From 067e524fa63ce45567174f97925946e20cec5caa Mon Sep 17 00:00:00 2001
From: Guy Daich <guy.daich@sap.com>
Date: Tue, 27 Feb 2018 19:48:59 +0200
Subject: [PATCH 1/5] Add Multiuser Che in k8s

Signed-off-by: Guy Daich <guy.daich@sap.com>
---
 .../charts/che-postgres/.helmignore           | 21 ++++++
 .../charts/che-postgres/Chart.yaml            |  4 ++
 .../templates/deployment-config.yaml          | 66 +++++++++++++++++++
 .../templates/postgres-data-claim.yaml        | 14 ++++
 .../che-postgres/templates/service.yaml       | 16 +++++
 .../charts/che-postgres/values.yaml           |  4 ++
 .../che-kubernetes-helm/requirements.yaml     |  5 ++
 .../templates/configmap.yaml                  |  2 +-
 .../modules/che-kubernetes-helm/values.yaml   |  1 +
 9 files changed, 132 insertions(+), 1 deletion(-)
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml

diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore
new file mode 100644
index 00000000000..f0c13194444
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml
new file mode 100644
index 00000000000..86786457b14
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A Helm chart for postgresql, used by Che and Keycloak
+name: che-postgres
+version: 1.0.0
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml
new file mode 100644
index 00000000000..4337f194964
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml
@@ -0,0 +1,66 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: postgres
+  name: postgres
+spec:
+  replicas: 1
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        io.kompose.service: postgres
+    spec:
+      containers:
+      - env:
+        - name: POSTGRESQL_USER
+          value: keycloak
+        - name: POSTGRESQL_PASSWORD
+          value: keycloak
+        - name: POSTGRESQL_DATABASE
+          value: keycloak
+        - name: "CHE_POSTGRES_USERNAME"
+          value: "pgche"
+        - name: "CHE_POSTGRES_PASSWORD"
+          value: "pgchepassword"
+        - name: "CHE_POSTGRES_DATABASE"
+          value: "dbche"
+        image: {{ .Values.image }}
+        securityContext:
+          runAsUser: 26
+        imagePullPolicy: Always
+        name: postgres
+        livenessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          successThreshold: 1
+          tcpSocket:
+            port: 5432
+          timeoutSeconds: 1
+        readinessProbe:
+          exec:
+            command:
+            - bash
+            - -c
+            - psql -h 127.0.0.1 -U ${POSTGRESQL_USER} -q -d $POSTGRESQL_DATABASE -c "SELECT 1"
+          failureThreshold: 10
+          initialDelaySeconds: 5
+          periodSeconds: 3
+          successThreshold: 1
+          timeoutSeconds: 1
+        ports:
+        - containerPort: 5432
+        resources: {}
+        volumeMounts:
+        - mountPath: /var/lib/pgsql/data
+          name: postgres-data
+      restartPolicy: Always
+      volumes:
+      - name: postgres-data
+        persistentVolumeClaim:
+          claimName: postgres-data
+  test: false
+status: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml
new file mode 100644
index 00000000000..93aa1a44ab7
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: postgres-data
+  name: postgres-data
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+status: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml
new file mode 100644
index 00000000000..6998f666cb5
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  creationTimestamp: null
+  labels:
+    io.kompose.service: postgres
+  name: postgres
+spec:
+  ports:
+  - name: "5432"
+    port: 5432
+    targetPort: 5432
+  selector:
+    io.kompose.service: postgres
+status:
+  loadBalancer: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml
new file mode 100644
index 00000000000..9fbbcbf64e5
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml
@@ -0,0 +1,4 @@
+# Default values for postgres.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image: eclipse/che-postgres:nightly
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
new file mode 100644
index 00000000000..2d2a7544e4e
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
@@ -0,0 +1,5 @@
+dependencies:
+  - name: che-postgres
+    repository: file://./charts/che-postgres/
+    version: 1.0.0
+    condition: multiuser
\ No newline at end of file
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
index 28c2d600294..f340b32f4fc 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
@@ -33,7 +33,7 @@ data:
   CHE_LOCAL_CONF_DIR: /etc/conf
   CHE_LOGS_DIR: /data/logs
   CHE_LOG_LEVEL: "INFO"
-  CHE_MULTIUSER: "false"
+  CHE_MULTIUSER: {{ .Values.multiuser }}
   CHE_OAUTH_GITHUB_CLIENTID: ""
   CHE_OAUTH_GITHUB_CLIENTSECRET: ""
   CHE_PREDEFINED_STACKS_RELOAD__ON__START: "false"
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
index 14c2370f4bb..ac6236ff924 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
@@ -1,6 +1,7 @@
 cheDomain: 192.168.99.100.nip.io
 isHostBased: true
 tlsEnabled: false
+multiuser: false
 
 # the following section is for secure registries. when uncommented, a pull secret will be created
 #registry:

From e28632595ecf7a81bcee1821bf9d6a27bcefb749 Mon Sep 17 00:00:00 2001
From: Guy Daich <guy.daich@sap.com>
Date: Wed, 28 Feb 2018 09:43:06 +0200
Subject: [PATCH 2/5] add keycloak

