seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Back off openshift oauth, when oauth can't be used (#269) 

Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
7.9.x
Oleksandr Andriienko 2020-05-19 10:06:42 +03:00 committed by GitHub
parent ddcef41f58
commit 1d771e0074
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 1933 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@ -1 +1,2 @@
tmp
tmp
build

6
Gopkg.lock generated
View File

@ -289,6 +289,7 @@
digest = "1:378f421dd9888e2a449835b102849dabc6e35918432b872c7718a962d5bcc0ad"
name = "github.com/openshift/api"
packages = [
"config/v1",
"console/v1",
"oauth/v1",
"route/v1",
@ -440,6 +441,7 @@
"context",
"context/ctxhttp",
"http/httpguts",
"http/httpproxy",
"http2",
"http2/hpack",
"idna",
@ -887,6 +889,8 @@
analyzer-name = "dep"
analyzer-version = 1
input-imports = [
"github.com/go-openapi/spec",
"github.com/openshift/api/config/v1",
"github.com/openshift/api/console/v1",
"github.com/openshift/api/oauth/v1",
"github.com/openshift/api/route/v1",
@ -897,6 +901,7 @@
"github.com/operator-framework/operator-sdk/version",
"github.com/prometheus/common/log",
"github.com/sirupsen/logrus",
"golang.org/x/net/http/httpproxy",
"k8s.io/api/apps/v1",
"k8s.io/api/core/v1",
"k8s.io/api/extensions/v1beta1",
@ -927,6 +932,7 @@
"k8s.io/code-generator/cmd/lister-gen",
"k8s.io/code-generator/cmd/openapi-gen",
"k8s.io/gengo/args",
"k8s.io/kube-openapi/pkg/common",
"sigs.k8s.io/controller-runtime/pkg/client",
"sigs.k8s.io/controller-runtime/pkg/client/config",
"sigs.k8s.io/controller-runtime/pkg/client/fake",

1
deploy/cluster_role.yaml
View File

@ -29,6 +29,7 @@ rules:
- config.openshift.io
resources:
- infrastructures
- oauths
verbs:
- get
- apiGroups:

509
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1589795199/eclipse-che-preview-kubernetes.crd.yaml Normal file
View File

@ -0,0 +1,509 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
This will allow users to directly login with their Openshift user
throug the Openshift login, and have their workspaces created
under personnal OpenShift namespaces. WARNING: the `kuebadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `false`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overriden.
type: string
cheHost:
description: Public hostname of the installed Che server. This will
be automatically set by the operator. In most cases the default
value set by the operator should not be overriden.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required (see also the `proxyURL`
field).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyUser` field).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` field).
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` field).
type: string
selfSignedCert:
description: Enables the support of OpenShift clusters whose router
uses self-signed certificates. When enabled, the operator retrieves
the default self-signed certificate of OpenShift routes and adds
it to the Java trust store of the Che server. This is usually
required when activating the `tlsSupport` field on demo OpenShift
clusters that have not been setup with a valid certificate for
the routes. This is disabled by default.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
tlsSupport:
description: 'Instructs the operator to deploy Che in TLS mode,
ie with TLS routes or ingresses. This is disabled by default.
WARNING: Enabling TLS might require enabling the `selfSignedCert`
field also in some cases.'
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

0
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1589795199/eclipse-che-preview-kubernetes.crd.yaml.diff Normal file
View File

374
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1589795199/eclipse-che-preview-kubernetes.v9.9.9-nightly.1589795199.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

25
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1589795199/eclipse-che-preview-kubernetes.v9.9.9-nightly.1589795199.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,25 @@
--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1587107617/eclipse-che-preview-kubernetes.v9.9.9-nightly.1587107617.clusterserviceversion.yaml 2020-05-18 09:25:04.280360300 +0300
+++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/9.9.9-nightly.1589795199/eclipse-che-preview-kubernetes.v9.9.9-nightly.1589795199.clusterserviceversion.yaml 2020-05-18 12:46:40.393868845 +0300
@@ -49,12 +49,12 @@
categories: Developer Tools
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-04-17T07:13:37Z"
+ createdAt: "2020-05-18T09:46:40Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1587107617
+ name: eclipse-che-preview-kubernetes.v9.9.9-nightly.1589795199
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -370,5 +370,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1584872938
- version: 9.9.9-nightly.1587107617
+ replaces: eclipse-che-preview-kubernetes.v9.9.9-nightly.1587107617
+ version: 9.9.9-nightly.1589795199

