7.94.0 release (#1932)

* ci: Update version.go to 7.94.0

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: Release editors definitions to 7.94.0

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: Update manager.yaml to 7.94.0

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: New OLM 7.94.0 bundle

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: Pin images to digests

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: Update Kubernetes resources to 7.94.0

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: Update Helm Charts to 7.94.0

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

* ci: Add new 7.94.0 bundle to a catalog

Signed-off-by: Mykhailo Kuznietsov <[email protected]>

---------

Signed-off-by: Mykhailo Kuznietsov <[email protected]>
Co-authored-by: Mykhailo Kuznietsov <[email protected]>

Author: che-bot

bundle/stable/eclipse-che/manifests/che-operator.clusterserviceversion.yaml

@@ -4379,11 +4379,13 @@ spec:
                                 A list of hosts that can be reached directly, bypassing the proxy.
                                 Specify wild card domain use the following form `.<DOMAIN>`, for example:
                                    - localhost
+                                   - 127.0.0.1
                                    - my.host.com
                                    - 123.42.12.32
                                 Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,
                                 defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources.
                                 See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.
+                                In some proxy configurations, localhost may not translate to 127.0.0.1. Both localhost and 127.0.0.1 should be specified in this situation.
                               items:
                                 type: string
                               type: array
@@ -8003,6 +8005,16 @@ spec:
                     trustedCerts:
                       description: Trusted certificate settings.
                       properties:
+                        disableWorkspaceCaBundleMount:
+                          description: |-
+                            By default, the Operator creates and mounts the 'ca-certs-merged' ConfigMap
+                            containing the CA certificate bundle in users' workspaces at two locations:
+                            '/public-certs' and '/etc/pki/ca-trust/extracted/pem'.
+                            The '/etc/pki/ca-trust/extracted/pem' directory is where the system stores extracted CA certificates
+                            for trusted certificate authorities on Red Hat (e.g., CentOS, Fedora).
+                            This option disables mounting the CA bundle to the '/etc/pki/ca-trust/extracted/pem' directory
+                            while still mounting it to '/public-certs'.
+                          type: boolean
                         gitTrustedCertsConfigMapName:
                           description: |-
                             The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git.

bundle/stable/eclipse-che/manifests/org.eclipse.che_checlusters.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019-2023 Red Hat, Inc.
+# Copyright (c) 2019-2024 Red Hat, Inc.
 # This program and the accompanying materials are made
 # available under the terms of the Eclipse Public License 2.0
 # which is available at https://www.eclipse.org/legal/epl-2.0/
@@ -39,12 +39,12 @@ spec:
     spec:
       containers:
         - name: che-operator
-          image: quay.io/eclipse/che-operator:next
+          image: quay.io/eclipse/che-operator:7.94.0
           command:
             - /manager
           args:
             - --leader-elect
-          imagePullPolicy: Always
+          imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 60000
               name: metrics
@@ -60,19 +60,19 @@ spec:
             - name: OPERATOR_NAME
               value: che-operator
             - name: CHE_VERSION
-              value: next
+              value: 7.94.0
             - name: RELATED_IMAGE_che_server
-              value: quay.io/eclipse/che-server:next
+              value: quay.io/eclipse/che-server:7.94.0
             - name: RELATED_IMAGE_dashboard
-              value: quay.io/eclipse/che-dashboard:next
+              value: quay.io/eclipse/che-dashboard:7.94.0
             - name: RELATED_IMAGE_plugin_registry
-              value: quay.io/eclipse/che-plugin-registry:next
+              value: quay.io/eclipse/che-plugin-registry:7.94.0
             - name: RELATED_IMAGE_che_tls_secrets_creation_job
               value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
             - name: RELATED_IMAGE_single_host_gateway
               value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
             - name: RELATED_IMAGE_single_host_gateway_config_sidecar
-              value: quay.io/che-incubator/configbump:next
+              value: quay.io/che-incubator/configbump:7.94.0
             - name: RELATED_IMAGE_gateway_authentication_sidecar
               value: quay.io/openshift/origin-oauth-proxy:4.9
             - name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -100,15 +100,17 @@ spec:
             - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTEDITOR
               value: che-incubator/che-code/latest
             - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DEFAULTCOMPONENTS
-              value: '[{"name": "universal-developer-image", "container": {"image": "quay.io/devfile/universal-developer-image:ubi8-latest"}}]'
+              value: '[{"name": "universal-developer-image", "container": {"image":
+                "quay.io/devfile/universal-developer-image:ubi8-latest"}}]'
             - name: CHE_DEFAULT_SPEC_COMPONENTS_PLUGINREGISTRY_OPENVSXURL
               value: https://open-vsx.org
             - name: CHE_DEFAULT_SPEC_COMPONENTS_DEVFILEREGISTRY_EXTERNAL_DEVFILE_REGISTRIES
               value: '[{"url": "https://registry.devfile.io"}]'
             - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_DISABLECONTAINERBUILDCAPABILITIES
               value: 'false'
             - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
-              value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID", "SETUID"]}}'
+              value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
+                "SETUID"]}}'
           livenessProbe:
             httpGet:
               path: /healthz

