seg_yinzy
/
che-server
mirror of https://github.com/eclipse-che/che-server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
che-server/deploy
History
David Festal e0890235fa
Allow creating OpenShift objects under the current user account on OCP (#9577) 
* Support identity provider token retrieval in both JSON or URL formats.

That's required because some identity providers (such a `openshift-v3`)
correctly return the token information in JSON, as expected. So
switching to the url-based syntax should only used when the returned
json is invalid.

Signed-off-by: David Festal <dfestal@redhat.com>

* Introduce an `OpenShiftClientConfigFactory` to allow customizing the OpenShift config returned according to the current context (workspace ID, current user)

Signed-off-by: David Festal <dfestal@redhat.com>

* Openshift Infra + Multi-user => allow using OpenShift identity provider to connect to openshift with the OS oauth token of the current Che user.

This introduces a new property:

`che.infra.openshift.oauth_identity_provider`

Signed-off-by: David Festal <dfestal@redhat.com>

* Notify the user when a workspace cannot be started from the nav bar.

Signed-off-by: David Festal <dfestal@redhat.com>

* Add the ability to install the Openshift certificate into Keycloak

Signed-off-by: David Festal <dfestal@redhat.com>

* Add a yaml file to provide the openshift certificate as a secret,

in case it has to be installed into the dedicated Keycloak server.

Then the commands to install Che multiuser on Minishift with this
certificate are:

```
oc new-project che

oc process -f multi/openshift-certificate-secret.yaml -p
CERTIFICATE="$(minishift ssh docker exec origin /bin/cat
./openshift.local.config/master/ca.crt)" | oc apply -f -; \
oc new-app -f multi/postgres-template.yaml; \
oc new-app -f multi/keycloak-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io; \
oc apply -f pvc/che-server-pvc.yaml; \
oc new-app -f che-server-template.yaml -p ROUTING_SUFFIX=$(minishift
ip).nip.io -p CHE_MULTIUSER=true -p
CHE_INFRA_OPENSHIFT_OAUTH__IDENTITY__PROVIDER=openshift-v3; \
oc set volume dc/che --add -m /data --name=che-data-volume
--claim-name=che-data-volume
```

Of course it's still needed to register the `openshift-v3` identity
provider in the Keycloak server, as well as, add the corresponding
`OAuthClient` object in Minihshift.

Signed-off-by: David Festal <dfestal@redhat.com>
 		2018-05-28 11:39:44 +02:00
..
docker Move deployment files out of dockerfiles folder 2018-03-20 22:13:24 +02:00
kubernetes Make client id and secret configurable from command line 2018-05-18 11:12:29 +03:00
openshift Allow creating OpenShift objects under the current user account on OCP (#9577) 2018-05-28 11:39:44 +02:00