Closed jlhawkins-stuff closed 2 years ago
Hello @jlhawkins-stuff Eclipse Che versions v7.40.x and v7.42.x are not backward compatible. It is not possible to deploy a lower versions of Eclipse Che with chectl 7.42.x (https://github.com/eclipse/che/issues/21001) So, pls use chectl 7.40.x https://github.com/che-incubator/chectl/releases/tag/7.40.2
@jlhawkins-stuff could you please explain why do you want to use chectl v7.41.1 to deploy lower version of Che?
@svor Fresh installs of che 7.42.0 using chectl 7.42.0 wasn't installing an OIDC (keycloak). Which required using the --skip-oidc-provider-check
option to deploy. I downgrade chectl and was able to deploy the server with keycloak.
@tolusha Che 7.40.0 was deployed with chectl 7.41.1. That deployment was successful. chectl was updated to 7.42.0, then the server was updated to 7.42.0. That update was successful except for the gateway pod. That pod was accessing the wrong URL https://keycloak-eclipse-che.che.example.com/auth/.well-known/openid-configuration
resulting in a 404 error. The correct URL should be https://keycloak-eclipse-che.che.example.com/auth/realms/che/.well-known/openid-configuration
notice the realms/che
path
@jlhawkins-stuff It should not be possible to update 7.40.0 to 7.42.2. Either use 7.41.2 version or deploy 7.42.0 from the scratch (see some discussion here https://github.com/eclipse/che/issues/21049)
I was watching this because it is happening to me as well but it got closed! I simply upgraded from 7.38 to 7.42 and the fourth container (the oauth-proxy) pod fails trying to fetch https://<host>/auth/.well-known/openid-configuration
instead of https://<host>/auth/realms/che/.well-known/openid-configuration
. If I change .spec.auth.identityProviderURL
to https://<host>/auth/realms/che
it starts but fails to login. So, going by the comment there is no upgrade path to 7.42 and a fresh install is required?
@barrygear I closed the issue because a fresh install of 7.42.0 did resolve THIS issue. Installing 7.42.0 had a whole host of other learning experiences. I'd be down to share experiences. I ultimately reverted to 7.38.0 cause I could get it working.
Describe the bug
Upgrading CHE from 7.40.0 to 7.42.0 causes gateway (aka traefik) to fail oauth-proxy
Che version
7.42@latest
Steps to reproduce
New gateway 7.42.0 pod:
Expected behavior
https://keycloak-eclipse-che.che.example.com/auth/realms/che/.well-known/openid-configuration provides a non 404 response.
Runtime
Kubernetes (vanilla)
Screenshots
No response
Installation method
chectl/latest
Environment
other (please specify in additional context)
Eclipse Che Logs
No response
Additional context
vsphere infrastructure juju charmed Kubernetes deployment