Kubernetes based Cloud Development Environments for Enterprise Teams
Starting from this release, podman login
is performed automatically during workspace startup for all container registries configured in the User Preferences
:
[!NOTE]
For Red Hat OpenShift internal container registryimage-registry.openshift-image-registry.svc:5000
,podman login
is performed automatically. No manual configuration is required.
With this release, devfile v1 is deprecated and is not supported anymore. Check Devfile.io documentation website for supported devfile versions.
The official documentation for configuring single and multi-root workspaces in Visual Studio Code - Open Source ("Code - OSS") has been added in this release.
Previously, when a pod was restarted, the Dashboard URL could become unavailable for a short period of time during the operator update. The problem has been fixed in this release by adding the appropriate LivenessProbe
and ReadinessProbe
to the Gateway.
The defect related to the misleading status of the 'Authorization' indicator after OAuth revocation from the Dashboard has been fixed in this release.
controller.devfile.io/creator
labelPreviously, if a DevWorkspace object was missing the controller.devfile.io/creator
label the User Dashboard displayed a blank page. The defect has been fixed in this release.
With this release, you can specify which extensions are trusted and can access authentication tokens using the dedicated VSCODE_TRUSTED_EXTENSIONS
environment variable defined in the devfile or ConfigMap:
env:
- name: VSCODE_TRUSTED_EXTENSIONS
value: "<publisher1>.<extension1>,<publisher2>.<extension2>"
Find more details about the enhancement in the official documentation.
In this release, the 'Editor Selector' dashboard widget has been improved with the 'Use a Default Editor', 'Choose an Editor', and 'Use an Editor Definition' sections:
With this release, if the imagePuller
option is enabled on the CheCluster
Custom Resource level, the operator automatically fetches related images from both devfile and plugin registries to create and manage ImagePuller
Custom Resource for faster workspace startup. Find more details about the enhancement in the official documentation.
Before this release, only revoking GitHub OAuth from the User Dashboard was supported. Recently, GitLab added a Revoke a token API and it is now possible to also revoke the GitLab OAuth access right from the User Dashboard. For other Git Services navigation to the provider website and following the instructions for revoking OAuth access is required.
Hovering over a workspace from the 'Recent Workspaces' expands the name if it is long and does not fit the sidebar.
https://github.com/eclipse-che/che-dashboard/assets/16220722/996e65dd-3318-4185-b991-03b9ee29d7d7
Starting from this release, when you create a Personal Access Token on the User Dashboard, the "Provider" field will correspond to the dedicated Git Service.
Previously , oauth2-
string with a random postfix was used. This resulted in poor visibility:
Previously, the persistUserHome
CheCluster Custom Resource property was not working with the per-workspace storage strategy. The defect has been fixed in this release and now you can use the persistUserHome
option with both the per-user
and the per-workspace
storage strategies. Find more details about the property in the official documentation.
Referencing an editor using che-editor
URL parameter could result in a CORS-related Network Error. The defect has been fixed in this release.
Previously, when a developer created a Personal Access Token from the User Preferences, there was no validation of the Git URL. If the URL was invalid it led to login and dashboard usage issues due to a java.net.URISyntaxException: Illegal character exception
. To resolve the access issue, you had to manually intervene with the generated secret. The defect has been fixed in this release.
Before this release, trailing spaces were not trimmed in the input field of the "Import from Git" widget resulting in the "URL or SSHLocation is not valid" error:
Previously, the Revoke OAuth button continued to be active after the execution. The defect has been fixed in this release.
With this release, you can easily choose an editor when starting a workspace from the User Dashboard by using the brand-new "Editor Selector" panel:
Find more details about specifying a custom editor in the official documentation.
Starting from this release, you can add parameters when defining a URL of a getting started sample:
{
"displayName": "Example",
"description": "Example",
"tags": ["example"],
"url": "https://example.com/my-project.git?df=next/base/devfile.yaml"
}
Find more details about configuring getting started samples in the official documentation.
Before this release, there was a sporadic defect affecting workspace startup after using the "Restart Workspace from local Devfile" functionality from che-code. The following error message would appear: "You can only have 1 running workspace at a time". With this release, the issue is fixed.
Before this release, workspace startup from a Bitbucket Server private repository using OAuth2 failed with the "Repository/Devfile URL is missing" error. With this release, the issue is fixed.
