Poc che server reference

modules/administration-guide/partials/assembly_configuring-authorization.adoc

@@ -21,6 +21,8 @@ include::partial$proc_configuring-github-oauth.adoc[leveloffset=+2]
 
 include::partial$proc_configuring-bitbucket-server-oauth1.adoc[leveloffset=+2]
 
+include::partial$proc_configuring-gitlab-oauth.adoc[leveloffset=+2]
+
 include::partial$proc_using-protocol-based-providers.adoc[leveloffset=+1]
 
 include::example$proc_{project-context}-managing-users-using-identity-provider.adoc[leveloffset=+1]

modules/administration-guide/partials/proc_configuring-gitlab-oauth.adoc

@@ -0,0 +1,46 @@
+// Module included in the following assemblies:
+//
+// Configuring GitLab OAuth
+
+
+[id="configuring-gitlab-oauth_{context}"]
+= Configuring GitLab OAuth 2
+
+OAuth 2 for GitLab allows accepting factories from private GitLab repositories.
+
+.Prerequisites
+
+* GitLab server is running and available from {prod-short}.
+
+.Procedure
+
+. link:https://docs.gitlab.com/ee/integration/oauth_provider.html#authorized-applications[Create an Authorized application in GitLab] with following parameters:
++
+Application name:: {prod-short}
+Callback URL:: {identity-provider} GitLab endpoint URL. 
++
+.Callback URL default value
+====
+`++https://++keycloak-{prod-namespace}.__<DOMAIN>__/auth/realms/{prod-deployment}/broker/gitlab/endpoint`, where `__<DOMAIN>__` is the {orch-name} cluster domain. 
+====
+Store the `Application ID` and `Secret` values. 
+
+. Create a custom OIDC provider link on {identity-provider} pointing to GitLab server. Fill the following fields:
+
+Client ID:: a value from the `Application ID` field provided by GitLab server in previous step;
+Client Secret:: a value from `Secret` field provided by GitLab server in previous step;
+Authorization URL:: a URL which have a `https://__<GITLAB_DOMAIN>__/oauth/oauth/authorize` format;
+Token URL:: a URL which have a `https://__<GITLAB_DOMAIN>__/oauth/oauth/token` format;
+Scopes:: set of scopes which must contain (but not limited to) the following set: `api write_repository openid`
+
++ 
+[NOTE]
+====
+* Substitute `_<GITLAB_DOMAIN>_` with the URL and port of the GitLab installation.
+==== 
+
+
+.Additional resources 
+
+* xref:installation-guide:importing-untrusted-tls-certificates.adoc[].
+* xref:installation-guide:deploying-che-with-support-for-git-repositories-with-self-signed-certificates.adoc[].

modules/installation-guide/pages/advanced-configuration-options-for-the-che-server-component.adoc

@@ -5,3 +5,4 @@
 :page-aliases: .:advanced-configuration-options-for-the-che-server-component, .:configuring-system-variables
 
 include::partial$assembly_advanced-configuration-options-for-the-che-server-component.adoc[]
+

modules/installation-guide/partials/assembly_advanced-configuration-options-for-the-che-server-component.adoc

@@ -18,7 +18,8 @@ include::partial$con_understanding-che-server-advanced-configuration-not-using-t
 endif::[]
 
 
-include::partial$ref_che-server-component-system-properties-reference.adoc[leveloffset=+1]
+include::partial$assembly_che-server-environment-variables-reference.adoc[leveloffset=+1]
+
 
 .Additional resources
 

modules/installation-guide/partials/assembly_che-server-environment-variables-reference.adoc

