> to disable it. The objects contained in the array have to follow the <a href="https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#toleration-v1-core">toleration v1 core specifications</a>. Example: <code>[{"effect":"NoExecute","key":"aNodeTaint","operator":"Equal","value":"aValue"}]</code></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_async_storage_shutdown_timeout_min"><a class="anchor" href="#_che_infra_kubernetes_async_storage_shutdown_timeout_min"></a><code>CHE_INFRA_KUBERNETES_ASYNC_STORAGE_SHUTDOWN__TIMEOUT__MIN</code></h4>
<div class="paragraph">
<p>The timeout for the Asynchronous Storage Pod shutdown after stopping the last used workspace. Value less or equal to 0 interpreted as disabling shutdown ability.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>120</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_infra_kubernetes_async_storage_shutdown_check_period_min"><a class="anchor" href="#_che_infra_kubernetes_async_storage_shutdown_check_period_min"></a><code>CHE_INFRA_KUBERNETES_ASYNC_STORAGE_SHUTDOWN__CHECK__PERIOD__MIN</code></h4>
<div class="paragraph">
<p>Defines the period with which the Asynchronous Storage Pod stopping ability will be performed (once in 30 minutes by default)</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>30</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_integration_bitbucket_server_endpoints"><a class="anchor" href="#_che_integration_bitbucket_server_endpoints"></a><code>CHE_INTEGRATION_BITBUCKET_SERVER__ENDPOINTS</code></h4>
<div class="paragraph">
<p>Bitbucket endpoints used for factory integrations. Comma separated list of Bitbucket server URLs or NULL if no integration expected.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_integration_gitlab_server_endpoints"><a class="anchor" href="#_che_integration_gitlab_server_endpoints"></a><code>CHE_INTEGRATION_GITLAB_SERVER__ENDPOINTS</code></h4>
<div class="paragraph">
<p>GitLab endpoints used for factory integrations. Comma separated list of GitLab server URLs or NULL if no integration expected.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_integration_gitlab_oauth_endpoint"><a class="anchor" href="#_che_integration_gitlab_oauth_endpoint"></a><code>CHE_INTEGRATION_GITLAB_OAUTH__ENDPOINT</code></h4>
<div class="paragraph">
<p>Address of the GitLab server with configured OAuth 2 integration</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth2_gitlab_clientid_filepath"><a class="anchor" href="#_che_oauth2_gitlab_clientid_filepath"></a><code>CHE_OAUTH2_GITLAB_CLIENTID__FILEPATH</code></h4>
<div class="paragraph">
<p>Configuration of GitLab OAuth2 client. Used to obtain Personal access tokens. Location of the file with GitLab client id.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth2_gitlab_clientsecret_filepath"><a class="anchor" href="#_che_oauth2_gitlab_clientsecret_filepath"></a><code>CHE_OAUTH2_GITLAB_CLIENTSECRET__FILEPATH</code></h4>
<div class="paragraph">
<p>Location of the file with GitLab client secret.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL#</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="che-system"><a class="anchor" href="#che-system"></a>Che system</h3>
<div class="sect3">
<h4 id="_che_system_super_privileged_mode"><a class="anchor" href="#_che_system_super_privileged_mode"></a><code>CHE_SYSTEM_SUPER__PRIVILEGED__MODE</code></h4>
<div class="paragraph">
<p>System Super Privileged Mode. Grants users with the manageSystem permission additional permissions for getByKey, getByNameSpace, stopWorkspaces, and getResourcesInformation. These are not given to admins by default and these permissions allow admins gain visibility to any workspace along with naming themselves with administrator privileges to those workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_system_admin_name"><a class="anchor" href="#_che_system_admin_name"></a><code>CHE_SYSTEM_ADMIN__NAME</code></h4>
<div class="paragraph">
<p>Grant system permission for <code>che.admin.name</code> user. If the user already exists it&#8217;ll happen on component startup, if not - during the first login when user is persisted in the database.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>admin</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="workspace-limits"><a class="anchor" href="#workspace-limits"></a>Workspace limits</h3>
<div class="sect3">
<h4 id="_che_limits_workspace_env_ram"><a class="anchor" href="#_che_limits_workspace_env_ram"></a><code>CHE_LIMITS_WORKSPACE_ENV_RAM</code></h4>
<div class="paragraph">
<p>Workspaces are the fundamental runtime for users when doing development. You can set parameters that limit how workspaces are created and the resources that are consumed. The maximum amount of RAM that a user can allocate to a workspace when they create a new workspace. The RAM slider is adjusted to this maximum value.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>16gb</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_limits_workspace_idle_timeout"><a class="anchor" href="#_che_limits_workspace_idle_timeout"></a><code>CHE_LIMITS_WORKSPACE_IDLE_TIMEOUT</code></h4>