Signed-off-by: Guy Daich <guy.daich@sap.com>
---
 .../charts/che-keycloak/.helmignore           | 21 +++++
 .../charts/che-keycloak/Chart.yaml            |  4 +
 .../che-keycloak/templates/deployment.yaml    | 90 +++++++++++++++++++
 .../che-keycloak/templates/ingress.yaml       | 29 ++++++
 .../templates/keycloak-configure-job.yaml     | 34 +++++++
 .../templates/keycloak-data-claim.yaml        | 20 +++++
 .../templates/keycloak-log-claim.yaml         | 20 +++++
 .../che-keycloak/templates/service.yaml       | 20 +++++
 .../charts/che-keycloak/values.yaml           |  5 ++
 ...deployment-config.yaml => deployment.yaml} |  1 -
 .../modules/che-kubernetes-helm/readme.md     |  7 ++
 .../che-kubernetes-helm/requirements.yaml     |  6 +-
 .../templates/_hostHelper.tpl                 |  6 +-
 .../templates/_keycloakHostHelper.tpl         |  7 ++
 .../templates/cert-issuer.yaml                |  2 +-
 .../templates/certificate.yaml                |  8 +-
 .../templates/configmap.yaml                  | 11 ++-
 .../templates/deployment.yaml                 | 50 ++++++++++-
 .../templates/ingress.yaml                    |  6 +-
 .../templates/staging-cert-issuer.yaml        |  2 +-
 .../modules/che-kubernetes-helm/values.yaml   | 15 ++--
 21 files changed, 339 insertions(+), 25 deletions(-)
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml
 rename dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/{deployment-config.yaml => deployment.yaml} (98%)
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl

diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore
new file mode 100644
index 00000000000..f0c13194444
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml
new file mode 100644
index 00000000000..fb560dd6971
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A Helm chart for Keycloak, used by Che
+name: che-keycloak
+version: 1.0.0
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml
new file mode 100644
index 00000000000..1f96142c27d
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml
@@ -0,0 +1,90 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    io.kompose.service: keycloak
+  name: keycloak
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        io.kompose.service: keycloak
+    spec:
+      initContainers:
+      - name: wait-for-postgres
+        image: docker.io/guydaich/che-init
+        command: ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+      containers:
+      - env:
+        - name: POSTGRES_PORT_5432_TCP_ADDR
+          value: postgres
+        - name: POSTGRES_PORT_5432_TCP_PORT
+          value: "5432"
+        - name: POSTGRES_DATABASE
+          value: keycloak
+        - name: POSTGRES_USER
+          value: keycloak
+        - name: POSTGRES_PASSWORD
+          value: keycloak
+        - name: KEYCLOAK_USER
+          value: admin
+        - name: KEYCLOAK_PASSWORD
+          value: admin
+        - name: CHE_HOST
+          value: {{ template "cheHost" . }}
+        image: {{ .Values.image }}
+        imagePullPolicy: Always
+        name: keycloak
+        livenessProbe:
+          failureThreshold: 11
+          initialDelaySeconds: 5
+          periodSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: 8080
+          timeoutSeconds: 30
+        readinessProbe:
+          failureThreshold: 10
+          httpGet:
+            path: auth/js/keycloak.js
+            port: 8080
+            scheme: HTTP
+          initialDelaySeconds: 10
+          periodSeconds: 3
+          successThreshold: 1
+          timeoutSeconds: 1
+        ports:
+        - containerPort: 8080
+        resources:
+          limits:
+            memory: 1536Mi
+          requests:
+            memory: 1024Mi
+        volumeMounts:
+        - mountPath: /opt/jboss/keycloak/standalone/data
+          name: keycloak-data
+        - mountPath: /opt/jboss/keycloak/standalone/log
+          name: keycloak-log
+      restartPolicy: Always
+      volumes:
+      - name: keycloak-data
+        persistentVolumeClaim:
+          claimName: keycloak-data
+      - name: keycloak-log
+        persistentVolumeClaim:
+          claimName: keycloak-log
+  test: false
+status: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
new file mode 100644
index 00000000000..990bf22e5e2
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
@@ -0,0 +1,29 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: keycloak-ingress
+  annotations:
+    nginx.ingress.kubernetes.io/rewrite-target: /
+    kubernetes.io/ingress.class: "nginx"
+{{- if .Values.global.tlsEnabled }}
+    kubernetes.io/tls-acme: "true"
+{{- else }}
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+{{- end }}
+    ingress.kubernetes.io/proxy-read-timeout: "3600"
+    ingress.kubernetes.io/proxy-connect-timeout: "3600"
+spec:
+{{- if .Values.global.tlsEnabled }}
+  tls:
+  - hosts:
+    - {{ template "keycloakHost" . }}
+    secretName: keycloak-tls
+{{- end }}
+  rules:
+  - host: {{ template "keycloakHost" . }}
+    http:
+      paths:
+      - backend:
+          serviceName: keycloak
+          servicePort: 5050
+        path: /
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
new file mode 100644
index 00000000000..6636a7ed9ee
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: keycloak-configure-job
+spec:
+  template:
+    spec:
+      initContainers:
+      - name: wait-for-keycloak
+        image: docker.io/guydaich/che-init
+        command: ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for keycloak to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/keycloak`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+      containers:
+      - name: keycloak-configure-job
+        image: {{ .Values.image }}
+        command: ["/scripts/keycloak_config.sh"]
+        env:
+          - name: HTTP_PROTOCOL
+{{- if .Values.global.tlsEnabled }}
+            value: "https"
+{{- else }}
+            value: "http"
+{{- end }}
+          - name: KC_HOST
+            value:  {{ template "keycloakHost" . }}
+          - name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD
+            value: {{ .Values.requireAdminPasswordChange | quote }}
+
+      restartPolicy: Never
+  backoffLimit: 4
\ No newline at end of file
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml
new file mode 100644
index 00000000000..ce405f0b965
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-data-claim.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: keycloak-data
+  name: keycloak-data
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+status: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml
new file mode 100644
index 00000000000..b6ee22af05e
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-log-claim.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: keycloak-log
+  name: keycloak-log
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+status: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml
new file mode 100644
index 00000000000..e4766c74495
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/service.yaml
@@ -0,0 +1,20 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: "keycloak"
+spec:
+  ports:
+  - name: "5050"
+    port: 5050
+    targetPort: 8080
+  selector:
+    io.kompose.service: keycloak
+status:
+  loadBalancer: {}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml
new file mode 100644
index 00000000000..bc0eadc3fdb
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml
@@ -0,0 +1,5 @@
+# Default values for postgres.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+image: eclipse/che-keycloak:nightly
+requireAdminPasswordChange: true
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml
similarity index 98%
rename from dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml
rename to dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml
index 4337f194964..14df48a9f12 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment-config.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml
@@ -9,7 +9,6 @@ spec:
   replicas: 1
   template:
     metadata:
-      creationTimestamp: null
       labels:
         io.kompose.service: postgres
     spec:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/readme.md b/dockerfiles/init/modules/che-kubernetes-helm/readme.md
index 4e39d067061..296d847e3ec 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/readme.md
+++ b/dockerfiles/init/modules/che-kubernetes-helm/readme.md
@@ -34,6 +34,13 @@ The context of the commands below is the directory in which this readme file res
   ```bash
   helm upgrade --install <my-che-installation> --namespace <my-che-namespace> --set cheDomain=<my-hostname> --set cheImage=<my-image> ./
   ```
+
+- Multi user deployment
+
+  ```bash
+  helm upgrade --install <che-release> --namespace <che-namespace> --set global.multiuser=true --set global.cheDomain=<minikube-ip>.xip.io ./
+  ```
+  
 ## Deleting a Deployment
 You can delete a deployment using the following command:
