diff --git a/pkg/controller/che/che_controller.go b/pkg/controller/che/che_controller.go index cd0b8b137..80cf4a087 100644 --- a/pkg/controller/che/che_controller.go +++ b/pkg/controller/che/che_controller.go @@ -749,10 +749,11 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e exposedServiceName := getServerExposingServiceName(instance) cheHost := "" if !isOpenShift { - done, err := deploy.SyncIngressToCluster( + _, done, err := deploy.SyncIngressToCluster( deployContext, cheFlavor, - instance.Spec.Server.CheHost, + instance.Spec.K8s.IngressDomain, + "", exposedServiceName, 8080, deployContext.CheCluster.Spec.Server.CheServerIngress, @@ -786,6 +787,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e deployContext, cheFlavor, customHost, + "", exposedServiceName, 8080, deployContext.CheCluster.Spec.Server.CheServerRoute, @@ -829,7 +831,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e } } - provisioned, err = devfile_registry.SyncDevfileRegistryToCluster(deployContext, cheHost) + provisioned, err = devfile_registry.SyncDevfileRegistryToCluster(deployContext) if !tests { if !provisioned { if err != nil { @@ -839,7 +841,7 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e } } - provisioned, err = plugin_registry.SyncPluginRegistryToCluster(deployContext, cheHost) + provisioned, err = plugin_registry.SyncPluginRegistryToCluster(deployContext) if !tests { if !provisioned { if err != nil { @@ -970,6 +972,7 @@ func getDefaultCheHost(deployContext *deploy.DeployContext) (string, error) { deployContext, cheFlavor, "", + "", getServerExposingServiceName(deployContext.CheCluster), 8080, deployContext.CheCluster.Spec.Server.CheServerRoute, diff --git a/pkg/deploy/devfile-registry/devfile_registry.go b/pkg/deploy/devfile-registry/devfile_registry.go index d0e75d197..652ad1e7e 100644 --- a/pkg/deploy/devfile-registry/devfile_registry.go +++ b/pkg/deploy/devfile-registry/devfile_registry.go @@ -31,16 +31,14 @@ type DevFileRegistryConfigMap struct { /** * Create devfile registry resources unless an external registry is used. */ -func SyncDevfileRegistryToCluster(deployContext *deploy.DeployContext, cheHost string) (bool, error) { +func SyncDevfileRegistryToCluster(deployContext *deploy.DeployContext) (bool, error) { devfileRegistryURL := deployContext.CheCluster.Spec.Server.DevfileRegistryUrl if !deployContext.CheCluster.Spec.Server.ExternalDevfileRegistry { endpoint, done, err := expose.Expose( deployContext, - cheHost, deploy.DevfileRegistryName, deployContext.CheCluster.Spec.Server.DevfileRegistryRoute, - deployContext.CheCluster.Spec.Server.DevfileRegistryIngress, - deploy.DevfileRegistryName) + deployContext.CheCluster.Spec.Server.DevfileRegistryIngress) if !done { return false, err } diff --git a/pkg/deploy/expose/expose.go b/pkg/deploy/expose/expose.go index 196d369cc..02831b933 100644 --- a/pkg/deploy/expose/expose.go +++ b/pkg/deploy/expose/expose.go @@ -12,72 +12,59 @@ package expose import ( + "strings" + + routev1 "github.com/openshift/api/route/v1" + orgv1 "github.com/eclipse-che/che-operator/pkg/apis/org/v1" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/gateway" "github.com/eclipse-che/che-operator/pkg/util" - routev1 "github.com/openshift/api/route/v1" "github.com/sirupsen/logrus" extentionsv1beta1 "k8s.io/api/extensions/v1beta1" ) +//Expose exposes the specified component according to the configured exposure strategy rules func Expose( deployContext *deploy.DeployContext, - cheHost string, - endpointName string, + componentName