THIS IS ONLY A TEST INSTANCE. DON'T DO IMPORTANT WORK HERE!

Commit a9da4c2e authored by David Festal's avatar David Festal
Browse files

Update to the `7.0.0-RC-2.0` release after some last fixes (#39)



* Make the OS 4 API url retrieval more robust
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Fix a bug when removing openshift v4 provider

On Openshift arbitrary user mode.
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Roll-update Keycloak when certificates changed
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Don't loose the controller ref on Keycloak update
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Remove the finalizer when disabling OS OAuth
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* Upgrade defaults to `7.0.0-RC-2.0`
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>

* fix wrong whitespaces
Signed-off-by: default avatarDavid Festal <dfestal@redhat.com>
parent b0c111e1
......@@ -470,7 +470,9 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
}
}
}
keycloakDeployment := deploy.NewKeycloakDeployment(instance, keycloakPostgresPassword, keycloakAdminPassword, cheFlavor)
keycloakDeployment := deploy.NewKeycloakDeployment(instance, keycloakPostgresPassword, keycloakAdminPassword, cheFlavor,
r.GetEffectiveSecretResourceVersion(instance, "self-signed-certificate"),
r.GetEffectiveSecretResourceVersion(instance, "openshift-api-crt"))
if err := r.CreateNewDeployment(instance, keycloakDeployment); err != nil {
return reconcile.Result{}, err
}
......@@ -487,9 +489,17 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 5}, err
}
}
if deployment.Spec.Template.Spec.Containers[0].Image != instance.Spec.Auth.KeycloakImage {
keycloakDeployment := deploy.NewKeycloakDeployment(instance, keycloakPostgresPassword, keycloakAdminPassword, cheFlavor)
cheCertSecretVersion := r.GetEffectiveSecretResourceVersion(instance, "self-signed-certificate")
openshiftApiCertSecretVersion := r.GetEffectiveSecretResourceVersion(instance, "openshift-api-crt")
if deployment.Spec.Template.Spec.Containers[0].Image != instance.Spec.Auth.KeycloakImage ||
cheCertSecretVersion != deployment.Annotations["che.self-signed-certificate.version"] ||
openshiftApiCertSecretVersion != deployment.Annotations["che.openshift-api-crt.version"] {
keycloakDeployment := deploy.NewKeycloakDeployment(instance, keycloakPostgresPassword, keycloakAdminPassword, cheFlavor, cheCertSecretVersion, openshiftApiCertSecretVersion)
logrus.Infof("Updating Keycloak deployment with an image %s", instance.Spec.Auth.KeycloakImage)
if err := controllerutil.SetControllerReference(instance, keycloakDeployment, r.scheme); err != nil {
logrus.Errorf("An error occurred: %s", err)
}
if err := r.client.Update(context.TODO(), keycloakDeployment); err != nil {
logrus.Errorf("Failed to update Keycloak deployment: %s", err)
}
......@@ -651,6 +661,10 @@ func (r *ReconcileChe) Reconcile(request reconcile.Request) (reconcile.Result, e
// but OpenShiftoAuthProvisioned is true in CR status, e.g. when oAuth has been turned on and then turned off
deleted, err := r.ReconcileIdentityProvider(instance, isOpenShift4)
if deleted {
if err := r.DeleteFinalizer(instance); err != nil {
instance, _ = r.GetCR(request)
return reconcile.Result{Requeue: true, RequeueAfter: time.Second * 1}, err
}
instance.Status.OpenShiftoAuthProvisioned = false
if err := r.UpdateCheCRStatus(instance, "provisioned with OpenShift oAuth", "false"); err != nil {
instance, _ = r.GetCR(request)
......
......@@ -40,3 +40,13 @@ func (r *ReconcileChe) ReconcileFinalizer(instance *orgv1.CheCluster) (err error
}
return nil
}
func (r *ReconcileChe) DeleteFinalizer(instance *orgv1.CheCluster) (err error) {
instance.ObjectMeta.Finalizers = util.DoRemoveString(instance.ObjectMeta.Finalizers, oAuthFinalizerName)
logrus.Infof("Removing OAuth finalizer on %s CR", instance.Name)
if err := r.client.Update(context.Background(), instance); err != nil {
logrus.Errorf("Failed to update %s CR: %s", instance.Name, err)
return err
}
return nil
}
......@@ -12,6 +12,7 @@
package che
import (
"k8s.io/apimachinery/pkg/api/errors"
"context"
orgv1 "github.com/eclipse/che-operator/pkg/apis/org/v1"
oauth "github.com/openshift/api/oauth/v1"
......@@ -58,13 +59,25 @@ func (r *ReconcileChe) GetEffectiveConfigMap(instance *orgv1.CheCluster, name st
configMap = &corev1.ConfigMap{}
err := r.client.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: instance.Namespace}, configMap)
if err != nil {
logrus.Errorf("Failed to get %s route: %s", name, err)
logrus.Errorf("Failed to get %s config map: %s", name, err)
return nil
}
return configMap
}
