Closed tolusha closed 1 year ago
@tolusha once the feature you proposed is implemented, can a Keycloak URL be provided to the che by defining IdentityProviderURL?
@LiJunBJZhu It is possible right now to provide Keycloak URL as IdentityProviderURL. The goal of the issue is to simplify of way how user pass the required parameters. Currently it works in the following:
Prepare patch file
cat >>cr-patch.yaml <<EOF
apiVersion: org.eclipse.che/v2
spec:
networking:
auth:
identityProviderURL: <IDENTITY_PROVIDER_URL>
oAuthClientName: <CLIENT_ID>
oAuthSecret: <CLIENT_SECRET>
EOF
Deploy Eclipse Che
chectl server:deploy --platform k8s --che-operator-cr-patch-yaml cr-patch.yaml --skip-oidc-provider-check --domain <DOMAIN>
When the keycloak is configured as the IdentityProviderURL, must the keycloak instance be the OIDC provider of k8s cluster too?
We are looking for a way to allow a keycloak user, who is not a k8s user, to sign-on the devspaces deployment.
When the keycloak is configured as the IdentityProviderURL, must the keycloak instance be the OIDC provider of k8s cluster too?
Exactly, but it is kind of Admin responsibility to configure API server to use keycloak as OIDC provider. chectl can do nothing here ^( For instance https://www.eclipse.org/che/docs/stable/administration-guide/installing-che-on-minikube-keycloak-oidc/
I have second thought about this issue.
Instead of providing flags to set CheCluster CR fields, I added validation to ensure that needed configuration is passed via patch file with flag --che-operator-cr-patch-yaml <PATH_TO_PATCH>
Is your task related to a problem? Please describe
Currently when user tries to deploy Eclipse Che on Kubernetes it usually fails on gateway pod
Describe the solution you'd like
Add flags to pass the following parameters:
Describe alternatives you've considered
Ensure parameters above are passed via patch file
Additional context
No response