config/manager/manager.yaml

@@ -9141,19 +9141,19 @@ spec:
         - name: OPERATOR_NAME
           value: che-operator
         - name: CHE_VERSION
-          value: next
+          value: 7.94.0
         - name: RELATED_IMAGE_che_server
-          value: quay.io/eclipse/che-server:next
+          value: quay.io/eclipse/che-server:7.94.0
         - name: RELATED_IMAGE_dashboard
-          value: quay.io/eclipse/che-dashboard:next
+          value: quay.io/eclipse/che-dashboard:7.94.0
         - name: RELATED_IMAGE_plugin_registry
-          value: quay.io/eclipse/che-plugin-registry:next
+          value: quay.io/eclipse/che-plugin-registry:7.94.0
         - name: RELATED_IMAGE_che_tls_secrets_creation_job
           value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
         - name: RELATED_IMAGE_single_host_gateway
           value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
         - name: RELATED_IMAGE_single_host_gateway_config_sidecar
-          value: quay.io/che-incubator/configbump:next
+          value: quay.io/che-incubator/configbump:7.94.0
         - name: RELATED_IMAGE_gateway_authentication_sidecar
           value: quay.io/openshift/origin-oauth-proxy:4.9
         - name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -9191,8 +9191,8 @@ spec:
         - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
           value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
             "SETUID"]}}'
-        image: quay.io/eclipse/che-operator:next
-        imagePullPolicy: Always
+        image: quay.io/eclipse/che-operator:7.94.0
+        imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10
           httpGet:

deploy/deployment/kubernetes/combined.yaml

@@ -54,19 +54,19 @@ spec:
         - name: OPERATOR_NAME
           value: che-operator
         - name: CHE_VERSION
-          value: next
+          value: 7.94.0
         - name: RELATED_IMAGE_che_server
-          value: quay.io/eclipse/che-server:next
+          value: quay.io/eclipse/che-server:7.94.0
         - name: RELATED_IMAGE_dashboard
-          value: quay.io/eclipse/che-dashboard:next
+          value: quay.io/eclipse/che-dashboard:7.94.0
         - name: RELATED_IMAGE_plugin_registry
-          value: quay.io/eclipse/che-plugin-registry:next
+          value: quay.io/eclipse/che-plugin-registry:7.94.0
         - name: RELATED_IMAGE_che_tls_secrets_creation_job
           value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
         - name: RELATED_IMAGE_single_host_gateway
           value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
         - name: RELATED_IMAGE_single_host_gateway_config_sidecar
-          value: quay.io/che-incubator/configbump:next
+          value: quay.io/che-incubator/configbump:7.94.0
         - name: RELATED_IMAGE_gateway_authentication_sidecar
           value: quay.io/openshift/origin-oauth-proxy:4.9
         - name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -104,8 +104,8 @@ spec:
         - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
           value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
             "SETUID"]}}'
-        image: quay.io/eclipse/che-operator:next
-        imagePullPolicy: Always
+        image: quay.io/eclipse/che-operator:7.94.0
+        imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10
           httpGet:

