From 4adb80d197146834e5599087c970bfb31955294f Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 27 Jan 2026 12:30:17 +0100 Subject: [PATCH 1/7] feat: OpenShift external IDP Signed-off-by: Anatolii Bazko --- api/checluster_conversion_from_test.go | 6 +- api/checluster_conversion_to_test.go | 4 +- api/checluster_round_conversion_test.go | 4 +- api/init_test.go | 4 +- api/v1/checluster_conversion_from.go | 2 +- api/v1/checluster_conversion_to.go | 2 +- api/v2/checluster_types.go | 4 +- api/v2/checluster_types_test.go | 13 +- api/v2/checluster_webhook.go | 2 +- cmd/main.go | 52 +++---- controllers/che/checluster_controller.go | 5 +- controllers/che/checluster_validator.go | 2 +- controllers/che/init_test.go | 4 +- controllers/che/proxy.go | 2 +- .../devworkspace/solver/che_routing.go | 4 +- .../che_routing_external_tls_config_test.go | 4 +- .../devworkspace/solver/che_routing_test.go | 20 +-- controllers/devworkspace/solver/init_test.go | 4 +- controllers/namespacecache/init_test.go | 4 +- controllers/namespacecache/namespacecache.go | 2 +- .../namespacecache/namespacecache_test.go | 6 +- controllers/usernamespace/init_test.go | 4 +- .../usernamespace/usernamespace_controller.go | 2 +- .../usernamespace_controller_test.go | 10 +- controllers/workspaceconfig/init_test.go | 4 +- .../workspaces_config_controller.go | 2 +- pkg/common/chetypes/types.go | 6 - pkg/common/infrastructure/cluster.go | 145 ++++++++++++++++++ pkg/common/k8s-helper/k8s_helper.go | 1 - pkg/common/operator-defaults/defaults.go | 41 +++-- pkg/common/utils/utils.go | 23 --- pkg/deploy/consolelink/consolelink.go | 7 - pkg/deploy/consolelink/init_test.go | 4 +- .../container-capabilities/init_test.go | 4 +- pkg/deploy/dashboard/dashboard_test.go | 2 +- pkg/deploy/dashboard/deployment_dashboard.go | 3 +- pkg/deploy/dashboard/init_test.go | 4 +- pkg/deploy/dashboard/rbac.go | 12 -- pkg/deploy/deployment.go | 2 +- pkg/deploy/devfileregistry/init_test.go | 4 +- pkg/deploy/devworkspace/init_test.go | 4 +- pkg/deploy/editors-definitions/init_test.go | 4 +- pkg/deploy/expose/expose.go | 2 +- pkg/deploy/gateway/gateway.go | 35 +---- pkg/deploy/gateway/gateway_test.go | 4 +- pkg/deploy/gateway/init_test.go | 4 +- pkg/deploy/gateway/kube_rbac_proxy.go | 17 +- pkg/deploy/gateway/oauth_proxy.go | 48 +++--- pkg/deploy/gateway/oauth_proxy_test.go | 2 +- pkg/deploy/identity-provider/init_test.go | 4 +- pkg/deploy/image-puller/imagepuller.go | 5 +- pkg/deploy/image-puller/init_test.go | 4 +- pkg/deploy/init_test.go | 4 +- .../checluster-defaults-cleaner_test.go | 20 +-- .../checluster-defaults-cleanupfunc.go | 3 +- pkg/deploy/migration/init_test.go | 4 +- .../on-reconcile-one-time-migration.go | 8 +- pkg/deploy/pluginregistry/init_test.go | 4 +- pkg/deploy/rbac/init_test.go | 4 +- pkg/deploy/server/chehost_reconciler.go | 2 +- pkg/deploy/server/init_test.go | 4 +- pkg/deploy/server/rbac.go | 2 +- pkg/deploy/server/server_configmap.go | 2 + pkg/deploy/tls/certificates.go | 2 +- pkg/deploy/tls/init_test.go | 4 +- pkg/deploy/tls/tls_secret.go | 2 +- pkg/deploy/tls/tls_utils.go | 2 +- 67 files changed, 366 insertions(+), 264 deletions(-) create mode 100644 pkg/common/infrastructure/cluster.go diff --git a/api/checluster_conversion_from_test.go b/api/checluster_conversion_from_test.go index 90f1634c52..e0ed268f74 100644 --- a/api/checluster_conversion_from_test.go +++ b/api/checluster_conversion_from_test.go @@ -18,9 +18,9 @@ import ( "k8s.io/apimachinery/pkg/api/resource" devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev1 "github.com/eclipse-che/che-operator/api/v1" chev2 "github.com/eclipse-che/che-operator/api/v2" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -68,7 +68,7 @@ func TestConvertFromIngressOnK8s(t *testing.T) { } func TestConvertFromIngressOnOpenShift(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) checlusterv2 := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -523,7 +523,7 @@ func TestConvertFrom(t *testing.T) { } func TestShouldConvertFromWhenOnlyMemoryResourceSpecified(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) memoryRequest := resource.MustParse("128Mi") memoryLimit := resource.MustParse("228Mi") diff --git a/api/checluster_conversion_to_test.go b/api/checluster_conversion_to_test.go index 62a9978152..9f043c721a 100644 --- a/api/checluster_conversion_to_test.go +++ b/api/checluster_conversion_to_test.go @@ -19,10 +19,10 @@ import ( "k8s.io/utils/pointer" devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev1 "github.com/eclipse-che/che-operator/api/v1" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" @@ -38,7 +38,7 @@ func TestConvertToEmptyCheCluster(t *testing.T) { } func TestConvertToIngressOnOpenShift(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) checlusterv1 := &chev1.CheCluster{ ObjectMeta: metav1.ObjectMeta{ diff --git a/api/checluster_round_conversion_test.go b/api/checluster_round_conversion_test.go index 0056d8681b..cd2883215c 100644 --- a/api/checluster_round_conversion_test.go +++ b/api/checluster_round_conversion_test.go @@ -15,7 +15,7 @@ package org import ( "testing" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" @@ -325,6 +325,6 @@ func onKubernetes(f func()) { } func onOpenShift(f func()) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) f() } diff --git a/api/init_test.go b/api/init_test.go index bde524f915..45d52a8bd9 100644 --- a/api/init_test.go +++ b/api/init_test.go @@ -13,7 +13,7 @@ package org import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../config/manager/manager.yaml") } diff --git a/api/v1/checluster_conversion_from.go b/api/v1/checluster_conversion_from.go index 753e4c86cc..991824534e 100644 --- a/api/v1/checluster_conversion_from.go +++ b/api/v1/checluster_conversion_from.go @@ -21,9 +21,9 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/conversion" diff --git a/api/v1/checluster_conversion_to.go b/api/v1/checluster_conversion_to.go index 5273f983d8..ff596ccd81 100644 --- a/api/v1/checluster_conversion_to.go +++ b/api/v1/checluster_conversion_to.go @@ -23,9 +23,9 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/utils" ctrl "sigs.k8s.io/controller-runtime" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" corev1 "k8s.io/api/core/v1" diff --git a/api/v2/checluster_types.go b/api/v2/checluster_types.go index 2a0cf3063c..625fdb35c4 100644 --- a/api/v2/checluster_types.go +++ b/api/v2/checluster_types.go @@ -19,13 +19,13 @@ import ( "strconv" "strings" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/utils/pointer" ctrl "sigs.k8s.io/controller-runtime" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/constants" controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1" @@ -1098,7 +1098,7 @@ func (c *CheCluster) GetIdentityToken() string { return c.Spec.Networking.Auth.IdentityToken } - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { return constants.AccessToken } return constants.IdToken diff --git a/api/v2/checluster_types_test.go b/api/v2/checluster_types_test.go index 72e1802292..16f2dd2d66 100644 --- a/api/v2/checluster_types_test.go +++ b/api/v2/checluster_types_test.go @@ -16,11 +16,11 @@ import ( "reflect" "testing" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/stretchr/testify/assert" ) -func TestIsAccesTokenConfigured(t *testing.T) { +func TestIsAccessTokenConfigured(t *testing.T) { t.Run("TestIsAccesTokenConfigured when access_token defined", func(t *testing.T) { cheCluster := &CheCluster{ Spec: CheClusterSpec{ @@ -98,7 +98,7 @@ func TestGetIdentityToken(t *testing.T) { }, }}, } - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) assert.Equal(t, "access_token", cheCluster.GetIdentityToken(), "'access_token' should be used") @@ -113,7 +113,7 @@ func TestGetIdentityToken(t *testing.T) { }, }}, } - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) assert.Equal(t, "id_token", cheCluster.GetIdentityToken(), "'id_token' should be used") @@ -126,7 +126,7 @@ func TestGetIdentityToken(t *testing.T) { Auth: Auth{}, }}, } - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) assert.Equal(t, "access_token", cheCluster.GetIdentityToken(), "'access_token' should be used") @@ -141,9 +141,8 @@ func TestGetDefaultIdentityToken(t *testing.T) { infrastructure infrastructure.Type identityToken string }{ - {infrastructure.OpenShiftv4, "access_token"}, + {infrastructure.OpenShiftV4, "access_token"}, {infrastructure.Kubernetes, "id_token"}, - {infrastructure.Unsupported, "id_token"}, } for _, test := range tests { infrastructure.InitializeForTesting(test.infrastructure) diff --git a/api/v2/checluster_webhook.go b/api/v2/checluster_webhook.go index 52c7e12d56..993bb691eb 100644 --- a/api/v2/checluster_webhook.go +++ b/api/v2/checluster_webhook.go @@ -22,7 +22,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/utils/pointer" "github.com/eclipse-che/che-operator/pkg/common/constants" diff --git a/cmd/main.go b/cmd/main.go index d92b90c312..85625741d1 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -17,6 +17,9 @@ import ( "os" "time" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" + oauthv1 "github.com/openshift/api/oauth/v1" + userv1 "github.com/openshift/api/user/v1" "sigs.k8s.io/controller-runtime/pkg/webhook" "github.com/eclipse-che/che-operator/controllers/namespacecache" @@ -33,8 +36,6 @@ import ( securityv1 "github.com/openshift/api/security/v1" dwoApi "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" - devworkspaceinfra "github.com/devfile/devworkspace-operator/pkg/infrastructure" "go.uber.org/zap/zapcore" "github.com/eclipse-che/che-operator/pkg/common/constants" @@ -62,11 +63,9 @@ import ( "github.com/go-logr/logr" configv1 "github.com/openshift/api/config/v1" consolev1 "github.com/openshift/api/console/v1" - oauthv1 "github.com/openshift/api/oauth/v1" templatev1 "github.com/openshift/api/template/v1" checontroller "github.com/eclipse-che/che-operator/controllers/che" - "github.com/eclipse-che/che-operator/pkg/common/utils" admissionregistrationv1 "k8s.io/api/admissionregistration/v1" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -79,7 +78,6 @@ import ( imagepullerapi "github.com/che-incubator/kubernetes-image-puller-operator/api/v1alpha1" projectv1 "github.com/openshift/api/project/v1" routev1 "github.com/openshift/api/route/v1" - userv1 "github.com/openshift/api/user/v1" appsv1 "k8s.io/api/apps/v1" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" @@ -101,10 +99,6 @@ var ( renewDeadline = 30 * time.Second ) -const ( - leasesApiResourceName = "leases" -) - func init() { flag.StringVar(&metricsAddr, "metrics-bind-address", ":60000", "The address the metric endpoint binds to.") flag.StringVar(&probeAddr, "health-probe-bind-address", ":6789", "The address the probe endpoint binds to.") @@ -122,11 +116,6 @@ func init() { logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) - if err := infrastructure.Initialize(); err != nil { - logger.Error(err, "Unable determine installation platform") - os.Exit(1) - } - defaults.Initialize() printVersion(logger) @@ -145,15 +134,20 @@ func init() { utilruntime.Must(corev1.AddToScheme(scheme)) if infrastructure.IsOpenShift() { - utilruntime.Must(routev1.AddToScheme(scheme)) - utilruntime.Must(oauthv1.AddToScheme(scheme)) - utilruntime.Must(userv1.AddToScheme(scheme)) - utilruntime.Must(configv1.AddToScheme(scheme)) - utilruntime.Must(consolev1.AddToScheme(scheme)) - utilruntime.Must(projectv1.AddToScheme(scheme)) + utilruntime.Must(routev1.Install(scheme)) + utilruntime.Must(configv1.Install(scheme)) + utilruntime.Must(consolev1.Install(scheme)) + utilruntime.Must(projectv1.Install(scheme)) utilruntime.Must(securityv1.Install(scheme)) utilruntime.Must(templatev1.Install(scheme)) } + + // User