 ``` bash
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
index 2d2a7544e4e..75abb53d855 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
@@ -2,4 +2,8 @@ dependencies:
   - name: che-postgres
     repository: file://./charts/che-postgres/
     version: 1.0.0
-    condition: multiuser
\ No newline at end of file
+    condition: global.multiuser
+  - name: che-keycloak
+    repository: file://./charts/che-keycloak/
+    version: 1.0.0
+    condition: global.multiuser
\ No newline at end of file
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl b/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl
index ce8ef5bb40c..59371f5b0ca 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/_hostHelper.tpl
@@ -1,7 +1,7 @@
 {{- define "cheHost" }}
-{{- if .Values.isHostBased }}
-{{- printf "master.%s" .Values.cheDomain }}
+{{- if .Values.global.isHostBased }}
+{{- printf "master.%s" .Values.global.cheDomain }}
 {{- else }}
-{{- printf "%s" .Values.cheDomain }}
+{{- printf "%s" .Values.global.cheDomain }}
 {{- end }}
 {{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl
new file mode 100644
index 00000000000..71e0654db1d
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakHostHelper.tpl
@@ -0,0 +1,7 @@
+{{- define "keycloakHost" }}
+{{- if .Values.global.isHostBased }}
+{{- printf "keycloak.%s" .Values.global.cheDomain }}
+{{- else }}
+{{- printf "%s" .Values.global.cheDomain }}
+{{- end }}
+{{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml
index 17b1f44cd81..21faa86f245 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.tlsEnabled }}
+{{- if .Values.global.tlsEnabled }}
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Issuer
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml
index dc93da99cc4..65cee1f0b17 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.tlsEnabled }}
+{{- if .Values.global.tlsEnabled }}
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
 metadata:
@@ -7,13 +7,13 @@ spec:
   secretName: che-tls
   issuerRef:
     name: letsencrypt
-  commonName: {{ .Values.cheDomain }}
+  commonName: {{ .Values.global.cheDomain }}
   dnsNames:
-      - {{ .Values.cheDomain }}
+      - {{ .Values.global.cheDomain }}
   acme:
     config:
     - http01:
         ingressClass: nginx
       domains:
-      - {{ .Values.cheDomain }}
+      - {{ .Values.global.cheDomain }}
 {{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
index f340b32f4fc..483b65670af 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
@@ -5,10 +5,10 @@ metadata:
     app: che
   name: che
 data:
-  CHE_DOMAIN: {{ .Values.cheDomain }}
+  CHE_DOMAIN: {{ .Values.global.cheDomain }}
   CHE_HOST: {{ template "cheHost" . }}
   CHE_PORT: "8080"
-{{- if .Values.tlsEnabled }}
+{{- if .Values.global.tlsEnabled }}
   CHE_API: https://{{ template "cheHost" . }}/api
   CHE_WEBSOCKET_ENDPOINT:  wss://{{ template "cheHost" . }}/api/websocket
   CHE_INFRA_KUBERNETES_BOOTSTRAPPER_BINARY__URL: https://{{ template "cheHost" . }}/agent-binaries/linux_amd64/bootstrapper/bootstrapper
@@ -24,6 +24,9 @@ data:
   CHE_INFRA_KUBERNETES_OAUTH__TOKEN: ""
   CHE_INFRA_KUBERNETES_PASSWORD: ""
   CHE_INFRA_KUBERNETES_USERNAME: ""
+  CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakHost" . }}
+  CHE_KEYCLOAK_CLIENT__ID: {{ .Values.cheKeycloakClientId }}
+  CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }}
   CHE_INFRA_KUBERNETES_NAMESPACE: ""
   CHE_INFRA_KUBERNETES_TRUST__CERTS: "false"
   CHE_INFRA_KUBERNETES_PVC_STRATEGY: "common"
@@ -33,13 +36,13 @@ data:
   CHE_LOCAL_CONF_DIR: /etc/conf
   CHE_LOGS_DIR: /data/logs
   CHE_LOG_LEVEL: "INFO"
-  CHE_MULTIUSER: {{ .Values.multiuser }}
+  CHE_MULTIUSER: {{ .Values.global.multiuser | quote }}
   CHE_OAUTH_GITHUB_CLIENTID: ""
   CHE_OAUTH_GITHUB_CLIENTSECRET: ""
   CHE_PREDEFINED_STACKS_RELOAD__ON__START: "false"
   JAVA_OPTS: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m "
   CHE_WORKSPACE_AUTO_START: "false"
-{{- if .Values.tlsEnabled }}
+{{- if .Values.global.tlsEnabled }}
   CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "true","kubernetes.io/tls-acme": "true","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'
 {{- else }}
   CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
index 09394b0a4d7..ca039cbb641 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
@@ -14,11 +14,42 @@ spec:
     type: Recreate
   template:
     metadata:
-      annotations:
-        pod.alpha.kubernetes.io/init-containers: '[{"image":"busybox","imagePullPolicy":"IfNotPresent","name":"fmp-volume-permission","command":["chmod","777","/data"],"volumeMounts":[{"mountPath":"/data","name":"che-data-volume"}]}]'
+#      annotations:
+#        pod.alpha.kubernetes.io/init-containers: '[{
+#        	"image": "busybox",
+#        	"imagePullPolicy": "IfNotPresent",
+#        	"name": "fmp-volume-permission",
+#        	"command": ["chmod", "777", "/data"],
+#        	"volumeMounts": [{
+#        		"mountPath": "/data",
+#        		"name": "che-data-volume"
+#        	}]
+#        },
+#        {
+#          "name": "wait-for-postgres",
+#          "image": "docker.io/guydaich/che-init",
+#          "imagePullPolicy":"IfNotPresent",
+#          "command": ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/eclipse-che/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+#        }]'
       labels:
         app: che
     spec:
+      initContainers:
+      - name: wait-for-postgres
+        image: docker.io/guydaich/che-init
+        command: ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        env:
+          - name: POD_NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
+      - name: fmp-volume-permission
+        image: busybox
+        command: ["chmod", "777", "/data"]
+        volumeMounts: [{
+              "mountPath": "/data",
+              "name": "che-data-volume"
+        }]
       containers:
       - env:
         - name: CHE_DOMAIN
@@ -116,6 +147,21 @@ spec:
             configMapKeyRef:
               key: CHE_INFRA_KUBERNETES_USERNAME
               name: che
+        - name: CHE_KEYCLOAK_AUTH__SERVER__URL
+          valueFrom:
+            configMapKeyRef:
+              key: CHE_KEYCLOAK_AUTH__SERVER__URL
+              name: che
+        - name: CHE_KEYCLOAK_CLIENT__ID
+          valueFrom:
+            configMapKeyRef:
+              key: CHE_KEYCLOAK_CLIENT__ID
+              name: che
+        - name: CHE_KEYCLOAK_REALM
+          valueFrom:
+            configMapKeyRef:
+              key: CHE_KEYCLOAK_REALM
+              name: che
         - name: CHE_INFRA_KUBERNETES_NAMESPACE
           valueFrom:
             configMapKeyRef:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
index fb7ce7abfd2..416e807f78d 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
@@ -5,7 +5,7 @@ metadata:
   annotations:
     nginx.ingress.kubernetes.io/rewrite-target: /
     kubernetes.io/ingress.class: "nginx"
-{{- if .Values.tlsEnabled }}
+{{- if .Values.global.tlsEnabled }}
     kubernetes.io/tls-acme: "true"
 {{- else }}
     nginx.ingress.kubernetes.io/ssl-redirect: "false"
@@ -13,7 +13,7 @@ metadata:
     ingress.kubernetes.io/proxy-read-timeout: "3600"
     ingress.kubernetes.io/proxy-connect-timeout: "3600"
 spec:
-{{- if .Values.tlsEnabled }}
+{{- if .Values.global.tlsEnabled }}
   tls:
   - hosts:
     - {{ template "cheHost" . }}
@@ -26,6 +26,6 @@ spec:
