Che architecture with DevWorkspace

Technology preview feature

Managing workspaces with the DevWorkspace engine is an experimental feature. Don’t use this workspace engine in production.

Known limitations

Workspaces are not secured. Whoever knows the URL of a workspace can have access to it and leak the user credentials.

che interacting with devworkspace
Figure 1. High-level Che architecture with the DevWorkspace operator

When Che is running with the DevWorkspace operator, it runs on three groups of components:

Che server components

Manage User namespace and workspaces. The main component is the User dashboard, from which users control their workspaces.

DevWorkspace operator

Creates and controls the necessary Kubernetes objects to run User workspaces. Including Pods, Services, and PeristentVolumes.

User workspaces

Container-based development environments, the IDE included.

The role of these Kubernetes features is central:

DevWorkspace Custom Resources

Valid Kubernetes objects representing the User workspaces and manipulated by Che. It is the communication channel for the three groups of components.

Kubernetes role-based access control (RBAC)

Controls access to all resources.