fixes

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

package.json

@@ -94,7 +94,7 @@
   "files": [
     "/bin",
     "/lib",
-    "/installers",
+    "/resources",
     "/npm-shrinkwrap.json",
     "/oclif.manifest.json",
     "/prepare-che-operator-templates.js"

installers/dex/configmap.yaml → resources/dex/configmap.yaml

@@ -7,7 +7,7 @@ metadata:
     app: dex
 data:
   config.yaml: |
-    issuer: https://dex.{{DOMAIN}}:32000
+    issuer: https://dex.{{DOMAIN}}
     storage:
       type: kubernetes
       config:

resources/dex/ingress.yaml

@@ -0,0 +1,30 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dex
+  namespace: dex
+  labels:
+    app: dex
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/ssl-redirect: "true"
+spec:
+  rules:
+  - host: dex.{{DOMAIN}}
+    http:
+      paths:
+      - backend:
+          service:
+            name: dex
+            port:
+              number: 5556
+        path: /
+        pathType: ImplementationSpecific
+  tls:
+  - hosts:
+    - dex.{{DOMAIN}}
+    secretName: dex.tls
+

installers/dex/service.yaml → resources/dex/service.yaml

@@ -7,12 +7,9 @@ metadata:
   labels:
     app: dex
 spec:
-  type: NodePort
   ports:
   - name: dex
     port: 5556
     protocol: TCP
-    targetPort: 5556
-    nodePort: 32000
   selector:
     app: dex

src/api/che.ts

@@ -222,7 +222,7 @@ export class CheHelper {
   }
 
   async chePluginRegistryK8sURL(namespace = ''): Promise<string> {
-    if (await this.kube.ingressExist('plugin-registry', namespace)) {
+    if (await this.kube.isIngressExist('plugin-registry', namespace)) {
       const protocol = await this.kube.getIngressProtocol('plugin-registry', namespace)
       const hostname = await this.kube.getIngressHost('plugin-registry', namespace)
       return `${protocol}://${hostname}`
@@ -242,7 +242,7 @@ export class CheHelper {
   async cheK8sURL(namespace = ''): Promise<string> {
     const ingress_names = ['che', 'che-ingress']
     for (const ingress_name of ingress_names) {
-      if (await this.kube.ingressExist(ingress_name, namespace)) {
+      if (await this.kube.isIngressExist(ingress_name, namespace)) {
         const protocol = await this.kube.getIngressProtocol(ingress_name, namespace)
         const hostname = await this.kube.getIngressHost(ingress_name, namespace)
         return `${protocol}://${hostname}`

