rhopp · October 23, 2019 18:10
diff --git a/che7_cr_with_tls.yaml b/che7_cr_with_tls.yaml

 #
 #  Copyright (c) 2012-2019 Red Hat, Inc.
 #    This program and the accompanying materials are made
 #    available under the terms of the Eclipse Public License 2.0
 #    which is available at https://www.eclipse.org/legal/epl-2.0/
 #
 #  SPDX-License-Identifier: EPL-2.0
 #
 #  Contributors:
 #    Red Hat, Inc. - initial API and implementation

 apiVersion: org.eclipse.che/v1
 kind: CheCluster
 metadata:
  name: eclipse-che
 spec:
  server:
    # server image used in Che deployment
    cheImage: ''
    # tag of an image used in Che deployment
    cheImageTag: 'nightly'
    # image:tag used in Devfile registry deployment
    devfileRegistryImage: 'quay.io/eclipse/che-devfile-registry:nightly'
    # image:tag used in plugin registry deployment
    pluginRegistryImage: 'quay.io/eclipse/che-plugin-registry:nightly'
    # defaults to `che`. When set to `codeready`, CodeReady Workspaces is deployed
    # the difference is in images, labels, exec commands
    cheFlavor: ''
    # specifies a custom cluster role to user for the Che workspaces
    # Uses the default roles if left blank.
    cheWorkspaceClusterRole: ''
    # when set to true the operator will attempt to get a secret in OpenShift router namespace
    # to add it to Java trust store of Che server. Requires cluster-admin privileges for operator service account
    selfSignedCert: true
    # TLS mode for Che. Make sure you either have public cert, or set selfSignedCert to true
    tlsSupport: true
    # protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy
    # to Che server and workspaces containers
    proxyURL: ''
    # port of a proxy server
    proxyPort: ''
    # username for a proxy server
    proxyUser: ''
    # password for a proxy user
    proxyPassword: ''
    # a list of non-proxy hosts. Use | as delimiter, eg localhost|my.host.com|123.42.12.32
    nonProxyHosts: ''
    # sets mem request for server deployment. Defaults to 512Mi
    serverMemoryRequest: ''
    # sets mem limit for server deployment. Defaults to 1Gi
    serverMemoryLimit: ''
  database:
    # when set to true, the operator skips deploying Postgres, and passes connection details of existing DB to Che server
    # otherwise a Postgres deployment is created
    externalDb: false
    # Postgres Database hostname that Che server uses to connect to. Defaults to postgres
    chePostgresHostName: ''
    # Postgres Database port that Che server uses to connect to. Defaults to 5432
    chePostgresPort: ''
    # Postgres user that Che server when making a db connection. Defaults to pgche
    chePostgresUser: ''
    # password of a postgres user. Auto-generated when left blank
    chePostgresPassword: ''
    # Postgres database name that Che server uses to connect to. Defaults to dbche
    chePostgresDb: ''
    # Postgres deployment in format image:tag. Defaults to registry.redhat.io/rhscl/postgresql-96-rhel7 (see pkg/deploy/defaults.go for latest tag)
    postgresImage: ''
  storage:
    # persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume),
    # per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common
    pvcStrategy: 'per-workspace'
    # size of a persistent volume claim for workspaces. Defaults to 1Gi
    pvcClaimSize: '1Gi'
    # instruct Che server to launch a special pod to precreate a subpath in a PV
    preCreateSubPaths: true
    # image:tag for preCreateSubPaths jobs
    pvcJobsImage: ''
    # keep blank unless you need to use a non default storage class for Postgres PVC
    postgresPVCStorageClassName: ''
    # keep blank unless you need to use a non default storage class for workspace PVC(s)
    workspacePVCStorageClassName: ''

