From fc5a58447a08d3cb194482ee8aa69d1b81acb5e5 Mon Sep 17 00:00:00 2001 From: Huong Nguyen Date: Sun, 3 Nov 2024 17:49:25 +0000 Subject: [PATCH 1/2] add document for che installation on eks --- antora.yml | 1 + modules/administration-guide/nav.adoc | 1 + .../pages/installing-che-on-AWS-EKS.adoc | 100 ++++++++++++++++++ 3 files changed, 102 insertions(+) create mode 100644 modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc diff --git a/antora.yml b/antora.yml index 4640f5737a..dbb8530fca 100644 --- a/antora.yml +++ b/antora.yml @@ -29,6 +29,7 @@ asciidoc: devworkspace: DevWorkspace devworkspace-id: devworkspace docker-cli: docker + eks: AWS EKS hosted-che-docs: xref:hosted-che:hosted-che.adoc[] identity-provider-legacy-id: keycloak identity-provider-legacy: Keycloak diff --git a/modules/administration-guide/nav.adoc b/modules/administration-guide/nav.adoc index ade8b2b88b..3d7c4aedd8 100644 --- a/modules/administration-guide/nav.adoc +++ b/modules/administration-guide/nav.adoc @@ -21,6 +21,7 @@ *** xref:installing-che-on-openshift-using-the-web-console.adoc[] *** xref:installing-che-in-a-restricted-environment.adoc[] *** xref:installing-che-on-microsoft-azure.adoc[] +*** xref:installing-che-on-AWS-EKS.adoc[] ** xref:installing-che-locally.adoc[] *** xref:installing-che-on-red-hat-openshift-local.adoc[] *** xref:installing-che-on-minikube.adoc[] diff --git a/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc b/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc new file mode 100644 index 0000000000..d2d36c6ee6 --- /dev/null +++ b/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc @@ -0,0 +1,100 @@ +:_content-type: PROCEDURE +:navtitle: Installing {prod-short} on the {eks} cluster +:description: Installing {prod-short} on the {eks} cluster +:keywords: installing-{prod-short}-on-the-eks-cluster +:page-aliases: + +[id="installing-{prod-short}-on-AWS-EKS.adoc"] += Installing {prod-short} on the {eks} cluster + +.Prerequisites +* A Che domain name +* A certificate for the che domain name: private and public keys in PEM format +* An external OIDC provider, you need the following information from your provider: Issuer URL, Client ID, Client Secret + +.Install required components +. Install link:https://kubernetes.github.io/ingress-nginx/[Ingress-Nginx Controller] ++ +[source,shell] +---- +kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.1/deploy/static/provider/aws/deploy.yaml +---- + +. Install the link:https://github.com/devfile/devworkspace-operator/tree/main[devworkspace-operator] ++ +[source,shell] +---- +kubectl create namespace devworkspace +kubectl apply -f https://raw.githubusercontent.com/devfile/devworkspace-operator/refs/heads/main/deploy/deployment/kubernetes/combined.yaml +---- + +. Install the link:https://github.com/eclipse-che/che-operator[eclipse-che-operator] ++ +[source,shell] +---- +kubectl apply -f https://raw.githubusercontent.com/eclipse-che/che-operator/refs/heads/main/deploy/deployment/kubernetes/combined.yaml +---- + +.Integrate the external OIDC provider with the EKS cluster +* Select your EKS cluster, and then select the `Access` tab. +* In the OIDC Identity Providers section, select Associate Identity Provider. +* On the Associate OIDC Identity Provider page, enter or select the following options, and then select Associate. +[subs="+quotes,attributes"] +---- +For Name, enter a unique name for the provider. +For Issuer URL, enter the URL for your provider +For Client ID, enter the OIDC identity provider's client ID +For Username claim, enter `email` +---- +.Create secret for the seft sign certificate +. Create a `che-tls` secret: ++ +[subs="+quotes,attributes"] +---- +$ {orch-cli} create secret tls che-tls \ +--key \ +--cert \ +-n {prod-namespace} +---- + +. Add the required labels to the secret: ++ +[subs="+quotes,attributes"] +---- +$ {orch-cli} label secret che-tls app.kubernetes.io/part-of=che.eclipse.org -n {prod-namespace} +---- + +.Deploy che cluster +. Prepare `CheCluster` manifest file +[source,shell,subs="+attributes,+quotes"] +---- +cat > /tmp/che-clsuter.yaml << EOF +kind: CheCluster +apiVersion: org.eclipse.che/v2 +metadata: + name: eclipse-che + namespace: ecclipse-che +spec: + networking: + ingressClassName: nginx + auth: + oAuthClientName: + oAuthSecret: + identityProviderURL: + gateway: + oAuthProxy: + cookieExpireSeconds: 300 + deployment: + containers: + - name: oauth-proxy + env: + - name: OAUTH2_PROXY_COOKIE_CSRF_PER-REQUEST + value: "true" + domain: + tlsSecretName: che-tls + components: + cheServer: + extraProperties: + CHE_OIDC_USERNAME__CLAIM: email +EOF +---- From 49187d2c5c15505d53b7acea068772dbacfd76ee Mon Sep 17 00:00:00 2001 From: Huong Nguyen Date: Sun, 3 Nov 2024 18:07:22 +0000 Subject: [PATCH 2/2] Add command deploy --- .../pages/installing-che-on-AWS-EKS.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc b/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc index d2d36c6ee6..c2c2dbc4a7 100644 --- a/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc +++ b/modules/administration-guide/pages/installing-che-on-AWS-EKS.adoc @@ -98,3 +98,8 @@ spec: CHE_OIDC_USERNAME__CLAIM: email EOF ---- +. Deploy cluster +[source,shell] +---- +kubectl apply -f /tmp/che-clsuter.yaml +---- \ No newline at end of file