-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding support for Keycloak admin secret and endpoint-watcher image configuration #18506
Conversation
Added support to change endpoint-watcher image Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>
Can one of the admins verify this patch? |
1 similar comment
Can one of the admins verify this patch? |
Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for contribution.
I've changed some names to be consistent with --installer operator
approach.
deploy/kubernetes/helm/che/custom-charts/che-keycloak/values.yaml
Outdated
Show resolved
Hide resolved
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
Outdated
Show resolved
Hide resolved
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
Outdated
Show resolved
Hide resolved
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
Outdated
Show resolved
Hide resolved
deploy/kubernetes/helm/che/custom-charts/che-keycloak/templates/deployment.yaml
Show resolved
Hide resolved
That's perfect and a good idea. I am not really familiar with the operator, so yes feel free to show the way 👍 |
Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca> Co-authored-by: Anatolii Bazko <abazko@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One small remark.
deploy/kubernetes/helm/che/custom-charts/che-keycloak/values.yaml
Outdated
Show resolved
Hide resolved
Signed-off-by: Eric Ladouceur <eric.ladouceur@cyber.gc.ca> Co-authored-by: Anatolii Bazko <abazko@redhat.com>
What does this PR do?
Currently the only supported ways of configuring the
admin
user of Keycloak are:admin
:admin
and mark them asto be changed
at first login.This PR is introducing a new way to inject the username and password using a Kubernetes secret, which make this more secure than passing values in the clear in helm values. It is adding this new way and keeping the other ones also. To create a secret recognized by the chart, you would do the following:
and then in your values.yaml:
The PR also adds a new global value to configure
quay.io/eclipse/che-endpoint-watcher:nightly
image to something else, which is useful if you are using Che's helm charts from the repository and not fromchectl
. Otherwise, you cannot change the image and you are stuck with the nighlty build.How to test this PR?
In order to test this, you can create a Che deployment using its helm chart. You could also modify
chectl
to create a Kubernetes secret with the random password it generates and then--set che-keycloak.keycloakCredentialsSecret=keycloak-admin-secret
. In my opinion, modifyingchectl
in this regard would be a good idea.PR Checklist
As the author of this Pull Request I made sure that:
What issues does this PR fix or reference
andHow to test this PR
completedReviewers
Reviewers, please comment how you tested the PR when approving it.