seg_yinzy
/
che-operator
mirror of https://github.com/eclipse-che/che-operator.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: dashboard ingress configuration with custom cheHost (#856) 

* Secure che-dashboard ingress with spec.server.cheHostTLSSecret

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
pull/865/head
Anatolii Bazko 2021-06-07 18:08:33 +03:00 committed by GitHub
parent b2f4f44f45
commit cad643a6e5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 471 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -10,7 +10,7 @@
#
# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8-minimal
FROM registry.access.redhat.com/ubi8-minimal:8.4-200 as builder
FROM registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483 as builder
RUN microdnf install -y golang unzip && \
go version
@ -42,7 +42,7 @@ RUN curl -L https://api.github.com/repos/che-incubator/devworkspace-che-operator
mv /tmp/che-incubator-devworkspace-che-operator-*/deploy /tmp/devworkspace-che-operator/templates/
# https://access.redhat.com/containers/?tab=tags#/registry.access.redhat.com/ubi8-minimal
FROM registry.access.redhat.com/ubi8-minimal:8.4-200
FROM registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
COPY --from=builder /tmp/che-operator/che-operator /usr/local/bin/che-operator
COPY --from=builder /che-operator/templates/keycloak-provision.sh /tmp/keycloak-provision.sh

92
deploy/crds/org_v1_che_crd-v1beta1.yaml
View File

@ -115,6 +115,13 @@ spec:
identityProviderIngress:
description: Ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -153,6 +160,13 @@ spec:
identityProviderRoute:
description: Route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -491,6 +505,13 @@ spec:
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -499,6 +520,13 @@ spec:
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -543,6 +571,21 @@ spec:
deployment. Default value is `Always` for `nightly` or `latest`
images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: Dashboard ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard deployment.
Defaults to 256Mi.
@ -551,6 +594,27 @@ spec:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: Dashboard route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The generated
host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: Overrides the CPU limit used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 500m.
@ -567,6 +631,13 @@ spec:
devfileRegistryIngress:
description: The devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -588,6 +659,13 @@ spec:
devfileRegistryRoute:
description: The devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -665,6 +743,13 @@ spec:
pluginRegistryIngress:
description: Plugin registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -686,6 +771,13 @@ spec:
pluginRegistryRoute:
description: Plugin registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve arbitrary
metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,

92
deploy/crds/org_v1_che_crd.yaml
View File

@ -116,6 +116,13 @@ spec:
identityProviderIngress:
description: Ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -154,6 +161,13 @@ spec:
identityProviderRoute:
description: Route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -503,6 +517,13 @@ spec:
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -511,6 +532,13 @@ spec:
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -556,6 +584,21 @@ spec:
deployment. Default value is `Always` for `nightly` or `latest`
images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: Dashboard ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard
deployment. Defaults to 256Mi.
@ -564,6 +607,27 @@ spec:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: Dashboard route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: Overrides the CPU limit used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 500m.
@ -581,6 +645,13 @@ spec:
devfileRegistryIngress:
description: The devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -602,6 +673,13 @@ spec:
devfileRegistryRoute:
description: The devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -680,6 +758,13 @@ spec:
pluginRegistryIngress:
description: Plugin registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -701,6 +786,13 @@ spec:
pluginRegistryRoute:
description: Plugin registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,

8
deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/manifests/che-operator.clusterserviceversion.yaml
View File

@ -76,13 +76,13 @@ metadata:
categories: Developer Tools
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
createdAt: "2021-06-02T06:26:04Z"
createdAt: "2021-06-04T11:26:58Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-kubernetes.v7.32.0-192.nightly
name: eclipse-che-preview-kubernetes.v7.32.0-194.nightly
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -922,7 +922,7 @@ spec:
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.4-200
value: registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_keycloak
@ -1134,4 +1134,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.32.0-192.nightly
version: 7.32.0-194.nightly

92
deploy/olm-catalog/nightly/eclipse-che-preview-kubernetes/manifests/org_v1_che_crd.yaml
View File

@ -116,6 +116,13 @@ spec:
identityProviderIngress:
description: Ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -154,6 +161,13 @@ spec:
identityProviderRoute:
description: Route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -503,6 +517,13 @@ spec:
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -511,6 +532,13 @@ spec:
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -556,6 +584,21 @@ spec:
deployment. Default value is `Always` for `nightly` or `latest`
images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: Dashboard ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard
deployment. Defaults to 256Mi.
@ -564,6 +607,27 @@ spec:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: Dashboard route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
which is served by a non-default Ingress controller. The
generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: Overrides the CPU limit used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 500m.
@ -581,6 +645,13 @@ spec:
devfileRegistryIngress:
description: The devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -602,6 +673,13 @@ spec:
devfileRegistryRoute:
description: The devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,
@ -680,6 +758,13 @@ spec:
pluginRegistryIngress:
description: Plugin registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be used
to organize and categorize objects by scoping and selecting.
@ -701,6 +786,13 @@ spec:
pluginRegistryRoute:
description: Plugin registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a route,

