Upgrading Che using the CLI management tool in restricted environment
This section describes how to upgrade Eclipse Che using the CLI management tool in restricted environment. The upgrade path supports minor version update, from Che version 7.22 to version 7.23.
-
An administrative account on an instance of Kubernetes or OpenShift.
-
A running instance version 7.22 of Eclipse Che, installed using the CLI management tool on the same instance of Kubernetes or OpenShift, with the chectl
--installer operator
method, in the<eclipse-che>
project. See Installing Che in a restricted environment. -
The
chectl
7.23 management tool is available. See Using the chectl management tool.
Understanding network connectivity in restricted environments
Che requires that each Kubernetes Ingress or OpenShift Route created for Che is accessible from inside the Kubernetes or OpenShift cluster.
These Che components have a Kubernetes Ingress or OpenShift Route: che-server
, keycloak
, devfile-registry
, plugin-registry
.
Consider the network topology of the environment to determine how best to accomplish this.
The network administrators must ensure that it is possible to route traffic bound from the cluster to Kubernetes Ingress or OpenShift Route host names.
Create a proxy configuration allowing the traffic to leave the node to reach an external-facing Load Balancer.
Building offline registry images
Building an offline devfile registry image
This section describes how to build an offline devfile registry image.
Starting workspaces without relying on resources from the outside Internet requires building this image.
The image contains all sample projects referenced in devfiles as zip
files.
-
Clone the devfile registry repository and check out the version to deploy:
$ git clone git@github.com:eclipse/che-devfile-registry.git $ cd che-devfile-registry $ git checkout 7.23.x
-
Build an offline devfile registry image:
./build.sh --organization <my-org> \ --registry <my-registry> \ --tag <my-tag> \ --offline \ --latest-only
To display full options for the
build.sh
script, use the--help
parameter.
Building an offline plug-in registry image
This section describes how to build an offline plug-in registry image. Starting workspaces without relying on resources from the outside Internet requires building this image. The image contains plug-in metadata and all plug-in or extension artifacts.
-
Clone the plug-in registry repository and check out the version to deploy:
$ git clone git@github.com:eclipse/che-plugin-registry.git $ cd che-plugin-registry $ git checkout 7.23.x
-
Build an offline plug-in registry image:
./build.sh --organization <my-org> \ --registry <my-registry> \ --tag <my-tag> \ --offline \ --latest-only
To display full options for the
build.sh
script, use the--help
parameter.
Preparing a private registry
Che workspaces consist of Pods running in a cluster, and therefore, many images are required to support all languages and plug-ins that can be used for a workspace. In an offline deployment, these images must be made available to the Che server running in the cluster.
Running any workspace requires these essential images:
|
The main Che server image |
|
The database used by Che |
|
Keycloak Pod for user authentication |
|
JWT proxy image for enabling authentication between services. See Che workspace JWT proxy. |
|
Images for adding plug-ins to workspaces. See Che plug-ins broker. |
|
Plug-in registry that store information about plugins and the runtime containers they require. See Building an offline plug-in registry image. |
|
Devfile registry that store descriptions of the sample projects and how to load them as workspaces via the Getting Started tab in the dashboard. See Building an offline devfile registry image. |
The images described in this section are required for running a workspace. Any one workspace uses a subset of the images below. It is only necessary to include the images that are used in workspaces created. For example, when using Che only for developing in Java, many images can be omitted.
To avoid issues when only a subset of the images described in this section is needed, remove unnecessary plug-ins and devfiles when building custom registries (see Customizing the registries for more information).
Many workspace plug-ins are run in sidecar containers to ensure their dependencies are available. The offline plug-in registry (see Building an offline plug-in registry image) includes a file with the list of all images referenced in its plug-ins.
To get a list of images required for plug-ins, display this file:
$ docker run -it --rm \ --entrypoint cat <my-offline-registry> /var/www/html/v3/external_images.txt
In the example above, substitute <my-offline-registry>
for the image name and tag of the custom plug-in registry.
Every Che workspace uses one or more base images, which contain the development dependencies for projects that are being built. To use the samples, Che pull these images from the references to them in the devfile registry. This is needed because the sample devfiles included in the devfile registry apply to images suited for this purpose.
An offline devfile registry (see Building an offline devfile registry image) contains a file with the list of all images referenced in its devfiles:
$ docker run -it --rm \ --entrypoint cat <my-offline-registry> /var/www/html/devfiles/external_images.txt
In the example above, substitute <my-offline-registry>
for the image name and tag of the custom devfile registry.
Upgrading Che using the CLI management tool in restricted environment
This section describes how to upgrade Eclipse Che using the CLI management tool in restricted environment.
-
An administrative account on an OpenShift instance.
-
A running instance version 7.22 of Eclipse Che, installed using the CLI management tool on the same instance of Kubernetes or OpenShift, with the chectl
--installer operator
method, in the<eclipse-che>
project. See Installing Che in a restricted environment. -
Essential container images are available to the Che server running in the cluster. See Preparing a private registry.
-
The
chectl
7.23 management tool is available. See Using the chectl management tool.
-
In all running workspaces in the Che 7.22 instance, save and push changes back to the Git repositories.
-
Stop all workspaces in the Che 7.22 instance.
-
Run the following command:
$ chectl server:update --che-operator-image=<image-registry>/<organization>/che-operator:7.23 -n eclipse-che
-
<image-registry>: A host name and a port of the container-image registry accessible in the restricted environment.
-
<organization>: An organization of the container-image registry. See: Preparing a private registry.
-
-
Navigate to the Che instance.
-
The 7.23 version number is visible at the bottom of the page.
For slow systems or internet connections, add the |