* - move all Dockerfile logic to separate setup file
- allow to apply patches on top of existing theia instance
- recompile all extensions to ensure its compatible with current theia version
- Then we publish internally a new version on a local registry, and change dependency version on all extensions to make compliant with this version
- install globally typescript so typescript lsp is working
remaining 4 extensions not installed:
- https://github.com/eclipse/che-theia-github-plugin
- https://github.com/eclipse/che-theia-task-plugin
- https://github.com/eclipse/che-theia-java-plugin
- https://github.com/eclipse/che-theia-terminal-plugin (but terminal is not compliant for openshift)
Change-Id: Ic6ba219e35b0e83783dc37b28f05dd54f2864cf2
Signed-off-by: Florent BENOIT <fbenoit@redhat.com>
Parse THEIA_PORT environment variable in Theia start.sh script
to prevent failure of Theia start on k8s when there is a k8s
service "theia" and k8s injects THEIA_PORT environment variable
with a value such as tcp://19.19.191.19:3000
Signed-off-by: Oleksandr Garagatyi <ogaragat@redhat.com>
Signed-off-by: Oleksandr Garagatyi <ogaragat@redhat.com>
* Generate cache with THEIA_VERSION, Generate resolutions to use Theia dependency with strict version.
* Optimize docker images size.
* Reuse Theia node_modules on default extensions build.
* Use extensions json to get list default extensions from github or file system.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
also, if it is not provided but that the rate limit is reached, it will exit asking user to provide GITHUB_TOKEN
Change-Id: I29c575124f73afce39fda5a3fe92e57de387223c
Signed-off-by: Florent BENOIT <fbenoit@redhat.com>
Optimizing che-theia-factory loading sequence by adding it to the default che-theia docker image (#10062)
Signed-off-by: Sun Seng David TAN <sutan@redhat.com>
* Support identity provider token retrieval in both JSON or URL formats.
That's required because some identity providers (such a `openshift-v3`)
correctly return the token information in JSON, as expected. So
switching to the url-based syntax should only used when the returned
json is invalid.
Signed-off-by: David Festal <dfestal@redhat.com>
* Introduce an `OpenShiftClientConfigFactory` to allow customizing the OpenShift config returned according to the current context (workspace ID, current user)
Signed-off-by: David Festal <dfestal@redhat.com>
* Openshift Infra + Multi-user => allow using OpenShift identity provider to connect to openshift with the OS oauth token of the current Che user.
This introduces a new property:
`che.infra.openshift.oauth_identity_provider`
Signed-off-by: David Festal <dfestal@redhat.com>
* Notify the user when a workspace cannot be started from the nav bar.
Signed-off-by: David Festal <dfestal@redhat.com>
* Add the ability to install the Openshift certificate into Keycloak
Signed-off-by: David Festal <dfestal@redhat.com>
* Add a yaml file to provide the openshift certificate as a secret,
in case it has to be installed into the dedicated Keycloak server.
Then the commands to install Che multiuser on Minishift with this
certificate are:
```
oc new-project che
oc process -f multi/openshift-certificate-secret.yaml -p
CERTIFICATE="$(minishift ssh docker exec origin /bin/cat
./openshift.local.config/master/ca.crt)" | oc apply -f -; \
oc new-app -f multi/postgres-template.yaml; \
oc new-app -f multi/keycloak-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io; \
oc apply -f pvc/che-server-pvc.yaml; \
oc new-app -f che-server-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io -p CHE_MULTIUSER=true -p
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=openshift-v3; \
oc set volume dc/che --add -m /data --name=che-data-volume
--claim-name=che-data-volume
```
Of course it's still needed to register the `openshift-v3` identity
provider in the Keycloak server, as well as, add the corresponding
`OAuthClient` object in Minihshift.
Signed-off-by: David Festal <dfestal@redhat.com>
* CHE-9716: Use the fixed version of Theia in eclipse/che-theia image
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Improve code.
Signed-off-by: Oleksandr Andriienko <oandriie@redhat.com>
* Use templates only to deploy Che to OpenShift
* Avoid breaking existing scripts
* Avoid breaking existing scripts
* Fixes
* Cleanup
* Cleanup
* Fixup
* New line and typos
* New line and typos
* Update dc/che. Env variables
* Remove creationtimestamp
* Template cleanup. Update README
* Fix DB URL env
* Add missing keycloak param
* Changes to ocp.sh to use new templates. Fix Keycloak template
* Env support
* Update server yaml. Update ocp.sh
* Configure CHE_IMAGE and CHE_TAG
* Add recycler
* Revern recycler sa
* Using credentials and creating ws in separate namespaces
* Use custom Keycloak image
* Use custom Keycloak image
* Remove use of credentials
Introduce an External Server Exposer Strategy,
responsible for exposing service ports associated with external servers,
making them accessible from outside the cluster.
Move server exposure to shared k8s infra level:
- multi-host: unique hostname for each component, like Che Openshift infrastructure.
- single-host: single hostname for all components. Can be used in conjunction with TLS.
- default-host: default ingress hostname. Can be used for local development without dynamic DNS (based on ingress IP).
Add basic TLS support.
Signed-off-by: Guy Daich <guy.daich@sap.com>
Enable single-level DNS domains (*.domain.tld) in SINGLE_PORT mode to simplify HTTPS setup.
Use whole folder for traefik conf to inject SSL certificates and custom configuration.
CHE_SINGLEPORT_WILDCARD__DOMAIN_IPLESS to che.env.
Signed-off-by: Hanno Kolvenbach <kolvenbach@silexica.com>
Allow switching to an alternate OIDC provider (provided that it emits access tokens as JWT tokens).
This is the implementation required in upstream Che, for issues
redhat-developer/rh-che#502 and
redhat-developer/rh-che#525
Signed-off-by: David Festal <dfestal@redhat.com>
Florent BENOIT