           serviceName: che-host
           servicePort: 8080
         path: /
-{{- if .Values.isHostBased }}
+{{- if .Values.global.isHostBased }}
     host: {{ template "cheHost" . }}
 {{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml
index 82dfd66f730..cef48ccc89b 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml
@@ -1,4 +1,4 @@
-# {{- if .Values.tlsEnabled }}
+# {{- if .Values.global.tlsEnabled }}
 # apiVersion: certmanager.k8s.io/v1alpha1
 # kind: Issuer
 # metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
index ac6236ff924..0507c946d6c 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
@@ -1,13 +1,18 @@
-cheDomain: 192.168.99.100.nip.io
-isHostBased: true
-tlsEnabled: false
-multiuser: false
-
 # the following section is for secure registries. when uncommented, a pull secret will be created
 #registry:
 #  host: my-secure-private-registry.com
+#  host: my-secure-private-registry.com
 #  username: myUser
 #  password: myPass
 
 cheImage: eclipse/che-server:nightly
 cheImagePullPolicy: Always
+
+cheKeycloakClientId: che-public
+cheKeyCloakRealm: che
+
+global:
+  tlsEnabled: false
+  multiuser: false
+  isHostBased: true
+  cheDomain: 192.168.99.100.nip.io

From e6f7a5ab62f8ea3483db682751bb4659c6eaf151 Mon Sep 17 00:00:00 2001
From: Guy Daich <guy.daich@sap.com>
Date: Thu, 1 Mar 2018 10:17:33 +0200
Subject: [PATCH 3/5] fix keycloak integration

Signed-off-by: Guy Daich <guy.daich@sap.com>
---
 .../che-keycloak/templates/deployment.yaml    |  4 +-
 .../che-keycloak/templates/ingress.yaml       | 18 ++++---
 .../templates/keycloak-configure-job.yaml     |  7 +--
 .../modules/che-kubernetes-helm/readme.md     | 48 +++++++++++++++++--
 .../templates/_keycloakAuthUrlHelper.tpl      | 15 ++++++
 .../templates/configmap.yaml                  |  8 ++--
 .../templates/deployment.yaml                 | 25 +++-------
 .../templates/ingress.yaml                    | 19 ++++----
 .../modules/che-kubernetes-helm/values.yaml   |  6 ++-
 9 files changed, 102 insertions(+), 48 deletions(-)
 create mode 100644 dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl

diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml
index 1f96142c27d..6bafdd82216 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/deployment.yaml
@@ -20,8 +20,8 @@ spec:
     spec:
       initContainers:
       - name: wait-for-postgres
-        image: docker.io/guydaich/che-init
-        command: ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        image: alpine:3.5
+        command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
         env:
           - name: POD_NAMESPACE
             valueFrom:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
index 990bf22e5e2..239047e390c 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
@@ -3,15 +3,14 @@ kind: Ingress
 metadata:
   name: keycloak-ingress
   annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
     kubernetes.io/ingress.class: "nginx"
+    {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
+    {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
 {{- if .Values.global.tlsEnabled }}
     kubernetes.io/tls-acme: "true"
 {{- else }}
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
 {{- end }}
-    ingress.kubernetes.io/proxy-read-timeout: "3600"
-    ingress.kubernetes.io/proxy-connect-timeout: "3600"
 spec:
 {{- if .Values.global.tlsEnabled }}
   tls:
@@ -20,10 +19,17 @@ spec:
     secretName: keycloak-tls
 {{- end }}
   rules:
+{{- if .Values.global.isHostBased }}
   - host: {{ template "keycloakHost" . }}
     http:
       paths:
-      - backend:
+      - path: /
+{{- else }}
+  - http:
+      paths:
+      - path: /auth/
+{{- end }}
+        backend:
           serviceName: keycloak
           servicePort: 5050
-        path: /
+
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
index 6636a7ed9ee..024ca524479 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
@@ -7,8 +7,8 @@ spec:
     spec:
       initContainers:
       - name: wait-for-keycloak
-        image: docker.io/guydaich/che-init
-        command: ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for keycloak to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/keycloak`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        image: alpine:3.5
+        command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for keycloak to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/keycloak`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
         env:
           - name: POD_NAMESPACE
             valueFrom:
@@ -29,6 +29,7 @@ spec:
             value:  {{ template "keycloakHost" . }}
           - name: CHE_KEYCLOAK_ADMIN_REQUIRE_UPDATE_PASSWORD
             value: {{ .Values.requireAdminPasswordChange | quote }}
-
+          - name: CHE_HOST
+            value: {{ template "cheHost" . }}
       restartPolicy: Never
   backoffLimit: 4
\ No newline at end of file
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/readme.md b/dockerfiles/init/modules/che-kubernetes-helm/readme.md
index 296d847e3ec..3f8b2b2a3ba 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/readme.md
+++ b/dockerfiles/init/modules/che-kubernetes-helm/readme.md
@@ -21,7 +21,7 @@ In case you're specifying a hostname, simply pass it as the value of the `cheDom
 
 If you must use an ip address (e.g. your corporate policy prevents you from using nip.io), you would also have to set `isHostBased` to `false`.
 
-### Perform the Actual Deployment
+### Deploying with Helm
 The context of the commands below is the directory in which this readme file resides
 
 - Override default values by changing the values.yaml file and then typing:
@@ -32,15 +32,55 @@ The context of the commands below is the directory in which this readme file res
 - Or, you can override default values during installation, using the `--set` flag:
 
   ```bash
-  helm upgrade --install <my-che-installation> --namespace <my-che-namespace> --set cheDomain=<my-hostname> --set cheImage=<my-image> ./
+  helm upgrade --install <my-che-installation> --namespace <my-che-namespace> --set global.cheDomain=<my-hostname> --set cheImage=<my-image> ./
   ```
 
-- Multi user deployment
+#### Deployment types
+Currenty, only minikube deployment is supported.
+
+##### Single User 
+Only Che will be deployed.
+
+  ```bash
+  helm upgrade --install <che-release> --namespace <che-namespace> --global.cheDomain=<domain> ./
+  ```
+  
+##### Multi User 
+Che, KeyCloak and Postgres will be deployed.
 
   ```bash
-  helm upgrade --install <che-release> --namespace <che-namespace> --set global.multiuser=true --set global.cheDomain=<minikube-ip>.xip.io ./
+  helm upgrade --install <che-release> --namespace <che-namespace> --set global.multiuser=true --global.cheDomain=<domain> ./
   ```
   
+##### No Host:
+ Ingress will serve requests on minikube-ip. 
+ Path based routing to Che, Secondary servers (KeyCloak) and Workspace servers.
+
+  ```bash
+  helm upgrade --install <che-release> --namespace <che-namespace> --set global.isHostbased=false --global.cheDomain=<minikube-ip> ./
+   Master: http://<minikube-ip>/
+   Workspaces: http://<minikube-ip>/<path-to-server>
+   Keycloak (if multiuser) : http://<minikube-ip>/auth/
+  ```
+  
+##### Host (partial): 
+ WS Master Ingress will serve requests on provided domain
+ Workspaces: Ingress will serve requests on minikube-ip, Path Based routing to workspaces. 
