* Back off openshift oauth, when oauth can't be used
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Use freezed go modules.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Add newer olm bundle.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Always add the devfile registry public URL env var (#192)
This fixes the [CRW-710](https://issues.redhat.com/browse/CRW-710) blocker JIRA bug (blocking CRW 2.1 release)
Signed-off-by: David Festal <dfestal@redhat.com>
* Correctly propagate proxy settings in the operator and Keycloak (CRW-709) (#200)
* Correctly propagate proxy settings in the operator and Keycloak .This fixes issue https://issues.redhat.com/browse/CRW-709
* Use the same Go release in PR checks as in the main Docker file to avoid a syntax arror in the PR check jobs
Signed-off-by: David Festal <dfestal@redhat.com>
* Refactoring
Co-authored-by: David Festal <dfestal@redhat.com>
* Move image related default variables to the operator env.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Fix tests.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Use the same env name for CRW and Upstream Che
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Clean up.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Improve most che-operator env names
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Use cheImage instead of repo only in the envs. Rename cheImageTag to cheVersion.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Add forgotten che-image tag to IMAGE_default_che_server
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Add some logic for back compatibilty with Che 7.8.0
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Handle one of the realese scripts.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Fix GetFullCheServerImageLink
Signed-off-by: Anatoliy Bazko <abazko@redhat.com>
* Remove extra_images.go
Signed-off-by: Anatoliy Bazko <abazko@redhat.com>
* Fix tests
Signed-off-by: Anatoliy Bazko <abazko@redhat.com>
* Improve release scripts.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Add docker images env to operator-local.yaml
Signed-off-by: flacatus <flacatus@redhat.com>
* Che 15874 - fix wrong docker images and update olm files (#174)
* Fix wrong docker images values
The docker images set in this GH repo should be the upstream ones,
not the CRW ones
Signed-off-by: David Festal <dfestal@redhat.com>
Co-authored-by: Anatolii Bazko <abazko@redhat.com>
Co-authored-by: Flavius Lacatusu <59865209+flacatus@users.noreply.github.com>
Co-authored-by: David Festal <dfestal@redhat.com>
Add new boolean property gitSelfSignedCertthat applies environment variables that contain SSL certificate and git host written from che-git-self-signed-cert config map.
The same logic is applied for the helm deployment: eclipse/che#15218fixeseclipse/che#15285
Docs PR: eclipse/che-docs#1001
Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
* Set CHE_DEVFILE_HTTPS_ENDPOINT and react to changes on it
* Change HTTPS_ENDPOINT to REGISTRY_URL
* Only set the devfile registry URL to the autogenerated one when we are not using an external devfile registry
Signed-off-by: Tom George <tg82490@gmail.com>
In history it was not appended, when flavor was codeready (backwards compatibility). I think this is not needed anymore.
Signed-off-by: Radim Hopp <rhopp@redhat.com>
* Add a script to generate extra_images.go, only add the extra images data to che configmap if we are in airgap mode
* Initial implementation of adding configmaps to registries
* Add owner reference to the configmap
* Update plugin and devfile registries when a change to either airgap property occurs
Signed-off-by: Tom George <tg82490@gmail.com>
* Add openapi gen flags
* Get code to compile with new OpenApi field names
Signed-off-by: Tom George <tg82490@gmail.com>
* Complete the doc & fix optional management
* Rename the CRD to the initial name.