<div class="paragraph">
<p>The length of time in milliseconds that a user is idle with their workspace when the system will suspend the workspace and then stopping it. Idleness is the length of time that the user has not interacted with the workspace, meaning that one of the agents has not received interaction. Leaving a browser window open counts toward idleness.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>1800000</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_limits_workspace_run_timeout"><a class="anchor" href="#_che_limits_workspace_run_timeout"></a><code>CHE_LIMITS_WORKSPACE_RUN_TIMEOUT</code></h4>
<div class="paragraph">
<p>The length of time in milliseconds that a workspace will run, regardless of activity, before the system will suspend it. Set this property if you want to automatically stop workspaces after a period of time. The default is zero, meaning that there is no run timeout.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>0</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="users-workspace-limits"><a class="anchor" href="#users-workspace-limits"></a>Users workspace limits</h3>
<div class="sect3">
<h4 id="_che_limits_user_workspaces_ram"><a class="anchor" href="#_che_limits_user_workspaces_ram"></a><code>CHE_LIMITS_USER_WORKSPACES_RAM</code></h4>
<div class="paragraph">
<p>The total amount of RAM that a single user is allowed to allocate to running workspaces. A user can allocate this RAM to a single workspace or spread it across multiple workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_limits_user_workspaces_count"><a class="anchor" href="#_che_limits_user_workspaces_count"></a><code>CHE_LIMITS_USER_WORKSPACES_COUNT</code></h4>
<div class="paragraph">
<p>The maximum number of workspaces that a user is allowed to create. The user will be presented with an error message if they try to create additional workspaces. This applies to the total number of both running and stopped workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_limits_user_workspaces_run_count"><a class="anchor" href="#_che_limits_user_workspaces_run_count"></a><code>CHE_LIMITS_USER_WORKSPACES_RUN_COUNT</code></h4>
<div class="paragraph">
<p>The maximum number of running workspaces that a single user is allowed to have. If the user has reached this threshold and they try to start an additional workspace, they will be prompted with an error message. The user will need to stop a running workspace to activate another.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="organizations-workspace-limits"><a class="anchor" href="#organizations-workspace-limits"></a>Organizations workspace limits</h3>
<div class="sect3">
<h4 id="_che_limits_organization_workspaces_ram"><a class="anchor" href="#_che_limits_organization_workspaces_ram"></a><code>CHE_LIMITS_ORGANIZATION_WORKSPACES_RAM</code></h4>
<div class="paragraph">
<p>The total amount of RAM that a single organization (team) is allowed to allocate to running workspaces. An organization owner can allocate this RAM however they see fit across the team&#8217;s workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_limits_organization_workspaces_count"><a class="anchor" href="#_che_limits_organization_workspaces_count"></a><code>CHE_LIMITS_ORGANIZATION_WORKSPACES_COUNT</code></h4>
<div class="paragraph">
<p>The maximum number of workspaces that a organization is allowed to own. The organization will be presented an error message if they try to create additional workspaces. This applies to the total number of both running and stopped workspaces.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_limits_organization_workspaces_run_count"><a class="anchor" href="#_che_limits_organization_workspaces_run_count"></a><code>CHE_LIMITS_ORGANIZATION_WORKSPACES_RUN_COUNT</code></h4>
<div class="paragraph">
<p>The maximum number of running workspaces that a single organization is allowed. If the organization has reached this threshold and they try to start an additional workspace, they will be prompted with an error message. The organization will need to stop a running workspace to activate another.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>-1</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="multi-user-specific-openshift-infrastructure-configuration"><a class="anchor" href="#multi-user-specific-openshift-infrastructure-configuration"></a>Multi-user-specific OpenShift infrastructure configuration</h3>
<div class="sect3">
<h4 id="_che_infra_openshift_oauth_identity_provider"><a class="anchor" href="#_che_infra_openshift_oauth_identity_provider"></a><code>CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER</code></h4>
