Update CheCluster patch when deploying Che with Keycloak as OIDC prov… (#2817)

tolusha · web-flow · commit 75fd4edc2eae · 2024-11-13T08:41:20.000+01:00
* Update CheCluster patch when deploying Che with Keycloak as OIDC provider

Signed-off-by: Anatolii Bazko &lt;abazko@redhat.com&gt;

* Fixup

Signed-off-by: Anatolii Bazko &lt;abazko@redhat.com&gt;

---------

Signed-off-by: Anatolii Bazko &lt;abazko@redhat.com&gt;
diff --git a/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc b/modules/administration-guide/pages/installing-che-on-minikube-keycloak-oidc.adoc
@@ -307,6 +307,12 @@ spec:
       gateway:
         oAuthProxy:
           cookieExpireSeconds: 300
+        deployment:
+          containers:
+            - env:
+                - name: OAUTH2_PROXY_BACKEND_LOGOUT_URL
+                  value: "http://keycloak.$(minikube ip).nip.io/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}"
+              name: oauth-proxy
   components:
     cheServer:
       extraProperties:
@@ -333,6 +339,7 @@ helm install che \
     --set networking.auth.identityProviderURL=https://keycloak.$(minikube ip).nip.io/realms/che . && \
 sleep 5s && \
 {orch-cli} patch checluster/eclipse-che --patch '{"spec": {"components": {"cheServer": {"extraProperties": {"CHE_OIDC_USERNAME__CLAIM": "email"}}}}}' --type=merge -n eclipse-che
+{orch-cli} patch checluster/eclipse-che --patch '{"spec": {"networking": {"auth": {"gateway": {"deployment": {"containers": [{"name": "oauth-proxy", "env":[{"name": "OAUTH2_PROXY_BACKEND_LOGOUT_URL", "value": "http://keycloak.$(minikube ip).nip.io/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}"}]}]}}}}}}' --type=merge -n eclipse-che
 ----
 
 .Verification steps
diff --git a/modules/administration-guide/pages/installing-che-on-the-virtual-kubernetes-cluster.adoc b/modules/administration-guide/pages/installing-che-on-the-virtual-kubernetes-cluster.adoc
@@ -628,7 +628,13 @@ spec:
       gateway:
         oAuthProxy:
           cookieExpireSeconds: 300
-  components:
+        deployment:
+            containers:
+            - env:
+                - name: OAUTH2_PROXY_BACKEND_LOGOUT_URL
+                  value: "http://$KEYCLOAK_HOST/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}"
+            name: oauth-proxy
+components:
     cheServer:
       extraProperties:
         CHE_OIDC_USERNAME__CLAIM: email