deploy/deployment/kubernetes/objects/che-operator.Deployment.yaml

@@ -9143,19 +9143,19 @@ spec:
         - name: OPERATOR_NAME
           value: che-operator
         - name: CHE_VERSION
-          value: next
+          value: 7.94.0
         - name: RELATED_IMAGE_che_server
-          value: quay.io/eclipse/che-server:next
+          value: quay.io/eclipse/che-server:7.94.0
         - name: RELATED_IMAGE_dashboard
-          value: quay.io/eclipse/che-dashboard:next
+          value: quay.io/eclipse/che-dashboard:7.94.0
         - name: RELATED_IMAGE_plugin_registry
-          value: quay.io/eclipse/che-plugin-registry:next
+          value: quay.io/eclipse/che-plugin-registry:7.94.0
         - name: RELATED_IMAGE_che_tls_secrets_creation_job
           value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
         - name: RELATED_IMAGE_single_host_gateway
           value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
         - name: RELATED_IMAGE_single_host_gateway_config_sidecar
-          value: quay.io/che-incubator/configbump:next
+          value: quay.io/che-incubator/configbump:7.94.0
         - name: RELATED_IMAGE_gateway_authentication_sidecar
           value: quay.io/openshift/origin-oauth-proxy:4.9
         - name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -9193,8 +9193,8 @@ spec:
         - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
           value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
             "SETUID"]}}'
-        image: quay.io/eclipse/che-operator:next
-        imagePullPolicy: Always
+        image: quay.io/eclipse/che-operator:7.94.0
+        imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10
           httpGet:

deploy/deployment/openshift/combined.yaml

@@ -54,19 +54,19 @@ spec:
         - name: OPERATOR_NAME
           value: che-operator
         - name: CHE_VERSION
-          value: next
+          value: 7.94.0
         - name: RELATED_IMAGE_che_server
-          value: quay.io/eclipse/che-server:next
+          value: quay.io/eclipse/che-server:7.94.0
         - name: RELATED_IMAGE_dashboard
-          value: quay.io/eclipse/che-dashboard:next
+          value: quay.io/eclipse/che-dashboard:7.94.0
         - name: RELATED_IMAGE_plugin_registry
-          value: quay.io/eclipse/che-plugin-registry:next
+          value: quay.io/eclipse/che-plugin-registry:7.94.0
         - name: RELATED_IMAGE_che_tls_secrets_creation_job
           value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
         - name: RELATED_IMAGE_single_host_gateway
           value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
         - name: RELATED_IMAGE_single_host_gateway_config_sidecar
-          value: quay.io/che-incubator/configbump:next
+          value: quay.io/che-incubator/configbump:7.94.0
         - name: RELATED_IMAGE_gateway_authentication_sidecar
           value: quay.io/openshift/origin-oauth-proxy:4.9
         - name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -104,8 +104,8 @@ spec:
         - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
           value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
             "SETUID"]}}'
-        image: quay.io/eclipse/che-operator:next
-        imagePullPolicy: Always
+        image: quay.io/eclipse/che-operator:7.94.0
+        imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10
           httpGet:

deploy/deployment/openshift/objects/che-operator.Deployment.yaml

@@ -81,7 +81,7 @@ events:
 components:
   - name: che-code-injector
     container:
-      image: quay.io/che-incubator/che-code:latest
+      image: quay.io/che-incubator/che-code:7.94.0
       command:
         - /entrypoint-init-container.sh
       volumeMounts:

editors-definitions/che-code-latest.yaml

@@ -13,7 +13,7 @@
 apiVersion: v1
 description: A Helm chart for deploying Eclipse Che on a Kubernetes
 name: eclipse-che
-version: 7.93.0
+version: 7.94.0
 annotations:
   artifacthub.io/license: EPL-2.0
   artifacthub.io/links: |