2
olm/eclipse-che-preview-kubernetes/deploy/olm-catalog/eclipse-che-preview-kubernetes/eclipse-che-preview-kubernetes.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1587107617
- currentCSV: eclipse-che-preview-kubernetes.v9.9.9-nightly.1589795199
name: nightly
- currentCSV: eclipse-che-preview-kubernetes.v7.9.3
name: stable

509
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1589795200/eclipse-che-preview-openshift.crd.yaml Normal file
View File

@ -0,0 +1,509 @@
#
# Copyright (c) 2012-2019 Red Hat, Inc.
# This program and the accompanying materials are made
# available under the terms of the Eclipse Public License 2.0
# which is available at https://www.eclipse.org/legal/epl-2.0/
#
# SPDX-License-Identifier: EPL-2.0
#
# Contributors:
# Red Hat, Inc. - initial API and implementation
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: checlusters.org.eclipse.che
spec:
group: org.eclipse.che
names:
kind: CheCluster
listKind: CheClusterList
plural: checlusters
singular: checluster
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Desired configuration of the Che installation. Based on these
settings, the operator automatically creates and maintains several config
maps that will contain the appropriate environment variables the various
components of the Che installation. These generated config maps should
NOT be updated manually.
properties:
auth:
description: Configuration settings related to the Authentication used
by the Che installation.
properties:
externalIdentityProvider:
description: 'Instructs the operator on whether or not to deploy
a dedicated Identity Provider (Keycloak or RH SSO instance). By
default a dedicated Identity Provider server is deployed as part
of the Che installation. But if `externalIdentityProvider` is
`true`, then no dedicated identity provider will be deployed by
the operator and you might need to provide details about the external
identity provider you want to use. See also all the other fields
starting with: `identityProvider`.'
type: boolean
identityProviderAdminUserName:
description: Overrides the name of the Identity Provider admin user.
Defaults to `admin`.
type: string
identityProviderClientId:
description: Name of a Identity provider (Keycloak / RH SSO) `client-id`
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field suffixed with `-public`.
type: string
identityProviderImage:
description: Overrides the container image used in the Identity
Provider (Keycloak / RH SSO) deployment. This includes the image
tag. Omit it or leave it empty to use the defaut container image
provided by the operator.
type: string
identityProviderImagePullPolicy:
description: Overrides the image pull policy used in the Identity
Provider (Keycloak / RH SSO) deployment. Default value is `Always`
for `nightly` or `latest` images, and `IfNotPresent` in other
cases.
type: string
identityProviderPassword:
description: Overrides the password of Keycloak admin user. This
is useful to override it ONLY if you use an external Identity
Provider (see the `externalIdentityProvider` field). If omitted
or left blank, it will be set to an auto-generated password.
type: string
identityProviderPostgresPassword:
description: Password for The Identity Provider (Keycloak / RH SSO)
to connect to the database. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to an auto-generated
password.
type: string
identityProviderRealm:
description: Name of a Identity provider (Keycloak / RH SSO) realm
that should be used for Che. This is useful to override it ONLY
if you use an external Identity Provider (see the `externalIdentityProvider`
field). If omitted or left blank, it will be set to the value
of the `flavour` field.
type: string
identityProviderURL:
description: Public URL of the Identity Provider server (Keycloak
/ RH SSO server). You should set it ONLY if you use an external
Identity Provider (see the `externalIdentityProvider` field).
By default this will be automatically calculated and set by the
operator.
type: string
oAuthClientName:
description: Name of the OpenShift `OAuthClient` resource used to
setup identity federation on the OpenShift side. Auto-generated
if left blank. See also the `OpenShiftoAuth` field.
type: string
oAuthSecret:
description: Name of the secret set in the OpenShift `OAuthClient`
resource used to setup identity federation on the OpenShift side.
Auto-generated if left blank. See also the `OAuthClientName` field.
type: string
openShiftoAuth:
description: 'Enables the integration of the identity provider (Keycloak
/ RHSSO) with OpenShift OAuth. Enabled by defaumt on OpenShift.
This will allow users to directly login with their Openshift user
throug the Openshift login, and have their workspaces created
under personnal OpenShift namespaces. WARNING: the `kuebadmin`