src/api/kube.ts

@@ -10,7 +10,7 @@
  *   Red Hat, Inc. - initial API and implementation
  */
 
-import { AdmissionregistrationV1Api, ApiextensionsV1Api, ApiextensionsV1beta1Api, ApisApi, AppsV1Api, AuthorizationV1Api, BatchV1Api, CoreV1Api, CustomObjectsApi, KubeConfig, Log, NetworkingV1Api, PortForward, RbacAuthorizationV1Api, V1ClusterRole, V1ClusterRoleBinding, V1ClusterRoleBindingList, V1ConfigMap, V1ConfigMapEnvSource, V1Container, V1ContainerStateTerminated, V1ContainerStateWaiting, V1Deployment, V1DeploymentList, V1DeploymentSpec, V1EnvFromSource, V1IngressList, V1Job, V1JobSpec, V1LabelSelector, V1MutatingWebhookConfiguration, V1Namespace, V1NamespaceList, V1ObjectMeta, V1PersistentVolumeClaimList, V1Pod, V1PodCondition, V1PodList, V1PodSpec, V1PodTemplateSpec, V1PolicyRule, V1Role, V1RoleBinding, V1RoleBindingList, V1RoleList, V1RoleRef, V1Secret, V1SelfSubjectAccessReview, V1SelfSubjectAccessReviewSpec, V1Service, V1ServiceAccount, V1ServiceList, V1Subject, Watch } from '@kubernetes/client-node'
+import { AdmissionregistrationV1Api, ApiextensionsV1Api, ApiextensionsV1beta1Api, ApisApi, AppsV1Api, AuthorizationV1Api, BatchV1Api, CoreV1Api, CustomObjectsApi, KubeConfig, Log, NetworkingV1Api, PortForward, RbacAuthorizationV1Api, V1ClusterRole, V1ClusterRoleBinding, V1ClusterRoleBindingList, V1ConfigMap, V1ConfigMapEnvSource, V1Container, V1ContainerStateTerminated, V1ContainerStateWaiting, V1Deployment, V1DeploymentList, V1DeploymentSpec, V1EnvFromSource, V1Ingress, V1IngressList, V1Job, V1JobSpec, V1LabelSelector, V1MutatingWebhookConfiguration, V1Namespace, V1NamespaceList, V1ObjectMeta, V1PersistentVolumeClaimList, V1Pod, V1PodCondition, V1PodList, V1PodSpec, V1PodTemplateSpec, V1PolicyRule, V1Role, V1RoleBinding, V1RoleBindingList, V1RoleList, V1RoleRef, V1Secret, V1SelfSubjectAccessReview, V1SelfSubjectAccessReviewSpec, V1Service, V1ServiceAccount, V1ServiceList, V1Subject, Watch } from '@kubernetes/client-node'
 import { Cluster, Context } from '@kubernetes/client-node/dist/config_types'
 import axios, { AxiosRequestConfig } from 'axios'
 import { cli } from 'cli-ux'
@@ -179,25 +179,25 @@ export class KubeHelper {
       // Set up watcher
       const watcher = new Watch(this.kubeConfig)
       const request = await watcher
-      .watch(`/api/v1/namespaces/${namespace}/serviceaccounts`, {},
-        (_phase: string, obj: any) => {
-          const serviceAccount = obj as V1ServiceAccount
+        .watch(`/api/v1/namespaces/${namespace}/serviceaccounts`, {},
+          (_phase: string, obj: any) => {
+            const serviceAccount = obj as V1ServiceAccount
 
-          // Filter other service accounts in the given namespace
-          if (serviceAccount && serviceAccount.metadata && serviceAccount.metadata.name === name) {
-            // The service account is present, stop watching
-            if (request) {
-              request.abort()
+            // Filter other service accounts in the given namespace
+            if (serviceAccount && serviceAccount.metadata && serviceAccount.metadata.name === name) {
+              // The service account is present, stop watching
+              if (request) {
+                request.abort()
+              }
+              // Release awaiter
+              resolve()
             }
-            // Release awaiter
-            resolve()
-          }
-        },
-        error => {
-          if (error) {
-            reject(error)
-          }
-        })
+          },
+          error => {
+            if (error) {
+              reject(error)
+            }
+          })
 
       // Automatically stop watching after timeout
       const timeoutHandler = setTimeout(() => {
@@ -1399,28 +1399,28 @@ export class KubeHelper {
       // Set up watcher
       const watcher = new Watch(this.kubeConfig)
       const request = await watcher
-      .watch(`/apis/batch/v1/namespaces/${namespace}/jobs/`, {},
-        (_phase: string, obj: any) => {
-          const job = obj as V1Job
-
-          // Filter other jobs in the given namespace
-          if (job && job.metadata && job.metadata.name === jobName) {
-            // Check job status
-            if (job.status && job.status.succeeded && job.status.succeeded >= 1) {
-              // Job is finished, stop watching
-              if (request) {
-                request.abort()
+        .watch(`/apis/batch/v1/namespaces/${namespace}/jobs/`, {},
+          (_phase: string, obj: any) => {
+            const job = obj as V1Job
+
+            // Filter other jobs in the given namespace
+            if (job && job.metadata && job.metadata.name === jobName) {
+              // Check job status
+              if (job.status && job.status.succeeded && job.status.succeeded >= 1) {
+                // Job is finished, stop watching
+                if (request) {
+                  request.abort()
+                }
+                // Release awaiter
+                resolve()
               }
-              // Release awaiter
-              resolve()
             }
-          }
-        },
-        error => {
-          if (error) {
-            reject(error)
-          }
-        })
+          },
+          error => {
+            if (error) {
+              reject(error)
+            }
+          })
 