string, routeCustomSettings orgv1.RouteCustomSettings, - ingressCustomSettings orgv1.IngressCustomSettings, - component string) (endpont string, done bool, err error) { + ingressCustomSettings orgv1.IngressCustomSettings) (endpointUrl string, done bool, err error) { + //the host and path are empty and will be evaluated for the specified component + return ExposeWithHostPath(deployContext, componentName, "", "", routeCustomSettings, ingressCustomSettings) +} + +//Expose exposes the specified component on the specified host and domain. +//Empty host or path will be evaluated according to the configured strategy rules. +//Note: path may be prefixed according to the configured strategy rules. +func ExposeWithHostPath( + deployContext *deploy.DeployContext, + component string, + host string, + path string, + routeCustomSettings orgv1.RouteCustomSettings, + ingressCustomSettings orgv1.IngressCustomSettings) (endpointUrl string, done bool, err error) { + exposureStrategy := util.GetServerExposureStrategy(deployContext.CheCluster) - var domain string - var endpoint string - var pathPrefix string - var stripPrefix bool - if endpointName == deploy.IdentityProviderName { - pathPrefix = "auth" - stripPrefix = false - } else { - pathPrefix = endpointName - stripPrefix = true - } - if exposureStrategy == "multi-host" { - // this won't get used on openshift, because there we're intentionally let Openshift decide on the domain name - domain = endpointName + "-" + deployContext.CheCluster.Namespace + "." + deployContext.CheCluster.Spec.K8s.IngressDomain - endpoint = domain - } else { - domain = cheHost - if endpointName == deploy.IdentityProviderName { - // legacy - endpoint = domain - } else { - endpoint = domain + "/" + pathPrefix - } + if path != "" && !strings.HasPrefix(path, "/") { + path = "/" + path } - gatewayConfig := "che-gateway-route-" + endpointName singleHostExposureType := deploy.GetSingleHostExposureType(deployContext.CheCluster) useGateway := exposureStrategy == "single-host" && (util.IsOpenShift || singleHostExposureType == "gateway") - + gatewayConfig := "che-gateway-route-" + component if !util.IsOpenShift { if useGateway { - cfg := gateway.GetGatewayRouteConfig(deployContext, gatewayConfig, "/"+pathPrefix, 10, "http://"+endpointName+":8080", stripPrefix) - done, err := deploy.SyncConfigMapSpecToCluster(deployContext, &cfg) - if !util.IsTestMode() { - if !done { - if err != nil { - logrus.Error(err) - } - return "", false, err + return exposeWithGateway(deployContext, gatewayConfig, component, path, func() { + if _, err = deploy.DeleteNamespacedObject(deployContext, component, &extentionsv1beta1.Ingress{}); err != nil { + logrus.Error(err) } - } - if _, err = deploy.DeleteNamespacedObject(deployContext, endpointName, &extentionsv1beta1.Ingress{}); err != nil { - logrus.Error(err) - } + }) } else { - done, err := deploy.SyncIngressToCluster(deployContext, endpointName, domain, endpointName, 8080, ingressCustomSettings, component) + endpointUrl, done, err = deploy.SyncIngressToCluster(deployContext, component, host, path, component, 8080, ingressCustomSettings, component) if !done { - logrus.Infof("Waiting on ingress '%s' to be ready", endpointName) + logrus.Infof("Waiting on ingress '%s' to be ready", component) if err != nil { logrus.Error(err) } @@ -86,38 +73,29 @@ func Expose( if err := gateway.DeleteGatewayRouteConfig(gatewayConfig, deployContext); !util.IsTestMode() && err != nil { logrus.Error(err) } + + return endpointUrl, true, nil } } else { if useGateway { - cfg := gateway.GetGatewayRouteConfig(deployContext, gatewayConfig, "/"+pathPrefix, 10, "http://"+endpointName+":8080", stripPrefix) - done, err := deploy.SyncConfigMapSpecToCluster(deployContext, &cfg) - if !done { - if err != nil { + return exposeWithGateway(deployContext, gatewayConfig, component, path, func() { + if _, err := deploy.DeleteNamespacedObject(deployContext, component, &routev1.Route{}); !util.IsTestMode() && err != nil { logrus.Error(err) } - return "", false, err - } - - _, err = deploy.DeleteNamespacedObject(deployContext, endpointName, &routev1.Route{}) - if err != nil { - logrus.Error(err) - } + }) } else { // the empty string for a host is intentional here - we let OpenShift decide on the hostname - done, err := deploy.SyncRouteToCluster(deployContext, endpointName, "", endpointName, 8080, routeCustomSettings, component) + done, err := deploy.SyncRouteToCluster(deployContext, component, host, path, component, 8080, routeCustomSettings, component) if !done { + logrus.Infof("Waiting on route '%s' to be ready", component) if err != nil { logrus.Error(err) } return "", false, err } - if err := gateway.DeleteGatewayRouteConfig(gatewayConfig, deployContext); !util.IsTestMode() && err != nil { - logrus.Error(err) - } - route := &routev1.Route{} - exists, err := deploy.GetNamespacedObject(deployContext, endpointName, route) + exists, err := deploy.GetNamespacedObject(deployContext, component, route) if !exists { if err != nil { logrus.Error(err) @@ -125,8 +103,46 @@ func Expose( return "", false, err } - endpoint = route.Spec.Host + if err := gateway.DeleteGatewayRouteConfig(gatewayConfig, deployContext); !util.IsTestMode() && err != nil { + logrus.Error(err) + } + + // Keycloak needs special rule in multihost. It's exposed on / which redirects to /auth + // clients which does not support redirects needs /auth be explicitely set + if path == "" && component == deploy.IdentityProviderName { + path = "/auth" + } + return route.Spec.Host + path, true, nil } } - return endpoint, true, nil +} + +func exposeWithGateway(deployContext *deploy.DeployContext, + gatewayConfig string, + component string, + path string, + cleanUpRouting func()) (endpointUrl string, done bool, err error) { + var stripPrefix bool + if path == "" { + if component == deploy.IdentityProviderName { + path = "/auth" + path + stripPrefix = false + } else { + path = "/" + component + path + stripPrefix = true + } + } + + cfg := gateway.GetGatewayRouteConfig(deployContext, gatewayConfig, component, path, 10, "http://"+component+":8080", stripPrefix) + done, err = deploy.SyncConfigMapSpecToCluster(deployContext, &cfg) + if !done { + if err != nil { + logrus.Error(err) + } + return "", false, err + } + + cleanUpRouting() + + return deployContext.CheCluster.Spec.Server.CheHost + path, true, err } diff --git a/pkg/deploy/gateway/gateway.go b/pkg/deploy/gateway/gateway.go index 941891d27..363e43752 100644 --- a/pkg/deploy/gateway/gateway.go +++ b/pkg/deploy/gateway/gateway.go @@ -186,7 +186,7 @@ func delete(clusterAPI deploy.ClusterAPI, obj metav1.Object) error { // GetGatewayRouteConfig creates a config map with traefik configuration for a single new route. // `serviceName` is an arbitrary name identifying the configuration. This should be unique within operator. Che server only creates // new configuration for workspaces, so the name should not resemble any of the names created by the Che server. -func GetGatewayRouteConfig(deployContext *deploy.DeployContext, serviceName string, pathPrefix string, priority int, internalUrl string, stripPrefix bool) corev1.ConfigMap { +func GetGatewayRouteConfig(deployContext *deploy.DeployContext, component string, serviceName string, pathPrefix string, priority int, internalUrl string, stripPrefix bool) corev1.ConfigMap { pathRewrite := pathPrefix != "/" && stripPrefix data := `--- @@ -225,14 +225,14 @@ http: Kind: "ConfigMap", }, ObjectMeta: metav1.ObjectMeta{ - Name: serviceName, + Name: component, Namespace: deployContext.CheCluster.Namespace, Labels: util.MergeMaps( deploy.GetLabels(deployContext.CheCluster, gatewayConfigComponentName), util.GetMapValue(deployContext.CheCluster.Spec.Server.SingleHostGatewayConfigMapLabels, deploy.DefaultSingleHostGatewayConfigMapLabels)), }, Data: map[string]string{ - serviceName + ".yml": data, + component + ".yml": data, }, } @@ -255,7 +255,7 @@ func DeleteGatewayRouteConfig(serviceName string, deployContext *deploy.DeployCo // below functions declare the desired states of the various objects required for the gateway func getGatewayServerConfigSpec(deployContext *deploy.DeployContext) corev1.ConfigMap { - return GetGatewayRouteConfig(deployContext, gatewayServerConfigName, "/", 1, "http://"+deploy.CheServiceName+":8080", false) + return GetGatewayRouteConfig(deployContext, gatewayServerConfigName, gatewayServerConfigName, "/", 1, "http://"+deploy.CheServiceName+":8080", false) } func getGatewayServiceAccountSpec(instance *orgv1.CheCluster) corev1.ServiceAccount { diff --git a/pkg/deploy/identity-provider/deployment_keycloak.go b/pkg/deploy/identity-provider/deployment_keycloak.go index 71cb8ee58..40624f3e7 100644 --- a/pkg/deploy/identity-provider/deployment_keycloak.go +++ b/pkg/deploy/identity-provider/deployment_keycloak.go @@ -540,7 +540,7 @@ func GetSpecKeycloakDeployment( if cheFlavor == "codeready" { keycloakEnv = append(keycloakEnv, corev1.EnvVar{ Name: "KEYCLOAK_FRONTEND_URL", - Value: deployContext.CheCluster.Status.KeycloakURL + "/auth", + Value: deployContext.CheCluster.Status.KeycloakURL, }) } } diff --git a/pkg/deploy/identity-provider/identity_provider.go b/pkg/deploy/identity-provider/identity_provider.go index 772a8834f..999ebbb29 100644 --- a/pkg/deploy/identity-provider/identity_provider.go +++ b/pkg/deploy/identity-provider/identity_provider.go @@ -80,17 +80,15 @@ func syncExposure(deployContext *deploy.DeployContext) (bool, error) { false: "http"})[cr.Spec.Server.TlsSupport] endpoint, done, err := expose.Expose( deployContext, - cr.Spec.Server.CheHost, deploy.IdentityProviderName, cr.Spec.Auth.IdentityProviderRoute, - cr.Spec.Auth.IdentityProviderIngress, - deploy.IdentityProviderName) + cr.Spec.Auth.IdentityProviderIngress) if !done { return false, err } keycloakURL := protocol + "://" + endpoint - deployContext.InternalService.KeycloakHost = fmt.Sprintf("%s://%s.%s.svc:%d", "http", deploy.IdentityProviderName, cr.Namespace, 8080) + deployContext.InternalService.KeycloakHost = fmt.Sprintf("%s://%s.