and OAuthClient API are disabled in case of external IDP + // Check API before adding to the scheme + if infrastructure.IsOpenShiftOAuthEnabled() { + utilruntime.Must(userv1.Install(scheme)) + utilruntime.Must(oauthv1.Install(scheme)) + } } func getLogLevel() zapcore.Level { @@ -181,7 +175,7 @@ func printVersion(logger logr.Logger) { infra := "Kubernetes" if infrastructure.IsOpenShift() { - infra = "OpenShift v4.x" + infra = "OpenShift" } logger.Info("Operator is running on ", "Infrastructure", infra) } @@ -216,8 +210,8 @@ func main() { os.Exit(1) } - if !utils.IsK8SResourceServed(discoveryClient, leasesApiResourceName) { - setupLog.Info("Leader election was disabled", "Cause:", leasesApiResourceName+"k8s api resource is an absent.") + if !infrastructure.IsLeaderElectionEnabled() { + setupLog.Info("Leader election disabled") enableLeaderElection = false } @@ -227,13 +221,6 @@ func main() { os.Exit(1) } - // DWO use the infrastructure package for openshift detection. It needs to be initialized - // but only supports OpenShift v4 or Kubernetes. - if err := devworkspaceinfra.Initialize(); err != nil { - setupLog.Error(err, "failed to evaluate infrastructure which is needed for DevWorkspace support") - os.Exit(1) - } - cacheFunction, err := getCacheFunc() if err != nil { setupLog.Error(err, "failed to create cache function") @@ -394,11 +381,14 @@ func getCacheFunc() (cache.NewCacheFunc, error) { } if infrastructure.IsOpenShift() { - selectors[&oauthv1.OAuthClient{}] = cache.ByObject{Label: partOfCheObjectSelector} selectors[&routev1.Route{}] = cache.ByObject{Label: partOfCheObjectSelector} selectors[&templatev1.Template{}] = cache.ByObject{Label: partOfCheObjectSelector} } + if infrastructure.IsOpenShiftOAuthEnabled() { + selectors[&oauthv1.OAuthClient{}] = cache.ByObject{Label: partOfCheObjectSelector} + } + return func(config *rest.Config, opts cache.Options) (cache.Cache, error) { opts.ByObject = selectors return cache.New(config, opts) diff --git a/controllers/che/checluster_controller.go b/controllers/che/checluster_controller.go index 36db12ae5a..d3a8f40262 100644 --- a/controllers/che/checluster_controller.go +++ b/controllers/che/checluster_controller.go @@ -19,7 +19,6 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/constants" k8sclient "github.com/eclipse-che/che-operator/pkg/common/k8s-client" "github.com/eclipse-che/che-operator/pkg/common/reconciler" - "github.com/eclipse-che/che-operator/pkg/deploy/devworkspace" "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -29,9 +28,9 @@ import ( editorsdefinitions "github.com/eclipse-che/che-operator/pkg/deploy/editors-definitions" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/test" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/consolelink" @@ -110,7 +109,7 @@ func NewReconciler( reconcilerManager.AddReconciler(server.NewCheHostReconciler()) reconcilerManager.AddReconciler(server.NewBaseDomainReconciler()) reconcilerManager.AddReconciler(postgres.NewPostgresReconciler()) - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { reconcilerManager.AddReconciler(identityprovider.NewIdentityProviderReconciler()) } reconcilerManager.AddReconciler(devfileregistry.NewDevfileRegistryReconciler()) diff --git a/controllers/che/checluster_validator.go b/controllers/che/checluster_validator.go index dc79c9e598..9ff1c8f778 100644 --- a/controllers/che/checluster_validator.go +++ b/controllers/che/checluster_validator.go @@ -15,8 +15,8 @@ package che import ( "fmt" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) diff --git a/controllers/che/init_test.go b/controllers/che/init_test.go index 2331220e68..2e5795b345 100644 --- a/controllers/che/init_test.go +++ b/controllers/che/init_test.go @@ -13,7 +13,7 @@ package che import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/che/proxy.go b/controllers/che/proxy.go index 264cfaa442..1a42d4bd6f 100644 --- a/controllers/che/proxy.go +++ b/controllers/che/proxy.go @@ -15,8 +15,8 @@ package che import ( "os" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy" configv1 "github.com/openshift/api/config/v1" ) diff --git a/controllers/devworkspace/solver/che_routing.go b/controllers/devworkspace/solver/che_routing.go index b2ea6d01be..552120ec11 100644 --- a/controllers/devworkspace/solver/che_routing.go +++ b/controllers/devworkspace/solver/che_routing.go @@ -35,9 +35,9 @@ import ( "github.com/devfile/devworkspace-operator/controllers/controller/devworkspacerouting/solvers" "github.com/devfile/devworkspace-operator/pkg/common" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" dwdefaults "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routeV1 "github.com/openshift/api/route/v1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" @@ -660,7 +660,7 @@ func routeForHealthzEndpoint(cfg *gateway.TraefikConfig, dwId string, endpoints for _, e := range endpoints { if e.Attributes.GetString(string(dwo.TypeEndpointAttribute), nil) == string(dwo.MainEndpointType) { middlewares := []string{dwId + gateway.StripPrefixMiddlewareSuffix} - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { middlewares = append(middlewares, dwId+gateway.HeaderRewriteMiddlewareSuffix) } routeName, endpointPath := endpointStrategy.getEndpointPath(&e, componentName) diff --git a/controllers/devworkspace/solver/che_routing_external_tls_config_test.go b/controllers/devworkspace/solver/che_routing_external_tls_config_test.go index 9befc629c7..fba628e7c6 100644 --- a/controllers/devworkspace/solver/che_routing_external_tls_config_test.go +++ b/controllers/devworkspace/solver/che_routing_external_tls_config_test.go @@ -15,8 +15,8 @@ package solver import ( "testing" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routev1 "github.com/openshift/api/route/v1" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" @@ -98,7 +98,7 @@ func TestExternalTLSConfigForIngresses(t *testing.T) { } func TestExternalTLSConfigForRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ diff --git a/controllers/devworkspace/solver/che_routing_test.go b/controllers/devworkspace/solver/che_routing_test.go index 9e74926bd8..bf080369a0 100644 --- a/controllers/devworkspace/solver/che_routing_test.go +++ b/controllers/devworkspace/solver/che_routing_test.go @@ -25,9 +25,9 @@ import ( dwCommon "github.com/devfile/devworkspace-operator/pkg/common" dwConstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy/gateway" corev1 "k8s.io/api/core/v1" apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -613,7 +613,7 @@ func TestCreateRelocatedObjectsK8SLegacy(t *testing.T) { } func TestCreateRelocatedObjectsOpenshift(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) cl, _, objs := getSpecObjects(t, relocatableDevWorkspaceRouting()) @@ -717,7 +717,7 @@ func TestCreateRelocatedObjectsOpenshift(t *testing.T) { } func TestCreateRelocatedObjectsOpenshiftLegacy(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) cl, _, objs := getSpecObjectsForManager(t, &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -826,7 +826,7 @@ func TestCreateRelocatedObjectsOpenshiftLegacy(t *testing.T) { func TestUniqueMainEndpoint(t *testing.T) { wsid := "wsid123" - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) cl, _, _ := getSpecObjects(t, &dwo.DevWorkspaceRouting{ ObjectMeta: metav1.ObjectMeta{ Name: "routing", @@ -909,7 +909,7 @@ func TestUniqueMainEndpoint(t *testing.T) { func TestUniqueMainEndpointLegacy(t *testing.T) { wsid := "wsid123" - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) routing := &dwo.DevWorkspaceRouting{ ObjectMeta: metav1.ObjectMeta{ @@ -1056,7 +1056,7 @@ func TestCreateSubDomainObjects(t *testing.T) { }) t.Run("expectedRoutes", func(t *testing.T) { - objs := testCommon(infrastructure.OpenShiftv4) + objs := testCommon(infrastructure.OpenShiftV4) if len(objs.Routes) != 3 { t.Error("Expected 3 Routes, found ", len(objs.Routes)) } @@ -1130,7 +1130,7 @@ func TestCreateSubDomainObjectsLegacy(t *testing.T) { }) t.Run("expectedRoutes", func(t *testing.T) { - objs := testCommon(infrastructure.OpenShiftv4) + objs := testCommon(infrastructure.OpenShiftV4) if len(objs.Routes) != 3 { t.Error("Expected 3 Routes, found ", len(objs.Routes)) } @@ -1815,7 +1815,7 @@ func TestUsesEndpointAnnotationsForWorkspaceEndpointIngresses(t *testing.T) { } func TestUsesEndpointAnnotationsForWorkspaceEndpointRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -1858,7 +1858,7 @@ func TestUsesEndpointAnnotationsForWorkspaceEndpointRoutes(t *testing.T) { } func TestUsesEndpointServiceWithDiscoverableAttributeSetRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ @@ -2035,7 +2035,7 @@ func TestUsesCustomCertificateForWorkspaceEndpointIngresses(t *testing.T) { } func TestUsesCustomCertificateForWorkspaceEndpointRoutes(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) mgr := &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ diff --git a/controllers/devworkspace/solver/init_test.go b/controllers/devworkspace/solver/init_test.go index 73e1d967f8..8ca9e97ed7 100644 --- a/controllers/devworkspace/solver/init_test.go +++ b/controllers/devworkspace/solver/init_test.go @@ -13,7 +13,7 @@ package solver import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/controllers/namespacecache/init_test.go b/controllers/namespacecache/init_test.go index 11e61f3018..1e8ee0c1a2 100644 --- a/controllers/namespacecache/init_test.go +++ b/controllers/namespacecache/init_test.go @@ -13,7 +13,7 @@ package namespacecache import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/namespacecache/namespacecache.go b/controllers/namespacecache/namespacecache.go index c689c93bc9..5a86256d09 100644 --- a/controllers/namespacecache/namespacecache.go +++ b/controllers/namespacecache/namespacecache.go @@ -16,7 +16,7 @@ import ( "context" "sync" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" projectv1 "github.com/openshift/api/project/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" diff --git a/controllers/namespacecache/namespacecache_test.go b/controllers/namespacecache/namespacecache_test.go index 078f0bf6ca..aa8269c166 100644 --- a/controllers/namespacecache/namespacecache_test.go +++ b/controllers/namespacecache/namespacecache_test.go @@ -19,7 +19,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/test" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/stretchr/testify/assert" projectv1 "github.com/openshift/api/project/v1" @@ -53,7 +53,7 @@ func TestGetNamespaceInfoReadsFromCache(t *testing.T) { }, }) - test(infrastructure.OpenShiftv4, &projectv1.Project{ + test(infrastructure.OpenShiftV4, &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", }, @@ -113,7 +113,7 @@ func TestExamineUpdatesCache(t *testing.T) { }, }) - test(infrastructure.OpenShiftv4, &projectv1.Project{ + test(infrastructure.OpenShiftV4, &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", }, diff --git a/controllers/usernamespace/init_test.go b/controllers/usernamespace/init_test.go index b77fdf77ee..6e5d662fb3 100644 --- a/controllers/usernamespace/init_test.go +++ b/controllers/usernamespace/init_test.go @@ -13,7 +13,7 @@ package usernamespace import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/usernamespace/usernamespace_controller.go