+ KeyCloak : dedicated hostname 
+   
+   ```bash
+   helm upgrade --install <che-release> --namespace <che-namespace> --global.cheDomain=<minikube-ip>.xip.io ./
+   Master: http://master.<minikube-ip>.xip.io
+   Workspaces: http://<minikube-ip>/<path-to-server>
+   Keycloak (if multiuser): http://keycloak.<minikube-ip>.xip.io/
+   ```
+ 
+
+##### Future options:
+- Path Based: single hostname for all components (che, keycloak, WS servers) 
+- Host Based: unique host for each component
+- TLS
+  
 ## Deleting a Deployment
 You can delete a deployment using the following command:
 ``` bash
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl
new file mode 100644
index 00000000000..db73ece70a7
--- /dev/null
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/_keycloakAuthUrlHelper.tpl
@@ -0,0 +1,15 @@
+{{- define "keycloakAuthUrl" }}
+{{- if .Values.global.isHostBased }}
+{{- if .Values.global.tlsEnabled }}
+{{- printf "https://keycloak.%s/auth" .Values.global.cheDomain }}
+{{- else }}
+{{- printf "http://keycloak.%s/auth" .Values.global.cheDomain }}
+{{- end }}
+{{- else }}
+{{- if .Values.global.tlsEnabled }}
+{{- printf "https://%s/auth" .Values.global.cheDomain }}
+{{- else }}
+{{- printf "http://%s/auth" .Values.global.cheDomain }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
index 483b65670af..c93ac03324b 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
@@ -24,9 +24,11 @@ data:
   CHE_INFRA_KUBERNETES_OAUTH__TOKEN: ""
   CHE_INFRA_KUBERNETES_PASSWORD: ""
   CHE_INFRA_KUBERNETES_USERNAME: ""
-  CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakHost" . }}
+{{- if .Values.global.multiuser }}
+  CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakAuthUrl" . }}
   CHE_KEYCLOAK_CLIENT__ID: {{ .Values.cheKeycloakClientId }}
   CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }}
+{{- end }}
   CHE_INFRA_KUBERNETES_NAMESPACE: ""
   CHE_INFRA_KUBERNETES_TRUST__CERTS: "false"
   CHE_INFRA_KUBERNETES_PVC_STRATEGY: "common"
@@ -43,7 +45,7 @@ data:
   JAVA_OPTS: "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Dsun.zip.disableMemoryMapping=true -Xms20m "
   CHE_WORKSPACE_AUTO_START: "false"
 {{- if .Values.global.tlsEnabled }}
-  CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "true","kubernetes.io/tls-acme": "true","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'
+  CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"kubernetes.io/ingress.class": "nginx", "kubernetes.io/tls-acme": "true", "{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target": "/","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect": "true","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout": "3600","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout": "3600"}'
 {{- else }}
-  CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"nginx.ingress.kubernetes.io/rewrite-target": "/","nginx.ingress.kubernetes.io/ssl-redirect": "false","nginx.ingress.kubernetes.io/proxy-connect-timeout": "3600","nginx.ingress.kubernetes.io/proxy-read-timeout": "3600"}'
+  CHE_INFRA_KUBERNETES_INGRESS_ANNOTATIONS__JSON: '{"kubernetes.io/ingress.class": "nginx", "{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/rewrite-target": "/","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect": "false","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout": "3600","{{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout": "3600"}'
 {{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
index ca039cbb641..7124c2ad54d 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
@@ -14,35 +14,20 @@ spec:
     type: Recreate
   template:
     metadata:
-#      annotations:
-#        pod.alpha.kubernetes.io/init-containers: '[{
-#        	"image": "busybox",
-#        	"imagePullPolicy": "IfNotPresent",
-#        	"name": "fmp-volume-permission",
-#        	"command": ["chmod", "777", "/data"],
-#        	"volumeMounts": [{
-#        		"mountPath": "/data",
-#        		"name": "che-data-volume"
-#        	}]
-#        },
-#        {
-#          "name": "wait-for-postgres",
-#          "image": "docker.io/guydaich/che-init",
-#          "imagePullPolicy":"IfNotPresent",
-#          "command": ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/eclipse-che/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
-#        }]'
       labels:
         app: che
     spec:
       initContainers:
+{{- if .Values.global.multiuser }}
       - name: wait-for-postgres
-        image: docker.io/guydaich/che-init
-        command: ["sh", "-c", "adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
+        image: alpine:3.5
+        command: ["sh", "-c", "apk --no-cache add curl jq ; adresses_length=0; until [ $adresses_length -gt 0 ]; do echo waiting for postgres to be ready...; sleep 2; endpoints=`curl -s --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H \"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)\"     https://kubernetes.default/api/v1/namespaces/$POD_NAMESPACE/endpoints/postgres`; adresses_length=`echo $endpoints | jq -r \".subsets[]?.addresses // [] | length\"`; done;"]
         env:
           - name: POD_NAMESPACE
             valueFrom:
               fieldRef:
                 fieldPath: metadata.namespace
+{{- end }}
       - name: fmp-volume-permission
         image: busybox
         command: ["chmod", "777", "/data"]
@@ -147,6 +132,7 @@ spec:
             configMapKeyRef:
               key: CHE_INFRA_KUBERNETES_USERNAME
               name: che
+{{- if .Values.global.multiuser }}
         - name: CHE_KEYCLOAK_AUTH__SERVER__URL
           valueFrom:
             configMapKeyRef:
@@ -162,6 +148,7 @@ spec:
             configMapKeyRef:
               key: CHE_KEYCLOAK_REALM
               name: che
+{{- end }}
         - name: CHE_INFRA_KUBERNETES_NAMESPACE
           valueFrom:
             configMapKeyRef:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
index 416e807f78d..a1ddc125ce0 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
@@ -3,15 +3,14 @@ kind: Ingress
 metadata:
   name: che-ingress
   annotations:
-    nginx.ingress.kubernetes.io/rewrite-target: /
     kubernetes.io/ingress.class: "nginx"
+    {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-read-timeout: "3600"
+    {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/proxy-connect-timeout: "3600"
 {{- if .Values.global.tlsEnabled }}
     kubernetes.io/tls-acme: "true"
 {{- else }}
-    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    {{ .Values.global.ingressAnnotationsPrefix }}ingress.kubernetes.io/ssl-redirect: "false"
 {{- end }}
-    ingress.kubernetes.io/proxy-read-timeout: "3600"
-    ingress.kubernetes.io/proxy-connect-timeout: "3600"
 spec:
 {{- if .Values.global.tlsEnabled }}
   tls:
@@ -20,12 +19,14 @@ spec:
     secretName: che-tls
 {{- end }}
   rules:
+{{- if .Values.global.isHostBased }}
+  - host: {{ template "cheHost" . }}
+    http:
+{{- else }}
   - http:
+{{- end }}
       paths:
-      - backend:
+      - path: /
+        backend:
           serviceName: che-host
           servicePort: 8080
-        path: /
-{{- if .Values.global.isHostBased }}
-    host: {{ template "cheHost" . }}
-{{- end }}
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
index 0507c946d6c..4d2fad9e6ce 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
@@ -8,11 +8,13 @@
 cheImage: eclipse/che-server:nightly
 cheImagePullPolicy: Always
 
