From f835677fbb4935bb716a362670bed922271d6e34 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 12 Nov 2024 17:07:40 +0100 Subject: [PATCH 1/2] Update CheCluster patch when deploying Che with Keycloak as OIDC provider Signed-off-by: Anatolii Bazko --- .../pages/installing-che-on-minikube-keycloak-oidc.adoc | 7 +++++++ .../installing-che-on-the-virtual-kubernetes-cluster.adoc | 8 +++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc b/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc index 3cb3ea5aa4..01e20d48ed 100644 --- a/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc +++ b/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc @@ -307,6 +307,12 @@ spec: gateway: oAuthProxy: cookieExpireSeconds: 300 + deployment: + containers: + - env: + - name: OAUTH2_PROXY_BACKEND_LOGOUT_URL + value: "http://keycloak.$(minikube ip).nip.io/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}" + name: oauth-proxy components: cheServer: extraProperties: @@ -333,6 +339,7 @@ helm install che \ --set networking.auth.identityProviderURL=https://keycloak.$(minikube ip).nip.io/realms/che . && \ sleep 5s && \ {orch-cli} patch checluster/eclipse-che --patch '{"spec": {"components": {"cheServer": {"extraProperties": {"CHE_OIDC_USERNAME__CLAIM": "email"}}}}}' --type=merge -n eclipse-che +{orch-cli} patch checluster/eclipse-che --patch '{"spec": {"networking": {"auth": {"gateway": {"deployment": {"containers": [{"name": "oauth-proxy", "env":[{"name": "OAUTH2_PROXY_BACKEND_LOGOUT_URL", "value": "http://keycloak.$(minikube ip).nip.io/realms/che/protocol/openid-connect/logout?id_token_hint={id_token}"}]}]}}}}}}' --type=merge -n eclipse-che ---- .Verification steps diff --git a/modules/administration-guide/pages/installing-che-on-the-virtual-kubernetes-cluster.adoc b/modules/administration-guide/pages/installing-che-on-the-virtual-kubernetes-cluster.adoc index b3620310a5..863e8d5197 100644 --- a/modules/administration-guide/pages/installing-che-on-the-virtual-kubernetes-cluster.adoc +++ b/modules/administration-guide/pages/installing-che-on-the-virtual-kubernetes-cluster.adoc @@ -628,7 +628,13 @@ spec: gateway: oAuthProxy: cookieExpireSeconds: 300 - components: + deployment: + containers: + - env: + - name: OAUTH2_PROXY_BACKEND_LOGOUT_URL + value: "http://$KEYCLOAK_HOST/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}" + name: oauth-proxy +components: cheServer: extraProperties: CHE_OIDC_USERNAME__CLAIM: email From d35a5e0fcdcabde8bc48c4835adfeadae78df249 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 12 Nov 2024 17:19:46 +0100 Subject: [PATCH 2/2] Fixup Signed-off-by: Anatolii Bazko --- .../pages/installing-che-on-minikube-keycloak-oidc.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc b/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc index 01e20d48ed..4ce5954092 100644 --- a/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc +++ b/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc @@ -339,7 +339,7 @@ helm install che \ --set networking.auth.identityProviderURL=https://keycloak.$(minikube ip).nip.io/realms/che . && \ sleep 5s && \ {orch-cli} patch checluster/eclipse-che --patch '{"spec": {"components": {"cheServer": {"extraProperties": {"CHE_OIDC_USERNAME__CLAIM": "email"}}}}}' --type=merge -n eclipse-che -{orch-cli} patch checluster/eclipse-che --patch '{"spec": {"networking": {"auth": {"gateway": {"deployment": {"containers": [{"name": "oauth-proxy", "env":[{"name": "OAUTH2_PROXY_BACKEND_LOGOUT_URL", "value": "http://keycloak.$(minikube ip).nip.io/realms/che/protocol/openid-connect/logout?id_token_hint={id_token}"}]}]}}}}}}' --type=merge -n eclipse-che +{orch-cli} patch checluster/eclipse-che --patch '{"spec": {"networking": {"auth": {"gateway": {"deployment": {"containers": [{"name": "oauth-proxy", "env":[{"name": "OAUTH2_PROXY_BACKEND_LOGOUT_URL", "value": "http://keycloak.$(minikube ip).nip.io/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}"}]}]}}}}}}' --type=merge -n eclipse-che ---- .Verification steps