Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add flags to pass required parameters to deploy Eclipse Che on Kubernetes #21759

Closed
Tracked by #21785
, #21823 #21925 #21941
...
tolusha opened this issue Oct 13, 2022 · 5 comments
Closed
Tracked by #21785
, #21823 #21925 #21941
...

Add flags to pass required parameters to deploy Eclipse Che on Kubernetes #21759

tolusha opened this issue Oct 13, 2022 · 5 comments
Labels
area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.61

Comments

@tolusha
Copy link
Contributor

tolusha commented Oct 13, 2022

Is your task related to a problem? Please describe

Currently when user tries to deploy Eclipse Che on Kubernetes it usually fails on gateway pod

[2022/10/12 12:06:26] [main.go:54] invalid configuration:
  provider missing setting: client-id
  missing setting: client-secret or client-secret-file
  oidc provider requires an oidc issuer URL

Describe the solution you'd like

Add flags to pass the following parameters:

  • clientId
  • clientSecret
  • identityProviderUrl

Describe alternatives you've considered

Ensure parameters above are passed via patch file

Additional context

No response
@tolusha tolusha added kind/task Internal things, technical debt, and to-do tasks to be performed. area/chectl Issues related to chectl, the CLI of Che severity/P1 Has a major impact to usage or development of the system. labels Oct 13, 2022
@tolusha tolusha mentioned this issue Oct 31, 2022
Closed
73 tasks
@LiJunBJZhu
Copy link

@tolusha once the feature you proposed is implemented, can a Keycloak URL be provided to the che by defining IdentityProviderURL?

@tolusha
Copy link
Contributor Author

tolusha commented Nov 3, 2022

@LiJunBJZhu
It is possible right now to provide Keycloak URL as IdentityProviderURL.
The goal of the issue is to simplify of way how user pass the required parameters.
Currently it works in the following:

  1. Prepare patch file
cat >>cr-patch.yaml <<EOF
apiVersion: org.eclipse.che/v2
spec:
  networking:
    auth:
      identityProviderURL: <IDENTITY_PROVIDER_URL>
      oAuthClientName: <CLIENT_ID>
      oAuthSecret: <CLIENT_SECRET>
EOF
  1. Deploy Eclipse Che
chectl server:deploy --platform k8s --che-operator-cr-patch-yaml cr-patch.yaml --skip-oidc-provider-check --domain <DOMAIN>

@LiJunBJZhu
Copy link

When the keycloak is configured as the IdentityProviderURL, must the keycloak instance be the OIDC provider of k8s cluster too?

We are looking for a way to allow a keycloak user, who is not a k8s user, to sign-on the devspaces deployment.

@tolusha
Copy link
Contributor Author

tolusha commented Nov 4, 2022

When the keycloak is configured as the IdentityProviderURL, must the keycloak instance be the OIDC provider of k8s cluster too?

Exactly, but it is kind of Admin responsibility to configure API server to use keycloak as OIDC provider.
chectl can do nothing here ^(
For instance https://www.eclipse.org/che/docs/stable/administration-guide/installing-che-on-minikube-keycloak-oidc/

@tolusha tolusha mentioned this issue Nov 9, 2022
Closed
@tolusha tolusha mentioned this issue Nov 19, 2022
Closed
68 tasks
@tolusha tolusha mentioned this issue Dec 7, 2022
Closed
82 tasks
@tolusha tolusha mentioned this issue Jan 10, 2023
Closed
60 tasks
@tolusha tolusha mentioned this issue Jan 20, 2023
Closed
@tolusha tolusha mentioned this issue Feb 2, 2023
Merged
8 tasks
@tolusha
Copy link
Contributor Author

tolusha commented Feb 2, 2023

I have second thought about this issue.
Instead of providing flags to set CheCluster CR fields, I added validation to ensure that needed configuration is passed via patch file with flag --che-operator-cr-patch-yaml <PATH_TO_PATCH>

@tolusha tolusha closed this as completed Feb 2, 2023
@tolusha tolusha modified the milestones: 7.60, 7.61 Feb 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.61
Development

No branches or pull requests
2 participants
@tolusha @LiJunBJZhu