Eclipse Che 7.68.0

Major Enhancements

Simpler workspaces URLs Backported to 7.67

Starting from this release, workspaces URLs don't include random characters anymore but use username, workspace name, endpoint name or port. For example if user john creates a quarkus-todo workspace that exposes a backend endpoint using my-che-instance.com, then:

• The VS Code URL will be https://my-che-instance.com/john/quarkus-todo/3100
• The endpoint application preview will be https://john-quarkus-todo-backend.my-che-instance.com/

Users can configure Git Personal Access Tokens in their Preferences

With the new tab named Personal Access Token in Users Preferences, developers can manage GitHub, GitLab, Bitbucket and Azure DevOps personal access tokens using the UI. Before that developers had to manually create a Kubernetes secret.

Allow admins to specify workspaces gateway and project-clone containers Backported to 7.67

Sections gatewayContainer and projectCloneContainer have been added in CheCluster .spec.devEnvironments to allow adminstrators to specify the containers that will host the workspaces reverse proxy (gateway) and the container that clones the remote git repositories respectively:

spec:
  devEnvironments:
    gatewayContainer:
        (...container settings...)
    projectCloneContainer:
        (...container settings...)

In particular it is now possible to unset the CPU limits for those containers. For example this is how it can be done for the gateway container:

spec: 
  devEnvironments: 
    gatewayContainer: 
      resources: 
        limits: 
          cpu: "0"

Allow users to configure VS Code workspaces with a .code-workspaces file Backported to 7.67

.code-workspace files allow developers to configure their VS Code workspace. Starting from this release developers can specify the ..code-workspace file in its project using the environment variable VSCODE_DEFAULT_WORKSPACE in the devfile:

schemaVersion: 2.2.0
(...)
components:
- name: dev-tools
  container:
    (...)
    env:
    - name: VSCODE_DEFAULT_WORKSPACE
      value: "/projects/che-demo-app/che-demo.code-workspace"

Major Bug Fixes

The Eclipse Che configuration of the default VS Code extensions is ignored

A bug affecting Eclipse Che from release v7.58 prevented an administrator to specify a default list of IDE plugins, in particular VS Code extensions. This got fixed an it's now possible to specify the VS Code extensions that will be automatically included in Dev Spaces using this field devEnvironments.defaultPlugins in CheCluster Custom Resource.

Devfile component with deployByDefault set to false should be ignored at workspace startup

Workspaces startup was failing when a Kubernetes component was using the uri field, no matter the value of deployByDefault. Some of the samples in OpenShift Developer Console were failing to load in Eclipse Che because of this problem. Now Kubernetes components that have the field deployByDefault set to false are ignored at workspace startup.

Eclipse Che 7.67.0

Major Bug Fixes

A 'git commit' command fails if workspaces are configured to use a Bitbucket Personal Access Token

When a developer had configured its Che workspaces to use a Bitbucket Personal Access Token (PAT) then the retrieval of the user name and e-mail was failing. Because of that the Git configuration was not completed and running a git commit command would result in an error. This has been addressed and Git user name and e-mail are configured correctly.

Eclipse Che 7.66.0

Major Enhancements

Support customizing developer user roles in Che provisioned namespaces

The permissions granted to a user on their Che provisioned namespace are now configurable. This allows the user to create some objects in his namespace that might be needed for their development work. For example: create Kafka or KafkaTopic Custom Resources.

To configure these permissions an administrator has to create the Kubernetes ClusterRole and ClusterRoleBinding and specify them in the CheCluster Custom Resource:

spec:
(...)
  components:
    cheServer:
+      clusterRoles: ${USER_ROLES}
(...)
  devEnvironments:
    user: 
+      clusterRoles: ${USER_ROLES}

Support specifying the Ingress Class Name for Eclipse Che gateway

In addition to the specification of the gateway annotations, Eclipse Che now allows the specification of the IngressClassName field. This is critical as the kubernetes.io/ingress.class annotation on the Ingress has been deprecated. The IngressClassName can be specified in CheCluster networking:

spec:
(...)
  networking:
+    ingressClassName: ${CLASS_NAME}

Update monitoring docs to use the in-cluster monitoring stack Backported to 7.64

The section Configuring Observability of the Eclipse Che documentation has been updated with the instructions to use OpenShift built-in monitor stack instead of template-based Prometheus + Grafana installation.