<div class="paragraph">
<p>Alias of the OpenShift identity provider registered in Keycloak, that should be used to create workspace OpenShift resources in OpenShift namespaces owned by the current Che user. Should be set to NULL if <code>che.infra.openshift.project</code> is set to a non-empty value. See: <a href="https://www.keycloak.org/docs/latest/server_admin/#openshift-4">OpenShift identity provider</a></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="oidc-configuration"><a class="anchor" href="#oidc-configuration"></a>OIDC configuration</h3>
<div class="sect3">
<h4 id="_che_oidc_auth_server_url"><a class="anchor" href="#_che_oidc_auth_server_url"></a><code>CHE_OIDC_AUTH__SERVER__URL</code></h4>
<div class="paragraph">
<p>Url to OIDC identity provider server Can be set to NULL only if <code>che.oidc.oidcProvider</code> is used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>http://${CHE_HOST}:5050/auth</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oidc_auth_internal_server_url"><a class="anchor" href="#_che_oidc_auth_internal_server_url"></a><code>CHE_OIDC_AUTH__INTERNAL__SERVER__URL</code></h4>
<div class="paragraph">
<p>Internal network service Url to OIDC identity provider server</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oidc_allowed_clock_skew_sec"><a class="anchor" href="#_che_oidc_allowed_clock_skew_sec"></a><code>CHE_OIDC_ALLOWED__CLOCK__SKEW__SEC</code></h4>
<div class="paragraph">
<p>The number of seconds to tolerate for clock skew when verifying <code>exp</code> or <code>nbf</code> claims.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>3</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oidc_username_claim"><a class="anchor" href="#_che_oidc_username_claim"></a><code>CHE_OIDC_USERNAME__CLAIM</code></h4>
<div class="paragraph">
<p>Username claim to be used as user display name when parsing JWT token if not defined the fallback value is 'preferred_username' in Keycloak installations and <code>name</code> in Dex installations.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oidc_oidc_provider"><a class="anchor" href="#_che_oidc_oidc_provider"></a><code>CHE_OIDC_OIDC__PROVIDER</code></h4>
<div class="paragraph">
<p>Base URL of an alternate OIDC provider that provides a discovery endpoint as detailed in the following specification <a href="https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig">Obtaining OpenID Provider Configuration Information</a> Deprecated, use <code>che.oidc.auth_server_url</code> and <code>che.oidc.auth_internal_server_url</code> instead.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
<div class="sect2">
<h3 id="keycloak-configuration"><a class="anchor" href="#keycloak-configuration"></a>Keycloak configuration</h3>
<div class="sect3">
<h4 id="_che_keycloak_realm"><a class="anchor" href="#_che_keycloak_realm"></a><code>CHE_KEYCLOAK_REALM</code></h4>
<div class="paragraph">
<p>Keycloak realm is used to authenticate users Can be set to NULL only if <code>che.keycloak.oidcProvider</code> is used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>che</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_client_id"><a class="anchor" href="#_che_keycloak_client_id"></a><code>CHE_KEYCLOAK_CLIENT__ID</code></h4>
<div class="paragraph">
<p>Keycloak client identifier in <code>che.keycloak.realm</code> to authenticate users in the dashboard, the IDE, and the CLI.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>che-public</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_oso_endpoint"><a class="anchor" href="#_che_keycloak_oso_endpoint"></a><code>CHE_KEYCLOAK_OSO_ENDPOINT</code></h4>
<div class="paragraph">
<p>URL to access OSO OAuth tokens</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_github_endpoint"><a class="anchor" href="#_che_keycloak_github_endpoint"></a><code>CHE_KEYCLOAK_GITHUB_ENDPOINT</code></h4>
<div class="paragraph">
<p>URL to access Github OAuth tokens</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_use_nonce"><a class="anchor" href="#_che_keycloak_use_nonce"></a><code>CHE_KEYCLOAK_USE__NONCE</code></h4>
<div class="paragraph">
<p>Use the OIDC optional <code>nonce</code> feature to increase security.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>true</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_js_adapter_url"><a class="anchor" href="#_che_keycloak_js_adapter_url"></a><code>CHE_KEYCLOAK_JS__ADAPTER__URL</code></h4>
<div class="paragraph">
<p>URL to the Keycloak Javascript adapter to use. if set to NULL, then the default used value is <code>${che.keycloak.auth_server_url}/js/keycloak.js</code>, or <code>&lt;che-server&gt;/api/keycloak/OIDCKeycloak.js</code> if an alternate <code>oidc_provider</code> is used</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_use_fixed_redirect_urls"><a class="anchor" href="#_che_keycloak_use_fixed_redirect_urls"></a><code>CHE_KEYCLOAK_USE__FIXED__REDIRECT__URLS</code></h4>