user is NOT supported, and logging through it will NOT allow accessing
the Che Dashboard.'
type: boolean
updateAdminPassword:
description: Forces the default `admin` Che user to update password
on first login. Defaults to `false`.
type: boolean
type: object
database:
description: Configuration settings related to the database used by
the Che installation.
properties:
chePostgresDb:
description: Postgres database name that the Che server uses to
connect to the DB. Defaults to `dbche`.
type: string
chePostgresHostName:
description: Postgres Database hostname that the Che server uses
to connect to. Defaults to postgres. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresPassword:
description: Postgres password that the Che server should use to
connect to the DB. If omitted or left blank, it will be set to
an auto-generated value.
type: string
chePostgresPort:
description: Postgres Database port that the Che server uses to
connect to. Defaults to 5432. This value should be overridden
ONLY when using an external database (see field `externalDb`).
In the default case it will be automatically set by the operator.
type: string
chePostgresUser:
description: Postgres user that the Che server should use to connect
to the DB. Defaults to `pgche`.
type: string
externalDb:
description: 'Instructs the operator on whether or not to deploy
a dedicated database. By default a dedicated Postgres database
is deployed as part of the Che installation. But if `externalDb`
is `true`, then no dedicated database will be deployed by the
operator and you might need to provide connection details to the
external DB you want to use. See also all the fields starting
with: `chePostgres`.'
type: boolean
postgresImage:
description: Overrides the container image used in the Postgres
database deployment. This includes the image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
postgresImagePullPolicy:
description: Overrides the image pull policy used in the Postgres
database deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
type: object
k8s:
description: Configuration settings specific to Che installations made
on upstream Kubernetes.
properties:
ingressClass:
description: 'Ingress class that will define the which controler
will manage ingresses. Defaults to `nginx`. NB: This drives the
`is kubernetes.io/ingress.class` annotation on Che-related ingresses.'
type: string
ingressDomain:
description: 'Global ingress domain for a K8S cluster. This MUST
be explicitly specified: there are no defaults.'
type: string
ingressStrategy:
description: Strategy for ingress creation. This can be `multi-host`
(host is explicitly provided in ingress), `single-host` (host
is provided, path-based rules) and `default-host.*`(no host is
provided, path-based rules). Defaults to `"multi-host`
type: string
securityContextFsGroup:
description: FSGroup the Che pod and Workspace pods containers should
run in. Defaults to `1724`.
type: string
securityContextRunAsUser:
description: ID of the user the Che pod and Workspace pods containers
should run as. Default to `1724`.
type: string
tlsSecretName:
description: Name of a secret that will be used to setup ingress
TLS termination if TLS is enabled. See also the `tlsSupport` field.
type: string
type: object
metrics:
description: Configuration settings related to the metrics collection
used by the Che installation.
properties:
enable:
description: Enables `metrics` Che server endpoint. Default to `false`.
type: boolean
type: object
server:
description: General configuration settings related to the Che server
and the plugin and devfile registries
properties:
airGapContainerRegistryHostname:
description: Optional hostname (or url) to an alternate container
registry to pull images from. This value overrides the container
registry hostname defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
airGapContainerRegistryOrganization:
description: Optional repository name of an alternate container
registry to pull images from. This value overrides the container
registry organization defined in all the default container images
involved in a Che deployment. This is particularly useful to install
Che in an air-gapped environment.
type: string
allowUserDefinedWorkspaceNamespaces:
description: Defines if a user is able to specify Kubernetes namespace
(or OpenShift project) different from the default. It's NOT RECOMMENDED
to configured true without OAuth configured. This property is
also used by the OpenShift infra.
type: boolean
cheDebug:
description: Enables the debug mode for Che server. Defaults to
`false`.
type: string
cheFlavor:
description: Flavor of the installation. This is either `che` for
upstream Che installations, or `codeready` for CodeReady Workspaces
installation. In most cases the default value should not be overriden.