Report more information when workspace start times out

When a user's workspace fails to start due to timeout Eclipse Che is now providing more information to help diagnose issues with workspace start -- the workspace may fail due to timing out on e.g. "preparing routes" or "waiting on editor to start" for instance.

$ kubectl get devworkspace inventory-quarkus
NAME                DEVWORKSPACE ID             PHASE    INFO
inventory-quarkus   workspace10330798d5bb4963   Failed   DevWorkspace failed to progress past step 'Waiting for workspace deployment' for longer than timeout (300s)

Support Git SSH protocol for starting workspaces

It's now possible to open a workspace with URLs that use the SSH protocol. Before only URLs using the HTTP protocol were supported.

⚠️ The support for the Git protocol is still limited as Devfiles in the git repository will be ignored.

Major Bug Fixes

VS Code's Webview functionality should work when the browser is behind the proxy Backported to 7.64

VS Code Webview functionality, used in many extensions, did not render correctly in an air gap scenarios. This was due to the code running in the user browser that tried to download static resources from the public Internet: it failed if the user laptop was behind a proxy. To address the problem we have patched Che VS Code fork to the serve those resources from the VS Code server that runs in the Kubernetes cluster and that should be whitelisted in the proxy configuration.

Eclipse Che 7.65.0

Major enhancements

Container logs, including init containers, are available in the workspace startup page 'Logs' tab

The 'Logs' tab of the startup screen has been refactored to include the logs of the workspace containers. A dropdown menu allows to select the container and the logs are shown

Implement VS Code health check endpoint

An /healthz endpoint has been added to VS Code. Clients can use it to figure out when the VS Code server is ready to serve requests. In particular, at workspace startup, Eclipse Che dashboard redirects the developer to VS Code URL as soon as it get a successful response from the health check endpoint. Before the developers could get a 404 error if the dashboard redirection happened too early.

Removed functionalities

Make "Devfile" on User Dashboard uneditable

Devfile editing should happen in the IDE itself and in the last months we have made some improvements in this area. Considered that the Eclipse Che Dashboard Devfile editor was more fragile and difficult to use we have decided to make it read-only.

Eclipse Che 7.64.0

Major Enhancements

Che URL parameter to configure a specific container image

A new parameter, image, let developers specify the main Che workspace image in the workspace URL. It allows to specify a specific container without the need to add devfile in the git repository (a universal developer image container will be used instead). If a devfile is present the image parameter allows to replace the devfile first container component image.

---

Automatically set user and email in git configuration when Git service integration is configured

If Git service OAuth has been setup by Che administrator, or if a user has configured a Git service Personal Access Token secret in his namespace, then git is automatically configured with the right name and email. Developer can run git commit without the need to to configure git.

---

A warning is displayed in Git services preferences when revoking authorization to Eclipse Che OAuth from GUI is not supported

Revoking the authorization granted to the Eclipse Che OAuth appliction from the user preferences is only supported for GitHub. Authorization for other Git services is shown in the preferences panel but it's not possible to revoke it from there. A warning has been added to explain that to the users.

---

A new VS Code menu item to open a Terminal in a specific container has been added

It's now simpler to open a Terminal in a specific container. The command Create New Terminal to DevWorkspace Container has been renamed Create New Terminal (Select a Container) and the command has been added in the Terminal menu and in the Terminal's context menu.

---

Support the permission specification for files auto-mounted with ConfigMaps and Secrets

Eclipse Che automatically mounts as files in workspace containers ConfigMaps and Secrets having some specific annotations. The mounted file permissions was not configurable and was set to 0644. This new feature allows the specification of the file permission using the annotation controller.devfile.io/mount-access-mode. This is useful for example, to mount a ConfigMap as an executable script that can be run from within the container.