       // Automatically stop watching after timeout
       const timeoutHandler = setTimeout(() => {
@@ -1460,12 +1460,29 @@ export class KubeHelper {
     }
   }
 
-  async ingressExist(name: string, namespace: string): Promise<boolean> {
+  async createIngressFromFile(filePath: string, namespace: string) {
+    const yamlIngress = this.safeLoadFromYamlFile(filePath) as V1Ingress
+    return this.createIngressFromObj(yamlIngress, namespace)
+  }
+
+  async createIngressFromObj(ingress: V1Ingress, namespace: string) {
     const networkingV1Api = this.kubeConfig.makeApiClient(NetworkingV1Api)
     try {
-      const { body } = await networkingV1Api.readNamespacedIngress(name, namespace)
-      return this.compare(body, name)
-    } catch {
+      return await networkingV1Api.createNamespacedIngress(namespace, ingress)
+    } catch (e) {
+      throw this.wrapK8sClientError(e)
+    }
+  }
+
+  async isIngressExist(name: string, namespace: string): Promise<boolean> {
+    const networkingV1Api = this.kubeConfig.makeApiClient(NetworkingV1Api)
+    try {
+      await networkingV1Api.readNamespacedIngress(name, namespace)
+      return true
+    } catch (e) {
+      if (e.response && e.response.statusCode === 404) {
+        return false
+      }
       return false
     }
   }
@@ -2730,32 +2747,32 @@ export class KubeHelper {
       // Set up watcher
       const watcher = new Watch(this.kubeConfig)
       const request = await watcher
-      .watch(`/api/v1/namespaces/${namespace}/secrets/`, { fieldSelector: `metadata.name=${secretName}` },
-        (_phase: string, obj: any) => {
-          const secret = obj as V1Secret
-
-          // Check all required data fields to be present
-          if (dataKeys.length > 0 && secret.data) {
-            for (const key of dataKeys) {
-              if (!secret.data[key]) {
-                // Key is missing or empty
-                return
+        .watch(`/api/v1/namespaces/${namespace}/secrets/`, { fieldSelector: `metadata.name=${secretName}` },
+          (_phase: string, obj: any) => {
+            const secret = obj as V1Secret
+
+            // Check all required data fields to be present
+            if (dataKeys.length > 0 && secret.data) {
+              for (const key of dataKeys) {
+                if (!secret.data[key]) {
+                  // Key is missing or empty
+                  return
+                }
               }
             }
-          }
 
-          // The secret with all specified fields is present, stop watching
-          if (request) {
-            request.abort()
-          }
-          // Release awaiter
-          resolve()
-        },
-        error => {
-          if (error) {
-            reject(error)
-          }
-        })
+            // The secret with all specified fields is present, stop watching
+            if (request) {
+              request.abort()
+            }
+            // Release awaiter
+            resolve()
+          },
+          error => {
+            if (error) {
+              reject(error)
+            }
+          })
 
       // Automatically stop watching after timeout
       const timeoutHandler = setTimeout(() => {

src/tasks/component-installers/cert-manager.ts

@@ -59,7 +59,7 @@ export class CertManagerTasks {
           if (!await fs.pathExists(yamlPath)) {
             // Older Che versions don't have Cert Manager install yaml in templates
             // Try to use embedded in chectl version
-            yamlPath = path.join(getEmbeddedTemplatesDirectory(), '..', 'installers', 'cert-manager.yml')
+            yamlPath = path.join(getEmbeddedTemplatesDirectory(), '..', 'resources', 'cert-manager.yml')
           }
           // Apply additional --validate=false flag to be able to deploy Cert Manager on Kubernetes v1.15.4 or below
           await this.kubeHelper.applyResource(yamlPath, '--validate=false')
@@ -195,7 +195,7 @@ export class CertManagerTasks {
     namespace: string): ReadonlyArray<Listr.ListrTask> {
     return [
       {
-        title: 'Request certificate',
+        title: `Request certificate for dnsNames: [${dnsNames}]`,
         task: async (ctx: any, task: any) => {
           if (ctx.cheCertificateExists) {
             throw new Error('Eclipse Che certificate already exists.')