type: string
cheHost:
description: Public hostname of the installed Che server. This will
be automatically set by the operator. In most cases the default
value set by the operator should not be overriden.
type: string
cheImage:
description: Overrides the container image used in Che deployment.
This does NOT include the container image tag. Omit it or leave
it empty to use the defaut container image provided by the operator.
type: string
cheImagePullPolicy:
description: Overrides the image pull policy used in Che deployment.
Default value is `Always` for `nightly` or `latest` images, and
`IfNotPresent` in other cases.
type: string
cheImageTag:
description: Overrides the tag of the container image used in Che
deployment. Omit it or leave it empty to use the defaut image
tag provided by the operator.
type: string
cheLogLevel:
description: 'Log level for the Che server: `INFO` or `DEBUG`. Defaults
to `INFO`.'
type: string
cheWorkspaceClusterRole:
description: Custom cluster role bound to the user for the Che workspaces.
The default roles are used if this is omitted or left blank.
type: string
customCheProperties:
additionalProperties:
type: string
description: Map of additional environment variables that will be
applied in the generated `che` config map to be used by the Che
server, in addition to the values already generated from other
fields of the `CheCluster` custom resource (CR). If `customCheProperties`
contains a property that would be normally generated in `che`
config map from other CR fields, then the value defined in the
`customCheProperties` will be used instead.
type: object
devfileRegistryImage:
description: Overrides the container image used in the Devfile registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
devfileRegistryMemoryLimit:
description: Overrides the memory limit used in the Devfile registry
deployment. Defaults to 256Mi.
type: string
devfileRegistryMemoryRequest:
description: Overrides the memory request used in the Devfile registry
deployment. Defaults to 16Mi.
type: string
devfileRegistryPullPolicy:
description: Overrides the image pull policy used in the Devfile
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
devfileRegistryUrl:
description: Public URL of the Devfile registry, that serves sample,
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalDevfileRegistry` field). By
default this will be automatically calculated by the operator.
type: string
externalDevfileRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Devfile registry server. By default a dedicated devfile
registry server is started. But if `externalDevfileRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `devfileRegistryUrl` field
type: boolean
externalPluginRegistry:
description: Instructs the operator on whether or not to deploy
a dedicated Plugin registry server. By default a dedicated plugin
registry server is started. But if `externalPluginRegistry` is
`true`, then no such dedicated server will be started by the operator
and you will have to manually set the `pluginRegistryUrl` field.
type: boolean
gitSelfSignedCert:
description: If enabled, then the certificate from `che-git-self-signed-cert`
config map will be propagated to the Che components and provide
particular configuration for Git.
type: boolean
nonProxyHosts:
description: List of hosts that should not use the configured proxy.
Use `|`` as delimiter, eg `localhost|my.host.com|123.42.12.32`
Only use when configuring a proxy is required (see also the `proxyURL`
field).
type: string
pluginRegistryImage:
description: Overrides the container image used in the Plugin registry
deployment. This includes the image tag. Omit it or leave it empty
to use the defaut container image provided by the operator.
type: string
pluginRegistryMemoryLimit:
description: Overrides the memory limit used in the Plugin registry
deployment. Defaults to 256Mi.
type: string
pluginRegistryMemoryRequest:
description: Overrides the memory request used in the Plugin registry
deployment. Defaults to 16Mi.
type: string
pluginRegistryPullPolicy:
description: Overrides the image pull policy used in the Plugin
registry deployment. Default value is `Always` for `nightly` or
`latest` images, and `IfNotPresent` in other cases.
type: string
pluginRegistryUrl:
description: Public URL of the Plugin registry, that serves sample
ready-to-use devfiles. You should set it ONLY if you use an external
devfile registry (see the `externalPluginRegistry` field). By
default this will be automatically calculated by the operator.
type: string
proxyPassword:
description: Password of the proxy server Only use when proxy configuration
is required (see also the `proxyUser` field).
type: string
proxyPort:
description: Port of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` field).
