-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Deploy dex on minikube #1719
Deploy dex on minikube #1719
Conversation
Skipping CI for Draft Pull Request. |
Codecov Report
@@ Coverage Diff @@
## main #1719 +/- ##
==========================================
- Coverage 11.01% 10.81% -0.20%
==========================================
Files 63 64 +1
Lines 6839 7141 +302
Branches 1175 1202 +27
==========================================
+ Hits 753 772 +19
- Misses 6086 6369 +283
Continue to review full report at Codecov.
|
I can't yarn the branch, is it issue on my side? Sorry if it is obvious issue, I don't work with yarn or javascript projects very often...
|
@sparkoo |
installers/dex/configmap.yaml
Outdated
# bcrypt hash of the string "password" | ||
hash: "$2a$10$2b2cU8CPhOTaGrs1HRQuAueS7JTT5ZHsHSzYiFPm1leZck7Mc8T4W" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we generate the password dynamically?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sparkoo
Could you answer pls?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it's needed. It's never meant to be used in production. It's like the admin:admin we now have in keycloak...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
AFAIK, we don't have admin:admin
in Keycloak for considerable amount of time. All the passwords are generated and stored in secrets.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
really? I remember logging into Che with admin:admin last time I've tested on minikube
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are talking about different things. I was saying that we generate password for Keycloak realm, but for the user login we keep admin:admin
.
So the question is: do we use this to login a Che user or Dex admin?
Fails to deploy Dex for me.
|
@sparkoo |
|
I tested on minikube v1.21.0 and reproduced issue with v1.23.0 |
To be honest initial scripts [1] don't work with minikube v1.23 as well |
@tolusha ok. I've initially run with older kubernetes version on latest minikube |
works with minikube 1.21 |
@tolusha I believe you're using different self-signed certificates for Dex and Che. Does it deploy CA of Dex self signed cert anywhere in eclipse-che namespace? I believe we need that in order to communicate with Dex over https from Che. |
resources/dex/configmap.yaml
Outdated
staticClients: | ||
- id: {{CLIENT_ID}} | ||
redirectURIs: | ||
- 'https://{{NAMESPACE}}.{{DOMAIN}}/oauth2/callback' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is not where che is exposed
✔ Users Dashboard : https://che-eclipse-che.192.168.39.106.nip.io
resources/dex/configmap.yaml
Outdated
config: | ||
inCluster: true | ||
web: | ||
https: 0.0.0.0:5556 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we need to listen on http as tls is already manager in ingress
@sparkoo |
@tolusha thank you. Works for me now as expected. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't know the code enough to review it, but it's doing what is suppose to. I'm able to login, get the tokens and use them against kubernetes API.
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: AndrienkoAleksandr, mmorhun, sparkoo, tolusha The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
New changes are detected. LGTM label has been removed. |
/retest |
1 similar comment
/retest |
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
What does this PR do?
Deploy dex on minikube
Screenshot/screencast of this PR
What issues does this PR fix or reference?
eclipse-che/che#19366
How to test this PR?
PR Checklist
As the author of this Pull Request I made sure that:
What issues does this PR fix or reference
andHow to test this PR
completedReviewers
Reviewers, please comment how you tested the PR when approving it.