b/controllers/usernamespace/usernamespace_controller.go index 4e08ef1d95..e662f830af 100644 --- a/controllers/usernamespace/usernamespace_controller.go +++ b/controllers/usernamespace/usernamespace_controller.go @@ -34,10 +34,10 @@ import ( "github.com/eclipse-che/che-operator/pkg/deploy/tls" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/controllers/che" "github.com/eclipse-che/che-operator/controllers/devworkspace/defaults" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy" projectv1 "github.com/openshift/api/project/v1" "github.com/sirupsen/logrus" diff --git a/controllers/usernamespace/usernamespace_controller_test.go b/controllers/usernamespace/usernamespace_controller_test.go index 5ddd7de2f2..cf6f94c9f3 100644 --- a/controllers/usernamespace/usernamespace_controller_test.go +++ b/controllers/usernamespace/usernamespace_controller_test.go @@ -27,9 +27,9 @@ import ( rbacv1 "k8s.io/api/rbac/v1" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/deploy/tls" configv1 "github.com/openshift/api/config/v1" projectv1 "github.com/openshift/api/project/v1" @@ -211,7 +211,7 @@ func TestSkipsUnlabeledNamespaces(t *testing.T) { }) t.Run("openshift", func(t *testing.T) { - test(t, infrastructure.OpenShiftv4, &projectv1.Project{ + test(t, infrastructure.OpenShiftV4, &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", }, @@ -307,7 +307,7 @@ func TestCreatesDataInNamespace(t *testing.T) { }) t.Run("openshift", func(t *testing.T) { - test(t, infrastructure.OpenShiftv4, + test(t, infrastructure.OpenShiftV4, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: "prj", @@ -338,7 +338,7 @@ func TestCreatesDataInNamespace(t *testing.T) { } func TestUpdateSccClusterRoleBinding(t *testing.T) { - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) pr1 := &projectv1.Project{ ObjectMeta: metav1.ObjectMeta{ @@ -390,7 +390,7 @@ func TestUpdateSccClusterRoleBinding(t *testing.T) { } allObjs := []client.Object{ns1, pr1, cheCluster} - _, cl, usernamespaceReconciler := setup(infrastructure.OpenShiftv4, allObjs...) + _, cl, usernamespaceReconciler := setup(infrastructure.OpenShiftV4, allObjs...) _, err := usernamespaceReconciler.Reconcile(context.TODO(), reconcile.Request{NamespacedName: types.NamespacedName{Name: ns1.GetName()}}) assert.Nil(t, err) diff --git a/controllers/workspaceconfig/init_test.go b/controllers/workspaceconfig/init_test.go index 26613fb7e1..6b935cc230 100644 --- a/controllers/workspaceconfig/init_test.go +++ b/controllers/workspaceconfig/init_test.go @@ -13,7 +13,7 @@ package workspace_config import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/controllers/workspaceconfig/workspaces_config_controller.go b/controllers/workspaceconfig/workspaces_config_controller.go index 1f5854fe98..05495d8de2 100644 --- a/controllers/workspaceconfig/workspaces_config_controller.go +++ b/controllers/workspaceconfig/workspaces_config_controller.go @@ -29,8 +29,8 @@ import ( rbacv1 "k8s.io/api/rbac/v1" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" templatev1 "github.com/openshift/api/template/v1" diff --git a/pkg/common/chetypes/types.go b/pkg/common/chetypes/types.go index 28e5c18ca9..695860c519 100644 --- a/pkg/common/chetypes/types.go +++ b/pkg/common/chetypes/types.go @@ -20,12 +20,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ) -type ProvisioningStatus struct { - Continue bool - Requeue bool - Err error -} - type DeployContext struct { CheCluster *chev2.CheCluster ClusterAPI ClusterAPI diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go new file mode 100644 index 0000000000..491c6ea1e9 --- /dev/null +++ b/pkg/common/infrastructure/cluster.go @@ -0,0 +1,145 @@ +// +// Copyright (c) 2019-2026 Red Hat, Inc. +// This program and the accompanying materials are made +// available under the terms of the Eclipse Public License 2.0 +// which is available at https://www.eclipse.org/legal/epl-2.0/ +// +// SPDX-License-Identifier: EPL-2.0 +// +// Contributors: +// Red Hat, Inc. - initial API and implementation +// + +package infrastructure + +import ( + "os" + "strings" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/discovery" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client/config" +) + +type Type int + +const ( + Unknown Type = iota + Kubernetes + OpenShiftV4 + OpenShiftV5 + + LeasesResources = "leases" + OAuthClientsResources = "oauthclients" + KubernetesImagePullerResources = "kubernetesimagepullers" +) + +var ( + infrastructure = Unknown + + isOpenShiftOAuthEnabled bool + isLeaderElectionEnabled bool + isKubernetesImagePullerEnabled bool + + logger = ctrl.Log.WithName("infrastructure") +) + +func GetOperatorNamespace() (string, error) { + nsBytes, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace") + if err != nil { + return "", err + } + + ns := strings.TrimSpace(string(nsBytes)) + return ns, nil +} + +func IsOpenShift() bool { + initializeIfNeeded() + return infrastructure == OpenShiftV4 || infrastructure == OpenShiftV5 +} + +func IsOpenShiftOAuthEnabled() bool { + initializeIfNeeded() + return isOpenShiftOAuthEnabled +} + +func IsLeaderElectionEnabled() bool { + initializeIfNeeded() + return isLeaderElectionEnabled +} + +func IsKubernetesImagePullerEnabled() bool { + initializeIfNeeded() + return isKubernetesImagePullerEnabled +} + +func InitializeForTesting(desiredInfrastructure Type) { + infrastructure = desiredInfrastructure + if infrastructure == OpenShiftV4 { + isOpenShiftOAuthEnabled = true + } else { + isOpenShiftOAuthEnabled = false + } + + isKubernetesImagePullerEnabled = true + isLeaderElectionEnabled = true +} + +func initializeIfNeeded() { + if infrastructure != Unknown { + return + } + + kubeCfg, err := config.GetConfig() + if err != nil { + logger.Error(err, "Failed to get kubeconfig") + os.Exit(1) + } + + discoveryClient, err := discovery.NewDiscoveryClientForConfig(kubeCfg) + if err != nil { + logger.Error(err, "Failed to create discovery client") + os.Exit(1) + } + + apiGroups, apiResources, err := discoveryClient.ServerGroupsAndResources() + if err != nil { + logger.Error(err, "Failed to get API Groups and Resources") + os.Exit(1) + } + + if hasAPIGroup(apiGroups, "route.openshift.io") { + infrastructure = Kubernetes + isOpenShiftOAuthEnabled = false + } else { + infrastructure = OpenShiftV4 + isOpenShiftOAuthEnabled = hasAPIResource(apiResources, OAuthClientsResources) + } + + isLeaderElectionEnabled = hasAPIResource(apiResources, LeasesResources) + isKubernetesImagePullerEnabled = hasAPIResource(apiResources, KubernetesImagePullerResources) +} + +func hasAPIGroup(source []*metav1.APIGroup, apiName string) bool { + for i := 0; i < len(source); i++ { + if source[i].Name == apiName { + return true + } + } + + return false +} + +func hasAPIResource(resources []*metav1.APIResourceList, resourceName string) bool { + for _, resource := range resources { + for _, r := range resource.APIResources { + if r.Name == resourceName { + return true + } + } + } + + return false +} diff --git a/pkg/common/k8s-helper/k8s_helper.go b/pkg/common/k8s-helper/k8s_helper.go index d7f0f4178b..4d8e98bee9 100644 --- a/pkg/common/k8s-helper/k8s_helper.go +++ b/pkg/common/k8s-helper/k8s_helper.go @@ -17,7 +17,6 @@ import ( "os" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" diff --git a/pkg/common/operator-defaults/defaults.go b/pkg/common/operator-defaults/defaults.go index b5726b6494..7c7d6b6412 100644 --- a/pkg/common/operator-defaults/defaults.go +++ b/pkg/common/operator-defaults/defaults.go @@ -17,10 +17,10 @@ import ( "os" "strings" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" util "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/sirupsen/logrus" appsv1 "k8s.io/api/apps/v1" @@ -35,8 +35,10 @@ var ( defaultCheTLSSecretsCreationJobImage string defaultSingleHostGatewayImage string defaultSingleHostGatewayConfigSidecarImage string - defaultGatewayAuthenticationSidecarImage string - defaultGatewayAuthorizationSidecarImage string + defaultGatewayKubernetesAuthenticationSidecarImage string + defaultGatewayKubernetesAuthorizationSidecarImage string + defaultGatewayOpenShiftAuthenticationSidecarImage string + defaultGatewayOpenShiftAuthorizationSidecarImage string defaultConsoleLinkName string defaultConsoleLinkDisplayName string defaultConsoleLinkSection string @@ -90,14 +92,15 @@ func Initialize() { defaultPluginRegistryImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_plugin_registry")) defaultSingleHostGatewayImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_single_host_gateway")) defaultSingleHostGatewayConfigSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_single_host_gateway_config_sidecar")) - defaultGatewayAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar")) - defaultGatewayAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar")) + + defaultGatewayOpenShiftAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar")) + defaultGatewayOpenShiftAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar")) + defaultGatewayKubernetesAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar_k8s")) + defaultGatewayKubernetesAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar_k8s")) // Don't get some k8s specific env if !infrastructure.IsOpenShift() { defaultCheTLSSecretsCreationJobImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_che_tls_secrets_creation_job")) - defaultGatewayAuthenticationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authentication_sidecar_k8s")) - defaultGatewayAuthorizationSidecarImage = ensureEnv(util.GetArchitectureDependentEnvName("RELATED_IMAGE_gateway_authorization_sidecar_k8s")) } initialized = true @@ -168,20 +171,36 @@ func GetGatewayConfigSidecarImage(checluster interface{}) string { return PatchDefaultImageName(checluster, defaultSingleHostGatewayConfigSidecarImage) } -func GetGatewayAuthenticationSidecarImage(checluster interface{}) string { +func GetGatewayKubernetesAuthenticationSidecarImage(checluster interface{}) string { + if !initialized { + logrus.Fatalf("Operator defaults are not initialized.") + } + + return PatchDefaultImageName(checluster, defaultGatewayKubernetesAuthenticationSidecarImage) +} + +func GetGatewayKubernetesAuthorizationSidecarImage(checluster interface{}) string { + if !initialized { + logrus.Fatalf("Operator defaults are not initialized.") + } + + return PatchDefaultImageName(checluster, defaultGatewayKubernetesAuthorizationSidecarImage) +} + +func GetGatewayOpenShiftAuthenticationSidecarImage(checluster interface{}) string { if !initialized { logrus.Fatalf("Operator defaults are not initialized.") } - return PatchDefaultImageName(checluster, defaultGatewayAuthenticationSidecarImage) + return PatchDefaultImageName(checluster, defaultGatewayOpenShiftAuthenticationSidecarImage) } -func GetGatewayAuthorizationSidecarImage(checluster interface{}) string { +func GetGatewayOpenShiftAuthorizationSidecarImage(checluster interface{}) string { if !initialized { logrus.Fatalf("Operator defaults are not initialized.") } - return PatchDefaultImageName(checluster, defaultGatewayAuthorizationSidecarImage) + return PatchDefaultImageName(checluster, defaultGatewayOpenShiftAuthorizationSidecarImage) } func GetCheFlavor() string { diff --git a/pkg/common/utils/utils.go b/pkg/common/utils/utils.go index f4264e53ce..5367b0ea8c 100644 --- a/pkg/common/utils/utils.go +++ b/pkg/common/utils/utils.go @@ -22,8 +22,6 @@ import ( "k8s.io/apimachinery/pkg/labels" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/discovery" "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/yaml" @@ -61,27 +59,6 @@ func GeneratePassword(stringLength int) (passwd string) { return passwd } -func IsK8SResourceServed(discoveryClient discovery.DiscoveryInterface, resourceName string) bool { - _, resourceList, err := discoveryClient.ServerGroupsAndResources() - if err != nil { - return false - } - - return hasAPIResourceNameInList(resourceName, resourceList) -} - -func hasAPIResourceNameInList(name string, resources []*metav1.APIResourceList) bool { - for _, l := range resources { - for _, r := range l.APIResources { - if r.Name == name { - return true - } - } - } - - return false -} - func GetValue(value string, defaultValue string) string { if value == "" { value = defaultValue diff --git a/pkg/deploy/consolelink/consolelink.go b/pkg/deploy/consolelink/consolelink.go index 0403274bc1..145cea9058 100644 --- a/pkg/deploy/consolelink/consolelink.go +++ b/pkg/deploy/consolelink/consolelink.go @@ -19,7 +19,6 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/reconciler" - "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" @@ -32,7 +31,6 @@ import ( const ( ConsoleLinkFinalizerName = "consolelink.finalizers.che.eclipse.org" - ConsoleLinksResourceName = "consolelinks" ) var consoleLinkDiffOpts = cmp.Options{ @@ -48,11 +46,6 @@ func NewConsoleLinkReconciler() *ConsoleLinkReconciler { } func (c *ConsoleLinkReconciler) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, bool, error) { - if !utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, ConsoleLinksResourceName) { - logrus.Debug("Console link won't be created. ConsoleLinks is not supported by kubernetes cluster.") - return reconcile.Result{}, true, nil - } - done, err := c.syncConsoleLink(ctx) if !done { return reconcile.Result{RequeueAfter: time.Second}, false, err diff --git a/pkg/deploy/consolelink/init_test.go b/pkg/deploy/consolelink/init_test.go index 6e2a817166..0413d58f97 100644 --- a/pkg/deploy/consolelink/init_test.go +++ b/pkg/deploy/consolelink/init_test.go @@ -13,7 +13,7 @@ package consolelink import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/container-capabilities/init_test.go b/pkg/deploy/container-capabilities/init_test.go index 4afcee3d44..e0807cc7b8 100644 --- a/pkg/deploy/container-capabilities/init_test.go +++ b/pkg/deploy/container-capabilities/init_test.go @@ -13,7 +13,7 @@ package containercapabilities import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/dashboard/dashboard_test.go b/pkg/deploy/dashboard/dashboard_test.go index 296ef26602..feea6e0d73 100644 --- a/pkg/deploy/dashboard/dashboard_test.go +++ b/pkg/deploy/dashboard/dashboard_test.go @@ -13,7 +13,7 @@ package dashboard import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/stretchr/testify/assert" diff --git a/pkg/deploy/dashboard/deployment_dashboard.go b/pkg/deploy/dashboard/deployment_dashboard.go index b97e677b9a..7da8b0fb34 100644 --- a/pkg/deploy/dashboard/deployment_dashboard.go +++ b/pkg/deploy/dashboard/deployment_dashboard.go @@ -18,6 +18,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" @@ -121,7 +122,7 @@ func (d *DashboardReconciler) getDashboardDeploymentSpec(ctx *chetypes.DeployCon // Mount CheCluster default values envVars = append(envVars, utils.GetEnvsByRegExp("^CHE_DEFAULT_SPEC.*")...) - if utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, ConsoleLinksResourceName) { + if infrastructure.IsOpenShift() { envVars = append(envVars, corev1.EnvVar{ Name: "OPENSHIFT_CONSOLE_URL", diff --git a/pkg/deploy/dashboard/init_test.go b/pkg/deploy/dashboard/init_test.go index 54b8cf2297..019199e273 100644 --- a/pkg/deploy/dashboard/init_test.go +++ b/pkg/deploy/dashboard/init_test.go @@ -13,7 +13,7 @@ package dashboard import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/dashboard/rbac.go b/pkg/deploy/dashboard/rbac.go index 023750b108..91a7549e2d 100644 --- a/pkg/deploy/dashboard/rbac.go +++ b/pkg/deploy/dashboard/rbac.go @@ -15,7 +15,6 @@ package dashboard import ( "fmt" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" rbacv1 "k8s.io/api/rbac/v1" ) @@ -60,17 +59,6 @@ func GetPrivilegedPoliciesRulesForKubernetes() []rbacv1.PolicyRule { }, } - if !infrastructure.IsOpenShift() { - rules = append(rules, - // on Kubernetes, Dashboard stores user preferences in secrets with SA - // until native auth is not implemented there as well - rbacv1.PolicyRule{ - APIGroups: []string{""}, - Resources: []string{"secrets"}, - Verbs: []string{"get", "create", "update", "list"}, - }) - } - return rules } diff --git a/pkg/deploy/deployment.go b/pkg/deploy/deployment.go index ec1863b79b..a6585f4984 100644 --- a/pkg/deploy/deployment.go +++ b/pkg/deploy/deployment.go @@ -26,10 +26,10 @@ import ( "k8s.io/utils/pointer" "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/google/go-cmp/cmp" diff --git a/pkg/deploy/devfileregistry/init_test.go b/pkg/deploy/devfileregistry/init_test.go index 198a4ad18b..e7d46e3a25 100644 --- a/pkg/deploy/devfileregistry/init_test.go +++ b/pkg/deploy/devfileregistry/init_test.go @@ -13,7 +13,7 @@ package devfileregistry import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/devworkspace/init_test.go b/pkg/deploy/devworkspace/init_test.go index 47f54a9aab..7f0a832ff7 100644 --- a/pkg/deploy/devworkspace/init_test.go +++ b/pkg/deploy/devworkspace/init_test.go @@ -13,7 +13,7 @@ package devworkspace import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/editors-definitions/init_test.go b/pkg/deploy/editors-definitions/init_test.go index 94526d0f00..3f5305f0cc 100644 --- a/pkg/deploy/editors-definitions/init_test.go +++ b/pkg/deploy/editors-definitions/init_test.go @@ -13,7 +13,7 @@ package editorsdefinitions import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,7 +21,7 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") editorsDefinitionsDir = "./test-editors-definitions" diff --git a/pkg/deploy/expose/expose.go b/pkg/deploy/expose/expose.go index 9149a20c78..859bd166fc 100644 --- a/pkg/deploy/expose/expose.go +++ b/pkg/deploy/expose/expose.go @@ -17,7 +17,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/diffs" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" routev1 "github.com/openshift/api/route/v1" "github.com/eclipse-che/che-operator/pkg/common/chetypes" diff --git a/pkg/deploy/gateway/gateway.go b/pkg/deploy/gateway/gateway.go index e00df11811..60c99186e1 100644 --- a/pkg/deploy/gateway/gateway.go +++ b/pkg/deploy/gateway/gateway.go @@ -13,17 +13,16 @@ package gateway import ( - "context" "encoding/base64" "fmt" "io/ioutil" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "k8s.io/apimachinery/pkg/api/resource" "sigs.k8s.io/yaml" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/sirupsen/logrus" "github.com/eclipse-che/che-operator/pkg/common/chetypes" @@ -38,12 +37,10 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" rbac "k8s.io/api/rbac/v1" - "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) @@ -209,31 +206,6 @@ func generateOauthSecretSpec(deployContext *chetypes.DeployContext) *corev1.Secr } } -func delete(clusterAPI chetypes.ClusterAPI, obj metav1.Object) error { - key := client.ObjectKey{Name: obj.GetName(), Namespace: obj.GetNamespace()} - ro := obj.(client.Object) - if getErr := clusterAPI.Client.Get(context.TODO(), key, ro); getErr == nil { - if err := clusterAPI.Client.Delete(context.TODO(), ro); err != nil { - if !errors.IsNotFound(err) { - return err - } - } - } - - return nil -} - -func DeleteGatewayRouteConfig(componentName string, deployContext *chetypes.DeployContext) error { - obj := &corev1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ - Name: GatewayConfigMapNamePrefix + componentName, - Namespace: deployContext.CheCluster.Namespace, - }, - } - - return delete(deployContext.ClusterAPI, obj) -} - // below functions declare the desired states of the various objects required for the gateway func getGatewayServerConfigSpec(deployContext *chetypes.DeployContext) (corev1.ConfigMap, error) { @@ -247,7 +219,8 @@ func getGatewayServerConfigSpec(deployContext *chetypes.DeployContext) (corev1.C if deployContext.CheCluster.IsAccessTokenConfigured() { cfg.AddAuthHeaderRewrite(serverComponentName) } - if infrastructure.IsOpenShift() { + + if infrastructure.IsOpenShiftOAuthEnabled() { // native user mode is currently only available on OpenShift but let's be defensive here so that // this doesn't break once we enable it on Kubernetes, too. Token check will have to work // differently on Kuberentes. @@ -624,7 +597,7 @@ func getContainersSpec(ctx *chetypes.DeployContext) []corev1.Container { containers = append(containers, getOauthProxyContainerSpec(ctx), - getKubeRbacProxyContainerSpec(ctx.CheCluster)) + getKubeRbacProxyContainerSpec(ctx)) return containers } diff --git a/pkg/deploy/gateway/gateway_test.go b/pkg/deploy/gateway/gateway_test.go index a87fbe8a13..5e66aae5ec 100644 --- a/pkg/deploy/gateway/gateway_test.go +++ b/pkg/deploy/gateway/gateway_test.go @@ -262,10 +262,10 @@ func TestCustomizeGatewayDeploymentSingleImage(t *testing.T) { assert.Equal(t, defaults.GetGatewayConfigSidecarImage(checluster), containers[1].Image) assert.Equal(t, constants.GatewayAuthenticationContainerName, containers[2].Name) - assert.Equal(t, defaults.GetGatewayAuthenticationSidecarImage(checluster), containers[2].Image) + assert.Equal(t, defaults.GetGatewayOpenShiftAuthenticationSidecarImage(checluster), containers[2].Image) assert.Equal(t, constants.GatewayAuthorizationContainerName, containers[3].Name) - assert.Equal(t, defaults.GetGatewayAuthorizationSidecarImage(checluster), containers[3].Image) + assert.Equal(t, defaults.GetGatewayOpenShiftAuthorizationSidecarImage(checluster), containers[3].Image) } func TestTraefikLogLevel(t *testing.T) { diff --git a/pkg/deploy/gateway/init_test.go b/pkg/deploy/gateway/init_test.go index df9479d1cf..6f7639bea2 100644 --- a/pkg/deploy/gateway/init_test.go +++ b/pkg/deploy/gateway/init_test.go @@ -13,7 +13,7 @@ package gateway import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/gateway/kube_rbac_proxy.go b/pkg/deploy/gateway/kube_rbac_proxy.go index 830a685b09..8bc533cf6d 100644 --- a/pkg/deploy/gateway/kube_rbac_proxy.go +++ b/pkg/deploy/gateway/kube_rbac_proxy.go @@ -15,6 +15,8 @@ package gateway import ( "strconv" + "github.com/eclipse-che/che-operator/pkg/common/chetypes" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/apimachinery/pkg/util/intstr" chev2 "github.com/eclipse-che/che-operator/api/v2" @@ -52,15 +54,22 @@ authorization: } } -func getKubeRbacProxyContainerSpec(instance *chev2.CheCluster) corev1.Container { +func getKubeRbacProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { logLevel := constants.DefaultKubeRbacProxyLogLevel - if instance.Spec.Networking.Auth.Gateway.KubeRbacProxy != nil && instance.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel != nil { - logLevel = *instance.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel + if ctx.CheCluster.Spec.Networking.Auth.Gateway.KubeRbacProxy != nil && ctx.CheCluster.