@@ -0,0 +1,253 @@
+:parent-context-of-assembly_che-server-environment-variables-reference: {context}
+
+[id=assembly_{prod-id-short}-server-environment-variables-reference_{context}]
+= {prod-short} server environment variables reference
+
+:context: assembly_che-server-environment-variables-reference
+
+
+== {prod-short} server
+
+include::ref_che_api.adoc[leveloffset=+2]
+include::ref_che_api_internal.adoc[leveloffset=+2]
+include::ref_che_database.adoc[leveloffset=+2]
+include::ref_che_devworkspaces_enabled.adoc[leveloffset=+2]
+include::ref_che_websocket_endpoint.adoc[leveloffset=+2]
+include::ref_che_workspace_activity__check__scheduler__delay__s.adoc[leveloffset=+2]
+include::ref_che_workspace_activity__check__scheduler__period__s.adoc[leveloffset=+2]
+include::ref_che_workspace_activity__cleanup__scheduler__initial__delay__s.adoc[leveloffset=+2]
+include::ref_che_workspace_activity__cleanup__scheduler__period__s.adoc[leveloffset=+2]
+include::ref_che_workspace_auto__start.adoc[leveloffset=+2]
+include::ref_che_workspace_cleanup__temporary__initial__delay__min.adoc[leveloffset=+2]
+include::ref_che_workspace_cleanup__temporary__period__min.adoc[leveloffset=+2]
+include::ref_che_workspace_default__cpu__limit__cores.adoc[leveloffset=+2]
+include::ref_che_workspace_default__cpu__request__cores.adoc[leveloffset=+2]
+include::ref_che_workspace_default__memory__limit__mb.adoc[leveloffset=+2]
+include::ref_che_workspace_default__memory__request__mb.adoc[leveloffset=+2]
+include::ref_che_workspace_devfile_async_storage_plugin.adoc[leveloffset=+2]
+include::ref_che_workspace_devfile_default__editor.adoc[leveloffset=+2]
+include::ref_che_workspace_devfile_default__editor_plugins.adoc[leveloffset=+2]
+include::ref_che_workspace_devfile__registry__internal__url.adoc[leveloffset=+2]
+include::ref_che_workspace_devfile__registry__url.adoc[leveloffset=+2]
+include::ref_che_workspace_http__proxy.adoc[leveloffset=+2]
+include::ref_che_workspace_http__proxy__java__options.adoc[leveloffset=+2]
+include::ref_che_workspace_https__proxy.adoc[leveloffset=+2]
+include::ref_che_workspace_java__options.adoc[leveloffset=+2]
+include::ref_che_workspace_logs_root__dir.adoc[leveloffset=+2]
+include::ref_che_workspace_maven__options.adoc[leveloffset=+2]
+include::ref_che_workspace_no__proxy.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__broker_artifacts_image.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__broker_default__merge__plugins.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__broker_metadata_image.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__broker_pull__policy.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__broker_wait__timeout__min.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__registry__internal__url.adoc[leveloffset=+2]
+include::ref_che_workspace_plugin__registry__url.adoc[leveloffset=+2]
+include::ref_che_workspace_pod_node__selector.adoc[leveloffset=+2]
+include::ref_che_workspace_pod_tolerations__json.adoc[leveloffset=+2]
+include::ref_che_workspace_pool_cores__multiplier.adoc[leveloffset=+2]
+include::ref_che_workspace_pool_exact__size.adoc[leveloffset=+2]
+include::ref_che_workspace_pool_type.adoc[leveloffset=+2]
+include::ref_che_workspace_probe__pool__size.adoc[leveloffset=+2]
+include::ref_che_workspace_projects_storage.adoc[leveloffset=+2]
+include::ref_che_workspace_projects_storage_default_size.adoc[leveloffset=+2]
+include::ref_che_workspace_provision_secret_labels.adoc[leveloffset=+2]
+include::ref_che_workspace_server_liveness__probes.adoc[leveloffset=+2]
+include::ref_che_workspace_server_ping__interval__milliseconds.adoc[leveloffset=+2]
+include::ref_che_workspace_server_ping__success__threshold.adoc[leveloffset=+2]
+include::ref_che_workspace_sidecar_default__cpu__limit__cores.adoc[leveloffset=+2]
+include::ref_che_workspace_sidecar_default__cpu__request__cores.adoc[leveloffset=+2]
+include::ref_che_workspace_sidecar_default__memory__limit__mb.adoc[leveloffset=+2]
+include::ref_che_workspace_sidecar_default__memory__request__mb.adoc[leveloffset=+2]
+include::ref_che_workspace_sidecar_image__pull__policy.adoc[leveloffset=+2]
+include::ref_che_workspace_startup__debug__log__limit__bytes.adoc[leveloffset=+2]
+include::ref_che_workspace_stop_role_enabled.adoc[leveloffset=+2]
+include::ref_che_workspace_storage_available__types.adoc[leveloffset=+2]
+include::ref_che_workspace_storage_preferred__type.adoc[leveloffset=+2]
+
+== Authentication parameters
+
+
+include::ref_che_auth_access__denied__error__page.adoc[leveloffset=+2]
+include::ref_che_auth_reserved__user__names.adoc[leveloffset=+2]
+include::ref_che_auth_user__self__creation.adoc[leveloffset=+2]
+include::ref_che_oauth1_bitbucket_consumerkeypath.adoc[leveloffset=+2]