With this release, the devfile registry hosted at registry.devfile.io is used by default for the Getting Started samples:
The administrator can still enable the embedded devfile registry using the disableInternalRegistry
field in the CheCluster custom resource:
devfileRegistry:
disableInternalRegistry: false
Previously, the Che-Code
editor failed to start in the Red Hat Universal Base Image 9. With this release, this issue is fixed and you can now explicitly reference those images in the components
section of a devfile:
schemaVersion: 2.2.2
metadata:
name: ubi9-minimal-demo
components:
- name: tools
container:
image: registry.access.redhat.com/ubi9-minimal:9.3-1552@sha256:582e18f13291d7c686ec4e6e92d20b24c62ae0fc72767c46f30a69b1a6198055
args: ['tail', '-f', '/dev/null']
endpoints:
- exposure: public
name: nodejs
protocol: http
targetPort: 3000
memoryLimit: 2Gi
memoryRequest: 256Mi
mountSources: true
attributes:
controller.devfile.io/merge-contribution: true
Starting from this release, you can configure the number of replicas for operands using HorizontalPodAutoscaler (HPA):
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: scaler
namespace: {operator-namespace}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: __<deployment_name>__
...
The __<deployment_name>__
in the snippet above corresponds to one of the following deployments:
che-server
che-gateway
dashboard
plugin-registry
devfile-registry
Find more details about the HPA setup in the official documentation.
By default, the Universal Developer Image (UDI) contains Podman and Buildah which you can use to build and push container images within a Cloud Development Environment (CDE). However, Podman and Buildah in the UDI are configured to use the vfs
storage driver which does not provide copy-on-write support. For more efficient image management, you can use the fuse-overlayfs
storage driver which supports copy-on-write in rootless environments.
Find more details about fuse-overlayfs
configuration in the official documentation.
With this release, the Devfile Walkthrough VSX extension is available by default in the Cloud Development Environment for the Che-Code
editor:
With this release, you can override the editor's image using a dedicated URL parameter when starting a Cloud Development Environment. Here are some examples:
#https://github.com/eclipse-che/che-docs?editor-image=quay.io/che-incubator/che-code:next
#https://github.com/eclipse-che/che-docs?che-editor=che-incubator/che-code/latest&editor-image=quay.io/che-incubator/che-code:next
Find more details about the editor-image
URL parameter in the official documentation.
/home/user
directory instead of /projects
by default in the terminalPreviously, there was an issue affecting projects created in/cloned into an empty workspace when the default folder for the projects was the /home/user
directory instead of /projects
. Due to this, the changes were not saved after workspace restart. The issue has been fixed in this release:
Before this release, when a workspace failed to start due to a quota issue, no meaningful error was displayed, and the startup failed with a timeout. Now there is an explicit error when workspace startup is forbidden due to an exceeded quota:
Failed to set up networking for workspace: services "workspace82736d3c797e4150-service" is forbidden: exceeded quota: resource-quota-services, requested: count/services=1, used: count/services=1, limited: count/services=1
Outdated procedures for the nodeSelector
and tolerations configuration have been fixed in this release and the updated instructions are now available in the official documentation.
The issue related to an unexpected workspace restart due to the scale down of a replicaset has been fixed in this release.
The bug related to revoking the GitHub Authorization has been fixed in this release. Now all the OAuth tokens are retrieved from the Kubernetes secrets explicitly and not from memory as it used to be beforehand.
Before this release, workspace startup from a private repository hosted on Bitbucket Server with a manually added Personal Access Token (PAT) failed with the following error: Failed to create the workspace: Cannot build factory with any of the provided parameters. Please check parameters correctness, and resend query.
With this release, the issue is fixed.
Previously, some SCM providers like BitBucket Server decode the callback URL in the response, which resulted in an IllegalArgumentException error. With this release, the issue is fixed.
With this release, the administrator can configure Secrets, ConfigMaps, and PersistentVolumesClaims that will be replicated in the namespaces of all users. You can therefore share certificates, secrets, and configuration files across all the users.
For example, creating the following ConfigMap makes Maven's settings.xml
file available in the Container Development Environment (CDE) of all the users:
kind: ConfigMap
apiVersion: v1
metadata:
name: user-settings-xml
namespace: {prod-namespace}
labels:
app.kubernetes.io/part-of: che.eclipse.org
app.kubernetes.io/component: workspaces-config
annotations:
controller.devfile.io/mount-as: subpath
controller.devfile.io/mount-path: /home/user/.m2
data:
settings.xml: |
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
<localRepository>/home/user/.m2/repository</localRepository>
<interactiveMode>true</interactiveMode>
<offline>false</offline>
</settings>
Find more about the procedure in the official documentation and the demo video.
With this release, you can use pod and container overrides for volumes and volumeMounts in the Devfile definition.
