che icon indicating copy to clipboard operation
che copied to clipboard

Published 20 hours ago verified publisher icon eclipse-che

oAuth-proxy enhancements for Azure AKS deployment

Open karatkep opened this issue 3 years ago • 7 comments

Is your enhancement related to a problem? Please describe

There are several enhancements of ouath-proxy configuration (aka oauth-proxy.cfg) for kubernetes:

  • To set pass_access_token to true (default value is false) to pass access token to upstream via "X-Forwarded-Access-Token"
  • To set cookie_refresh to 1h0m0s to refresh the cookie when duration has elapsed after cookie was initially set.
  • To add whitelist_domains to whitelist che domain (ie: .yourcompany.com)
  • To add cookie_domains to set cookie domain to force cookies to (ie: .yourcompany.com)
  • To add OAuthScope to Che Resource to allow users to configure Access Token Scope.

Describe the solution you'd like

Update che-operator to support addition configuration of ouath-proxy for kubernetes

Describe alternatives you've considered

No response

Release Notes Text

Some enhancements needed to deploy Che on Azure AKS has been contributed by @karatkep. Thank you for your contribution.

karatkep avatar Jun 08 '22 14:06 karatkep

@karatkep thank you for this issue and the related contribution. Those enhancements were needed to deploy to AKS? And using the instructions in your repo are ment to be used by anyone trying to deploy to AKS?

I am asking because we are considering to:

  1. make this PR as a new and notworkthy addition to include in next release notes
  2. proposing you to contribute a blog post that explains how to deploy Che to AKS

l0rd avatar Jun 23 '22 09:06 l0rd

Hi Mario, It's correct, the proposed enhancements were needed to deploy Che to Azure AKS. My instructions will be slightly updated because we found a more elegant way to solve reported issue during code review. Thanks to @tolusha and @sparkoo for the help.

And of course I will be glad to write a blog post and explain what issue we met and how it has been resolved in the new version of Che.

Best Regards, Piotr (aka karatkep)

On Thu, Jun 23, 2022 at 12:18 PM Mario Loriedo @.***> wrote:

@karatkep https://github.com/karatkep thank you for this issue and the related contribution. Those enhancements were needed to deploy to AKS? And using the instructions in your repo https://github.com/karatkep/che-aks-installer are ment to be used by anyone trying to deploy to AKS?

I am asking because we are considering to:

  1. make this PR as a new and notworkthy addition to include in next release notes
  2. proposing you to contribute a blog post that explains how to deploy Che to AKS

— Reply to this email directly, view it on GitHub https://github.com/eclipse/che/issues/21450#issuecomment-1164162788, or unsubscribe https://github.com/notifications/unsubscribe-auth/APGFNMECKJTQMPXWLEMCB63VQQTU3ANCNFSM5YG2FNCA . You are receiving this because you were mentioned.Message ID: @.***>

karatkep avatar Jun 24 '22 08:06 karatkep

@karatkep I have added this issue in v7.50 release notes. If you have some instructions on how to deploy Che on Azure AKS please share so that we can make a blog post out of it. You may also submit a PR yourself on our blog github repository if you can, but that's not required.

l0rd avatar Jul 04 '22 09:07 l0rd

@l0rd Please review https://github.com/eclipse-che/blog/pull/29

karatkep avatar Jul 04 '22 09:07 karatkep

Faster than the wind 👍 Will review that later today.

l0rd avatar Jul 04 '22 10:07 l0rd

@tolusha @sparkoo it would be great if you have time to have a look at the blog post too.

l0rd avatar Jul 04 '22 10:07 l0rd

RN: upstream only

max-cx avatar Jul 25 '22 14:07 max-cx

sync'd to Red Hat JIRA https://issues.redhat.com/browse/CRW-3845

devstudio-release avatar Jan 14 '23 02:01 devstudio-release