  auth:
    # instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details
    externalIdentityProvider: false
    # retrieved from respective route/ingress unless explicitly specified in CR (when ExternalKeycloak is true)
    identityProviderURL: ''
    # password for keycloak database user. Auto generated if left blank
    keycloakPostgresPassword: ''
    # desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false)
    identityProviderAdminUserName: ''
    # desired password of Keycloak admin user (applicable only when externalIdentityProvider is false)
    identityProviderPassword: 'admin'
    # name of a keycloak realm. This realm will be created, when externalIdentityProvider is true, otherwise passed to Che server
    identityProviderRealm: ''
    # id of a keycloak client. This client will be created, when externalIdentityProvider is false, otherwise passed to Che server
    identityProviderClientId: ''
    # instructs an Operator to enable OpenShift v3 identity provider in Keycloak,
    # as well as create respective oAuthClient and configure Che configMap accordingly
    openShiftoAuth: false
    # name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank
    oAuthClientName: ''
    # secret used in oAuthClient. Auto generated if left blank
    oAuthSecret: ''
    # image:tag used in Keycloak deployment
    identityProviderImage: 'eclipse/che-keycloak:nightly'
  k8s:
    # your global ingress domain
    ingressDomain: '192.168.99.101.nip.io'
    # kubernetes.io/ingress.class, defaults to nginx
    ingressClass: ''
    # IngressStrategy is the way ingresses are created.
    # Can be multi-host (host is explicitly provided in ingress, <ingress-name>-<namespace>.<global-ingress-domain>),
    # single-host (host is provided, path based rules, <ingress-domain>/path) and default-host *(no host is provided, path based rules)
    ingressStrategy: ''
    # secret name used for tls termination
    tlsSecretName: ''
    # FSGroup the Che POD and Workspace pod containers should run in  
    securityContextFsGroup: '' 
    # User the Che POD and Workspace pod containers should run as  
    securityContextRunAsUser: ''

	#
	# Copyright (c) 2012-2019 Red Hat, Inc.
	# This program and the accompanying materials are made
	# available under the terms of the Eclipse Public License 2.0
	# which is available at https://www.eclipse.org/legal/epl-2.0/
	#
	# SPDX-License-Identifier: EPL-2.0
	#
	# Contributors:
	# Red Hat, Inc. - initial API and implementation

	apiVersion: org.eclipse.che/v1
	kind: CheCluster
	metadata:
	name: eclipse-che
	spec:
	server:
	# server image used in Che deployment
	cheImage: ''
	# tag of an image used in Che deployment
	cheImageTag: 'nightly'
	# image:tag used in Devfile registry deployment
	devfileRegistryImage: 'quay.io/eclipse/che-devfile-registry:nightly'
	# image:tag used in plugin registry deployment
	pluginRegistryImage: 'quay.io/eclipse/che-plugin-registry:nightly'
	# defaults to `che`. When set to `codeready`, CodeReady Workspaces is deployed
	# the difference is in images, labels, exec commands
	cheFlavor: ''
	# specifies a custom cluster role to user for the Che workspaces
	# Uses the default roles if left blank.
	cheWorkspaceClusterRole: ''
	# when set to true the operator will attempt to get a secret in OpenShift router namespace
	# to add it to Java trust store of Che server. Requires cluster-admin privileges for operator service account
	selfSignedCert: true
	# TLS mode for Che. Make sure you either have public cert, or set selfSignedCert to true
	tlsSupport: true
	# protocol+hostname of a proxy server. Automatically added as JAVA_OPTS and https(s)_proxy
	# to Che server and workspaces containers
	proxyURL: ''
	# port of a proxy server
	proxyPort: ''
	# username for a proxy server
	proxyUser: ''
	# password for a proxy user
	proxyPassword: ''
	# a list of non-proxy hosts. Use \| as delimiter, eg localhost\|my.host.com\|123.42.12.32
	nonProxyHosts: ''
	# sets mem request for server deployment. Defaults to 512Mi
	serverMemoryRequest: ''
	# sets mem limit for server deployment. Defaults to 1Gi
	serverMemoryLimit: ''
	database:
	# when set to true, the operator skips deploying Postgres, and passes connection details of existing DB to Che server
	# otherwise a Postgres deployment is created
	externalDb: false
	# Postgres Database hostname that Che server uses to connect to. Defaults to postgres
	chePostgresHostName: ''
	# Postgres Database port that Che server uses to connect to. Defaults to 5432
	chePostgresPort: ''
	# Postgres user that Che server when making a db connection. Defaults to pgche
	chePostgresUser: ''
	# password of a postgres user. Auto-generated when left blank
	chePostgresPassword: ''
	# Postgres database name that Che server uses to connect to. Defaults to dbche
	chePostgresDb: ''
	# Postgres deployment in format image:tag. Defaults to registry.redhat.io/rhscl/postgresql-96-rhel7 (see pkg/deploy/defaults.go for latest tag)
	postgresImage: ''
	storage:
	# persistent volume claim strategy for Che server. Can be common (all workspaces PVCs in one volume),
	# per-workspace (one PVC per workspace for all declared volumes) and unique (one PVC per declared volume). Defaults to common
	pvcStrategy: 'per-workspace'
	# size of a persistent volume claim for workspaces. Defaults to 1Gi
	pvcClaimSize: '1Gi'
	# instruct Che server to launch a special pod to precreate a subpath in a PV
	preCreateSubPaths: true
	# image:tag for preCreateSubPaths jobs
	pvcJobsImage: ''
	# keep blank unless you need to use a non default storage class for Postgres PVC
	postgresPVCStorageClassName: ''
	# keep blank unless you need to use a non default storage class for workspace PVC(s)
	workspacePVCStorageClassName: ''

