Operator-related fix and openshift v4 support #13554
Conversation
Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
This is provisional, until the new provider is integrated into a future Keycloak release. Signed-off-by: David Festal <[email protected]>
dockerfiles/keycloak/Dockerfile
Outdated
| @@ -10,7 +10,14 @@ FROM jboss/keycloak:6.0.1 | |||
| ADD che /opt/jboss/keycloak/themes/che | |||
| ADD . /scripts/ | |||
| ADD cli /scripts/cli | |||
| RUN ln -s /opt/jboss/tools/docker-entrypoint.sh | |||
There was a problem hiding this comment.
Hi, can we merge all run instructions into a single one ?
dockerfiles/keycloak/Dockerfile
Outdated
| @@ -10,7 +10,14 @@ FROM jboss/keycloak:6.0.1 | |||
| ADD che /opt/jboss/keycloak/themes/che | |||
| ADD . /scripts/ | |||
| ADD cli /scripts/cli | |||
| RUN ln -s /opt/jboss/tools/docker-entrypoint.sh | |||
| RUN curl --location https://github.com/davidfestal/KEYCLOAK-10169-OpenShift4-User-Provider/releases/download/6.0.1-openshift-v4-provider/openshift4-extension-6.0.1.jar -o /opt/jboss/keycloak/standalone/deployments/openshift4-extension-6.0.1.jar | |||
There was a problem hiding this comment.
we don't have jar on something that is not belonging to a given user (davidfestal ? )
There was a problem hiding this comment.
maybe use a multi-staged build ?
There was a problem hiding this comment.
eventually the fix will be in Keycloak upstream (and RH-SSO downstream) but for now it's a custom jar from https://github.com/slaskawi/KEYCLOAK-10169-OpenShift4-User-Provider (or David's fork). It's not yet in the Keycloak/SSO codebase. See KEYCLOAK-10169 for discussion/details.
There was a problem hiding this comment.
+1 to @benoitf suggestion. And consider using curl -sSL flags to follow redirections and avoid having the % for the download in the logs.
Signed-off-by: David Festal <[email protected]>
che-bot
added
the
kind/bug
What does this PR do?
This PR provides fixes to the
che-keycloakimage in order to allow the community Che operatorto successfully install a Che server integrated with the Openshift v4 OAuth authentication.
More precisely this PR:
When this new provider will be integrated into the Keycloak product itself in a future Keycloak release, we'll be able to remove this last change.
What issues does this PR fix or reference?
This PR is involved in fixing issue: redhat-developer/rh-che#1454,
and is also a followup of PR https://github.com/eclipse/che/pull/13429/files which had introduced a breaking change for the community Che operator.