8
deploy/olm-catalog/nightly/eclipse-che-preview-openshift/manifests/che-operator.clusterserviceversion.yaml
View File

@ -67,13 +67,13 @@ metadata:
categories: Developer Tools, OpenShift Optional
certified: "false"
containerImage: quay.io/eclipse/che-operator:nightly
createdAt: "2021-06-02T06:26:10Z"
createdAt: "2021-06-04T11:27:06Z"
description: A Kube-native development solution that delivers portable and collaborative
developer workspaces in OpenShift.
operatorframework.io/suggested-namespace: eclipse-che
repository: https://github.com/eclipse-che/che-operator
support: Eclipse Foundation
name: eclipse-che-preview-openshift.v7.32.0-192.nightly
name: eclipse-che-preview-openshift.v7.32.0-194.nightly
namespace: placeholder
spec:
apiservicedefinitions: {}
@ -989,7 +989,7 @@ spec:
- name: RELATED_IMAGE_devfile_registry
value: quay.io/eclipse/che-devfile-registry:nightly
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.4-200
value: registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_keycloak
@ -1209,4 +1209,4 @@ spec:
maturity: stable
provider:
name: Eclipse Foundation
version: 7.32.0-192.nightly
version: 7.32.0-194.nightly

94
deploy/olm-catalog/nightly/eclipse-che-preview-openshift/manifests/org_v1_che_crd.yaml
View File

@ -118,6 +118,13 @@ spec:
identityProviderIngress:
description: Ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
@ -158,6 +165,13 @@ spec:
identityProviderRoute:
description: Route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
@ -508,6 +522,13 @@ spec:
cheServerIngress:
description: The Che server ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
@ -517,6 +538,13 @@ spec:
cheServerRoute:
description: The Che server route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
@ -564,6 +592,22 @@ spec:
deployment. Default value is `Always` for `nightly` or `latest`
images, and `IfNotPresent` in other cases.
type: string
dashboardIngress:
description: Dashboard ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
dashboardMemoryLimit:
description: Overrides the memory limit used in the dashboard
deployment. Defaults to 256Mi.
@ -572,6 +616,28 @@ spec:
description: Overrides the memory request used in the dashboard
deployment. Defaults to 16Mi.
type: string
dashboardRoute:
description: Dashboard route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
route, which is served by a non-default Ingress controller.
The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.'
type: string
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
selecting.
type: string
type: object
devfileRegistryCpuLimit:
description: Overrides the CPU limit used in the devfile registry
deployment. In cores. (500m = .5 cores). Default to 500m.
@ -589,6 +655,13 @@ spec:
devfileRegistryIngress:
description: The devfile registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
@ -611,6 +684,13 @@ spec:
devfileRegistryRoute:
description: The devfile registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a
@ -690,6 +770,13 @@ spec:
pluginRegistryIngress:
description: Plugin registry ingress custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
labels:
description: Comma separated list of labels that can be
used to organize and categorize objects by scoping and
@ -712,6 +799,13 @@ spec:
pluginRegistryRoute:
description: Plugin registry route custom settings.
properties:
annotations:
additionalProperties:
type: string
description: Unstructured key value map stored with a resource
that may be set by external tools to store and retrieve
arbitrary metadata.
type: object
domain:
description: 'Operator uses the domain to generate a hostname
for a route. In a conjunction with labels it creates a

2
deploy/operator.yaml
View File

@ -60,7 +60,7 @@ spec:
- name: RELATED_IMAGE_che_tls_secrets_creation_job
value: quay.io/eclipse/che-tls-secret-creator:alpine-d1ed4ad
- name: RELATED_IMAGE_pvc_jobs
value: registry.access.redhat.com/ubi8-minimal:8.4-200
value: registry.access.redhat.com/ubi8-minimal:8.4-200.1622548483
- name: RELATED_IMAGE_postgres
value: quay.io/eclipse/che--centos--postgresql-96-centos7:9.6-b681d78125361519180a6ac05242c296f8906c11eab7e207b5ca9a89b6344392
- name: RELATED_IMAGE_keycloak