type: string
proxyURL:
description: URL (protocol+hostname) of the proxy server. This drives
the appropriate changes in the `JAVA_OPTS` and `https(s)_proxy`
variables in the Che server and workspaces containers. Only use
when configuring a proxy is required.
type: string
proxyUser:
description: User name of the proxy server. Only use when configuring
a proxy is required (see also the `proxyURL` field).
type: string
selfSignedCert:
description: Enables the support of OpenShift clusters whose router
uses self-signed certificates. When enabled, the operator retrieves
the default self-signed certificate of OpenShift routes and adds
it to the Java trust store of the Che server. This is usually
required when activating the `tlsSupport` field on demo OpenShift
clusters that have not been setup with a valid certificate for
the routes. This is disabled by default.
type: boolean
serverMemoryLimit:
description: Overrides the memory limit used in the Che server deployment.
Defaults to 1Gi.
type: string
serverMemoryRequest:
description: Overrides the memory request used in the Che server
deployment. Defaults to 512Mi.
type: string
tlsSupport:
description: 'Instructs the operator to deploy Che in TLS mode,
ie with TLS routes or ingresses. This is disabled by default.
WARNING: Enabling TLS might require enabling the `selfSignedCert`
field also in some cases.'
type: boolean
workspaceNamespaceDefault:
description: 'Defines Kubernetes default namespace in which user''s
workspaces are created if user does not override it. It''s possible
to use <username>, <userid> and <workspaceid> placeholders (e.g.:
che-workspace-<username>). In that case, new namespace will be
created for each user (or workspace). Is used by OpenShift infra
as well to specify Project'
type: string
type: object
storage:
description: Configuration settings related to the persistent storage
used by the Che installation.
properties:
postgresPVCStorageClassName:
description: Storage class for the Persistent Volume Claim dedicated
to the Postgres database. If omitted or left blank, default storage
class is used.
type: string
preCreateSubPaths:
description: Instructs the Che server to launch a special pod to
pre-create a subpath in the Persistent Volumes. Defaults to `false`,
however it might need to enable it according to the configuration
of your K8S cluster.
type: boolean
pvcClaimSize:
description: Size of the persistent volume claim for workspaces.
Defaults to `1Gi`
type: string
pvcJobsImage:
description: Overrides the container image used to create sub-paths
in the Persistent Volumes. This includes the image tag. Omit it
or leave it empty to use the defaut container image provided by
the operator. See also the `preCreateSubPaths` field.
type: string
pvcStrategy:
description: Persistent volume claim strategy for the Che server.
This Can be:`common` (all workspaces PVCs in one volume), `per-workspace`
(one PVC per workspace for all declared volumes) and `unique`
(one PVC per declared volume). Defaults to `common`.
type: string
workspacePVCStorageClassName:
description: Storage class for the Persistent Volume Claims dedicated
to the Che workspaces. If omitted or left blank, default storage
class is used.
type: string
type: object
type: object
status:
description: CheClusterStatus defines the observed state of Che installation
properties:
cheClusterRunning:
description: Status of a Che installation. Can be `Available`, `Unavailable`,
or `Available, Rolling Update in Progress`
type: string
cheURL:
description: Public URL to the Che server
type: string
cheVersion:
description: Current installed Che version
type: string
dbProvisioned:
description: Indicates if or not a Postgres instance has been correctly
provisioned
type: boolean
devfileRegistryURL:
description: Public URL to the Devfile registry
type: string
helpLink:
description: A URL that can point to some URL where to find help related
to the current Operator status.
type: string
keycloakProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been provisioned with realm, client and user
type: boolean
keycloakURL:
description: Public URL to the Identity Provider server (Keycloak /
RH SSO).
type: string
message:
description: A human readable message indicating details about why the
pod is in this condition.
type: string
openShiftoAuthProvisioned:
description: Indicates whether an Identity Provider instance (Keycloak
/ RH SSO) has been configured to integrate with the OpenShift OAuth.
type: boolean
pluginRegistryURL:
description: Public URL to the Plugin registry
type: string
reason:
description: A brief CamelCase message indicating details about why
the pod is in this state.
type: string
type: object
version: v1
versions:
- name: v1
served: true
storage: true

