oauth-proxy container in che-gateway pod throws error while setting up eclipse-che on k8s cluster

[Divine1]

Summary

i have configured a k8s cluster in my virtual machine and i installed eclipse-che using below command. the installation completed, but i have explained the issue below

chectl server:deploy --che-operator-cr-patch-yaml=/home/ubuntu/kubeapps/che-operator-cr-patch.yaml --platform=k8s --installer=operator --debug --k8spoderrorrechecktimeout=480000 --domain=eclipseche.mangotree.click --k8spodreadytimeout=480000

i was able to follow this documentation and integrate dex with an example-app successfully. Now i have to integrate dex and eclipse-che.

below screenshot shows the output after successfully installing eclipse-che in k8s cluster but without integrating eclipse-che with dex.

But what steps should i follow to inregrate eclipse-che and dex?

(not real url)sample url is https://eclipseche.example.click:31931/ , https://eclipseche.example.click:31931/dashboard

i investigated the error and found che-gateway-766fdb7b54-pb8bz pod in errored state. i investigated the state of the containers with-in the pod, oauth-proxy container in che-gateway-766fdb7b54-pb8bz pod is in errored state.

i checked the oauth-proxy container logs in che-gateway-766fdb7b54-pb8bz pod , it shows below error message. where should i update the information mentioned in the error message ?
Please help me on what should i do to fix this error?

Relevant information

No response

[l0rd]

@sparkoo may have an idea how to address that.
Adding issue to the list in #21304

[Divine1]

@sparkoo please help me on this

[sparkoo]

you have to set these fields in CheCluster

spec:
  auth:
    identityProviderURL: 
    oAuthClientName: 
    oAuthSecret: 

[Divine1]

@sparkoo

could you please elaborate on that? where should i add it?

should i add it like below?
che-operator-cr-patch.yaml

apiVersion: org.eclipse.che/v1
kind: CheCluster
metadata:
  name: eclipse-che
spec:
  database:
    chePostgresHostName: datasd4567fgg86wjj.com
    chePostgresPassword: rasdf5664sfrot123
    chePostgresUser: vmsdf3456sfv123
    externalDb: true
  auth:
    identityProviderURL: 
    oAuthClientName: 
    oAuthSecret: 

is my below assumption correct?
identityProviderURL - https://dex.example.com
oAuthClientName - github client name (for example)
oAuthSecret - github client secret (for example)

Also, after i add this configuration using chectl server:deploy, which command shall i use to view the configuration in the k8scluster?

i apologize for asking the basic questions, please clarify...

chectl server:deploy --che-operator-cr-patch-yaml=/home/ubuntu/kubeapps/che-operator-cr-patch.yaml --platform=k8s --installer=operator --debug --k8spoderrorrechecktimeout=480000 --domain=eclipseche.mangotree.click --k8spodreadytimeout=480000

[sparkoo]

oAuthClientName and oAuthSecret is id and secret from Dex configuration https://github.com/dexidp/dex/blob/master/examples/config-dev.yaml#L110.

Che will always talk to Dex here. If you want to login with GitHub, you have to configure Dex to connect to it https://dexidp.io/docs/connectors/github/

It looks like this:
Che --(OIDC)--> Dex ----> Identity Provider (GitHub, Gitlab, Google, ...)

Kubernetes must be using same Dex for authentication and by that we're able to use Kubernetes RBAC to control permissions for users. It will also allow us to have various Identity providers.

chectl command looks right

[Divine1]

@sparkoo thank you for the details, i will try this and share the feedback.

[Divine1]

@sparkoo

today i updated eclipse-che to below version

then i installed eclipseche using below command

chectl server:deploy --che-operator-cr-patch-yaml=/home/ubuntu/kubeapps/che-operator-cr-patch.yaml --platform=k8s --installer=operator --debug --k8spoderrorrechecktimeout=480000 --domain=eclipseche.mangotree.click --k8spodreadytimeout=480000

i received below error in the operator pod kubectl logs che-operator-7cf69497d5-lhd5w -n eclipse-che -f

i tried to delete the eclipse-che namespace, but it remains in Terminating status

i'm not sure why this error appears now, i didnot face this issue previously

Please help me to fix this issue

[sparkoo]

cc: @tolusha can you please take a look what might be wrong?

[tolusha]

It is related to switching to CheCluster API v2.
Could you try the following:

chectl server:delete
chectl server:deploy ...

If it fails, pls attach chectl logs.

[Divine1]

@tolusha

i ran chectl server:delete , but as shown in below screenshot, eclipse-che namespace still did not get deleted

[tolusha]

Try to clean up checluster CR manually
oc patch checluster/eclipse-che --patch '{"metadata": {"finalizers": null}}' --type=merge -n eclipse-che
Namespace should be deleted automatically.

[Divine1]

@tolusha i have deleted my k8s cluster and created a new k8s cluster. i will use the solution you provided, if i face the issue again

i'm facing another issue while installing eclipse-che in new k8s cluster.
#21460

please help me to fix this issue

[nischaysn]

you have to set these fields in CheCluster

spec:
  auth:
    identityProviderURL: 
    oAuthClientName: 
    oAuthSecret: 

Hi @tolusha After adding this to my yaml still my oauth-proxy container is failing . the error it shows is :
[main.go:54] invalid configuration:
missing setting: login-url
missing setting: redeem-url
could you pls help me resolve this ?