diff --git a/api/v2/checluster_types.go b/api/v2/checluster_types.go index 2a0cf3063..560c9b830 100644 --- a/api/v2/checluster_types.go +++ b/api/v2/checluster_types.go @@ -500,6 +500,11 @@ type DefaultNamespace struct { // +optional // +kubebuilder:default:=true AutoProvision *bool `json:"autoProvision,omitempty"` + // For OpenShift clusters only, setting this to `true` creates + // a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + // is used instead to trigger cluster-specific Project Templates. + // +optional + CreateNamespaceDirectly *bool `json:"createNamespaceDirectly,omitempty"` } type DashboardHeaderMessage struct { diff --git a/api/v2/zz_generated.deepcopy.go b/api/v2/zz_generated.deepcopy.go index 111b0d42d..ec3d7cf06 100644 --- a/api/v2/zz_generated.deepcopy.go +++ b/api/v2/zz_generated.deepcopy.go @@ -726,6 +726,11 @@ func (in *DefaultNamespace) DeepCopyInto(out *DefaultNamespace) { *out = new(bool) **out = **in } + if in.CreateNamespaceDirectly != nil { + in, out := &in.CreateNamespaceDirectly, &out.CreateNamespaceDirectly + *out = new(bool) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DefaultNamespace. diff --git a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml index 80d2b6e42..5079a0a7f 100644 --- a/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml +++ b/bundle/next/eclipse-che/manifests/che-operator.clusterserviceversion.yaml @@ -86,7 +86,7 @@ metadata: categories: Developer Tools certified: "false" containerImage: quay.io/eclipse/che-operator:next - createdAt: "2026-03-19T13:07:33Z" + createdAt: "2026-03-24T10:32:31Z" description: A Kube-native development solution that delivers portable and collaborative developer workspaces. features.operators.openshift.io/cnf: "false" @@ -108,7 +108,7 @@ metadata: operatorframework.io/arch.amd64: supported operatorframework.io/arch.arm64: supported operatorframework.io/os.linux: supported - name: eclipse-che.v7.116.0-956.next + name: eclipse-che.v7.116.0-959.next namespace: placeholder spec: apiservicedefinitions: {} @@ -1144,7 +1144,7 @@ spec: name: gateway-authorization-sidecar-k8s - image: quay.io/che-incubator/header-rewrite-proxy:latest name: gateway-header-sidecar - version: 7.116.0-956.next + version: 7.116.0-959.next webhookdefinitions: - admissionReviewVersions: - v1 diff --git a/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml b/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml index 6cfee4204..7bfb8be2b 100644 --- a/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml +++ b/bundle/next/eclipse-che/manifests/org.eclipse.che_checlusters.yaml @@ -7708,6 +7708,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/config/crd/bases/org.eclipse.che_checlusters.yaml b/config/crd/bases/org.eclipse.che_checlusters.yaml index 3658d8a5f..e19792fb3 100644 --- a/config/crd/bases/org.eclipse.che_checlusters.yaml +++ b/config/crd/bases/org.eclipse.che_checlusters.yaml @@ -7662,6 +7662,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/deploy/deployment/kubernetes/combined.yaml b/deploy/deployment/kubernetes/combined.yaml index 7729f6f97..d150579c3 100644 --- a/deploy/deployment/kubernetes/combined.yaml +++ b/deploy/deployment/kubernetes/combined.yaml @@ -7683,6 +7683,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml b/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml index adab82790..3149c7173 100644 --- a/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml +++ b/deploy/deployment/kubernetes/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml @@ -7678,6 +7678,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/deploy/deployment/openshift/combined.yaml b/deploy/deployment/openshift/combined.yaml index 18bf307ff..5c4f27513 100644 --- a/deploy/deployment/openshift/combined.yaml +++ b/deploy/deployment/openshift/combined.yaml @@ -7683,6 +7683,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml b/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml index 5c9730714..4b3c06913 100644 --- a/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml +++ b/deploy/deployment/openshift/objects/checlusters.org.eclipse.che.CustomResourceDefinition.yaml @@ -7678,6 +7678,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml b/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml index adab82790..3149c7173 100644 --- a/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml +++ b/helmcharts/next/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml @@ -7678,6 +7678,12 @@ spec: Indicates if is allowed to automatically create a user namespace. If it set to false, then user namespace must be pre-created by a cluster administrator. type: boolean + createNamespaceDirectly: + description: |- + For OpenShift clusters only, setting this to `true` creates + a standard Kubernetes Namespace directly. When false (default), the OpenShift ProjectRequest API + is used instead to trigger cluster-specific Project Templates. + type: boolean