Native auth breaks Che when it's enabled on an existing instance

[sleshchenko]

Describe the bug

Native auth breaks Che when it's enabled on an existing instance.

Che version

next (development version)

Steps to reproduce

1. Deploy Che on OpenShift without native auth: chectl server:deploy --installer=operator --platform=openshift
2. Open and access with user.
3. Configure Che Cluster with devworkspace enabled
   oc patch checluster/eclipse-che --type=merge --patch '{"spec":{"devWorkspace": {"enable": true}}}'
4. Try to access Che now.

Expected behavior

Che is working after devworkspace is enabled (where native auth is the default)

Notes: each of public endpoints have its own route but everything should go though gateway.
keycloak deployment is not removed (maybe it's kept for an ability to restore keycloak auth).

Runtime

OpenShift

Screenshots

Installation method

chectl/next

Environment

other (please specify in additional context)

Eclipse Che Logs

No response

Additional context

RHPDS OpenShift 4.8

[sparkoo]

I've tested that and it looks like issue is not in native auth directly. When I enable devworkspace, che-operator should deploy gateway, which is not happening. And native auth can't work without gateway. Also nativeUserMode: true is set properly in CheCluster, but keycloak deployment is still there. I guess the issue is deeper in che-operator than just native auth.

[sparkoo]

server.serverExposureStrategy must be set to single-host to deploy the gateway. However, keycloak deployment is stil there, even though auth.nativeUserMode is set to true. However, native auth is effectively enabled. It still not fully work as I can't get the workspace started. I'm not sure exactly why. Currently I don't want to dig deeper, but maybe we should start broader discussion about updating Che to devworkspaces

[tolusha]

I mark this issue as WON'T FIX for several reason:

• Dev Workspace is enabled by default sinse 7.42 [1]
• Switching must be done via migration guide [2]

[1] #20866
[2] #20614