%s.svc:%d/auth", "http", deploy.IdentityProviderName, cr.Namespace, 8080) if cr.Spec.Auth.IdentityProviderURL != keycloakURL { cr.Spec.Auth.IdentityProviderURL = keycloakURL diff --git a/pkg/deploy/ingres_test.go b/pkg/deploy/ingres_test.go index f4021caf7..26949e1b5 100644 --- a/pkg/deploy/ingres_test.go +++ b/pkg/deploy/ingres_test.go @@ -37,6 +37,7 @@ func TestIngressSpec(t *testing.T) { name string ingressName string ingressHost string + ingressPath string ingressComponent string serviceName string servicePort int @@ -57,6 +58,7 @@ func TestIngressSpec(t *testing.T) { ingressName: "test", ingressComponent: "test-component", ingressHost: "test-host", + ingressPath: "", serviceName: "che", servicePort: 8080, ingressCustomSettings: orgv1.IngressCustomSettings{ @@ -124,9 +126,10 @@ func TestIngressSpec(t *testing.T) { }, } - actualIngress := GetIngressSpec(deployContext, + _, actualIngress := GetIngressSpec(deployContext, testCase.ingressName, testCase.ingressHost, + testCase.ingressPath, testCase.serviceName, testCase.servicePort, testCase.ingressCustomSettings, @@ -157,12 +160,12 @@ func TestSyncIngressToCluster(t *testing.T) { }, } - done, err := SyncIngressToCluster(deployContext, "test", "host-1", "service-1", 8080, orgv1.IngressCustomSettings{}, "component") + _, done, err := SyncIngressToCluster(deployContext, "test", "host-1", "", "service-1", 8080, orgv1.IngressCustomSettings{}, "component") if !done || err != nil { t.Fatalf("Failed to sync ingress: %v", err) } - done, err = SyncIngressToCluster(deployContext, "test", "host-2", "service-2", 8080, orgv1.IngressCustomSettings{}, "component") + _, done, err = SyncIngressToCluster(deployContext, "test", "host-2", "", "service-2", 8080, orgv1.IngressCustomSettings{}, "component") if !done || err != nil { t.Fatalf("Failed to sync ingress: %v", err) } diff --git a/pkg/deploy/ingress.go b/pkg/deploy/ingress.go index e59bed084..44523d218 100644 --- a/pkg/deploy/ingress.go +++ b/pkg/deploy/ingress.go @@ -31,28 +31,34 @@ var ingressDiffOpts = cmp.Options{ }), } +// SyncIngressToCluster creates ingress to expose service with the set settings +// host and path are evaluated if they are empty func SyncIngressToCluster( deployContext *DeployContext, name string, host string, + path string, serviceName string, servicePort int, ingressCustomSettings orgv1.IngressCustomSettings, - component string) (bool, error) { + component string) (endpointUrl string, done bool, err error) { - ingressSpec := GetIngressSpec(deployContext, name, host, serviceName, servicePort, ingressCustomSettings, component) - return Sync(deployContext, ingressSpec, ingressDiffOpts) + ingressUrl, ingressSpec := GetIngressSpec(deployContext, name, host, path, serviceName, servicePort, ingressCustomSettings, component) + sync, err := Sync(deployContext, ingressSpec, ingressDiffOpts) + return ingressUrl, sync, err } // GetIngressSpec returns expected ingress config for given parameters +// host and path are evaluated if they are empty func GetIngressSpec( deployContext *DeployContext, name string, host string, + path string, serviceName string, servicePort int, ingressCustomSettings orgv1.IngressCustomSettings, - component string) *v1beta1.Ingress { + component string) (ingressUrl string, i *v1beta1.Ingress) { tlsSupport := deployContext.CheCluster.Spec.Server.TlsSupport ingressStrategy := util.GetServerExposureStrategy(deployContext.CheCluster) @@ -63,7 +69,7 @@ func GetIngressSpec( if host == "" { if ingressStrategy == "multi-host" { - host = name + "-" + deployContext.CheCluster.Namespace + "." + ingressDomain + host = component + "-" + deployContext.CheCluster.Namespace + "." + ingressDomain } else if ingressStrategy == "single-host" { host = ingressDomain } @@ -71,21 +77,17 @@ func GetIngressSpec( tlsSecretName := util.GetValue(deployContext.CheCluster.Spec.K8s.TlsSecretName, "") if tlsSupport { - if name == DefaultCheFlavor(deployContext.CheCluster) && deployContext.CheCluster.Spec.Server.CheHostTLSSecret != "" { + if component == DefaultCheFlavor(deployContext.CheCluster) && deployContext.CheCluster.Spec.Server.CheHostTLSSecret != "" { tlsSecretName = deployContext.CheCluster.Spec.Server.CheHostTLSSecret } } - path := "/" - if ingressStrategy != "multi-host" { - switch name { - case IdentityProviderName: - path = "/auth" - case DevfileRegistryName: - path = "/" + DevfileRegistryName + "/(.