For example, you can add a CSI volume with the SharedSecret to a pod or container in the Container Development Environment (CDE):
schemaVersion: 2.2.2
attributes:
controller.devfile.io/storage-type: per-workspace
metadata:
name: pod-overrides-example
attributes:
pod-overrides:
spec:
volumes:
- csi:
driver: csi.sharedresource.openshift.io
readOnly: true
volumeAttributes:
sharedSecret: my-share
name: my-csi-volume
components:
- name: workspace
attributes:
container-overrides:
volumeMounts:
- mountPath: /etc/my-csi-volume
name: my-csi-volume
readOnly: true
container:
...
With this release, you can not start workspace based on SSH URLs until you configure the SSH keys in the User Dashboard:
https://github.com/eclipse/che/assets/1461122/6b0f1eba-8184-49fc-8411-9810d762d62b
Before this release, updating the name and email in the Gitconfig could result in the Conflict detected
error:
The UX defect has been fixed in this release, and you can update the name and email without errors:
https://github.com/eclipse-che/che-dashboard/assets/16220722/c0953e52-b280-4c60-b41e-3b227f624d38
A sporadic defect resulting in the "Route and path matches, but all pods are down" error during workspace startup has been fixed in this release.
Before this release, there was a defect related to the update of endpoint URLs whose hostnames were too long. This resulted in the operator getting stuck in a loop. With this release, the issue is fixed.
Before this release, workspaces started from repositories with names longer than 63 characters failed due to the RFC 1035 Label Names restriction. The issue has been fixed in this release and auto-generated workspace names are trimmed to be compatible with the standard.
It is now possible to configure SSH keys and start workspaces using not only GitHub, GitLab, BitBucket, and Azure DevOps, but also any other Git providers that were previously not supported, such as:
It is now possible not only to upload but also to copy and paste an SSH Key on the the User Dashboard:
https://github.com/eclipse-che/che-dashboard/assets/16220722/3a18db0a-1669-4760-a938-975be2cc107f
Devfiles with schemaVersion
2.2.1 and 2.2.2 are now supported.
Installation instructions for Eclipse Che on Azure Kubernetes Service (AKS) are now part of the official documentation. Before this release, only community-contributed blog post on this subject was available.
Previously workspaces from public GitHub Enterprise Server repositories failed to start if no OAuth or Personal Access Token (PAT) was configured.
The regression related to processing the defaultPlugins
defined in the Custom Resource has been fixed in this release, and extra sidecar plugins can be added using a devfile.yaml
reference:
devEnvironments:
- editor: che-incubator/che-code/insiders
plugins:
- >-
https://example.com/devfile.yaml
In this release, new properties for advanced authorization have been added to the Custom Resource:
AllowUsers []string `json:"authorizedUsers,omitempty"`
AllowGroups []string `json:"authorizedGroups,omitempty"`
DenyUsers []string `json:"unauthorizedUsers,omitempty"`
DenyGroups []string `json:"unauthorizedGroups,omitempty"`
The new configuration allows setting up granular access for different groups and users:
networking:
auth:
advancedAuthorization:
allowUsers:
- user-a
- user-b
denyUsers:
- user-c
allowGroups:
- team-a
- team-b
denyGroups:
- team-c
Users who are not allowed will see the following warning when trying to access the User Dashboard:
N.B. AllowGroups
and DenyGroups
properties are only supported on OpenShift.
Initial support of the local desktop development using IntelliJ Thin Client connected to a remote DevWorkspace is now available:
DevWorkspace Operator is now being built for the following platforms: linux/amd64
, linux/arm64
, linux/ppc64le
and linux/s390x
.
The related multi-arch images are available at:
quay.io/devfile/devworkspace-controller:next
quay.io/devfile/project-clone:next
quay.io/devfile/devworkspace-operator-index:next
quay.io/devfile/devworkspace-operator-index:next-digest
quay.io/devfile/devworkspace-operator-bundle:next
quay.io/devfile/devworkspace-operator-bundle:next-digest
OAuth2 authorization code flow using Callbacks and URI handlers is now supported, and Visual Studio Code Extensions that use this flow will work in the Eclipse Che workspaces. For instance, users of the Ansible VS Code extension can use its AI-powered Lightspeed service.
N.B. The Ansible VS Code Extension issue currently prevents the extension from working on remote development environments.