helmcharts/stable/Chart.yaml

@@ -4359,11 +4359,13 @@ spec:
                               A list of hosts that can be reached directly, bypassing the proxy.
                               Specify wild card domain use the following form `.<DOMAIN>`, for example:
                                  - localhost
+                                 - 127.0.0.1
                                  - my.host.com
                                  - 123.42.12.32
                               Use only when a proxy configuration is required. The Operator respects OpenShift cluster-wide proxy configuration,
                               defining `nonProxyHosts` in a custom resource leads to merging non-proxy hosts lists from the cluster proxy configuration, and the ones defined in the custom resources.
                               See the following page: https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html.
+                              In some proxy configurations, localhost may not translate to 127.0.0.1. Both localhost and 127.0.0.1 should be specified in this situation.
                             items:
                               type: string
                             type: array
@@ -7970,6 +7972,16 @@ spec:
                   trustedCerts:
                     description: Trusted certificate settings.
                     properties:
+                      disableWorkspaceCaBundleMount:
+                        description: |-
+                          By default, the Operator creates and mounts the 'ca-certs-merged' ConfigMap
+                          containing the CA certificate bundle in users' workspaces at two locations:
+                          '/public-certs' and '/etc/pki/ca-trust/extracted/pem'.
+                          The '/etc/pki/ca-trust/extracted/pem' directory is where the system stores extracted CA certificates
+                          for trusted certificate authorities on Red Hat (e.g., CentOS, Fedora).
+                          This option disables mounting the CA bundle to the '/etc/pki/ca-trust/extracted/pem' directory
+                          while still mounting it to '/public-certs'.
+                        type: boolean
                       gitTrustedCertsConfigMapName:
                         description: |-
                           The ConfigMap contains certificates to propagate to the Che components and to provide a particular configuration for Git.

helmcharts/stable/crds/checlusters.org.eclipse.che.CustomResourceDefinition.yaml

@@ -339,7 +339,45 @@ rules:
   resources:
   - limitranges
   verbs:
+  - create
+  - delete
+  - get
+  - update
+  - patch
+  - watch
+  - list
+- apiGroups:
+  - ""
+  resources:
+  - resourcequotas
+  verbs:
+  - create
+  - delete
+  - get
+  - update
+  - patch
+  - watch
   - list
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - networkpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - update
+  - patch
+  - watch
+  - list
+- apiGroups:
+  - template.openshift.io
+  resources:
+  - templates
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - monitoring.coreos.com
   resources:

helmcharts/stable/templates/che-operator.ClusterRole.yaml

@@ -54,19 +54,19 @@ spec:
         - name: OPERATOR_NAME
           value: che-operator
         - name: CHE_VERSION
-          value: 7.93.0
+          value: 7.94.0
         - name: RELATED_IMAGE_che_server
-          value: quay.io/eclipse/che-server:7.93.0
+          value: quay.io/eclipse/che-server:7.94.0
         - name: RELATED_IMAGE_dashboard
-          value: quay.io/eclipse/che-dashboard:7.93.0
+          value: quay.io/eclipse/che-dashboard:7.94.0
         - name: RELATED_IMAGE_plugin_registry
-          value: quay.io/eclipse/che-plugin-registry:7.93.0
+          value: quay.io/eclipse/che-plugin-registry:7.94.0
         - name: RELATED_IMAGE_che_tls_secrets_creation_job
           value: quay.io/eclipse/che-tls-secret-creator:alpine-01a4c34
         - name: RELATED_IMAGE_single_host_gateway
           value: quay.io/eclipse/che--traefik:v2.9.10-8d81a9df1435f9f3d36ac9398465ef2d5d61e671059974db753faaed14b627de
         - name: RELATED_IMAGE_single_host_gateway_config_sidecar
-          value: quay.io/che-incubator/configbump:7.93.0
+          value: quay.io/che-incubator/configbump:7.94.0
         - name: RELATED_IMAGE_gateway_authentication_sidecar
           value: quay.io/openshift/origin-oauth-proxy:4.9
         - name: RELATED_IMAGE_gateway_authorization_sidecar
@@ -104,7 +104,7 @@ spec:
         - name: CHE_DEFAULT_SPEC_DEVENVIRONMENTS_CONTAINERSECURITYCONTEXT
           value: '{"allowPrivilegeEscalation": true,"capabilities": {"add": ["SETGID",
             "SETUID"]}}'
-        image: quay.io/eclipse/che-operator:7.93.0
+        image: quay.io/eclipse/che-operator:7.94.0
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 10

helmcharts/stable/templates/che-operator.Deployment.yaml

@@ -93,3 +93,5 @@ entries:
     replaces: eclipse-che.v7.91.0
   - name: eclipse-che.v7.93.0
     replaces: eclipse-che.v7.92.0
+  - name: eclipse-che.v7.94.0
+    replaces: eclipse-che.v7.93.0