---

Set the developer namespace in workspaces .kube/config current context

A ~/.kube/config is generated at workspace startup with the developer credentials. The developer namespace was not specified in the current context of the configuration file. As a consequence tools in the development environment using the Kubernetes API may have unpredictable behaviors. This has been addressed in the release and the generated ~/.kube/config contain the namespace.

---

Support ServiceAccount token volume projection

The ServiceAccount token mounted in workspaces Pods can now be specified as a projected ServiceAccount token. This allows to set the audience, the mountPath and the expirationSeconds of the token and enable federation scenarios such as GCP workload identity federation. Projected tokens properties can be specified in a CheCluster CR:

spec:
  devEnvironments:
    serviceAccountTokens:
      - name: <name>
        mounthPath: <mount-path>
        audience: <audience>
        expirationSeconds: <expiration>
        path: <path>

---

Support multiple postStart events in Devfiles

Eclipse Che failed to load Devfiles that had more than one postStart event. This has been addressed in this release and multiple events are now supported. Specifying composites commands as postStart event is still not supported.

Here is a Devfile example with 2 commands used as postStart events:

schemaVersion: 2.1.0
metadata:
  name: multi-post-start
components:
  - name: tools
    container:
      image: quay.io/devfile/universal-developer-image
commands:
  - id: first-command
    exec:
      component: tools
      commandLine: "echo first command"
  - id: second-command
    exec:
      component: tools
      commandLine: "echo second command"
events:
  postStart:
    - first-command
    - second-command 

---

Removed Functionalities

Removal of the Che-Theia editor

The definition of the Che-Theia editor has been removed from Eclipse Che plugin registry. As a consequence it's not visible from Eclipse Che dashboard and it's not possible to reference its ID (eclipse/che-theia/latest or eclipse/che-theia/next) in a .che-editor.yaml or as a URL parameter.

---

Major Bug Fixes

Fixed Eclipse Che server image vulnerabilities

Some Eclipse Che server dependencies have been updated to address the vulnerabilities found through Trivy image scan.

Eclipse Che 7.63.0

Blog Posts

Decommissioning PostgreSQL database by @ibuziuk

Major Enhancements

Enable Dockerfile build capabilities by default

The Linux capabilities SETUID and SETGID, required to build of a container image using podman in rootless mode, are now enabled by default. Administrators can still opt-out setting CheCluster CR .spec.devEnvironments.disableBuildCapabilities to true. This is the last step of the journey to allow building Dockerfile from withing an Eclipse Che cloud development environment. It started with a manual procedure described in this blog post, was exposed through one single property in Eclipse Che v7.56 and is now, after a months of feedbacks in real world Kubernetes clusters, enabled by default.

Allow starting a workspace from a repository with an invalid devfile

Eclipse Che uses the Devfile at the root of a repository, if any, to provision a cloud development environment. If a Devfile at the root of the project was invalid, Eclipse Che refused to provision the cloud development environment. With this enhancement Eclipse Che ask the user if a default cloud development environment, with a default and valid Devfile, should be provisioned instead. That allows to open the source code and fix the invalid Devfile.

Add a VS Code menu item to open the OpenShift when running on Red Hat OpenShift

A developer may need to have access to the logs, events or definition of Kubernetes objects. When the underlying platform is Red Hat OpenShift those information are available in the Console. To make it easy to jump to the console, the VS Code included with Eclipse Che uses a built-in extension that adds a menu item to open the OpenShift Console in a new browser tab.

VS Code and JetBrains IDEs are started using containers postStart handler. Containers entrypoints are not overridden anymore.

VS Code and Jet Brains IDEs (IntelliJ and PyCharm) executables are mounted in the first container of the Pod and started at the cloud development environment creation. This used to be done using the container entrypoint, overriding whatever command the user had specified. Now startup of the IDEs is done attaching a postStart lifecycle handler. As a result Eclipse Che is not modifying the user containers entrypoints anymore.