<div class="paragraph">
<p>Set to true when using an alternate OIDC provider that only supports fixed redirect Urls This property is ignored when <code>che.keycloak.oidc_provider</code> is NULL</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_oauth_service_mode"><a class="anchor" href="#_che_oauth_service_mode"></a><code>CHE_OAUTH_SERVICE__MODE</code></h4>
<div class="paragraph">
<p>Configuration of OAuth Authentication Service that can be used in "embedded" or "delegated" mode. If set to "embedded", then the service work as a wrapper to Che&#8217;s OAuthAuthenticator ( as in Single User mode). If set to "delegated", then the service will use Keycloak IdentityProvider mechanism. Runtime Exception <code>wii</code> be thrown, in case if this property is not set properly.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>delegated</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_cascade_user_removal_enabled"><a class="anchor" href="#_che_keycloak_cascade_user_removal_enabled"></a><code>CHE_KEYCLOAK_CASCADE__USER__REMOVAL__ENABLED</code></h4>
<div class="paragraph">
<p>Configuration for enabling removing user from Keycloak server on removing user from Che database. By default it&#8217;s disabled. Can be enabled in some special cases when deleting a user in Che database should execute removing related-user from Keycloak. For correct work need to set administrator username ${che.keycloak.admin_username} and password ${che.keycloak.admin_password}.</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>false</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_admin_username"><a class="anchor" href="#_che_keycloak_admin_username"></a><code>CHE_KEYCLOAK_ADMIN__USERNAME</code></h4>
<div class="paragraph">
<p>Keycloak administrator username. Will be used for deleting user from Keycloak on removing user from Che database. Make sense only in case ${che.keycloak.cascade_user_removal_enabled} set to 'true'</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_admin_password"><a class="anchor" href="#_che_keycloak_admin_password"></a><code>CHE_KEYCLOAK_ADMIN__PASSWORD</code></h4>
<div class="paragraph">
<p>Keycloak administrator password. Will be used for deleting user from Keycloak on removing user from Che database. Make sense only in case ${che.keycloak.cascade_user_removal_enabled} set to 'true'</p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
<div class="sect3">
<h4 id="_che_keycloak_username_replacement_patterns"><a class="anchor" href="#_che_keycloak_username_replacement_patterns"></a><code>CHE_KEYCLOAK_USERNAME_REPLACEMENT__PATTERNS</code></h4>
<div class="paragraph">
<p>User name adjustment configuration. Che needs to use the usernames as part of Kubernetes object names and labels and therefore has stricter requirements on their format than the identity providers usually allow (it needs them to be DNS-compliant). The adjustment is represented by comma-separated key-value pairs. These are sequentially used as arguments to the String.replaceAll function on the original username. The keys are regular expressions, values are replacement strings that replace the characters in the username that match the regular expression. The modified username will only be stored in the Che database and will not be advertised back to the identity provider. It is recommended to use DNS-compliant characters as replacement strings (values in the key-value pairs). Example: <code>\\=-,@=-at-</code> changes <code>\</code> to <code>-</code> and <code>@</code> to <code>-at-</code> so the username <code>org\user@com</code> becomes <code>org-user-at-com.</code></p>
</div>
<div class="dlist">
<dl>
<dt class="hdlist1">Default</dt>
<dd>
<p><code>NULL</code></p>
</dd>
</dl>
</div>
<hr>
</div>
</div>
</div>
</div>
</article>
</div>
</main>
</div>
<footer class="footer">
<div>
<a href="https://www.eclipse.org/che/sitemap.xml" target="_blank">Site Map</a> |
<a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> |
<a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> |
<a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> |
<a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> |
<a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div>
</footer>
<script src="../../../../docs/_/js/site.js"></script>
<script async src="../../../../docs/_/js/vendor/highlight.js"></script>
<script src="../../../../docs/_/js/vendor/lunr.js"></script>
<script src="../../../../docs/_/js/search-ui.js" id="search-ui-script" data-site-root-path="../../../.." data-snippet-length="142" data-stylesheet="../../../../docs/_/css/search.css"></script>
<script async src="../../../../search-index.js"></script>
</body>
</html>