-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Add pre-install task to check if an OIDC provider is installed #1912
Conversation
Codecov Report
@@ Coverage Diff @@
## main #1912 +/- ##
==========================================
- Coverage 10.61% 10.58% -0.04%
==========================================
Files 62 62
Lines 6813 6833 +20
Branches 1147 1152 +5
==========================================
Hits 723 723
- Misses 6090 6110 +20
Continue to review full report at Codecov.
|
}, | ||
task: async (_ctx: any, task: any) => { | ||
const kube = new KubeHelper(flags) | ||
const apiServerPods = await kube.getPodListByLabel('kube-system', 'component=kube-apiserver') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
checking apiserver container arguments looks a bit hacky. Have you checked that there isn't any API to get oidc url or something like that? I really don't know how this is realiable on various kubernetes flavors. (doing quick search I can't find anything so this may be our best bet)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I searched it second time and still found nothing. Looks like it is not possible to get via K8S API, API server configuration
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: AndrienkoAleksandr, mmorhun, tolusha The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
New changes are detected. LGTM label has been removed. |
@mmorhun: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Signed-off-by: Mykola Morhun mmorhun@redhat.com
What does this PR do?
Adds a new check that ensures k8s cluster has OIDC provider installed and configured.
The only exception is
minikube
as Dex is automatically installed.Screenshot/screencast of this PR
In case of missing OIDC provider on a k8s cluster:
![Screenshot from 2021-12-21 17-14-04](https://user-images.githubusercontent.com/15607393/146954544-27a8a75b-6458-45d6-b5fa-95b122f1f308.png)
In case of
![Screenshot from 2021-12-21 17-16-42](https://user-images.githubusercontent.com/15607393/146954633-e84bc9ef-d4a8-4984-b901-7584b67d8633.png)
minikube
:In case if Che is already installed, the check is disabled (and not displayed).
What issues does this PR fix or reference?
eclipse-che/che#20909
How to test this PR?
Try to deploy Che using
chectl server:deploy --platform=k8s --domain=****
.Deployment should fail if he cluster misses an OIDC provider installed and k8s API server configured to use it.
PR Checklist
As the author of this Pull Request I made sure that:
What issues does this PR fix or reference
andHow to test this PR
completedReviewers
Reviewers, please comment how you tested the PR when approving it.