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel != nil { + logLevel = *ctx.CheCluster.Spec.Networking.Auth.Gateway.KubeRbacProxy.LogLevel + } + + var image string + if infrastructure.IsOpenShiftOAuthEnabled() { + image = defaults.GetGatewayOpenShiftAuthorizationSidecarImage(ctx.CheCluster) + } else { + image = defaults.GetGatewayKubernetesAuthorizationSidecarImage(ctx.CheCluster) } return corev1.Container{ Name: "kube-rbac-proxy", - Image: defaults.GetGatewayAuthorizationSidecarImage(instance), + Image: image, ImagePullPolicy: corev1.PullIfNotPresent, Args: []string{ "--insecure-listen-address=0.0.0.0:8089", diff --git a/pkg/deploy/gateway/oauth_proxy.go b/pkg/deploy/gateway/oauth_proxy.go index 91e58fa525..c1524eb2a7 100644 --- a/pkg/deploy/gateway/oauth_proxy.go +++ b/pkg/deploy/gateway/oauth_proxy.go @@ -16,13 +16,13 @@ import ( "fmt" "strings" - "k8s.io/apimachinery/pkg/util/intstr" - + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" identityprovider "github.com/eclipse-che/che-operator/pkg/deploy/identity-provider" "github.com/sirupsen/logrus" + "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/apimachinery/pkg/api/resource" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" @@ -34,10 +34,8 @@ import ( ) func getGatewayOauthProxyConfigSpec(ctx *chetypes.DeployContext, cookieSecret string) corev1.ConfigMap { - instance := ctx.CheCluster - var config string - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { config = openshiftOauthProxyConfig(ctx, cookieSecret) } else { config = kubernetesOauthProxyConfig(ctx, cookieSecret) @@ -49,7 +47,7 @@ func getGatewayOauthProxyConfigSpec(ctx *chetypes.DeployContext, cookieSecret st }, ObjectMeta: metav1.ObjectMeta{ Name: "che-gateway-config-oauth-proxy", - Namespace: instance.Namespace, + Namespace: ctx.CheCluster.Namespace, Labels: deploy.GetLabels(GatewayServiceName), }, Data: map[string]string{ @@ -169,7 +167,7 @@ func skipAuthConfig(instance *chev2.CheCluster) string { skipAuthPaths = append(skipAuthPaths, fmt.Sprintf("^%s$", defaults.GetConsoleLinkImage())) if len(skipAuthPaths) > 0 { propName := "skip_auth_routes" - if infrastructure.IsOpenShift() { + if infrastructure.IsOpenShiftOAuthEnabled() { propName = "skip_auth_regex" } return fmt.Sprintf("%s = \"%s\"", propName, strings.Join(skipAuthPaths, "|")) @@ -200,19 +198,29 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { exists, _ := deploy.GetNamespacedObject(ctx, "che-gateway-config-oauth-proxy", cm) configMapRevision := map[bool]string{true: cm.GetResourceVersion(), false: ""}[exists] + var image, probePath string + var args []string + if infrastructure.IsOpenShiftOAuthEnabled() { + image = defaults.GetGatewayOpenShiftAuthenticationSidecarImage(ctx.CheCluster) + probePath = "/oauth/healthz" + args = []string{ + "--config=/etc/oauth-proxy/oauth-proxy.cfg", + } + } else { + image = defaults.GetGatewayKubernetesAuthenticationSidecarImage(ctx.CheCluster) + probePath = "/ping" + args = []string{ + "--config=/etc/oauth-proxy/oauth-proxy.cfg", + "--ping-path=/ping", + "--exclude-logging-path=/ping", + } + } + return corev1.Container{ Name: "oauth-proxy", - Image: defaults.GetGatewayAuthenticationSidecarImage(ctx.CheCluster), + Image: image, ImagePullPolicy: corev1.PullIfNotPresent, - Args: map[bool][]string{ - true: { - "--config=/etc/oauth-proxy/oauth-proxy.cfg", - }, - false: { - "--config=/etc/oauth-proxy/oauth-proxy.cfg", - "--ping-path=/ping", - "--exclude-logging-path=/ping"}, - }[infrastructure.IsOpenShift()], + Args: args, VolumeMounts: []corev1.VolumeMount{ { Name: "oauth-proxy-config", @@ -253,7 +261,7 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { ReadinessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ - Path: map[bool]string{true: "/oauth/healthz", false: "/ping"}[infrastructure.IsOpenShift()], + Path: probePath, Port: intstr.IntOrString{ Type: intstr.Int, IntVal: int32(8080), @@ -270,7 +278,7 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { LivenessProbe: &corev1.Probe{ ProbeHandler: corev1.ProbeHandler{ HTTPGet: &corev1.HTTPGetAction{ - Path: map[bool]string{true: "/oauth/healthz", false: "/ping"}[infrastructure.IsOpenShift()], + Path: probePath, Port: intstr.IntOrString{ Type: intstr.Int, IntVal: int32(8080), diff --git a/pkg/deploy/gateway/oauth_proxy_test.go b/pkg/deploy/gateway/oauth_proxy_test.go index a0cd74aeb7..66bd9275b7 100644 --- a/pkg/deploy/gateway/oauth_proxy_test.go +++ b/pkg/deploy/gateway/oauth_proxy_test.go @@ -17,9 +17,9 @@ import ( "k8s.io/utils/pointer" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" diff --git a/pkg/deploy/identity-provider/init_test.go b/pkg/deploy/identity-provider/init_test.go index 0a331d3535..619406f788 100644 --- a/pkg/deploy/identity-provider/init_test.go +++ b/pkg/deploy/identity-provider/init_test.go @@ -13,7 +13,7 @@ package identityprovider import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/image-puller/imagepuller.go b/pkg/deploy/image-puller/imagepuller.go index 82949c35a7..c03e925ecd 100644 --- a/pkg/deploy/image-puller/imagepuller.go +++ b/pkg/deploy/image-puller/imagepuller.go @@ -21,6 +21,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/google/go-cmp/cmp/cmpopts" @@ -78,7 +79,7 @@ func (ip *ImagePuller) Reconcile(ctx *chetypes.DeployContext) (reconcile.Result, } if ctx.CheCluster.Spec.Components.ImagePuller.Enable { - if !utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, resourceName) { + if !infrastructure.IsKubernetesImagePullerEnabled() { errMsg := "Kubernetes Image Puller is not installed, in order to enable the property admin should install the operator first" return reconcile.Result{}, false, errors.New(errMsg) } @@ -108,7 +109,7 @@ func (ip *ImagePuller) uninstallImagePuller(ctx *chetypes.DeployContext) (bool, return false, err } - if utils.IsK8SResourceServed(ctx.ClusterAPI.DiscoveryClient, resourceName) { + if infrastructure.IsKubernetesImagePullerEnabled() { if done, err := deploy.DeleteByKeyWithClient( ctx.ClusterAPI.NonCachingClient, types.NamespacedName{ diff --git a/pkg/deploy/image-puller/init_test.go b/pkg/deploy/image-puller/init_test.go index 3e541a35d9..f603cec86c 100644 --- a/pkg/deploy/image-puller/init_test.go +++ b/pkg/deploy/image-puller/init_test.go @@ -13,7 +13,7 @@ package imagepuller import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/init_test.go b/pkg/deploy/init_test.go index 2e3dd6b4ae..eb7e1f6490 100644 --- a/pkg/deploy/init_test.go +++ b/pkg/deploy/init_test.go @@ -13,7 +13,7 @@ package deploy import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../config/manager/manager.yaml") } diff --git a/pkg/deploy/migration/checluster-defaults-cleaner_test.go b/pkg/deploy/migration/checluster-defaults-cleaner_test.go index edd17794a9..60b49395d3 100644 --- a/pkg/deploy/migration/checluster-defaults-cleaner_test.go +++ b/pkg/deploy/migration/checluster-defaults-cleaner_test.go @@ -21,7 +21,7 @@ import ( devfile "github.com/devfile/api/v2/pkg/apis/workspaces/v1alpha2" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/stretchr/testify/assert" @@ -44,7 +44,7 @@ func TestCheClusterDefaultsCleanerShouldNotChangeValuesOnInstallation(t *testing testCases := []testCase{ { name: "Che is being installed, nothing changed", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -133,7 +133,7 @@ func TestCheClusterDefaultsCleanerDefaultEditor(t *testing.T) { testCases := []testCase{ { name: "Case #1", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -147,7 +147,7 @@ func TestCheClusterDefaultsCleanerDefaultEditor(t *testing.T) { }, { name: "Case #2", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -166,7 +166,7 @@ func TestCheClusterDefaultsCleanerDefaultEditor(t *testing.T) { }, { name: "Case #3", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -217,7 +217,7 @@ func TestCheClusterDefaultsCleanerDefaultComponents(t *testing.T) { testCases := []testCase{ { name: "Case #1", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -231,7 +231,7 @@ func TestCheClusterDefaultsCleanerDefaultComponents(t *testing.T) { }, { name: "Case #2", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -261,7 +261,7 @@ func TestCheClusterDefaultsCleanerDefaultComponents(t *testing.T) { }, { name: "Case #3", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -531,7 +531,7 @@ func TestCheClusterDefaultsCleanerDisableContainerBuildCapabilities(t *testing.T testCases := []testCase{ { name: "OpenShift case #1", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", @@ -545,7 +545,7 @@ func TestCheClusterDefaultsCleanerDisableContainerBuildCapabilities(t *testing.T }, { name: "OpenShift case #2", - infra: infrastructure.OpenShiftv4, + infra: infrastructure.OpenShiftV4, cheCluster: &chev2.CheCluster{ ObjectMeta: metav1.ObjectMeta{ Name: "eclipse-che", diff --git a/pkg/deploy/migration/checluster-defaults-cleanupfunc.go b/pkg/deploy/migration/checluster-defaults-cleanupfunc.go index bd03ad3f49..8e33761312 100644 --- a/pkg/deploy/migration/checluster-defaults-cleanupfunc.go +++ b/pkg/deploy/migration/checluster-defaults-cleanupfunc.go @@ -17,8 +17,9 @@ import ( "slices" "strconv" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" chev2 "github.com/eclipse-che/che-operator/api/v2" + + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/google/go-cmp/cmp/cmpopts" diff --git a/pkg/deploy/migration/init_test.go b/pkg/deploy/migration/init_test.go index e0f8210779..29bb2e66d1 100644 --- a/pkg/deploy/migration/init_test.go +++ b/pkg/deploy/migration/init_test.go @@ -13,7 +13,7 @@ package migration import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/migration/on-reconcile-one-time-migration.go b/pkg/deploy/migration/on-reconcile-one-time-migration.go index 63c3081aa2..ef2fcd657e 100644 --- a/pkg/deploy/migration/on-reconcile-one-time-migration.go +++ b/pkg/deploy/migration/on-reconcile-one-time-migration.go @@ -17,9 +17,9 @@ import ( "fmt" "time" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "github.com/eclipse-che/che-operator/pkg/common/utils" @@ -218,13 +218,17 @@ func addPartOfCheLabelForObjectsWithLabel(ctx *chetypes.DeployContext, labelKey &rbacv1.ClusterRoleBindingList{}, &corev1.PersistentVolumeClaimList{}, } + if infrastructure.IsOpenShift() { kindsToMigrate = append(kindsToMigrate, &routev1.RouteList{}) - kindsToMigrate = append(kindsToMigrate, &oauthv1.OAuthClientList{}) } else { kindsToMigrate = append(kindsToMigrate, &networkingv1.IngressList{}) } + if infrastructure.IsOpenShiftOAuthEnabled() { + kindsToMigrate = append(kindsToMigrate, &oauthv1.OAuthClientList{}) + } + for _, listToGet := range kindsToMigrate { if err := addPartOfCheLabelToObjectsBySelector(ctx, listOptions, listToGet); err != nil { return err diff --git a/pkg/deploy/pluginregistry/init_test.go b/pkg/deploy/pluginregistry/init_test.go index 1af13a41fe..18110aee69 100644 --- a/pkg/deploy/pluginregistry/init_test.go +++ b/pkg/deploy/pluginregistry/init_test.go @@ -13,7 +13,7 @@ package pluginregistry import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/rbac/init_test.go b/pkg/deploy/rbac/init_test.go index b30720b90e..6ec2cd15d6 100644 --- a/pkg/deploy/rbac/init_test.go +++ b/pkg/deploy/rbac/init_test.go @@ -13,7 +13,7 @@ package rbac import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/server/chehost_reconciler.go b/pkg/deploy/server/chehost_reconciler.go index 2b97fcbc42..598990a882 100644 --- a/pkg/deploy/server/chehost_reconciler.go +++ b/pkg/deploy/server/chehost_reconciler.go @@ -13,9 +13,9 @@ package server import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/gateway" diff --git a/pkg/deploy/server/init_test.go b/pkg/deploy/server/init_test.go index 0855f8d6d5..547b6b0eb9 100644 --- a/pkg/deploy/server/init_test.go +++ b/pkg/deploy/server/init_test.go @@ -13,7 +13,7 @@ package server