0
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1589795200/eclipse-che-preview-openshift.crd.yaml.diff Normal file
View File

420
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1589795200/eclipse-che-preview-openshift.v9.9.9-nightly.1589795200.clusterserviceversion.yaml Normal file
View File

File diff suppressed because one or more lines are too long

33
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1589795200/eclipse-che-preview-openshift.v9.9.9-nightly.1589795200.clusterserviceversion.yaml.diff Normal file
View File

@ -0,0 +1,33 @@
--- /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1587107617/eclipse-che-preview-openshift.v9.9.9-nightly.1587107617.clusterserviceversion.yaml 2020-05-18 09:25:04.282360295 +0300
+++ /home/user/GoWorkSpace/src/github.com/eclipse/che-operator/olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/9.9.9-nightly.1589795200/eclipse-che-preview-openshift.v9.9.9-nightly.1589795200.clusterserviceversion.yaml 2020-05-18 12:46:40.587868428 +0300
@@ -46,12 +46,12 @@
categories: Developer Tools, OpenShift Optional
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
- createdAt: "2020-04-17T07:13:37Z"
+ createdAt: "2020-05-18T09:46:40Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces in OpenShift.
repository: https://github.com/eclipse/che-operator
support: Eclipse Foundation
- name: eclipse-che-preview-openshift.v9.9.9-nightly.1587107617
+ name: eclipse-che-preview-openshift.v9.9.9-nightly.1589795200
namespace: placeholder
spec:
apiservicedefinitions: {}
@@ -240,6 +240,7 @@
- config.openshift.io
resources:
- infrastructures
+ - oauths
verbs:
- get
- apiGroups:
@@ -415,5 +416,5 @@
maturity: stable
provider:
name: Eclipse Foundation
- replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1584872938
- version: 9.9.9-nightly.1587107617
+ replaces: eclipse-che-preview-openshift.v9.9.9-nightly.1587107617
+ version: 9.9.9-nightly.1589795200

2
olm/eclipse-che-preview-openshift/deploy/olm-catalog/eclipse-che-preview-openshift/eclipse-che-preview-openshift.package.yaml
View File

@ -1,5 +1,5 @@
channels:
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1587107617
- currentCSV: eclipse-che-preview-openshift.v9.9.9-nightly.1589795200
name: nightly
- currentCSV: eclipse-che-preview-openshift.v7.9.3
name: stable