+include::ref_che_oauth1_bitbucket_endpoint.adoc[leveloffset=+2]
+include::ref_che_oauth1_bitbucket_privatekeypath.adoc[leveloffset=+2]
+include::ref_che_oauth_github_authuri.adoc[leveloffset=+2]
+include::ref_che_oauth_github_clientid.adoc[leveloffset=+2]
+include::ref_che_oauth_github_clientsecret.adoc[leveloffset=+2]
+include::ref_che_oauth_github_redirecturis.adoc[leveloffset=+2]
+include::ref_che_oauth_github_tokenuri.adoc[leveloffset=+2]
+include::ref_che_oauth_openshift_clientid.adoc[leveloffset=+2]
+include::ref_che_oauth_openshift_clientsecret.adoc[leveloffset=+2]
+include::ref_che_oauth_openshift_oauth__endpoint.adoc[leveloffset=+2]
+include::ref_che_oauth_openshift_verify__token__url.adoc[leveloffset=+2]
+include::ref_che_oauth_service__mode.adoc[leveloffset=+2]
+
+
+== Internal parameters
+
+include::ref_db_schema_flyway_baseline_enabled.adoc[leveloffset=+2]
+include::ref_db_schema_flyway_baseline_version.adoc[leveloffset=+2]
+include::ref_db_schema_flyway_scripts_locations.adoc[leveloffset=+2]
+include::ref_db_schema_flyway_scripts_prefix.adoc[leveloffset=+2]
+include::ref_db_schema_flyway_scripts_suffix.adoc[leveloffset=+2]
+include::ref_db_schema_flyway_scripts_version__separator.adoc[leveloffset=+2]
+include::ref_schedule_core__pool__size.adoc[leveloffset=+2]
+
+
+== Kubernetes Infra parameters
+
+include::ref_che_infra_kubernetes_async_storage_image.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_async_storage_shutdown__check__period__min.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_async_storage_shutdown__timeout__min.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_client_http_async__requests_max.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_client_http_async__requests_max__per__host.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_client_http_connection__pool_keep__alive__min.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_client_http_connection__pool_max__idle.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_ingress_annotations__json.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_ingress_domain.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_ingress_labels.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_ingress_path__transform.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_ingress__start__timeout__min.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_master__url.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace_allow__user__defined.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace_annotations.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace_creation__allowed.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace_default.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace_label.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_namespace_labels.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pod_security__context_fs__group.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pod_security__context_run__as__user.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pod_termination__grace__period__sec.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_access__mode.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_enabled.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_jobs_image.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_jobs_image_pull__policy.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_jobs_memorylimit.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_name.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_precreate__subpaths.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_quantity.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_storage__class__name.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_strategy.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_pvc_wait__bound.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_runtimes__consistency__check__period__min.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_server__strategy.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_service__account__name.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_singlehost_gateway_configmap__labels.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_singlehost_workspace_devfile__endpoint__exposure.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_singlehost_workspace_exposure.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_tls__cert.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_tls__enabled.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_tls__key.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_tls__secret.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_trust__certs.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_trusted__ca_dest__configmap.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_trusted__ca_dest__configmap__labels.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_trusted__ca_mount__path.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_trusted__ca_src__configmap.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_workspace__sa__cluster__roles.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_workspace__start__timeout__min.adoc[leveloffset=+2]