* Correctly update the CRD file
* remove unused and error-prone CRD file
* Update OLM packages with new OpenApi defs
Signed-off-by: David Festal <dfestal@redhat.com>
* Determine if we are in airgap mode and patch the images appropriately
* Do the rest of the images in the che deployment
* Add map of extra images for airgap
* Add a script to generate extra_images.go, only add the extra images data to che configmap if we are in airgap mode
* Download the release version of che.properties
* Remove unnecessary properties
* Remove airGapMode boolean, make it so that setting either the airGapHostname/Organization will start the deployment in airgap mode
Signed-off-by: Tom George <tg82490@gmail.com>
* Fix a linter error
* Fix a couple of tests that assume openshift v3 APIs
* Add overrideCheProperties to allow custom properties in the che config map
- If the custom configmap exists for some reason, merge it with the che configmap, and then delete it
- Rename GetCustomConfigMapData to GetPredefinedConfigMapData since we are not using the custom config map anymore
* Merge custom configmap into overrideCheProperties and delete it if it exists
* change OverrideCheProperties to CustomCheProperties, make it a type of map[string]string
* Correct error handling of custom config map and move it up higher in the reconciliation function
* Add serviceaccountname to Che configmap, remove GetPredefinedConfigMapData()
* Update CR then delete configmap
* Add license back
* Format license block
Signed-off-by: Tom George <tg82490@gmail.com>
* Enable the `token-exchange` preview KC feature
* Add what should be done on the Che side
* Automatic token-exchange permissions config
* fix oauth provision script
* Fail-safe removal of the `openshift` id provider
* Fix possible inconsistencies in OS OAuth status
* Update README.md according to suggestion
Co-Authored-By: Robert Krátký <rkratky@redhat.com>
Signed-off-by: David Festal <dfestal@redhat.com>
* First round of impl in the Go code
* Correct management of the status
* Add `users` permisions in cluster role
* Upgrade `operator-sdk` CLI pre-req to `v0.10.0`
* Produce a CSV diff to help reviews
* fix trailing spaces that break `gen-csv` desc mgt
* Update nightly CSVs
* Add the new OLM descriptors in the new nightly CSVs
Signed-off-by: David Festal <dfestal@redhat.com>
* Refactor defaults mgt for flavor-related props
* Don't update the CR with effective docker images
* Also redeploy Postgres when image changes
* Now correctly manage upgrade from 7.0.0 GA
* Wait for rolling update of secondary deployments
Signed-off-by: David Festal <dfestal@redhat.com>
* Add both `https` and `http` redirect URLs in the `OAuthClient`
* Take registry URL settings into account
* Only update registry URLs in Status when necessary
* Update registry routes or ingresses when switching to TLS
* Restart pod on deployment-driving CR field change
Signed-off-by: David Festal <dfestal@redhat.com>
* Add pull policies
* Add configurable pull policies for deployments in Che, Keycloak and Postgres deployments
* `Always` policy by default for `nightly`/`latest` images
Signed-off-by: David Festal <dfestal@redhat.com>
* Update API
* Update defaults
* update controller
* Separate memory limits and requests as in PR https://github.com/eclipse/che/pull/13890/files#diff-a488b4bdede7547798a17f6830874b05R59
* update release script to also change default image tag of registry containers
* Also remove overridden `nightly` registry images
* Add registry nightly images in nightly OLM packages
Signed-off-by: David Festal <dfestal@redhat.com>
* Make the OS 4 API url retrieval more robust
Signed-off-by: David Festal <dfestal@redhat.com>
* Fix a bug when removing openshift v4 provider
On Openshift arbitrary user mode.
Signed-off-by: David Festal <dfestal@redhat.com>
* Roll-update Keycloak when certificates changed
Signed-off-by: David Festal <dfestal@redhat.com>
* Don't loose the controller ref on Keycloak update
Signed-off-by: David Festal <dfestal@redhat.com>
* Remove the finalizer when disabling OS OAuth
Signed-off-by: David Festal <dfestal@redhat.com>
* Upgrade defaults to `7.0.0-RC-2.0`
Signed-off-by: David Festal <dfestal@redhat.com>
* fix wrong whitespaces
Signed-off-by: David Festal <dfestal@redhat.com>
* Support the new `openshift-v4` identity provider
* Add permissions for the Openshift v4 provider and reduce
the requested permissions to manage the OAuth client
* Add field for workspace cluster role to operator
* Update Che controller test to verify custom role.
Signed-off-by: John Collier <John.J.Collier@ibm.com>
* Use `7.0.0-beta-5.0` Keycloak docker image
* use `/scripts` as home dir for `kcadm`
* Add `runAsUser` on Postgres for k8s
* Update k8s security context from upstream
* update the CR with security context settings
* Fix a bug with `openshiftoAuth: true` on K8S
Signed-off-by: David Festal <dfestal@redhat.com>
Anatolii Bazko