template: default: -che description: |- diff --git a/pkg/common/constants/constants.go b/pkg/common/constants/constants.go index ae5ed50b5..5b52ad5bb 100644 --- a/pkg/common/constants/constants.go +++ b/pkg/common/constants/constants.go @@ -108,13 +108,14 @@ const ( ConfigOpenShiftIOInjectTrustedCaBundle = "config.openshift.io/inject-trusted-cabundle" // DevEnvironments - PerUserPVCStorageStrategy = "per-user" - DefaultPvcStorageStrategy = "per-user" - PerWorkspacePVCStorageStrategy = "per-workspace" - EphemeralPVCStorageStrategy = "ephemeral" - CommonPVCStorageStrategy = "common" - DefaultDeploymentStrategy = "Recreate" - DefaultAutoProvision = true + PerUserPVCStorageStrategy = "per-user" + DefaultPvcStorageStrategy = "per-user" + PerWorkspacePVCStorageStrategy = "per-workspace" + EphemeralPVCStorageStrategy = "ephemeral" + CommonPVCStorageStrategy = "common" + DefaultDeploymentStrategy = "Recreate" + DefaultAutoProvision = true + OpenShiftCreateNamespaceDirectly = false // Ingress DefaultSelfSignedCertificateSecretName = "self-signed-certificate" diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 4ad150e12..9bb85ce6c 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -38,18 +38,19 @@ import ( ) type CheConfigMap struct { - JavaOpts string `json:"JAVA_OPTS"` - CheHost string `json:"CHE_HOST"` - ChePort string `json:"CHE_PORT"` - CheDebugServer string `json:"CHE_DEBUG_SERVER"` - CheLogLevel string `json:"CHE_LOG_LEVEL"` - CheMetricsEnabled string `json:"CHE_METRICS_ENABLED"` - CheInfrastructure string `json:"CHE_INFRASTRUCTURE_ACTIVE"` - UserClusterRoles string `json:"CHE_INFRA_KUBERNETES_USER__CLUSTER__ROLES"` - NamespaceDefault string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT"` - NamespaceCreationAllowed string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED"` - Http2Disable string `json:"HTTP2_DISABLE"` - KubernetesLabels string `json:"KUBERNETES_LABELS"` + JavaOpts string `json:"JAVA_OPTS"` + CheHost string `json:"CHE_HOST"` + ChePort string `json:"CHE_PORT"` + CheDebugServer string `json:"CHE_DEBUG_SERVER"` + CheLogLevel string `json:"CHE_LOG_LEVEL"` + CheMetricsEnabled string `json:"CHE_METRICS_ENABLED"` + CheInfrastructure string `json:"CHE_INFRASTRUCTURE_ACTIVE"` + UserClusterRoles string `json:"CHE_INFRA_KUBERNETES_USER__CLUSTER__ROLES"` + NamespaceDefault string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT"` + NamespaceCreationAllowed string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED"` + Http2Disable string `json:"HTTP2_DISABLE"` + KubernetesLabels string `json:"KUBERNETES_LABELS"` + OpenShiftCreateNamespaceDirectly string `json:"CHE_INFRA_OPENSHIFT__DIRECT_NAMESPACE_CREATION"` // TODO remove when keycloak codebase is removed from che-server component CheOIDCAuthServerUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` @@ -136,18 +137,26 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che kubernetesLabels := labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())) + openShiftCreateNamespaceDirectly := strconv.FormatBool( + pointer.BoolDeref( + ctx.CheCluster.Spec.DevEnvironments.DefaultNamespace.CreateNamespaceDirectly, + constants.OpenShiftCreateNamespaceDirectly, + ), + ) + data := &CheConfigMap{ - JavaOpts: javaOpts, - CheHost: ctx.CheHost, - ChePort: chePort, - CheDebugServer: cheDebugServer, - CheLogLevel: cheLogLevel, - CheMetricsEnabled: cheMetricsEnabled, - CheInfrastructure: cheInfrastructure, - CheOIDCAuthServerUrl: ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL, - NamespaceDefault: namespaceDefault, - NamespaceCreationAllowed: namespaceCreationAllowed, - KubernetesLabels: kubernetesLabels, + JavaOpts: javaOpts, + CheHost: ctx.CheHost, + ChePort: chePort, + CheDebugServer: cheDebugServer, + CheLogLevel: cheLogLevel, + CheMetricsEnabled: cheMetricsEnabled, + CheInfrastructure: cheInfrastructure, + CheOIDCAuthServerUrl: ctx.CheCluster.Spec.Networking.Auth.IdentityProviderURL, + NamespaceDefault: namespaceDefault, + NamespaceCreationAllowed: namespaceCreationAllowed, + KubernetesLabels: kubernetesLabels, + OpenShiftCreateNamespaceDirectly: openShiftCreateNamespaceDirectly, // Disable HTTP2 protocol. // Fix issue with creating config maps on the cluster https://issues.redhat.com/browse/CRW-2677 // The root cause is in the HTTP2 protocol support of the okttp3 library that is used by fabric8.kubernetes-client that is used by che-server diff --git a/pkg/deploy/server/server_configmap_test.go b/pkg/deploy/server/server_configmap_test.go index 54b2ebf0a..6bc0a5fa4 100644 --- a/pkg/deploy/server/server_configmap_test.go +++ b/pkg/deploy/server/server_configmap_test.go @@ -83,6 +83,7 @@ func TestGetConfigMapData(t *testing.T) { "KUBERNETES_LABELS": labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())), "HTTP2_DISABLE": "true", "CHE_OIDC_AUTH__SERVER__URL": "http://identity-provider", + "CHE_INFRA_OPENSHIFT__DIRECT_NAMESPACE_CREATION": "false", }, }, }