12
pkg/apis/org/v1/che_types.go
View File

@ -163,6 +163,12 @@ type CheClusterSpecServer struct {
// In cores. (500m = .5 cores). Default to 100m.
// +optional
DashboardCpuRequest string `json:"dashboardCpuRequest,omitempty"`
// Dashboard ingress custom settings.
// +optional
DashboardIngress IngressCustomSettings `json:"dashboardIngress,omitempty"`
// Dashboard route custom settings.
// +optional
DashboardRoute RouteCustomSettings `json:"dashboardRoute,omitempty"`
// Deprecated in favor of `externalDevfileRegistries` fields.
// +optional
DevfileRegistryUrl string `json:"devfileRegistryUrl,omitempty"`
@ -458,6 +464,9 @@ type IngressCustomSettings struct {
// Comma separated list of labels that can be used to organize and categorize objects by scoping and selecting.
// +optional
Labels string `json:"labels,omitempty"`
// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
}
// Route custom settings, can be extended in the future
@ -470,6 +479,9 @@ type RouteCustomSettings struct {
// The generated host name will follow this pattern: `<route-name>-<route-namespace>.<domain>`.
// +optional
Domain string `json:"domain,omitempty"`
// Unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
}
// ResourceRequirements describes the compute resource requirements.

32
pkg/apis/org/v1/zz_generated.deepcopy.go
View File

@ -107,8 +107,8 @@ func (in *CheClusterSpecAuth) DeepCopyInto(out *CheClusterSpecAuth) {
*out = new(bool)
**out = **in
}
out.IdentityProviderIngress = in.IdentityProviderIngress
out.IdentityProviderRoute = in.IdentityProviderRoute
in.IdentityProviderIngress.DeepCopyInto(&out.IdentityProviderIngress)
in.IdentityProviderRoute.DeepCopyInto(&out.IdentityProviderRoute)
out.IdentityProviderContainerResources = in.IdentityProviderContainerResources
return
}
@ -208,15 +208,17 @@ func (in *CheClusterSpecMetrics) DeepCopy() *CheClusterSpecMetrics {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *CheClusterSpecServer) DeepCopyInto(out *CheClusterSpecServer) {
*out = *in
out.DevfileRegistryIngress = in.DevfileRegistryIngress
out.DevfileRegistryRoute = in.DevfileRegistryRoute
in.DashboardIngress.DeepCopyInto(&out.DashboardIngress)
in.DashboardRoute.DeepCopyInto(&out.DashboardRoute)
in.DevfileRegistryIngress.DeepCopyInto(&out.DevfileRegistryIngress)
in.DevfileRegistryRoute.DeepCopyInto(&out.DevfileRegistryRoute)
if in.ExternalDevfileRegistries != nil {
in, out := &in.ExternalDevfileRegistries, &out.ExternalDevfileRegistries
*out = make([]ExternalDevfileRegistries, len(*in))
copy(*out, *in)
}
out.PluginRegistryIngress = in.PluginRegistryIngress
out.PluginRegistryRoute = in.PluginRegistryRoute
in.PluginRegistryIngress.DeepCopyInto(&out.PluginRegistryIngress)
in.PluginRegistryRoute.DeepCopyInto(&out.PluginRegistryRoute)
if in.CustomCheProperties != nil {
in, out := &in.CustomCheProperties, &out.CustomCheProperties
*out = make(map[string]string, len(*in))
@ -231,8 +233,8 @@ func (in *CheClusterSpecServer) DeepCopyInto(out *CheClusterSpecServer) {
(*out)[key] = val
}
}
out.CheServerIngress = in.CheServerIngress
out.CheServerRoute = in.CheServerRoute
in.CheServerIngress.DeepCopyInto(&out.CheServerIngress)
in.CheServerRoute.DeepCopyInto(&out.CheServerRoute)
return
}
@ -298,6 +300,13 @@ func (in *ExternalDevfileRegistries) DeepCopy() *ExternalDevfileRegistries {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *IngressCustomSettings) DeepCopyInto(out *IngressCustomSettings) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}
@ -348,6 +357,13 @@ func (in *ResourcesCustomSettings) DeepCopy() *ResourcesCustomSettings {
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *RouteCustomSettings) DeepCopyInto(out *RouteCustomSettings) {
*out = *in
if in.Annotations != nil {
in, out := &in.Annotations, &out.Annotations
*out = make(map[string]string, len(*in))
for key, val := range *in {
(*out)[key] = val
}
}
return
}