*)" - case PluginRegistryName: - path = "/" + PluginRegistryName + "/(.*)" - } + var endpointPath, ingressPath string + if path == "" { + endpointPath, ingressPath = evaluatePath(component, ingressStrategy) + } else { + ingressPath = path + endpointPath = path } annotations := map[string]string{ @@ -94,7 +96,7 @@ func GetIngressSpec( "nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600", "nginx.ingress.kubernetes.io/ssl-redirect": strconv.FormatBool(tlsSupport), } - if ingressStrategy != "multi-host" && (name == DevfileRegistryName || name == PluginRegistryName) { + if ingressStrategy != "multi-host" && (component == DevfileRegistryName || component == PluginRegistryName) { annotations["nginx.ingress.kubernetes.io/rewrite-target"] = "/$1" } @@ -121,7 +123,7 @@ func GetIngressSpec( ServiceName: serviceName, ServicePort: intstr.FromInt(servicePort), }, - Path: path, + Path: ingressPath, }, }, }, @@ -142,5 +144,35 @@ func GetIngressSpec( } } - return ingress + return host + endpointPath, ingress +} + +// evaluatePath evaluates ingress path (one which is used for rule) +// and endpoint path (one which client should use during endpoint accessing) +func evaluatePath(component, ingressStrategy string) (endpointPath, ingressPath string) { + if ingressStrategy == "multi-host" { + ingressPath = "/" + endpointPath = "/" + // Keycloak needs special rule in multihost. It's exposed on / which redirects to /auth + // clients which does not support redirects needs /auth be explicitely set + if component == IdentityProviderName { + endpointPath = "/auth" + } + } else { + switch component { + case IdentityProviderName: + endpointPath = "/auth" + ingressPath = endpointPath + "/(.*)" + case DevfileRegistryName: + fallthrough + case PluginRegistryName: + endpointPath = "/" + component + ingressPath = endpointPath + "/(.*)" + default: + ingressPath = "/" + endpointPath = "/" + } + + } + return endpointPath, ingressPath } diff --git a/pkg/deploy/oauthclient.go b/pkg/deploy/oauthclient.go index a66e8005e..8a0c5e938 100644 --- a/pkg/deploy/oauthclient.go +++ b/pkg/deploy/oauthclient.go @@ -29,7 +29,7 @@ func GetOAuthClientSpec(name string, oauthSecret string, keycloakURL string, key providerName = "openshift-v4" } - redirectURLSuffix := "/auth/realms/" + keycloakRealm + "/broker/" + providerName + "/endpoint" + redirectURLSuffix := "/realms/" + keycloakRealm + "/broker/" + providerName + "/endpoint" redirectURIs := []string{ keycloakURL + redirectURLSuffix, } diff --git a/pkg/deploy/plugin-registry/plugin_registry.go b/pkg/deploy/plugin-registry/plugin_registry.go index f34b74e77..54cc6c599 100644 --- a/pkg/deploy/plugin-registry/plugin_registry.go +++ b/pkg/deploy/plugin-registry/plugin_registry.go @@ -14,6 +14,7 @@ package plugin_registry import ( "encoding/json" "fmt" + "strings" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/expose" @@ -31,25 +32,29 @@ type PluginRegistryConfigMap struct { /** * Create plugin registry resources unless an external registry is used. */ -func SyncPluginRegistryToCluster(deployContext *deploy.DeployContext, cheHost string) (bool, error) { +func