Major Enhancements
Allow to configure securityContext for the gateway container
You can set up the securityContext for the CDE pods in the CheCluster CR:
spec:
devEnvironments:
security:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
podSecurityContext:
seccompProfile:
type: RuntimeDefault
With this release, the securityContext is also applied to the CDE's che-gateway container.
Add the ncat utility to the project clone image
With this release, the ncat utility has been added to the project-clone container of the CDE.
$ podman run --rm quay.io/devfile/project-clone:v0.32.1 nc --version
Ncat: Version 7.92 ( https://nmap.org/ncat )
Create a common entrypoint for base and UDI, fix .config ownership for Podman 5 support
With this release, a common entrypoint.sh script is used for both the base-developer-image and the universal-developer-image (UDI), making the behaviour between the two images consistent.
The base-developer-image and UDI are updated so that the storage driver for Podman (fuseoverlay-fs or vfs) is determined automatically in the entrypoint. As a result, if the /dev/fuse device is available in the CDE, the entrypoint will configure the ~/.config/containers/storage.conf file automatically to use fuse-overlayfs.
Additionally, the ownership of the ~/.config folder is set to the current user, which is a requirement for Podman 5.x.
Bug Fixes
Do not cache the ServiceAccount token on the User Dashboard
Previously, ServiceAccount token located at the path /var/run/secrets/kubernetes.io/serviceaccount/token was cached on the User Dashboard end and was not refreshed properly. The defect has been fixed in this release.
Automatically restart from local devfile when devfile failed to be resolved at startup for SSH URLs
Regression related to the automatic restart from the local devfile for SSH URLs has been fixed in this release.
Kubeconfig Format Corruption After Switching Clusters and Restarting Workspace
Kubeconfig format corruption after switching clusters and restarting CDE has been fixed in this release.
Restart from local devfile doesn't work anymore
Previously, Che Code's Restart Workspace from Local Devfile functionality was not working when attributes in the DevWorkspace CR had null values. This defect has been fixed in this release.
Cannot create a workspace using ssh
Previously, there was a Cannot add property controller.devfile.io/bootstrap-devworkspace, object is not extensible error when you tried to create a workspace with an SSH URL from the Che dashboard. This defect has been fixed in this release.
Current stow implementation in udi8/9 will break under certain conditions
Previously if devEnvironments.persistUserHome.enabled and devEnvironments.persistUserHome.disableInitContainer were both true, and if there was a file in the /home/user directory that would cause a stow conflict, the stow command would still run and fail due to the conflict. With this release, UBI and UDI entrypoint automatically add conflicting files into the /home/tooling/.stow-local-ignore to prevent the stow failure.
Use current project directory at terminal creation
When creating new terminals in the Visual Studio Code - Open Source ("Code - OSS") editor with the New Terminal (Select a Container) option, the initial directory was not the current project directory (ex. /projects/<project-name>). This defect has been fixed in this release.
Documentation
Documentation for applying editor configurations from a ConfigMap
With this release it is now possible to apply Che Code settings.json and extensions.json to your Visual Studio Code - Open Source ("Code - OSS") editors using a ConfigMap. Learn more in the official documentation.