4
pkg/deploy/dashboard/dashboard.go
View File

@ -38,8 +38,8 @@ func (d *Dashboard) SyncAll() (done bool, err error) {
// Expose dashboard service with route or ingress
_, done, err = expose.ExposeWithHostPath(d.deployContext, d.component, d.deployContext.CheCluster.Spec.Server.CheHost,
"/dashboard",
d.deployContext.CheCluster.Spec.Server.CheServerRoute,
d.deployContext.CheCluster.Spec.Server.CheServerIngress,
d.deployContext.CheCluster.Spec.Server.DashboardRoute,
d.deployContext.CheCluster.Spec.Server.DashboardIngress,
)
if !done {
return false, err

13
pkg/deploy/identity-provider/identity_provider.go
View File

@ -38,7 +38,9 @@ var (
syncOpenShiftIdentityProvider,
SyncGitHubOAuth,
}
keycloakClientURLsUpdated = false
keycloakUpdated = false
keycloakCheHost = ""
)
// SyncIdentityProviderToCluster instantiates the identity provider (Keycloak) in the cluster. Returns true if
@ -125,15 +127,18 @@ func syncKeycloakResources(deployContext *deploy.DeployContext) (bool, error) {
break
}
}
if !keycloakClientURLsUpdated {
// Updates keycloak if chehost has been changed
if !keycloakUpdated || keycloakCheHost != deployContext.CheCluster.Spec.Server.CheHost {
if _, err := util.K8sclient.ExecIntoPod(
deployContext.CheCluster,
deploy.IdentityProviderName,
GetKeycloakUpdateCommand,
"Update redirect URI-s"); err != nil {
"Update redirect URI-s and webOrigins"); err != nil {
return false, err
} else {
keycloakClientURLsUpdated = true
keycloakUpdated = true
keycloakCheHost = deployContext.CheCluster.Spec.Server.CheHost
}
}
}

4
pkg/deploy/ingres_test.go
View File

@ -62,7 +62,8 @@ func TestIngressSpec(t *testing.T) {
serviceName: "che",
servicePort: 8080,
ingressCustomSettings: orgv1.IngressCustomSettings{
Labels: "type=default",
Labels: "type=default",
Annotations: map[string]string{"annotation-key": "annotation-value"},
},
initObjects: []runtime.Object{},
expectedIngress: &v1beta1.Ingress{
@ -81,6 +82,7 @@ func TestIngressSpec(t *testing.T) {
"nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600",
"nginx.ingress.kubernetes.io/proxy-read-timeout": "3600",
"nginx.ingress.kubernetes.io/ssl-redirect": "false",
"annotation-key": "annotation-value",
},
},
TypeMeta: metav1.TypeMeta{

25
pkg/deploy/ingress.go
View File

@ -60,13 +60,22 @@ func GetIngressSpec(
ingressCustomSettings orgv1.IngressCustomSettings,
component string) (ingressUrl string, i *v1beta1.Ingress) {
cheFlavor := DefaultCheFlavor(deployContext.CheCluster)
tlsSupport := deployContext.CheCluster.Spec.Server.TlsSupport
ingressStrategy := util.GetServerExposureStrategy(deployContext.CheCluster)
ingressDomain := deployContext.CheCluster.Spec.K8s.IngressDomain
tlsSecretName := deployContext.CheCluster.Spec.K8s.TlsSecretName
ingressClass := util.GetValue(deployContext.CheCluster.Spec.K8s.IngressClass, DefaultIngressClass)
labels := GetLabels(deployContext.CheCluster, component)
MergeLabels(labels, ingressCustomSettings.Labels)
if tlsSupport {
// for server and dashboard ingresses
if (component == cheFlavor || component == cheFlavor+"-dashboard") && deployContext.CheCluster.Spec.Server.CheHostTLSSecret != "" {
tlsSecretName = deployContext.CheCluster.Spec.Server.CheHostTLSSecret
}
}
if host == "" {
if ingressStrategy == "multi-host" {
host = component + "-" + deployContext.CheCluster.Namespace + "." + ingressDomain
@ -75,13 +84,6 @@ func GetIngressSpec(
}
}
tlsSecretName := util.GetValue(deployContext.CheCluster.Spec.K8s.TlsSecretName, "")
if tlsSupport {
if component == DefaultCheFlavor(deployContext.CheCluster) && deployContext.CheCluster.Spec.Server.CheHostTLSSecret != "" {
tlsSecretName = deployContext.CheCluster.Spec.Server.CheHostTLSSecret
}
}
var endpointPath, ingressPath string
if path == "" {
endpointPath, ingressPath = evaluatePath(component, ingressStrategy)
@ -100,6 +102,11 @@ func GetIngressSpec(
annotations["nginx.ingress.kubernetes.io/rewrite-target"] = "/$1"
}
// add custom annotations
for k, v := range ingressCustomSettings.Annotations {
annotations[k] = v
}
ingress := &v1beta1.Ingress{
TypeMeta: metav1.TypeMeta{
Kind: "Ingress",
@ -136,9 +143,7 @@ func GetIngressSpec(
if tlsSupport {
ingress.Spec.TLS = []v1beta1.IngressTLS{
{
Hosts: []string{
ingressDomain,
},
Hosts: []string{host},
SecretName: tlsSecretName,
},
}