+include::ref_che_infra_kubernetes_workspace__unrecoverable__events.adoc[leveloffset=+2]
+
+
+== OpenShift Infra parameters
+
+include::ref_che_infra_openshift_oauth__identity__provider.adoc[leveloffset=+2]
+include::ref_che_infra_openshift_project.adoc[leveloffset=+2]
+include::ref_che_infra_openshift_route_host_domain__suffix.adoc[leveloffset=+2]
+include::ref_che_infra_openshift_route_labels.adoc[leveloffset=+2]
+include::ref_che_infra_openshift_trusted__ca_dest__configmap__labels.adoc[leveloffset=+2]
+
+
+== Configuration of the major WebSocket endpoint
+
+include::ref_che_core_jsonrpc_processor__core__pool__size.adoc[leveloffset=+2]
+include::ref_che_core_jsonrpc_processor__max__pool__size.adoc[leveloffset=+2]
+include::ref_che_core_jsonrpc_processor__queue__capacity.adoc[leveloffset=+2]
+include::ref_che_metrics_port.adoc[leveloffset=+2]
+
+
+== CORS parameters
+
+include::ref_che_cors_allow__credentials.adoc[leveloffset=+2]
+include::ref_che_cors_allowed__origins.adoc[leveloffset=+2]
+
+== Factory defaults parameters
+
+include::ref_che_factory_default__devfile__filenames.adoc[leveloffset=+2]
+include::ref_che_factory_default__plugins.adoc[leveloffset=+2]
+
+== Devfile defaults parameters
+
+include::ref_che_factory_default__editor.adoc[leveloffset=+2]
+
+== Integration parameters
+
+include::ref_che_integration_bitbucket_server__endpoints.adoc[leveloffset=+2]
+include::ref_che_integration_gitlab_server__endpoints.adoc[leveloffset=+2]
+
+
+== Keycloak parameters
+
+include::ref_che_keycloak_admin__password.adoc[leveloffset=+2]
+include::ref_che_keycloak_admin__username.adoc[leveloffset=+2]
+include::ref_che_keycloak_allowed__clock__skew__sec.adoc[leveloffset=+2]
+include::ref_che_keycloak_auth__internal__server__url.adoc[leveloffset=+2]
+include::ref_che_keycloak_auth__server__url.adoc[leveloffset=+2]
+include::ref_che_keycloak_cascade__user__removal__enabled.adoc[leveloffset=+2]
+include::ref_che_keycloak_client__id.adoc[leveloffset=+2]
+include::ref_che_keycloak_github_endpoint.adoc[leveloffset=+2]
+include::ref_che_keycloak_js__adapter__url.adoc[leveloffset=+2]
+include::ref_che_keycloak_oidc__provider.adoc[leveloffset=+2]
+include::ref_che_keycloak_oso_endpoint.adoc[leveloffset=+2]
+include::ref_che_keycloak_realm.adoc[leveloffset=+2]
+include::ref_che_keycloak_use__fixed__redirect__urls.adoc[leveloffset=+2]
+include::ref_che_keycloak_use__nonce.adoc[leveloffset=+2]
+include::ref_che_keycloak_username__claim.adoc[leveloffset=+2]
+include::ref_che_keycloak_username_replacement__patterns.adoc[leveloffset=+2]
+
+
+== Organizations workspace limits parameters
+
+include::ref_che_limits_organization_workspaces_count.adoc[leveloffset=+2]
+include::ref_che_limits_organization_workspaces_ram.adoc[leveloffset=+2]
+include::ref_che_limits_organization_workspaces_run_count.adoc[leveloffset=+2]
+
+
+== Users workspace limits parameters
+
+include::ref_che_limits_user_workspaces_count.adoc[leveloffset=+2]
+include::ref_che_limits_user_workspaces_ram.adoc[leveloffset=+2]
+include::ref_che_limits_user_workspaces_run_count.adoc[leveloffset=+2]
+
+
+== Workspace limits parameters
+
+include::ref_che_limits_workspace_env_ram.adoc[leveloffset=+2]
+include::ref_che_limits_workspace_idle_timeout.adoc[leveloffset=+2]
+include::ref_che_limits_workspace_run_timeout.adoc[leveloffset=+2]
+
+
+== {prod-short} system parameters
+
+include::ref_che_system_admin__name.adoc[leveloffset=+2]
+include::ref_che_system_super__privileged__mode.adoc[leveloffset=+2]
+
+
+== Experimental properties
+
+include::ref_che_server_secure__exposer.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_auth_loader_path.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_cpu__limit.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_cpu__request.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_image.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_memory__limit.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_memory__request.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_token_issuer.adoc[leveloffset=+2]
+include::ref_che_server_secure__exposer_jwtproxy_token_ttl.adoc[leveloffset=+2]
+
+
+:context: {parent-context-of-assembly_che-server-environment-variables-reference}