Major Bug Fixes

Failure to find devfiles in GitLab nested repositories

When attempting to create a workspace from a GitLab repository that is more than 2 levels deep (e.g. my.gitlab.com/group/subgrp1/subgrpN/repo.git), Che was failing to find the devfile. This has been addressed in this repository and Eclipse Che supports GitLab nested repositories.

Blank characters at the beginning or the end of a git personal access token secrets should be dropped off

Personal access token secrets are an alternative to setting up an OAuth Eclipse Che Application for authentication to git service providers. Creating a the secret is a manual procedure that requires to copy-paste and Base64-encode the token. During this procedure a blank char (a new line or a space) can creep in the secret data making it invalid. This problem is now mitigated because any spaces at the beginning or at the end of personal access tokens are automatically trimmed by Eclipse Che.

Starting a cloud development environment from a bitbucket.org repository is failing

The git URL provided by bitbucket.org to clone a repository included the username. When a user tried to use that same URL to start an Eclipse Che cloud development environment if failed. This behavior has been addressed in this release and BitBucket URLs including the username can be used to start a cloud development environment.

Eclipse Che 7.62.0

Major Enhancements

Azure DevOps git repositories support (backported to 7.60)

It's now possible to start an Eclipse Che workspace from an Azure DevOps git repository URL, including URLs of private repositories. A Devfile included in the Azure DevOps git repository specifies the cloud development environment. Azure DevOps is the forth git service supported by Eclipse Che. Bitbucket, GitLab and GitHub (including GH enterprise) were already supported.

Lighter installation and less maintenance burden as Eclipse Che doesn't require PostgreSQL anymore

Starting from this release PostgreSQL is no part of Che installation anymore. The Eclipse Che server used to require a database to persist workspaces and users data but this is not the case anymore. The server is a stateless applications and HA with rolling update is now possible.

Use projected volumes for auto-mount configmaps/secrets when they use the same mount path

With Kubernetes Projected Volumes it's possible to mount multiple volume sources in the same folder. Eclipse Che uses Projected Volumes when two or more volume sources (ConfigMap, Secret, PersistentVolume) are annotated to be mounted in the same folder..

Allowing users to update the workspace if they edit the project devfile in VS Code

This new feature allows to update workspace from VS Code itself. If a file named devfile.yaml or .devfile.yaml exists at the root of the project, the new command "Eclipse Che: Restart from Local Devfile" is available and can be used to update the workspace definition using the Devfile content.

Support URLs with basic authentication when resolving a devfile (backported to 7.60)

HTTP basic authentication with URL in the format https://<token>@<git-host>/<git-repo-path> is now supported to start a workspace from a git repository that requires authentication.

Checking if the workspace number limit has been exceeded should be the very first validation step during workspace startup

With the intent to fail earlier when a developer tries to run a number of workspaces that exceeds the limit that has been configured by the administrator, the check is performed at the very beginning of the workspace is started.

Major Bug Fixes

Getting Started samples on the website are not processed correctly - 'session' and 'code' attributes are not dropped during startup

When an Eclipse Che developer is redirected to the authentication page, the original workspace URL may be updated with some extra parameters. Those were not filter out by Eclipse Che and caused workspace start failures. This has been fixed in current release.

Cannot see list of workspaces after clicking 'Return to dashboard'

A bug in the link return to dashboard in the workspace startup page has been fixed in this release. When a user followed the link the resulting page was missing Eclipse Che left menu.

Cannot create Kubernetes/OpenShift Components from Devfile (backported to 0.19)

A bug on the recently introduced support of Devfile components of type Kubernetes and OpenShift has been fixed in this release. The bug caused workspace startup failure when the developer is not a privileged Kubernetes user.

Eclipse Che 7.61.0

Major Enhancements

Introducing a new "Events" tab in the workspace startup screen

In addition to the "Progress" and "Logs" tabs we have introduced a new tab called "Events" the workspace starting page. Kubernetes events are streamed on this tab as soon as they happen. This tab can be useful for developers to troubleshoot workspaces startup problems.