Before this release, VS Code launcher was adding projects from the devfile to .vscode-workspace
configuration file only during the initial workspace startup. However, if a new project (or dependent project) was added to the devfile.yaml
, and the workspace was restarted using the Restart Workspace from Local Devfile
, the new project was not added to the .vscode-workspace
configuration file, and the user was not able to see it in the VS Code, although all the projects were cloned in /projects
folder. The defect has been fixed in this release and now the projects are correctly updated in the .vscode-workspace
configuration file.
Bitbucket OAuth 1.0 is now correctly displayed on the 'Git Services' Tab of the User Dashboard:
Starting from this release a user can revoke the authorization for configured Git Services from the User Dashboard:
Personal Access Token (PAT) for the GitHub Enterprise Server (self-hosted instance) can be now configured from the User Dashboard. Before this release, only GitHub.com and GitHub Enterprise Cloud were supported.
In this release, a few major enhancements have been made for cases when a workspace fails to start for some reason:
A user can navigate to the OpenShift cluster and edit the DevWorkspace spec right from the workspace startup screen:
On the 'Workspaces' page the problematic workspace will be marked with the warning sign:
it is now possible to navigate to the DevWorkspace object from the 'Overview' tab of the User Dashboard when running on OpenShift:
The ?token
URL parameter is now supported for resolving private devfiles from github.com e.g. raw.githubusercontent.com/account/repository/main/devfile.yaml?token=<token>
.
Java 17 is now used by default in the Universal Developer Image:
Before this update, re-opening an existing workspace resulted in a "No PersonalAccessTokenFetcher configured" error message. With this update, the token is refreshed on a workspace restart.
To get the metrics, the resource monitor extension needs to know the pod name provided by the HOSTNAME environment variable. However, sometimes the variable could be overridden with a different value which breaks the plugin. To avoid this problem it has been decided to copy the HOSTNAME env var to DEVWORKSPACE_POD_NAME env var before launching the editor and fall back on the new variable when necessary.
Starting from this release it is possible to configure the OAuth flow for GitHub Enterprise Server and GitHub SaaS simultaneously. More details about this feature can be found in this demo video.
GitHub Copilot VS Code activation failed in a Dev Spaces workspace. That's because the web authorization flow is failing. To allow GitHub Copilot and other GitHub extensions to run on DevSpaces workspaces we have added support for the GitHub device activation flow. To use GitHub Copilot in a workspace a user has to follow the following 2 steps:
N.B. Step 1 needs to be executed only once. Step 2 needs to be repeated for every new workspace.
Now users can add their SSH key from the User Dashboard.
Starting from this release routes generated for the VS Code editor are using HTTPS protocol by default.
Before this release, URL parameters used during workspace startup such as <github-repo-url>?che-editor=che-incubator/che-idea/latest
were lost after successful OAuth authentication.
Before this release, OAuth tokens were not refreshed during a workspace restart.
Before this release, the ephemeral mode was used for the 'Restart with default devfile' functionality. When restarted, any changes in the workspace were lost. With this update, restarting the workspace with the default devfile does not erase changes you made previously.
It was not possible to start a workspace based on the Azure DevOps Git repositories which contain white spaces. With this release, the issue is fixed.
Unauthorized errors when opening IDE are fixed in this release.
Enabling the persistence of the home directory does not break the Universal Developer image's home directory, PATH, and environment variables anymore.
In this release, the amount of opened files has been increased for the Universal Developer Image which allows building images for repositories with a sufficient amount of files like che-code.
In this release, common tooling config directories are pre-created in the default Universal Developer Image with the right permissions allowing to write into them from the workspace:
/home/user/.m2/
/home/user/.gradle/
/home/user/.config/pip/
/home/user/.cargo/
/home/user/.sbt/1.0/
/home/user/.composer/
/home/user/.nuget
Now when a user stops a workspace from the VS Code editor they will be redirected automatically to the User Dashboard.
If a user rejects an SCM provider authorization request while creating or starting an existing workspace, their choice is saved in the workspace-preferences
config-map in the namespace. During the subsequent workspaces startups, the prompt to proceed with the OAuth authorization for the rejected SCM provider does not appear anymore.
It is now possible to specify preStop
events in the devfile that would be executed before stopping the workspace. Similar to postStart
, multiple devfile commands could be specified as preStop
:
events:
preStop:
- first-command
- second-command
- third-command
Better error handling on the User Dashboard. Instead of the general "Backend is not available" error page now the HTTP Error code together with the endpoint that threw the error is displayed:
The Unauthorized
error occasionally shown during the workspace startup 'Open IDE' phase has been fixed in this release.
The Bearer Token Authorization
errors occasionally occurring in the dashboard has been mitigated with the request retries functionality.