import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/server/rbac.go b/pkg/deploy/server/rbac.go index e621014f94..44fa101af6 100644 --- a/pkg/deploy/server/rbac.go +++ b/pkg/deploy/server/rbac.go @@ -16,7 +16,7 @@ import ( "fmt" "strings" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" util "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/sirupsen/logrus" diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 4ad150e124..6b0b4141e8 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -50,6 +50,7 @@ type CheConfigMap struct { NamespaceCreationAllowed string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED"` Http2Disable string `json:"HTTP2_DISABLE"` KubernetesLabels string `json:"KUBERNETES_LABELS"` + OpenShiftOAuthEnabled string `json:"CHE_INFRA_OPENSHIFT_OAUTH__ENABLED"` // TODO remove when keycloak codebase is removed from che-server component CheOIDCAuthServerUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` @@ -148,6 +149,7 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che NamespaceDefault: namespaceDefault, NamespaceCreationAllowed: namespaceCreationAllowed, KubernetesLabels: kubernetesLabels, + OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), // Disable HTTP2 protocol. // Fix issue with creating config maps on the cluster https://issues.redhat.com/browse/CRW-2677 // The root cause is in the HTTP2 protocol support of the okttp3 library that is used by fabric8.kubernetes-client that is used by che-server diff --git a/pkg/deploy/tls/certificates.go b/pkg/deploy/tls/certificates.go index d386bb8abd..1de4e37727 100644 --- a/pkg/deploy/tls/certificates.go +++ b/pkg/deploy/tls/certificates.go @@ -27,7 +27,7 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/utils" dwconstants "github.com/devfile/devworkspace-operator/pkg/constants" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/eclipse-che/che-operator/pkg/common/chetypes" diff --git a/pkg/deploy/tls/init_test.go b/pkg/deploy/tls/init_test.go index c9cebbd4db..9210b26953 100644 --- a/pkg/deploy/tls/init_test.go +++ b/pkg/deploy/tls/init_test.go @@ -13,7 +13,7 @@ package tls import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" ) @@ -21,6 +21,6 @@ import ( func init() { test.EnableTestMode() - infrastructure.InitializeForTesting(infrastructure.OpenShiftv4) + infrastructure.InitializeForTesting(infrastructure.OpenShiftV4) defaults.InitializeForTesting("../../../config/manager/manager.yaml") } diff --git a/pkg/deploy/tls/tls_secret.go b/pkg/deploy/tls/tls_secret.go index 6ecfa36092..51b4630539 100644 --- a/pkg/deploy/tls/tls_secret.go +++ b/pkg/deploy/tls/tls_secret.go @@ -13,9 +13,9 @@ package tls import ( - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/reconciler" "sigs.k8s.io/controller-runtime/pkg/reconcile" ) diff --git a/pkg/deploy/tls/tls_utils.go b/pkg/deploy/tls/tls_utils.go index 2dd9b7f0f3..76ba54c585 100644 --- a/pkg/deploy/tls/tls_utils.go +++ b/pkg/deploy/tls/tls_utils.go @@ -23,9 +23,9 @@ import ( "strings" "time" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8shelper "github.com/eclipse-che/che-operator/pkg/common/k8s-helper" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/test" From ebd5d5002138836c737dd3cf0fc5af68b3be1b98 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 27 Jan 2026 15:42:25 +0100 Subject: [PATCH 2/7] fixup Signed-off-by: Anatolii Bazko --- pkg/common/infrastructure/cluster.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go index 491c6ea1e9..6c3a7c8e96 100644 --- a/pkg/common/infrastructure/cluster.go +++ b/pkg/common/infrastructure/cluster.go @@ -111,11 +111,11 @@ func initializeIfNeeded() { } if hasAPIGroup(apiGroups, "route.openshift.io") { - infrastructure = Kubernetes - isOpenShiftOAuthEnabled = false - } else { infrastructure = OpenShiftV4 isOpenShiftOAuthEnabled = hasAPIResource(apiResources, OAuthClientsResources) + } else { + infrastructure = Kubernetes + isOpenShiftOAuthEnabled = false } isLeaderElectionEnabled = hasAPIResource(apiResources, LeasesResources) From 05273db24e5a48cc4d0ad9f6f2785941e88550a5 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 27 Jan 2026 16:41:09 +0100 Subject: [PATCH 3/7] fixup Signed-off-by: Anatolii Bazko --- cmd/main.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/main.go b/cmd/main.go index 85625741d1..20fa40bf59 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -17,6 +17,7 @@ import ( "os" "time" + dwInfra "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/infrastructure" oauthv1 "github.com/openshift/api/oauth/v1" userv1 "github.com/openshift/api/user/v1" @@ -196,6 +197,11 @@ func getWatchNamespace() (string, error) { } func main() { + if err := dwInfra.Initialize(); err != nil { + setupLog.Error(err, "Failed to initialize infrastructure") + os.Exit(1) + } + watchNamespace, err := getWatchNamespace() if err != nil { setupLog.Error(err, "unable to get WatchNamespace, "+ From c64e4a2b7f586ba122cf2ee0d9a4cfdb21c9de71 Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Wed, 28 Jan 2026 17:31:04 +0100 Subject: [PATCH 4/7] fixup Signed-off-by: Anatolii Bazko --- pkg/deploy/server/server_configmap.go | 119 ++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index 6b0b4141e8..d93ef659ac 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -38,6 +38,7 @@ import ( ) type CheConfigMap struct { +<<<<<<< HEAD JavaOpts string `json:"JAVA_OPTS"` CheHost string `json:"CHE_HOST"` ChePort string `json:"CHE_PORT"` @@ -54,6 +55,41 @@ type CheConfigMap struct { // TODO remove when keycloak codebase is removed from che-server component CheOIDCAuthServerUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` +======= + CheHost string `json:"CHE_HOST"` + CheMultiUser string `json:"CHE_MULTIUSER"` + ChePort string `json:"CHE_PORT"` + CheApi string `json:"CHE_API"` + CheApiInternal string `json:"CHE_API_INTERNAL"` + CheWebSocketEndpoint string `json:"CHE_WEBSOCKET_ENDPOINT"` + CheWebSocketInternalEndpoint string `json:"CHE_WEBSOCKET_INTERNAL_ENDPOINT"` + CheDebugServer string `json:"CHE_DEBUG_SERVER"` + CheMetricsEnabled string `json:"CHE_METRICS_ENABLED"` + CheInfrastructureActive string `json:"CHE_INFRASTRUCTURE_ACTIVE"` + CheInfraKubernetesServiceAccountName string `json:"CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME"` + CheInfraKubernetesUserClusterRoles string `json:"CHE_INFRA_KUBERNETES_USER__CLUSTER__ROLES"` + DefaultTargetNamespace string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT"` + NamespaceCreationAllowed string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED"` + PvcStrategy string `json:"CHE_INFRA_KUBERNETES_PVC_STRATEGY"` + PvcClaimSize string `json:"CHE_INFRA_KUBERNETES_PVC_QUANTITY"` + WorkspacePvcStorageClassName string `json:"CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME"` + TlsSupport string `json:"CHE_INFRA_OPENSHIFT_TLS__ENABLED"` + OpenShiftOAuthEnabled string `json:"CHE_INFRA_OPENSHIFT_OAUTH__ENABLED"` + K8STrustCerts string `json:"CHE_INFRA_KUBERNETES_TRUST__CERTS"` + CheLogLevel string `json:"CHE_LOG_LEVEL"` + IdentityProviderUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` + IdentityProviderInternalURL string `json:"CHE_OIDC_AUTH__INTERNAL__SERVER__URL,omitempty"` + JavaOpts string `json:"JAVA_OPTS"` + PluginRegistryUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__URL,omitempty"` + PluginRegistryInternalUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL,omitempty"` + CheJGroupsKubernetesLabels string `json:"KUBERNETES_LABELS,omitempty"` + CheTrustedCABundlesConfigMap string `json:"CHE_TRUSTED__CA__BUNDLES__CONFIGMAP,omitempty"` + ServerStrategy string `json:"CHE_INFRA_KUBERNETES_SERVER__STRATEGY"` + WorkspaceExposure string `json:"CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_EXPOSURE"` + SingleHostGatewayConfigMapLabels string `json:"CHE_INFRA_KUBERNETES_SINGLEHOST_GATEWAY_CONFIGMAP__LABELS"` + CheDevWorkspacesEnabled string `json:"CHE_DEVWORKSPACES_ENABLED"` + Http2Disable string `json:"HTTP2_DISABLE"` +>>>>>>> 18f9ee13 (fixup) } func (s *CheServerReconciler) syncConfigMap(ctx *chetypes.DeployContext) (bool, error) { @@ -62,6 +98,7 @@ func (s *CheServerReconciler) syncConfigMap(ctx *chetypes.DeployContext) (bool, return false, err } +<<<<<<< HEAD cm := &corev1.ConfigMap{ TypeMeta: metav1.TypeMeta{ Kind: "ConfigMap", @@ -105,6 +142,59 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che var cheInfrastructure string if infrastructure.IsOpenShift() { cheInfrastructure = "openshift" +======= + infra := "kubernetes" + if infrastructure.IsOpenShift() { + infra = "openshift" + } + + proxyJavaOpts := "" + cheWorkspaceNoProxy := ctx.Proxy.NoProxy + if ctx.Proxy.HttpProxy != "" { + proxyJavaOpts, err = deploy.GenerateProxyJavaOpts(ctx.Proxy, cheWorkspaceNoProxy) + if err != nil { + logrus.Errorf("Failed to generate java proxy options: %v", err) + } + } + + ingressDomain := ctx.CheCluster.Spec.Networking.Domain + tlsSecretName := ctx.CheCluster.Spec.Networking.TlsSecretName + + securityContextFsGroup := strconv.FormatInt(constants.DefaultSecurityContextFsGroup, 10) + securityContextRunAsUser := strconv.FormatInt(constants.DefaultSecurityContextRunAsUser, 10) + if ctx.CheCluster.Spec.Components.CheServer.Deployment != nil { + if ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext != nil { + if ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.FsGroup != nil { + securityContextFsGroup = strconv.FormatInt(*ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.FsGroup, 10) + } + if ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.RunAsUser != nil { + securityContextRunAsUser = strconv.FormatInt(*ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.RunAsUser, 10) + } + } + } + + ingressClass := utils.GetValue(ctx.CheCluster.Spec.Networking.Annotations["kubernetes.io/ingress.class"], constants.DefaultIngressClass) + + pluginRegistryURL := ctx.CheCluster.Status.PluginRegistryURL + for _, r := range ctx.CheCluster.Spec.Components.PluginRegistry.ExternalPluginRegistries { + if strings.Index(pluginRegistryURL, r.Url) == -1 { + pluginRegistryURL += " " + r.Url + } + } + pluginRegistryURL = strings.TrimSpace(pluginRegistryURL) + + cheLogLevel := utils.GetValue(ctx.CheCluster.Spec.Components.CheServer.LogLevel, constants.DefaultServerLogLevel) + cheDebug := "false" + if ctx.CheCluster.Spec.Components.CheServer.Debug != nil { + cheDebug = strconv.FormatBool(*ctx.CheCluster.Spec.Components.CheServer.Debug) + } + cheMetrics := strconv.FormatBool(ctx.CheCluster.Spec.Components.Metrics.Enable) + cheLabels := labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())) + + singleHostGatewayConfigMapLabels := "" + if len(ctx.CheCluster.Spec.Networking.Auth.Gateway.ConfigLabels) != 0 { + singleHostGatewayConfigMapLabels = labels.FormatLabels(ctx.CheCluster.Spec.Networking.Auth.Gateway.ConfigLabels) +>>>>>>> 18f9ee13 (fixup) } else { cheInfrastructure = "kubernetes" } @@ -138,6 +228,7 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che kubernetesLabels := labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())) data := &CheConfigMap{ +<<<<<<< HEAD JavaOpts: javaOpts, CheHost: ctx.CheHost, ChePort: chePort, @@ -150,6 +241,34 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che NamespaceCreationAllowed: namespaceCreationAllowed, KubernetesLabels: kubernetesLabels, OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), +======= + CheMultiUser: "true", + CheHost: ctx.CheHost, + ChePort: "8080", + CheApi: cheAPI, + CheApiInternal: cheInternalAPI, + CheWebSocketEndpoint: webSocketEndpoint, + CheWebSocketInternalEndpoint: webSocketInternalEndpoint, + CheDebugServer: cheDebug, + CheInfrastructureActive: infra, + CheInfraKubernetesServiceAccountName: cheWorkspaceServiceAccount, + DefaultTargetNamespace: workspaceNamespaceDefault, + NamespaceCreationAllowed: namespaceCreationAllowed, + TlsSupport: "true", + K8STrustCerts: "true", + CheLogLevel: cheLogLevel, + JavaOpts: constants.DefaultJavaOpts + " " + proxyJavaOpts, + PluginRegistryUrl: pluginRegistryURL, + PluginRegistryInternalUrl: pluginRegistryInternalURL, + CheJGroupsKubernetesLabels: cheLabels, + CheMetricsEnabled: cheMetrics, + CheTrustedCABundlesConfigMap: deploytls.CheMergedCABundleCertsCMName, + ServerStrategy: "single-host", + WorkspaceExposure: "gateway", + SingleHostGatewayConfigMapLabels: singleHostGatewayConfigMapLabels, + CheDevWorkspacesEnabled: strconv.FormatBool(true), + OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), +>>>>>>> 18f9ee13 (fixup) // Disable HTTP2 protocol. // Fix issue with creating config maps on the cluster https://issues.redhat.com/browse/CRW-2677 // The root cause is in the HTTP2 protocol support of the okttp3 library that is used by fabric8.kubernetes-client that is used by che-server From ef7ae8d1770d3941d8fb0d49d3e7b43223bfa35d Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 3 Feb 2026 11:15:41 +0100 Subject: [PATCH 5/7] feat: Support OpenShift external IDP Signed-off-by: Anatolii Bazko --- pkg/common/infrastructure/cluster.