-cheKeycloakClientId: che-public
-cheKeyCloakRealm: che
+cheKeycloakClientId: "che-public"
+cheKeycloakRealm: "che"
 
 global:
   tlsEnabled: false
   multiuser: false
   isHostBased: true
   cheDomain: 192.168.99.100.nip.io
+  # See --annotations-prefix flag (https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/cli-arguments.md)
+  ingressAnnotationsPrefix: "nginx."

From 2a6644409fe35002575e041e82c1824fc8e283f0 Mon Sep 17 00:00:00 2001
From: Guy Daich <guy.daich@sap.com>
Date: Wed, 7 Mar 2018 17:18:53 +0200
Subject: [PATCH 4/5] Update readme.md

fix instructions
---
 dockerfiles/init/modules/che-kubernetes-helm/readme.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/dockerfiles/init/modules/che-kubernetes-helm/readme.md b/dockerfiles/init/modules/che-kubernetes-helm/readme.md
index 3f8b2b2a3ba..993ea444bd2 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/readme.md
+++ b/dockerfiles/init/modules/che-kubernetes-helm/readme.md
@@ -42,14 +42,14 @@ Currenty, only minikube deployment is supported.
 Only Che will be deployed.
 
   ```bash
-  helm upgrade --install <che-release> --namespace <che-namespace> --global.cheDomain=<domain> ./
+  helm upgrade --install <che-release> --namespace <che-namespace> --set global.cheDomain=<domain> ./
   ```
   
 ##### Multi User 
 Che, KeyCloak and Postgres will be deployed.
 
   ```bash
-  helm upgrade --install <che-release> --namespace <che-namespace> --set global.multiuser=true --global.cheDomain=<domain> ./
+  helm upgrade --install <che-release> --namespace <che-namespace> --set global.multiuser=true --set global.cheDomain=<domain> ./
   ```
   
 ##### No Host:
@@ -57,7 +57,7 @@ Che, KeyCloak and Postgres will be deployed.
  Path based routing to Che, Secondary servers (KeyCloak) and Workspace servers.
 