Support OAuth v2 for Bitbucket Server

was supported). Eclipse Che now supports both OAuth v2.0 and v1.0 applications to automatically mount and configure developers Bitbucket personal access tokens.

Major Bug Fixes

High priority of container-build scc from dev-space operator causing OLM catalogSource pods to crash backported to 7.58

Before this update, legacy CatalogSource objects used by the Operator Lifecycle Manager (OLM) could enter a crashing state on OpenShift 4.12. This issue affected clusters with Eclipse Che 7.60 and below with container builds enabled. With this update, the issue is fixed.

Error "backend not available" when user logs-in for the first time (namespace provisioning returns error 500) backported to 7.60

Prior to this fix the automatic creation of a developer namespace in Eclipse Che 7.60 was failing when the developer login name contained invalid characters for the RFC 3986 such as @ or :. As a consequence, developers with those login names, would not be able to access to Eclipse Che. This in now fixed and the namespaces are created successfully even if the developer login name had invalid characters for RFC 3986.

Eclipse Che 7.60.0

Major Enhancements

Configuring remotes using a factory URL (backported to 7.58)

Workspaces remotes can be added using a URL parameter attached to the factory URL used to create a new workspace. Additional workspace remotes can be defined in two different formats:

1. Explicit name and URL:

{CHE-HOST}/#{GIT_URL}?remotes={{origin,https://github/...},{upstream,https://github/...},...}

2. URLs only, name is implicit: first is origin, second is upstream, subsequent are fork1, fork2 and onwards:

{CHE-HOST}/#{GIT_URL}?remotes={[https://github...,https://github...,](https://github...,https//github...,)...}

Add "Git Services" tab to the User Preferences

Eclipse Che User Preferences page includes a new tab: "Git Services" (before, the only tab was "Container Registries"). This tab shows the list of git services the user has granted access to. User can revoke access to any of the git services from this tab. Supported services are GitHub (github.com or Enterprise), GitLab (SaaS and Server) or Bitbucket (Cloud and Server).

Honor devfile volumes sizes when storage strategy is per-workspace

Eclipse Che now honors the volume size specified in a devfile. That's applied when the PersistentVolume is created per-workspace. When the PV is created per-user (i.e. one PV is shared across all the workspaces of a user) the volume size is ignored.

The maximum number of running workspace per user is configurable

A new CheCluster parameter allows administrators to specify the maximum number or running workspaces per user. It can be configured editing the value spec.devEnvironments.maxNumberOfRunningWorkspacesPerUser of CheCluster custom resource.

VS Code notification to inform a developer that his workspace has been stopped and why

When a VS Code workspace is stopped (voluntary or not) the user is informed with an explanation of the cause (inactivity, run timeout, error, stopped). The user is also prompted to restart the workspace or to go back to the dashboard.

Major Bug Fixes

Container build support doesn't work after upgrade from 7.58.0 to 7.59.0

A regression in the support for building containers has been fixed in this release.

Factory creation from public GitLab Server repository without OAuth fails

Starting a workspace from a public GitLab Server repository was failing and has been fixed in this release.

Eclipse Che 7.59.0

Major Enhancements

Add support for devfile kubernetes and openshift components (backported to v7.58)

Eclipse Che now supports devfile components of type kubernetes and openshift. That allow to reference Kubernetes and OpenShift manifests in a devfile and include them as part of the workspace. Devfile components of type volume and container were already supported, components of type image are not supported yet.

Allow configuring workspace start timeout via CheCluster spec

The timeout to consider workspaces startup as failed was hardcoded to 5 minutes and could not be changed by administrators. With this new feature Che administrators can specify the workspaces startup timeout in the CheCluster custom resource.

Allow specify workspace pods schedulerName via CheCluster spec

Before, the Kubernetes scheduler that managed Che workspaces was always the default one. Now Che administrators can specify an alternative Kubernetes scheduler using the CheCluster custom resource.
Backported to 7.58

Allow configuring ephemeral storage strategy in CheCluster

It's now possible to specify ephemeral as the default storage strategy for every workspace through the CheCluster custom resource.