17
pkg/deploy/route.go
View File

@ -78,10 +78,17 @@ func GetRouteSpec(
routeCustomSettings orgv1.RouteCustomSettings,
component string) (*routev1.Route, error) {
cheFlavor := DefaultCheFlavor(deployContext.CheCluster)
tlsSupport := deployContext.CheCluster.Spec.Server.TlsSupport
labels := GetLabels(deployContext.CheCluster, component)
MergeLabels(labels, routeCustomSettings.Labels)
// add custom annotations
annotations := map[string]string{}
for k, v := range routeCustomSettings.Annotations {
annotations[k] = v
}
weight := int32(100)
targetPort := intstr.IntOrString{
@ -94,9 +101,10 @@ func GetRouteSpec(
APIVersion: routev1.SchemeGroupVersion.String(),
},
ObjectMeta: metav1.ObjectMeta{
Name: name,
Namespace: deployContext.CheCluster.Namespace,
Labels: labels,
Name: name,
Namespace: deployContext.CheCluster.Namespace,
Labels: labels,
Annotations: annotations,
},
}
@ -124,7 +132,8 @@ func GetRouteSpec(
Termination: routev1.TLSTerminationEdge,
}
if name == DefaultCheFlavor(deployContext.CheCluster) && deployContext.CheCluster.Spec.Server.CheHostTLSSecret != "" {
// for server and dashboard ingresses
if (component == cheFlavor || component == cheFlavor+"-dashboard") && deployContext.CheCluster.Spec.Server.CheHostTLSSecret != "" {
secret := &corev1.Secret{}
namespacedName := types.NamespacedName{
Namespace: deployContext.CheCluster.Namespace,

14
pkg/deploy/route_test.go
View File

@ -62,14 +62,18 @@ func TestRouteSpec(t *testing.T) {
serviceName: "che",
servicePort: 8080,
routeCustomSettings: orgv1.RouteCustomSettings{
Labels: "type=default",
Domain: "route-domain",
Labels: "type=default",
Domain: "route-domain",
Annotations: map[string]string{"annotation-key": "annotation-value"},
},
initObjects: []runtime.Object{},
expectedRoute: &routev1.Route{
ObjectMeta: metav1.ObjectMeta{
Name: "test",
Namespace: "eclipse-che",
Annotations: map[string]string{
"annotation-key": "annotation-value",
},
Labels: map[string]string{
"type": "default",
"app.kubernetes.io/component": "test-component",
@ -106,7 +110,8 @@ func TestRouteSpec(t *testing.T) {
serviceName: "che",
servicePort: 8080,
routeCustomSettings: orgv1.RouteCustomSettings{
Labels: "type=default",
Labels: "type=default",
Annotations: map[string]string{"annotation-key": "annotation-value"},
},
initObjects: []runtime.Object{},
expectedRoute: &routev1.Route{
@ -120,6 +125,9 @@ func TestRouteSpec(t *testing.T) {
"app.kubernetes.io/managed-by": DefaultCheFlavor(cheCluster) + "-operator",
"app.kubernetes.io/name": DefaultCheFlavor(cheCluster),
},
Annotations: map[string]string{
"annotation-key": "annotation-value",
},
},
TypeMeta: metav1.TypeMeta{
Kind: "Route",

1
templates/keycloak-update.sh
View File

@ -17,6 +17,7 @@ connectToKeycloak() {
updateKeycloak() {
{{ .Script }} update clients/{{ .KeycloakClientId }} \
-r '{{ .KeycloakRealm }}' \
-s webOrigins='["http://{{ .CheHost }}", "https://{{ .CheHost }}"]' \
-s redirectUris='["http://{{ .CheHost }}/dashboard/*", "https://{{ .CheHost }}/dashboard/*", "http://{{ .CheHost }}/factory*", "https://{{ .CheHost }}/factory*", "http://{{ .CheHost }}/f*", "https://{{ .CheHost }}/f*", "http://{{ .CheHost }}/_app/*", "https://{{ .CheHost }}/_app/*", "http://{{ .CheHost }}/swagger/*", "https://{{ .CheHost }}/swagger/*"]'
}