   ```bash
-  helm upgrade --install <che-release> --namespace <che-namespace> --set global.isHostbased=false --global.cheDomain=<minikube-ip> ./
+  helm upgrade --install <che-release> --namespace <che-namespace> --set global.isHostbased=false --set global.cheDomain=<minikube-ip> ./
    Master: http://<minikube-ip>/
    Workspaces: http://<minikube-ip>/<path-to-server>
    Keycloak (if multiuser) : http://<minikube-ip>/auth/
@@ -69,7 +69,7 @@ Che, KeyCloak and Postgres will be deployed.
  KeyCloak : dedicated hostname 
    
    ```bash
-   helm upgrade --install <che-release> --namespace <che-namespace> --global.cheDomain=<minikube-ip>.xip.io ./
+   helm upgrade --install <che-release> --namespace <che-namespace> --set global.cheDomain=<minikube-ip>.xip.io ./
    Master: http://master.<minikube-ip>.xip.io
    Workspaces: http://<minikube-ip>/<path-to-server>
    Keycloak (if multiuser): http://keycloak.<minikube-ip>.xip.io/

From 5a8f0e86e4081278686eed20355a946520271549 Mon Sep 17 00:00:00 2001
From: Guy Daich <guy.daich@sap.com>
Date: Thu, 8 Mar 2018 09:17:27 +0200
Subject: [PATCH 5/5] add liscense to helm tempaltes

Signed-off-by: Guy Daich <guy.daich@sap.com>
---
 dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml   | 7 +++++++
 .../che-kubernetes-helm/charts/che-keycloak/Chart.yaml    | 7 +++++++
 .../charts/che-keycloak/templates/ingress.yaml            | 7 +++++++
 .../che-keycloak/templates/keycloak-configure-job.yaml    | 7 +++++++
 .../che-kubernetes-helm/charts/che-keycloak/values.yaml   | 8 ++++++++
 .../che-kubernetes-helm/charts/che-postgres/Chart.yaml    | 7 +++++++
 .../charts/che-postgres/templates/deployment.yaml         | 7 +++++++
 .../che-postgres/templates/postgres-data-claim.yaml       | 7 +++++++
 .../charts/che-postgres/templates/service.yaml            | 7 +++++++
 .../che-kubernetes-helm/charts/che-postgres/values.yaml   | 7 +++++++
 .../init/modules/che-kubernetes-helm/requirements.yaml    | 7 +++++++
 .../che-kubernetes-helm/templates/cert-issuer.yaml        | 7 +++++++
 .../che-kubernetes-helm/templates/certificate.yaml        | 7 +++++++
 .../templates/cluster-role-binding.yaml                   | 7 +++++++
 .../modules/che-kubernetes-helm/templates/configmap.yaml  | 7 +++++++
 .../modules/che-kubernetes-helm/templates/deployment.yaml | 7 +++++++
 .../modules/che-kubernetes-helm/templates/ingress.yaml    | 7 +++++++
 .../init/modules/che-kubernetes-helm/templates/pvc.yaml   | 7 +++++++
 .../templates/registry-pull-secret.yaml                   | 7 +++++++
 .../modules/che-kubernetes-helm/templates/service.yaml    | 7 +++++++
 .../che-kubernetes-helm/templates/serviceaccount.yaml     | 7 +++++++
 .../templates/staging-cert-issuer.yaml                    | 7 +++++++
 .../init/modules/che-kubernetes-helm/tiller-rbac.yaml     | 7 +++++++
 dockerfiles/init/modules/che-kubernetes-helm/values.yaml  | 7 +++++++
 24 files changed, 169 insertions(+)

diff --git a/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml
index f5b58e073be..4d097cc41a1 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/Chart.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 description: A Helm chart for deploying Che to Kubernetes
 name: che-kubernetes-helm
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml
index fb560dd6971..b64834b81a0 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/Chart.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 description: A Helm chart for Keycloak, used by Che
 name: che-keycloak
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
index 239047e390c..6041ab57d57 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/ingress.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
index 024ca524479..06068391cab 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/templates/keycloak-configure-job.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: batch/v1
 kind: Job
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml
index bc0eadc3fdb..3ef64d7a6bf 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-keycloak/values.yaml
@@ -1,5 +1,13 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 # Default values for postgres.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
+
 image: eclipse/che-keycloak:nightly
 requireAdminPasswordChange: true
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml
index 86786457b14..57ecf4efebf 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/Chart.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 description: A Helm chart for postgresql, used by Che and Keycloak
 name: che-postgres
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml
index 14df48a9f12..5014f0391f0 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/deployment.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml
index 93aa1a44ab7..b200999a5ec 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/postgres-data-claim.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml
index 6998f666cb5..26ae5f92e74 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/templates/service.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml
index 9fbbcbf64e5..c5ab838e9be 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/charts/che-postgres/values.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 # Default values for postgres.
 # This is a YAML-formatted file.
 # Declare variables to be passed into your templates.
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
index 75abb53d855..9e9529081a8 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/requirements.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 dependencies:
   - name: che-postgres
     repository: file://./charts/che-postgres/
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml
index 21faa86f245..f055e38ecf1 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/cert-issuer.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 {{- if .Values.global.tlsEnabled }}
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Issuer
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml
index 65cee1f0b17..4312c777623 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/certificate.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 {{- if .Values.global.tlsEnabled }}
 apiVersion: certmanager.k8s.io/v1alpha1
 kind: Certificate
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml
index ba84489fe00..5f46608b66c 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/cluster-role-binding.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
index c93ac03324b..1ddc3b29023 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/configmap.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
index 7124c2ad54d..96ea2947ff3 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/deployment.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
index a1ddc125ce0..9aaf5351c3a 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/ingress.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml
index f0f9143b15c..341c320235f 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/pvc.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml
index b92adb54b77..75c3c5d0572 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/registry-pull-secret.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 {{- if .Values.registry }}
 {{- if and .Values.registry.password .Values.registry.username }}
 # When creating a pod based on an image that resides in a private Docker registry (a secure registry protected by basic authentication),
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml
index c1f594bacf0..c3ef6aa8545 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/service.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml
index 2074a0995f8..787dd46d88d 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/serviceaccount.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 apiVersion: v1
 kind: ServiceAccount
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml b/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml
index cef48ccc89b..b8a7bcf34df 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/templates/staging-cert-issuer.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 # {{- if .Values.global.tlsEnabled }}
 # apiVersion: certmanager.k8s.io/v1alpha1
 # kind: Issuer
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml b/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml
index af84a050ee2..0025caf586a 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/tiller-rbac.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
diff --git a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
index 4d2fad9e6ce..1730904ad3c 100644
--- a/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
+++ b/dockerfiles/init/modules/che-kubernetes-helm/values.yaml
@@ -1,3 +1,10 @@
+# Copyright (c) 2012-2017 Red Hat, Inc
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+#
+
 # the following section is for secure registries. when uncommented, a pull secret will be created
 #registry:
 #  host: my-secure-private-registry.com