func (r *ReconcileChe) GetEffectiveSecretResourceVersion(instance *orgv1.CheCluster, name string) string {
secret := &corev1.Secret{}
err := r.client.Get(context.TODO(), types.NamespacedName{Name: name, Namespace: instance.Namespace}, secret)
if err != nil {
if !errors.IsNotFound(err){
logrus.Errorf("Failed to get %s secret: %s", name, err)
}
return ""
}
return secret.ResourceVersion
}
func (r *ReconcileChe) GetCR(request reconcile.Request) (instance *orgv1.CheCluster, err error) {
instance = &orgv1.CheCluster{}
err = r.client.Get(context.TODO(), request.NamespacedName, instance)
......
......@@ -15,7 +15,7 @@ package deploy
const (
DefaultCheServerImageRepo = "eclipse/che-server"
DefaultCodeReadyServerImageRepo = "registry.redhat.io/codeready-workspaces/server-rhel8"
DefaultCheServerImageTag = "7.0.0-beta-5.0"
DefaultCheServerImageTag = "7.0.0-RC-2.0"
DefaultCodeReadyServerImageTag = "1.2"
DefaultCheFlavor = "che"
DefaultChePostgresUser = "pgche"
......@@ -36,7 +36,7 @@ const (
DefaultPostgresImage = "registry.redhat.io/rhscl/postgresql-96-rhel7:1-40"
DefaultPostgresUpstreamImage = "centos/postgresql-96-centos7:9.6"
DefaultKeycloakImage = "registry.redhat.io/redhat-sso-7/sso73-openshift:1.0-11"
DefaultKeycloakUpstreamImage = "eclipse/che-keycloak:7.0.0-beta-5.0"
DefaultKeycloakUpstreamImage = "eclipse/che-keycloak:7.0.0-RC-2.0"
DefaultJavaOpts = "-XX:MaxRAMFraction=2 -XX:+UseParallelGC -XX:MinHeapFreeRatio=10 " +
"-XX:MaxHeapFreeRatio=20 -XX:GCTimeRatio=4 " +
"-XX:AdaptiveSizePolicyWeight=90 -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap " +
......
......@@ -21,7 +21,7 @@ import (
"k8s.io/apimachinery/pkg/util/intstr"
)
func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string, keycloakAdminPassword string, cheFlavor string) *appsv1.Deployment {
func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string, keycloakAdminPassword string, cheFlavor string, cheCertSecretVersion string, openshiftCertSecretVersion string) *appsv1.Deployment {
optionalEnv := true
keycloakName := "keycloak"
labels := GetLabels(cr, keycloakName)
......@@ -227,6 +227,10 @@ func NewKeycloakDeployment(cr *orgv1.CheCluster, keycloakPostgresPassword string
Name: keycloakName,
Namespace: cr.Namespace,
Labels: labels,
Annotations: map[string]string {
"che.self-signed-certificate.version": cheCertSecretVersion,
"che.openshift-api-crt.version": openshiftCertSecretVersion,
},
},
Spec: appsv1.DeploymentSpec{
Selector: &metav1.LabelSelector{MatchLabels: labels},
......
......@@ -136,7 +136,7 @@ func GetDeleteOpenShiftIdentityProviderProvisionCommand(cr *orgv1.CheCluster, ke
script + " delete identity-provider/instances/" + providerName + " -r " + keycloakRealm
command = deleteOpenShiftIdentityProviderCommand
if cheFlavor == "che" {
command = "cd /scripts && " + deleteOpenShiftIdentityProviderCommand
command = "cd /scripts && export JAVA_TOOL_OPTIONS=-Duser.home=. && " + deleteOpenShiftIdentityProviderCommand
}
return command
}
......
......@@ -12,6 +12,7 @@
package util
import (
"errors"
"crypto/tls"
"encoding/json"
"github.com/sirupsen/logrus"
......@@ -154,6 +155,7 @@ func getClusterPublicHostnameForOpenshiftV4() (hostname string, err error) {
file, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")
if err != nil {
logrus.Errorf("Failed to locate token file: %s", err)
return "", err
}
token := string(file)
......@@ -166,6 +168,12 @@ func getClusterPublicHostnameForOpenshiftV4() (hostname string, err error) {
return "", err
}
defer resp.Body.Close()
if resp.StatusCode / 100 != 2 {
message := url + " - " + resp.Status
logrus.Errorf("An error occurred when getting API public hostname: %s", message)
return "", errors.New(message)
}
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
logrus.Errorf("An error occurred when getting API public hostname: %s", err)
......@@ -174,11 +182,16 @@ func getClusterPublicHostnameForOpenshiftV4() (hostname string, err error) {
var jsonData map[string]interface{}
err = json.Unmarshal(body, &jsonData)
if err != nil {
logrus.Errorf("An error occurred when unmarshalling: %s", err)
logrus.Errorf("An error occurred when unmarshalling while getting API public hostname: %s", err)
return "", err
}
spec := jsonData["status"].(map[string]interface{})
hostname = spec["apiServerURL"].(string)
switch status := jsonData["status"].(type) {
case map[string]interface{}:
hostname = status["apiServerURL"].(string)
default:
logrus.Errorf("An error occurred when unmarshalling while getting API public hostname: %s", body)
return "", errors.New(string(body))
}
return hostname, nil
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment