The first enterprise-ready Che

Eclipse Che 6.0 adds OpenShift support

Gabriela Motroc

© Shutterstock /RATOCA

Eclipse Che 6 is here and it adds OpenShift support [in addition to Docker], which means that you can deploy it on different flavors of OpenShift. However, that’s not the only important news: the work on providing a new SPI is also a meaningful improvement. Let’s see what’s under the hood of version 6.0.

This isn’t the first time you’re reading about Eclipse Che and OpenShift in the same sentence on JAXenter.com. In late 2016, we published an article written by Pete Muir, Technical Director at Red Hat in which he explained why integrating Che with OpenShift would provide an easy way to copy both your runtime and your development workspace

We all know how frustrating it can be to get your workspace and runtime environment set up every time you need to change context. We think that together Eclipse Che and OpenShift are a great step towards making this problem go away.

— Pete Muir, Technical Director at Red Hat

Eclipse Che 6 is here

Che 6 is the latest version and since it’s been a year since Che 5 was released, you should expect to see a lot of new features. However, this is not the only reason why this release is so important; according to Stevan Le Meur, Product Manager at Red Hat and Eclipse Che commiter, this is also the first time that the open Eclipse Che project has been appropriate for even the largest teams and enterprises:

  • Multi-user and Multi-tenancy: Allow multiple users to log into Che. Orchestrate workspaces for hundreds of developers.
  • User Management with Keycloak: Authenticate with OAuth or SAML. Integrate with your LDAP or Active Directory.
  • Team Workspaces & Organization: Create teams and organizations to regroup developers and allocate resources.
  • Permission API: Control how Che resources are used.
  • OpenShift Infrastructure Support: Run Eclipse Che on OpenShift (or continue to run it in Docker on a single server).
  • Email Notifications: Get email notifications as you’re added to team workspaces.
  • New UI: Focus on code while you are editing with a less distractive UI.
  • Debugger: Browse all the threads of your code, setup conditions and suspend policies on breakpoints.
  • Git Visualization While Coding: Get color highlightings in the project explorer and in the editor to reveal git status.
  • Performance Improvements: Start workspace with shorter time and less resources.
  • Service Provider Infrastructure: Build workspace orchestration engine with the infrastructure you want.

Multi-user and multi-tenancy

More than one user can now log into the Che server, allowing a single Che server to orchestrate hundreds of workspaces for developers, Stevan wrote in the release notes.

Eclipse Che is now available in two different modes:

  • Multi-user: Ideal for teams and organizations.
  • Single-user: Suited to personal desktop usage.

The multi-user mode offers multi-tenancy and permissions. Users must authenticate on Eclipse Che, then they receive an account in the system. Each account’s workspaces are isolated and secured. Che uses Keycloak to manage users and authentication.

However, the single-user mode remains the default mode when you are starting Che.

User management with Keycloak

Speaking of Keycloak, the user federation capabilities in this open source project allow users to easily connect Eclipse Che to their existing user directories on LDAP or Active Directory.

Single-sign on (SSO) is also possible, which means that users already authenticated on your system will automatically be authenticated on Eclipse Che. Standard protocols such as OpenID Connect, OAuth 2.0 and SAML 2.0 are supported. You can also enable social network login for Eclipse Che and allow the users to log in with their GitHub, Twitter, Google account.

SEE ALSO: Eclipse Che 5.0 is out

OpenShift infrastructure support

The latest Che release adds support for OpenShift so you can now deploy Eclipse Che on different flavors of OpenShift:

OpenShift support: Benefits

  • Improved security

Che and the workspace agents do not require privileged containers when running in OpenShift.

Sudo commands are not allowed and access to the Docker socket is forbidden. Moreover, the only TCP port that is exposed by Che and its agents is port 80. Therefore, if a malicious user gets access to your workspace terminal, or if a Docker vulnerability is exploited in the wild (e.g. CVE-2016–8867), the damages that can be done to your infrastructure are limited.