modules/installation-guide/partials/ref_che_api.adoc

@@ -0,0 +1,13 @@
+[id="che_api_{context}"]
+= `+CHE_API+`
+
+API service. Browsers initiate REST communications to {prod-short} server with this URL.
+
+
+.Default value for `+CHE_API+`
+====
+----
+http://${CHE_HOST}:${CHE_PORT}/api
+----
+====
+

modules/installation-guide/partials/ref_che_api_internal.adoc

@@ -0,0 +1,13 @@
+[id="che_api_internal_{context}"]
+= `+CHE_API_INTERNAL+`
+
+API service internal network URL. Back-end services should initiate REST communications to {prod-short} server with this URL
+
+
+.Default value for `+CHE_API_INTERNAL+`
+====
+----
+http://${CHE_HOST}:${CHE_PORT}/api
+----
+====
+

modules/installation-guide/partials/ref_che_auth_access__denied__error__page.adoc

@@ -0,0 +1,13 @@
+[id="che_auth_access__denied__error__page_{context}"]
+= `+CHE_AUTH_ACCESS__DENIED__ERROR__PAGE+`
+
+Authentication error page address
+
+
+.Default value for `+CHE_AUTH_ACCESS__DENIED__ERROR__PAGE+`
+====
+----
+/error-oauth
+----
+====
+

modules/installation-guide/partials/ref_che_auth_reserved__user__names.adoc

@@ -0,0 +1,13 @@
+[id="che_auth_reserved__user__names_{context}"]
+= `+CHE_AUTH_RESERVED__USER__NAMES+`
+
+Reserved user names
+
+
+.Default value for `+CHE_AUTH_RESERVED__USER__NAMES+`
+====
+----
+
+----
+====
+

modules/installation-guide/partials/ref_che_auth_user__self__creation.adoc

@@ -0,0 +1,13 @@
+[id="che_auth_user__self__creation_{context}"]
+= `+CHE_AUTH_USER__SELF__CREATION+`
+
+{prod-short} has a single identity implementation, so this does not change the user experience. If true, enables user creation at API level
+
+
+.Default value for `+CHE_AUTH_USER__SELF__CREATION+`
+====
+----
+false
+----
+====
+