78
pkg/controller/che/che_controller.go
View File

@ -15,12 +15,14 @@ import (
"reflect"
"context"
"fmt"
"strconv"
"strings"
"time"
orgv1 "github.com/eclipse/che-operator/pkg/apis/org/v1"
"github.com/eclipse/che-operator/pkg/deploy"
"github.com/eclipse/che-operator/pkg/util"
oauthv1 "github.com/openshift/api/config/v1"
consolev1 "github.com/openshift/api/console/v1"
oauth "github.com/openshift/api/oauth/v1"
routev1 "github.com/openshift/api/route/v1"
@ -96,6 +98,9 @@ func add(mgr manager.Manager, r reconcile.Reconciler) error {
if err := userv1.AddToScheme(mgr.GetScheme()); err != nil {
logrus.Errorf("Failed to add OpenShift User to scheme: %s", err)
}
if err := oauthv1.AddToScheme(mgr.GetScheme()); err != nil {
logrus.Errorf("Failed to add OpenShift OAuth to scheme: %s", err)
}
if hasConsolelinkObject() {
if err := consolev1.AddToScheme(mgr.GetScheme()); err != nil {
logrus.Errorf("Failed to add OpenShift ConsoleLink to scheme: %s", err)
@ -216,11 +221,14 @@ type ReconcileChe struct {
}
const (
failedNoOpenshiftUserReason = "InstallOrUpdateFailed"
failedNoOpenshiftUserMessage = "No real user exists in the OpenShift cluster." +
" Either disable OpenShift OAuth integration or add at least one user (details in the Help link)"
howToCreateAUserLinkOS4 = "https://docs.openshift.com/container-platform/4.1/authentication/understanding-identity-provider.html#identity-provider-overview_understanding-identity-provider"
howToCreateAUserLinkOS3 = "https://docs.openshift.com/container-platform/3.11/install_config/configuring_authentication.html"
failedNoOpenshiftUserReason = "InstallOrUpdateFailed"
warningNoIdentityProvidersMessage = "No Openshift identity providers. Openshift oAuth was disabled. How to add identity provider read in the Help Link:"
warningNoRealUsersMessage = "No real users. Openshift oAuth was disabled. How to add new user read in the Help Link:"
failedUnableToGetOAuth = "Unable to get openshift oauth."
failedUnableToGetOpenshiftUsers = "Unable to get users on the OpenShift cluster."
howToAddIdentityProviderLinkOS4 = "https://docs.openshift.com/container-platform/4.1/authentication/understanding-identity-provider.html#identity-provider-overview_understanding-identity-provider"
howToConfigureOAuthLinkOS3 = "https://docs.openshift.com/container-platform/3.11/install_config/configuring_authentication.html"
)
// Reconcile reads that state of the cluster for a CheCluster object and makes changes based on the state read
@ -246,10 +254,46 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
logrus.Errorf("An error occurred when detecting current infra: %s", err)
}
if isOpenShift {
if isOpenShift && instance.Spec.Auth.OpenShiftoAuth {
if isOpenShift4 {
oauthv1 := &oauthv1.OAuth{}
if err := r.nonCachedClient.Get(context.TODO(), types.NamespacedName{Name: "cluster"}, oauthv1); err != nil {
getOAuthV1ErrMsg := failedUnableToGetOAuth + " Cause: " + err.Error()
logrus.Errorf(getOAuthV1ErrMsg)
if err := r.SetStatusDetails(instance, request, failedNoOpenshiftUserReason, getOAuthV1ErrMsg, ""); err != nil {
return reconcile.Result{}, err
}
return reconcile.Result{}, err
}
if len(oauthv1.Spec.IdentityProviders) < 1 {
logrus.Warn(warningNoIdentityProvidersMessage, " ", howToAddIdentityProviderLinkOS4)
instance.Spec.Auth.OpenShiftoAuth = false
if err := r.UpdateCheCRSpec(instance, "OpenShiftoAuth", strconv.FormatBool(false)); err != nil {
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
}
}
} else {
users := &userv1.UserList{}
listOptions := &client.ListOptions{}
if err := r.nonCachedClient.List(context.TODO(), listOptions, users); err != nil {
getUsersErrMsg := failedUnableToGetOpenshiftUsers + " Cause: " + err.Error()
logrus.Errorf(getUsersErrMsg)
if err := r.SetStatusDetails(instance, request, failedNoOpenshiftUserReason, getUsersErrMsg, ""); err != nil {
return reconcile.Result{}, err
}
return reconcile.Result{}, err
}
if len(users.Items) < 1 {
logrus.Warn(warningNoRealUsersMessage, " ", howToConfigureOAuthLinkOS3)
instance.Spec.Auth.OpenShiftoAuth = false
if err := r.UpdateCheCRSpec(instance, "OpenShiftoAuth", strconv.FormatBool(false)); err != nil {
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
}
}
}
// delete oAuthClient before CR is deleted
doInstallOpenShiftoAuthProvider := instance.Spec.Auth.OpenShiftoAuth
if doInstallOpenShiftoAuthProvider {
if instance.Spec.Auth.OpenShiftoAuth {
if err := r.ReconcileFinalizer(instance); err != nil {
return reconcile.Result{}, err
}
@ -344,24 +388,6 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
}
if instance.Spec.Auth.OpenShiftoAuth {
users := &userv1.UserList{}
listOptions := &client.ListOptions{}
if err := r.nonCachedClient.List(context.TODO(), listOptions, users); err != nil {
return reconcile.Result{}, err
}
if len(users.Items) < 1 {
helpLink := ""
if isOpenShift4 {
helpLink = howToCreateAUserLinkOS4
} else {
helpLink = howToCreateAUserLinkOS3
}
if err := r.SetStatusDetails(instance, request, failedNoOpenshiftUserReason, failedNoOpenshiftUserMessage, helpLink); err != nil {
return reconcile.Result{}, err
}
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 10}, nil
}
// create a secret with OpenShift API crt to be added to keystore that RH SSO will consume
baseURL, err := util.GetClusterPublicHostname(isOpenShift4)
if err != nil {