  • TLS support

If the OpenShift cluster is configured with TLS, Che will use TLS out-of-the-box to secure all communications between your browser and Che itself.

  • Embedded reverse proxy

OpenShift runs a reverse proxy (HAProxy is the default) that routes traffic to your application in the OpenShift cluster and controls which services are publicly exposed. Che uses OpenShift reverse proxy to expose IDE services.

  • Distributed volumes

Che uses volumes to persist server configuration, server data and workspaces projects files. On OpenShift, Che uses Kubernetes’ Persistent Volume Claim subsystem to provide access to distributed storage services like GlusterFS, AWS Elastic Block Store, Azure Files, GCE Persistent Disk, etc… This means that Che and the volumes exist on separate/remote hosts.

  • YAML and Kubernetes YAML language assistance

If you choose to turn on Che’s built-in YAML language server, you will benefit from language assist (syntax highlight, coloring and checking) for your YAML files. This can be very helpful if you’re editing a large Kubernetes YAML configuration.

New UI

In the new IDE UI, the team’s targets were to:

  • Allow the developer to interact with any IDE actions by using only his keyboard leveraging shortcuts
  • Remove any sort of distraction, be more minimalistic.
  • Focus the UI on primary actions and the code, provide the largest editor area as possible.

The Che UI can show project explorer, terminal, commands, PR table, editor and other helpers or can show only the code for a focused coding session.

Debugger

You can now see all the threads of your code. It also allows you to set up conditions and suspend policies on your breakpoints. Other features are:

  • Run to cursor: Enables you to jump to the cursor position ignoring existing breakpoints on the way.
  • Watch list: Create and manage the expressions you want to track during debugging.
  • Navigate to breakpoint: Double-click on a breakpoint from the debugger to open the corresponding file and scroll to the line where the breakpoint is defined.

Git visualization while coding

All changes are monitored and highlighted with colors on filenames in the project explorer and editor tabs, along with line coloring in the gutter of the editor.

This basically means that Che detects file changes and any Git operations, for that matter and shows you the latest status.

Every time you change a file or perform any Git operation, Che detects it and shows you the latest status. The Project Explorer displays your currently checked out branch name next to the project folder, and files are coloured according to their Git status:

  • Green means it is a new file staged in index. The file is not in the latest commit, but it will be there after commit action is performed.
  • Blue means this file is different from its latest committed version.
  • Yellow means the file is untracked. Changes to such file will not be reflected in the next commit.

Service provider infrastructure

Che 6 brings a new abstraction layer to make it easier for community members to add support for other workspace orchestration engines. Che relies on the SPI to provide the information needed to the infrastructure to orchestrate and provision the workspaces. For that, the SPI defines a set of components which are used by Che server:

  • Infrastructure definition: Definition of the physical or virtual infrastructure coupled with networking and file persistence mechanisms.
  • Environment configuration: A set of machines that can be represented by one or multiple containers/pods sharing the same network and defined by an environment recipe supported by the infrastructure.

As part of the SPI creation, the events mechanism that allows Che’s server to communicate about the workspace’s state to the various clients has also been improved. The events from the workspace’s runtime and each agent are now decoupled. Once the workspace’s agents start, each of them might not be available and ready at the same time — but as soon as one agent is ready for the end-user, the IDE enables it — without waiting for the other agent’s to be ready as well. This ensures a better user experience and a faster loading sequence.

Overall, the work on providing a new SPI is one of the most important underlying improvements in Che 6 and is why we’re able to bring Che to OpenShift, Docker and soon native Kubernetes.

If you want to see the entire list of highlights, don’t forget to read the release notes

Author
Gabriela Motroc
Gabriela Motroc is editor of JAXenter.com and JAX Magazine. Before working at S&S Media she studied International Communication Management at The Hague University of Applied Sciences.

Comments
comments powered by Disqus