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go index 6c3a7c8e96..386ffbaecd 100644 --- a/pkg/common/infrastructure/cluster.go +++ b/pkg/common/infrastructure/cluster.go @@ -77,7 +77,8 @@ func IsKubernetesImagePullerEnabled() bool { func InitializeForTesting(desiredInfrastructure Type) { infrastructure = desiredInfrastructure - if infrastructure == OpenShiftV4 { + + if IsOpenShift() { isOpenShiftOAuthEnabled = true } else { isOpenShiftOAuthEnabled = false From c281ede1868de76a10cc486fc9ee725bb00f515d Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Thu, 12 Mar 2026 11:05:27 +0100 Subject: [PATCH 6/7] fixes Signed-off-by: Anatolii Bazko --- pkg/common/infrastructure/cluster.go | 16 +-- pkg/common/operator-defaults/defaults.go | 61 ++++++----- pkg/deploy/gateway/oauth_proxy.go | 11 +- pkg/deploy/server/server_configmap.go | 122 +-------------------- pkg/deploy/server/server_configmap_test.go | 1 + 5 files changed, 44 insertions(+), 167 deletions(-) diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go index 386ffbaecd..f3ab4b0168 100644 --- a/pkg/common/infrastructure/cluster.go +++ b/pkg/common/infrastructure/cluster.go @@ -14,6 +14,7 @@ package infrastructure import ( "os" + "slices" "strings" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -28,7 +29,6 @@ const ( Unknown Type = iota Kubernetes OpenShiftV4 - OpenShiftV5 LeasesResources = "leases" OAuthClientsResources = "oauthclients" @@ -57,7 +57,7 @@ func GetOperatorNamespace() (string, error) { func IsOpenShift() bool { initializeIfNeeded() - return infrastructure == OpenShiftV4 || infrastructure == OpenShiftV5 + return infrastructure == OpenShiftV4 } func IsOpenShiftOAuthEnabled() bool { @@ -111,7 +111,7 @@ func initializeIfNeeded() { os.Exit(1) } - if hasAPIGroup(apiGroups, "route.openshift.io") { + if hasAPIGroup(apiGroups, "config.openshift.io") { infrastructure = OpenShiftV4 isOpenShiftOAuthEnabled = hasAPIResource(apiResources, OAuthClientsResources) } else { @@ -124,13 +124,9 @@ func initializeIfNeeded() { } func hasAPIGroup(source []*metav1.APIGroup, apiName string) bool { - for i := 0; i < len(source); i++ { - if source[i].Name == apiName { - return true - } - } - - return false + return slices.ContainsFunc(source, func(g *metav1.APIGroup) bool { + return g.Name == apiName + }) } func hasAPIResource(resources []*metav1.APIResourceList, resourceName string) bool { diff --git a/pkg/common/operator-defaults/defaults.go b/pkg/common/operator-defaults/defaults.go index 7c7d6b6412..dce59d51d1 100644 --- a/pkg/common/operator-defaults/defaults.go +++ b/pkg/common/operator-defaults/defaults.go @@ -20,9 +20,9 @@ import ( "github.com/eclipse-che/che-operator/pkg/common/infrastructure" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" util "github.com/eclipse-che/che-operator/pkg/common/utils" - "github.com/sirupsen/logrus" appsv1 "k8s.io/api/apps/v1" ) @@ -52,17 +52,23 @@ var ( defaultDevfileRegistryExternalDevfileRegistries string initialized = false + + log = ctrl.Log.WithName("defaults") ) func InitializeForTesting(operatorDeploymentFilePath string) { operatorDeployment := &appsv1.Deployment{} if err := util.ReadObjectInto(operatorDeploymentFilePath, operatorDeployment); err != nil { - logrus.Fatalf("Failed to read operator deployment from '%s', cause: %v", operatorDeploymentFilePath, err) + log.Error(err, "Error reading operator deployment") + os.Exit(1) } for _, container := range operatorDeployment.Spec.Template.Spec.Containers { for _, env := range container.Env { - os.Setenv(env.Name, env.Value) + err := os.Setenv(env.Name, env.Value) + if err != nil { + log.Error(err, "Error setting env variable", "name", env.Name) + } } } @@ -109,7 +115,8 @@ func Initialize() { func ensureEnv(name string) string { value := os.Getenv(name) if value == "" { - logrus.Fatalf("Failed to initialize default value: '%s'. Environment variable not found.", name) + log.Error(fmt.Errorf("environment variable %s not set", name), "unable to determine required environment variable") + os.Exit(1) } return value @@ -117,7 +124,7 @@ func ensureEnv(name string) string { func GetCheServerImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultCheServerImage) @@ -125,7 +132,7 @@ func GetCheServerImage(checluster interface{}) string { func GetCheTLSSecretsCreationJobImage() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultCheTLSSecretsCreationJobImage @@ -133,7 +140,7 @@ func GetCheTLSSecretsCreationJobImage() string { func GetCheVersion() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultCheVersion @@ -141,7 +148,7 @@ func GetCheVersion() string { func GetDashboardImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultDashboardImage) @@ -149,7 +156,7 @@ func GetDashboardImage(checluster interface{}) string { func GetPluginRegistryImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultPluginRegistryImage) @@ -157,7 +164,7 @@ func GetPluginRegistryImage(checluster interface{}) string { func GetGatewayImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultSingleHostGatewayImage) @@ -165,7 +172,7 @@ func GetGatewayImage(checluster interface{}) string { func GetGatewayConfigSidecarImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultSingleHostGatewayConfigSidecarImage) @@ -173,7 +180,7 @@ func GetGatewayConfigSidecarImage(checluster interface{}) string { func GetGatewayKubernetesAuthenticationSidecarImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultGatewayKubernetesAuthenticationSidecarImage) @@ -181,7 +188,7 @@ func GetGatewayKubernetesAuthenticationSidecarImage(checluster interface{}) stri func GetGatewayKubernetesAuthorizationSidecarImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultGatewayKubernetesAuthorizationSidecarImage) @@ -189,7 +196,7 @@ func GetGatewayKubernetesAuthorizationSidecarImage(checluster interface{}) strin func GetGatewayOpenShiftAuthenticationSidecarImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultGatewayOpenShiftAuthenticationSidecarImage) @@ -197,7 +204,7 @@ func GetGatewayOpenShiftAuthenticationSidecarImage(checluster interface{}) strin func GetGatewayOpenShiftAuthorizationSidecarImage(checluster interface{}) string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return PatchDefaultImageName(checluster, defaultGatewayOpenShiftAuthorizationSidecarImage) @@ -205,7 +212,7 @@ func GetGatewayOpenShiftAuthorizationSidecarImage(checluster interface{}) string func GetCheFlavor() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultCheFlavor @@ -213,7 +220,7 @@ func GetCheFlavor() string { func GetConsoleLinkName() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultConsoleLinkName @@ -221,7 +228,7 @@ func GetConsoleLinkName() string { func GetConsoleLinkDisplayName() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultConsoleLinkDisplayName @@ -229,7 +236,7 @@ func GetConsoleLinkDisplayName() string { func GetConsoleLinkSection() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultConsoleLinkSection @@ -237,7 +244,7 @@ func GetConsoleLinkSection() string { func GetConsoleLinkImage() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultsConsoleLinkImage @@ -245,7 +252,7 @@ func GetConsoleLinkImage() string { func GetDevfileRegistryExternalDevfileRegistries() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultDevfileRegistryExternalDevfileRegistries @@ -253,7 +260,7 @@ func GetDevfileRegistryExternalDevfileRegistries() string { func GetPluginRegistryOpenVSXURL() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultPluginRegistryOpenVSXURL @@ -261,7 +268,7 @@ func GetPluginRegistryOpenVSXURL() string { func GetDashboardHeaderMessageText() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultDashboardHeaderMessageText @@ -269,7 +276,7 @@ func GetDashboardHeaderMessageText() string { func GetDevEnvironmentsDefaultEditor() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultDevEnvironmentsDefaultEditor @@ -277,7 +284,7 @@ func GetDevEnvironmentsDefaultEditor() string { func GetDevEnvironmentsDefaultComponents() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultDevEnvironmentsDefaultComponents @@ -285,7 +292,7 @@ func GetDevEnvironmentsDefaultComponents() string { func GetDevEnvironmentsContainerSecurityContext() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultDevEnvironmentsContainerSecurityContext @@ -293,7 +300,7 @@ func GetDevEnvironmentsContainerSecurityContext() string { func GetDevEnvironmentsDisableContainerBuildCapabilities() string { if !initialized { - logrus.Fatalf("Operator defaults are not initialized.") + Initialize() } return defaultDevEnvironmentsDisableContainerBuildCapabilities diff --git a/pkg/deploy/gateway/oauth_proxy.go b/pkg/deploy/gateway/oauth_proxy.go index c1524eb2a7..90f759c9a0 100644 --- a/pkg/deploy/gateway/oauth_proxy.go +++ b/pkg/deploy/gateway/oauth_proxy.go @@ -199,21 +199,14 @@ func getOauthProxyContainerSpec(ctx *chetypes.DeployContext) corev1.Container { configMapRevision := map[bool]string{true: cm.GetResourceVersion(), false: ""}[exists] var image, probePath string - var args []string + var args = []string{"--config=/etc/oauth-proxy/oauth-proxy.cfg"} if infrastructure.IsOpenShiftOAuthEnabled() { image = defaults.GetGatewayOpenShiftAuthenticationSidecarImage(ctx.CheCluster) probePath = "/oauth/healthz" - args = []string{ - "--config=/etc/oauth-proxy/oauth-proxy.cfg", - } } else { image = defaults.GetGatewayKubernetesAuthenticationSidecarImage(ctx.CheCluster) probePath = "/ping" - args = []string{ - "--config=/etc/oauth-proxy/oauth-proxy.cfg", - "--ping-path=/ping", - "--exclude-logging-path=/ping", - } + args = append(args, "--ping-path=/ping", "--exclude-logging-path=/ping") } return corev1.Container{ diff --git a/pkg/deploy/server/server_configmap.go b/pkg/deploy/server/server_configmap.go index d93ef659ac..c1dc401227 100644 --- a/pkg/deploy/server/server_configmap.go +++ b/pkg/deploy/server/server_configmap.go @@ -22,10 +22,10 @@ import ( "strconv" "strings" - "github.com/devfile/devworkspace-operator/pkg/infrastructure" "github.com/eclipse-che/che-operator/pkg/common/chetypes" "github.com/eclipse-che/che-operator/pkg/common/constants" "github.com/eclipse-che/che-operator/pkg/common/diffs" + "github.com/eclipse-che/che-operator/pkg/common/infrastructure" k8sclient "github.com/eclipse-che/che-operator/pkg/common/k8s-client" defaults "github.com/eclipse-che/che-operator/pkg/common/operator-defaults" "github.com/eclipse-che/che-operator/pkg/common/utils" @@ -38,7 +38,6 @@ import ( ) type CheConfigMap struct { -<<<<<<< HEAD JavaOpts string `json:"JAVA_OPTS"` CheHost string `json:"CHE_HOST"` ChePort string `json:"CHE_PORT"` @@ -52,44 +51,8 @@ type CheConfigMap struct { Http2Disable string `json:"HTTP2_DISABLE"` KubernetesLabels string `json:"KUBERNETES_LABELS"` OpenShiftOAuthEnabled string `json:"CHE_INFRA_OPENSHIFT_OAUTH__ENABLED"` - // TODO remove when keycloak codebase is removed from che-server component CheOIDCAuthServerUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` -======= - CheHost string `json:"CHE_HOST"` - CheMultiUser string `json:"CHE_MULTIUSER"` - ChePort string `json:"CHE_PORT"` - CheApi string `json:"CHE_API"` - CheApiInternal string `json:"CHE_API_INTERNAL"` - CheWebSocketEndpoint string `json:"CHE_WEBSOCKET_ENDPOINT"` - CheWebSocketInternalEndpoint string `json:"CHE_WEBSOCKET_INTERNAL_ENDPOINT"` - CheDebugServer string `json:"CHE_DEBUG_SERVER"` - CheMetricsEnabled string `json:"CHE_METRICS_ENABLED"` - CheInfrastructureActive string `json:"CHE_INFRASTRUCTURE_ACTIVE"` - CheInfraKubernetesServiceAccountName string `json:"CHE_INFRA_KUBERNETES_SERVICE__ACCOUNT__NAME"` - CheInfraKubernetesUserClusterRoles string `json:"CHE_INFRA_KUBERNETES_USER__CLUSTER__ROLES"` - DefaultTargetNamespace string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_DEFAULT"` - NamespaceCreationAllowed string `json:"CHE_INFRA_KUBERNETES_NAMESPACE_CREATION__ALLOWED"` - PvcStrategy string `json:"CHE_INFRA_KUBERNETES_PVC_STRATEGY"` - PvcClaimSize string `json:"CHE_INFRA_KUBERNETES_PVC_QUANTITY"` - WorkspacePvcStorageClassName string `json:"CHE_INFRA_KUBERNETES_PVC_STORAGE__CLASS__NAME"` - TlsSupport string `json:"CHE_INFRA_OPENSHIFT_TLS__ENABLED"` - OpenShiftOAuthEnabled string `json:"CHE_INFRA_OPENSHIFT_OAUTH__ENABLED"` - K8STrustCerts string `json:"CHE_INFRA_KUBERNETES_TRUST__CERTS"` - CheLogLevel string `json:"CHE_LOG_LEVEL"` - IdentityProviderUrl string `json:"CHE_OIDC_AUTH__SERVER__URL,omitempty"` - IdentityProviderInternalURL string `json:"CHE_OIDC_AUTH__INTERNAL__SERVER__URL,omitempty"` - JavaOpts string `json:"JAVA_OPTS"` - PluginRegistryUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__URL,omitempty"` - PluginRegistryInternalUrl string `json:"CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL,omitempty"` - CheJGroupsKubernetesLabels string `json:"KUBERNETES_LABELS,omitempty"` - CheTrustedCABundlesConfigMap string `json:"CHE_TRUSTED__CA__BUNDLES__CONFIGMAP,omitempty"` - ServerStrategy string `json:"CHE_INFRA_KUBERNETES_SERVER__STRATEGY"` - WorkspaceExposure string `json:"CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_EXPOSURE"` - SingleHostGatewayConfigMapLabels string `json:"CHE_INFRA_KUBERNETES_SINGLEHOST_GATEWAY_CONFIGMAP__LABELS"` - CheDevWorkspacesEnabled string `json:"CHE_DEVWORKSPACES_ENABLED"` - Http2Disable string `json:"HTTP2_DISABLE"` ->>>>>>> 18f9ee13 (fixup) } func (s *CheServerReconciler) syncConfigMap(ctx *chetypes.DeployContext) (bool, error) { @@ -98,7 +61,6 @@ func (s *CheServerReconciler) syncConfigMap(ctx *chetypes.DeployContext) (bool, return false, err } -<<<<<<< HEAD cm := &corev1.ConfigMap{ TypeMeta: metav1.TypeMeta{ Kind: "ConfigMap", @@ -142,59 +104,6 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che var cheInfrastructure string if infrastructure.IsOpenShift() { cheInfrastructure = "openshift" -======= - infra := "kubernetes" - if infrastructure.IsOpenShift() { - infra = "openshift" - } - - proxyJavaOpts := "" - cheWorkspaceNoProxy := ctx.Proxy.NoProxy - if ctx.Proxy.HttpProxy != "" { - proxyJavaOpts, err = deploy.GenerateProxyJavaOpts(ctx.Proxy, cheWorkspaceNoProxy) - if err != nil { - logrus.Errorf("Failed to generate java proxy options: %v", err) - } - } - - ingressDomain := ctx.CheCluster.Spec.Networking.Domain - tlsSecretName := ctx.CheCluster.Spec.Networking.TlsSecretName - - securityContextFsGroup := strconv.FormatInt(constants.DefaultSecurityContextFsGroup, 10) - securityContextRunAsUser := strconv.FormatInt(constants.DefaultSecurityContextRunAsUser, 10) - if ctx.CheCluster.Spec.Components.CheServer.Deployment != nil { - if ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext != nil { - if ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.FsGroup != nil { - securityContextFsGroup = strconv.FormatInt(*ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.FsGroup, 10) - } - if ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.RunAsUser != nil { - securityContextRunAsUser = strconv.FormatInt(*ctx.CheCluster.Spec.Components.CheServer.Deployment.SecurityContext.RunAsUser, 10) - } - } - } - - ingressClass := utils.GetValue(ctx.CheCluster.Spec.Networking.Annotations["kubernetes.io/ingress.class"], constants.DefaultIngressClass) - - pluginRegistryURL := ctx.CheCluster.Status.PluginRegistryURL - for _, r := range ctx.CheCluster.Spec.Components.PluginRegistry.ExternalPluginRegistries { - if strings.Index(pluginRegistryURL, r.Url) == -1 { - pluginRegistryURL += " " + r.Url - } - } - pluginRegistryURL = strings.TrimSpace(pluginRegistryURL) - - cheLogLevel := utils.GetValue(ctx.CheCluster.Spec.Components.CheServer.LogLevel, constants.DefaultServerLogLevel) - cheDebug := "false" - if ctx.CheCluster.Spec.Components.CheServer.Debug != nil { - cheDebug = strconv.FormatBool(*ctx.CheCluster.Spec.Components.CheServer.Debug) - } - cheMetrics := strconv.FormatBool(ctx.CheCluster.Spec.Components.Metrics.Enable) - cheLabels := labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())) - - singleHostGatewayConfigMapLabels := "" - if len(ctx.CheCluster.Spec.Networking.Auth.Gateway.ConfigLabels) != 0 { - singleHostGatewayConfigMapLabels = labels.FormatLabels(ctx.CheCluster.Spec.Networking.Auth.Gateway.ConfigLabels) ->>>>>>> 18f9ee13 (fixup) } else { cheInfrastructure = "kubernetes" } @@ -228,7 +137,6 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che kubernetesLabels := labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())) data := &CheConfigMap{ -<<<<<<< HEAD JavaOpts: javaOpts, CheHost: ctx.CheHost, ChePort: chePort, @@ -241,34 +149,6 @@ func (s *CheServerReconciler) getConfigMapData(ctx *chetypes.DeployContext) (che NamespaceCreationAllowed: namespaceCreationAllowed, KubernetesLabels: kubernetesLabels, OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), -======= - CheMultiUser: "true", - CheHost: ctx.CheHost, - ChePort: "8080", - CheApi: cheAPI, - CheApiInternal: cheInternalAPI, - CheWebSocketEndpoint: webSocketEndpoint, - CheWebSocketInternalEndpoint: webSocketInternalEndpoint, - CheDebugServer: cheDebug, - CheInfrastructureActive: infra, - CheInfraKubernetesServiceAccountName: cheWorkspaceServiceAccount, - DefaultTargetNamespace: workspaceNamespaceDefault, - NamespaceCreationAllowed: namespaceCreationAllowed, - TlsSupport: "true", - K8STrustCerts: "true", - CheLogLevel: cheLogLevel, - JavaOpts: constants.DefaultJavaOpts + " " + proxyJavaOpts, - PluginRegistryUrl: pluginRegistryURL, - PluginRegistryInternalUrl: pluginRegistryInternalURL, - CheJGroupsKubernetesLabels: cheLabels, - CheMetricsEnabled: cheMetrics, - CheTrustedCABundlesConfigMap: deploytls.CheMergedCABundleCertsCMName, - ServerStrategy: "single-host", - WorkspaceExposure: "gateway", - SingleHostGatewayConfigMapLabels: singleHostGatewayConfigMapLabels, - CheDevWorkspacesEnabled: strconv.FormatBool(true), - OpenShiftOAuthEnabled: strconv.FormatBool(infrastructure.IsOpenShiftOAuthEnabled()), ->>>>>>> 18f9ee13 (fixup) // Disable HTTP2 protocol. // Fix issue with creating config maps on the cluster https://issues.redhat.com/browse/CRW-2677 // The root cause is in the HTTP2 protocol support of the okttp3 library that is used by fabric8.kubernetes-client that is used by che-server diff --git a/pkg/deploy/server/server_configmap_test.go b/pkg/deploy/server/server_configmap_test.go index 54b2ebf0a5..bd938da144 100644 --- a/pkg/deploy/server/server_configmap_test.go +++ b/pkg/deploy/server/server_configmap_test.go @@ -83,6 +83,7 @@ func TestGetConfigMapData(t *testing.T) { "KUBERNETES_LABELS": labels.FormatLabels(deploy.GetLabels(defaults.GetCheFlavor())), "HTTP2_DISABLE": "true", "CHE_OIDC_AUTH__SERVER__URL": "http://identity-provider", + "CHE_INFRA_OPENSHIFT_OAUTH__ENABLED": "true", }, }, } From 17dbc84777b7511e03356ce5c03757aa67437a8e Mon Sep 17 00:00:00 2001 From: Anatolii Bazko Date: Tue, 24 Mar 2026 10:26:55 +0100 Subject: [PATCH 7/7] fixup Signed-off-by: Anatolii Bazko --- controllers/che/checluster_controller.go | 3 ++- pkg/common/infrastructure/cluster.go | 9 +++------ pkg/common/operator-defaults/defaults.go | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) diff --git a/controllers/che/checluster_controller.go b/controllers/che/checluster_controller.go index d3a8f40262..b30747b0f8 100644 --- a/controllers/che/checluster_controller.go +++ b/controllers/che/checluster_controller.go @@ -24,13 +24,14 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" + "github.com/eclipse-che/che-operator/pkg/deploy/devworkspace" imagepuller "github.com/eclipse-che/che-operator/pkg/deploy/image-puller" editorsdefinitions "github.com/eclipse-che/che-operator/pkg/deploy/editors-definitions" "github.com/eclipse-che/che-operator/pkg/common/chetypes" - "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/common/infrastructure" + "github.com/eclipse-che/che-operator/pkg/common/test" "github.com/eclipse-che/che-operator/pkg/common/utils" "github.com/eclipse-che/che-operator/pkg/deploy" "github.com/eclipse-che/che-operator/pkg/deploy/consolelink" diff --git a/pkg/common/infrastructure/cluster.go b/pkg/common/infrastructure/cluster.go index f3ab4b0168..b8f127f577 100644 --- a/pkg/common/infrastructure/cluster.go +++ b/pkg/common/infrastructure/cluster.go @@ -95,20 +95,17 @@ func initializeIfNeeded() { kubeCfg, err := config.GetConfig() if err != nil { - logger.Error(err, "Failed to get kubeconfig") - os.Exit(1) + panic("Failed to get kubeconfig") } discoveryClient, err := discovery.NewDiscoveryClientForConfig(kubeCfg) if err != nil { - logger.Error(err, "Failed to create discovery client") - os.Exit(1) + panic("Failed to create discovery client") } apiGroups, apiResources, err := discoveryClient.ServerGroupsAndResources() if err != nil { - logger.Error(err, "Failed to get API Groups and Resources") - os.Exit(1) + panic("Failed to get API Groups and Resources") } if hasAPIGroup(apiGroups, "config.openshift.io") { diff --git a/pkg/common/operator-defaults/defaults.go b/pkg/common/operator-defaults/defaults.go index dce59d51d1..1f5b50ce0c 100644 --- a/pkg/common/operator-defaults/defaults.go +++ b/pkg/common/operator-defaults/defaults.go @@ -67,7 +67,7 @@ func InitializeForTesting(operatorDeploymentFilePath string) { for _, env := range container.Env { err := os.Setenv(env.Name, env.Value) if err != nil { - log.Error(err, "Error setting env variable", "name", env.Name) + panic(fmt.Sprintf("Error setting env var %s=%s", env.Name, env.Value)) } } }