SyncPluginRegistryToCluster(deployContext *deploy.DeployContext) (bool, error) { pluginRegistryURL := deployContext.CheCluster.Spec.Server.PluginRegistryUrl if !deployContext.CheCluster.Spec.Server.ExternalPluginRegistry { endpoint, done, err := expose.Expose( deployContext, - cheHost, deploy.PluginRegistryName, deployContext.CheCluster.Spec.Server.PluginRegistryRoute, - deployContext.CheCluster.Spec.Server.PluginRegistryIngress, - deploy.PluginRegistryName) + deployContext.CheCluster.Spec.Server.PluginRegistryIngress) if !done { return false, err } if pluginRegistryURL == "" { if deployContext.CheCluster.Spec.Server.TlsSupport { - pluginRegistryURL = "https://" + endpoint + "/v3" + pluginRegistryURL = "https://" + endpoint } else { - pluginRegistryURL = "http://" + endpoint + "/v3" + pluginRegistryURL = "http://" + endpoint + } + // append the API version to plugin registry + if !strings.HasSuffix(pluginRegistryURL, "/") { + pluginRegistryURL = pluginRegistryURL + "/v3" + } else { + pluginRegistryURL = pluginRegistryURL + "v3" } } diff --git a/pkg/deploy/route.go b/pkg/deploy/route.go index 814aed040..0b0c7b337 100644 --- a/pkg/deploy/route.go +++ b/pkg/deploy/route.go @@ -50,12 +50,13 @@ func SyncRouteToCluster( deployContext *DeployContext, name string, host string, + path string, serviceName string, servicePort int32, routeCustomSettings orgv1.RouteCustomSettings, component string) (bool, error) { - routeSpec, err := GetRouteSpec(deployContext, name, host, serviceName, servicePort, routeCustomSettings, component) + routeSpec, err := GetRouteSpec(deployContext, name, host, path, serviceName, servicePort, routeCustomSettings, component) if err != nil { return false, err } @@ -71,6 +72,7 @@ func GetRouteSpec( deployContext *DeployContext, name string, host string, + path string, serviceName string, servicePort int32, routeCustomSettings orgv1.RouteCustomSettings, @@ -104,6 +106,7 @@ func GetRouteSpec( Name: serviceName, Weight: &weight, }, + Path: path, Port: &routev1.RoutePort{ TargetPort: targetPort, }, diff --git a/pkg/deploy/route_test.go b/pkg/deploy/route_test.go index ef426a035..6489ee73c 100644 --- a/pkg/deploy/route_test.go +++ b/pkg/deploy/route_test.go @@ -39,6 +39,7 @@ func TestRouteSpec(t *testing.T) { name string routeName string routeHost string + routePath string routeComponent string serviceName string servicePort int32 @@ -160,6 +161,7 @@ func TestRouteSpec(t *testing.T) { actualRoute, err := GetRouteSpec(deployContext, testCase.routeName, testCase.routeHost, + testCase.routePath, testCase.serviceName, testCase.servicePort, testCase.routeCustomSettings, @@ -194,13 +196,13 @@ func TestSyncRouteToCluster(t *testing.T) { }, } - done, err := SyncRouteToCluster(deployContext, "test", "", "service", 80, orgv1.RouteCustomSettings{}, "test") + done, err := SyncRouteToCluster(deployContext, "test", "", "", "service", 80, orgv1.RouteCustomSettings{}, "test") if !done || err != nil { t.Fatalf("Failed to sync route: %v", err) } // sync another route - done, err = SyncRouteToCluster(deployContext, "test", "", "service", 90, orgv1.RouteCustomSettings{}, "test") + done, err = SyncRouteToCluster(deployContext, "test", "", "", "service", 90, orgv1.RouteCustomSettings{}, "test") if !done || err != nil { t.Fatalf("Failed to sync route: %v", err) } @@ -215,7 +217,7 @@ func TestSyncRouteToCluster(t *testing.T) { } // sync route with labels & domain - done, err = SyncRouteToCluster(deployContext, "test", "", "service", 90, orgv1.RouteCustomSettings{Labels: "a=b", Domain: "domain"}, "test") + done, err = SyncRouteToCluster(deployContext, "test", "", "", "service", 90, orgv1.RouteCustomSettings{Labels: "a=b", Domain: "domain"}, "test") if !done || err != nil { t.Fatalf("Failed to sync route: %v", err) } diff --git a/pkg/deploy/server/che_configmap.go b/pkg/deploy/server/che_configmap.go index 51a1419fc..bbe76422d 100644 --- a/pkg/deploy/server/che_configmap.go +++ b/pkg/deploy/server/che_configmap.go @@ -261,8 +261,8 @@ func GetCheConfigMapData(deployContext *deploy.DeployContext) (cheEnv map[string } if cheMultiUser == "true" { - data.KeycloakURL = keycloakURL + "/auth" - data.KeycloakInternalURL = keycloakInternalURL + "/auth" + data.KeycloakURL = keycloakURL + data.KeycloakInternalURL = keycloakInternalURL data.KeycloakRealm = keycloakRealm data.KeycloakClientId = keycloakClientId data.DatabaseURL = "jdbc:postgresql://" + chePostgresHostName + ":" + chePostgresPort + "/" + chePostgresDb diff --git a/pkg/deploy/server/che_configmap_test.go b/pkg/deploy/server/che_configmap_test.go index 999c234ae..18c3fe701 100644 --- a/pkg/deploy/server/che_configmap_test.go +++ b/pkg/deploy/server/che_configmap_test.go @@ -816,7 +816,7 @@ func TestShouldSetUpCorrectlyInternalIdentityProviderServiceURL(t *testing.T) { Auth: orgv1.CheClusterSpecAuth{ OpenShiftoAuth: util.NewBoolPointer(false), ExternalIdentityProvider: true, - IdentityProviderURL: "http://external-keycloak", + IdentityProviderURL: "http://external-keycloak/auth", }, }, }, @@ -841,7 +841,7 @@ func TestShouldSetUpCorrectlyInternalIdentityProviderServiceURL(t *testing.T) { Auth: orgv1.CheClusterSpecAuth{ OpenShiftoAuth: util.NewBoolPointer(false), ExternalIdentityProvider: true, - IdentityProviderURL: "http://external-keycloak", + IdentityProviderURL: "http://external-keycloak/auth", }, }, }, @@ -866,7 +866,7 @@ func TestShouldSetUpCorrectlyInternalIdentityProviderServiceURL(t *testing.T) { Auth: orgv1.CheClusterSpecAuth{ OpenShiftoAuth: util.NewBoolPointer(false), ExternalIdentityProvider: false, - IdentityProviderURL: "http://keycloak", + IdentityProviderURL: "http://keycloak/auth", }, }, Status: orgv1.CheClusterStatus{ @@ -894,7 +894,7 @@ func TestShouldSetUpCorrectlyInternalIdentityProviderServiceURL(t *testing.T) { Auth: orgv1.CheClusterSpecAuth{ OpenShiftoAuth: util.NewBoolPointer(false), ExternalIdentityProvider: false, - IdentityProviderURL: "http://keycloak", + IdentityProviderURL: "http://keycloak/auth", }, }, }, @@ -921,7 +921,7 @@ func TestShouldSetUpCorrectlyInternalIdentityProviderServiceURL(t *testing.T) { }, Proxy: &deploy.Proxy{}, InternalService: deploy.InternalService{ - KeycloakHost: "http://keycloak.eclipse-che.svc:8080", + KeycloakHost: "http://keycloak.eclipse-che.svc:8080/auth", }, } diff --git a/pkg/deploy/tls.go b/pkg/deploy/tls.go index ac993c651..3beb02252 100644 --- a/pkg/deploy/tls.go +++ b/pkg/deploy/tls.go @@ -139,6 +139,7 @@ func GetEndpointTLSCrtChain(deployContext *DeployContext, endpointURL string) ([ deployContext, "test", "", + "", "test", 8080, deployContext.CheCluster.Spec.Server.CheServerRoute, @@ -181,10 +182,11 @@ func GetEndpointTLSCrtChain(deployContext *DeployContext, endpointURL string) ([ // Create test ingress to get certificates chain. // Note, it is not possible to use SyncIngressToCluster here as it may cause infinite reconcile loop. - ingressSpec := GetIngressSpec( + _, ingressSpec := GetIngressSpec( deployContext, "test", "", + "", "test", 8080, deployContext.CheCluster.Spec.Server.CheServerIngress,