-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Automatically propagate ca-certs configmap content into server and identity provider #487
Conversation
…nd identity provider Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Skipping CI for Draft Pull Request. |
@@ -221,6 +223,10 @@ func getSpecKeycloakDeployment( | |||
} | |||
|
|||
keycloakEnv := []corev1.EnvVar{ | |||
{ | |||
Name: "CM_REVISIONS", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need this in the Keycloak and Che containers env? If we need to mark something, isn't labels does the work?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Moved.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we also restart the Che server when the content of this config map changes ?
Maybe it is already done and I missed it ?
pkg/controller/che/che_controller.go
Outdated
if instance.Spec.Server.ServerTrustStoreConfigMapName != "" { | ||
trustStoreConfigMap, _ := deploy.GetClusterConfigMap(instance.Spec.Server.ServerTrustStoreConfigMapName, instance.Namespace, clusterAPI.Client) | ||
if trustStoreConfigMap != nil { | ||
// trustStoreConfigMap might be created by user, to detect changes we have to add the owner |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why ? Isn't the main method run regularly anyway ?
Not sure what the requirement for an owner will mean when we select all the config maps that have a given label.
@davidfestal |
Oh, I see. Sorry I missed it. |
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
It is turned out that changing annotations does not restart pods. |
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
@davidfestal |
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
@davidfestal |
Signed-off-by: Anatolii Bazko <abazko@redhat.com>
@tolusha: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great that now we won't have to rollout any POD manually after adding certificates.
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: davidfestal, tolusha The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@davidfestal |
…entity provider (#487) * Automatically propagate serverTrustStoreConfigMap context to server and identity provider Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Signed-off-by: Anatolii Bazko abazko@redhat.com
Reference issue
eclipse-che/che#17918
What does this PR do