Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[che-auth] Setup full che-like auth flow on Openshift #19358

Closed
Tracked by #19182
sparkoo opened this issue Mar 22, 2021 · 1 comment
Closed
Tracked by #19182

[che-auth] Setup full che-like auth flow on Openshift #19358

sparkoo opened this issue Mar 22, 2021 · 1 comment
Assignees
@sparkoo
Labels
area/che-server kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.29

Comments

@sparkoo
Copy link
Member

sparkoo commented Mar 22, 2021

Is your task related to a problem? Please describe.

We need to prototype a full authentication/authorization flow that we now see as a candidate to new solution for Che on Openshift.

Describe the solution you'd like

Get the setup from #19357 and make it work on Openshift. It may be as simple as replacing oauth2-proxy with openshift fork (https://github.com/openshift/oauth-proxy) and leaving out Dex. Or it may be more complex.

             |
+- - - - - - | - - - - - - - Openshift - - - - - -+
|            |                                    |
             V
| +------------------------+                      |
  | openshift/oauth2-proxy |--------+
| +------------------------+        |             |
             |                      |
|            V                      |             |
        +---------+                 |
|       | traefik |                 V             |
        +---------+         +---------------+
|            |              | openshift-api |     |
             |              +---------------+
|            V                      A             |
      +-----------------+           |
|    +-----------------+|           |             |
     | kube-rbac-proxy-||-----------+
|    |       |         ||                         |
     |       V         ||
|    |    demo-app     |+                         |
     +-----------------+
|                                                 |
+- - - - - - - - - - - - - - - - - - - - - - - - -+

Describe alternatives you've considered

Additional context

Kubernetes issue: [che-auth] Setup full che-like auth flow on Kubernetes #19357
epic: Authentication and authorization in Eclipse Che #19182
@sparkoo sparkoo added the kind/task Internal things, technical debt, and to-do tasks to be performed. label Mar 22, 2021
@sparkoo sparkoo self-assigned this Mar 22, 2021
@sparkoo sparkoo added area/che-server severity/P1 Has a major impact to usage or development of the system. labels Mar 22, 2021
This was referenced Mar 22, 2021
Closed
Closed
@skabashnyuk skabashnyuk added this to the 7.29 milestone Apr 6, 2021
@skabashnyuk skabashnyuk mentioned this issue Apr 6, 2021
Closed
11 tasks
@sparkoo sparkoo mentioned this issue Apr 9, 2021
Closed
@sparkoo
Copy link
Member Author

sparkoo commented Apr 13, 2021

fixed by che-incubator/che-auth-playground#8

@sparkoo sparkoo closed this as completed Apr 13, 2021
@sparkoo sparkoo mentioned this issue Apr 13, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sparkoo sparkoo

Labels
area/che-server kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.29
Development

No branches or pull requests
2 participants
@sparkoo @skabashnyuk