	auth:
	# instructs operator on whether or not to deploy Keycloak/RH SSO instance. When set to true provision connection details
	externalIdentityProvider: false
	# retrieved from respective route/ingress unless explicitly specified in CR (when ExternalKeycloak is true)
	identityProviderURL: ''
	# password for keycloak database user. Auto generated if left blank
	keycloakPostgresPassword: ''
	# desired admin username of Keycloak admin user (applicable only when externalIdentityProvider is false)
	identityProviderAdminUserName: ''
	# desired password of Keycloak admin user (applicable only when externalIdentityProvider is false)
	identityProviderPassword: 'admin'
	# name of a keycloak realm. This realm will be created, when externalIdentityProvider is true, otherwise passed to Che server
	identityProviderRealm: ''
	# id of a keycloak client. This client will be created, when externalIdentityProvider is false, otherwise passed to Che server
	identityProviderClientId: ''
	# instructs an Operator to enable OpenShift v3 identity provider in Keycloak,
	# as well as create respective oAuthClient and configure Che configMap accordingly
	openShiftoAuth: false
	# name of oAuthClient used in OpenShift v3 identity provider in Keycloak realm. Auto generated if left blank
	oAuthClientName: ''
	# secret used in oAuthClient. Auto generated if left blank
	oAuthSecret: ''
	# image:tag used in Keycloak deployment
	identityProviderImage: 'eclipse/che-keycloak:nightly'
	k8s:
	# your global ingress domain
	ingressDomain: '192.168.99.101.nip.io'
	# kubernetes.io/ingress.class, defaults to nginx
	ingressClass: ''
	# IngressStrategy is the way ingresses are created.
	# Can be multi-host (host is explicitly provided in ingress, <ingress-name>-<namespace>.<global-ingress-domain>),
	# single-host (host is provided, path based rules, <ingress-domain>/path) and default-host *(no host is provided, path based rules)
	ingressStrategy: ''
	# secret name used for tls termination
	tlsSecretName: ''
	# FSGroup the Che POD and Workspace pod containers should run in
	securityContextFsGroup: ''
	# User the Che POD and Workspace pod containers should run as
	securityContextRunAsUser: ''