- This readme assumes that 192.168.99.100 is the IP for minikube. You can find the IP on your setup using
minikube ip
. - If your IP differs from the default, you can set it as environment variable
REACT_APP_CHE_DOMAIN
. E.g. if your Che runs on minikube withexport REACT_APP_CHE_DOMAIN=$(minikube ip).nip.io
- Che setups are a bit brittle (Che Updates, Kubernetes Updates, Minikube Updates) so parts of this setup may be out of date. The following versions were used as of writing:
- minikube version: v1.7.3
- Kubernetes Server Version: Major:"1", Minor:"17", GitVersion:"v1.17.3"
- Chectl version: chectl/7.11.0 linux-x64 node-v10.19.0
- Install virtualbox (https://www.virtualbox.org/wiki/Downloads)
- Install kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/)
- Install minikube (https://kubernetes.io/docs/tasks/tools/install-minikube/)
- Install helm (https://helm.sh/docs/intro/install/)
- Install chectl (https://github.com/che-incubator/chectl#installation)
- Start minikube:
minikube start --memory=8192 --cpus=4 --disk-size=50g --vm-driver=virtualbox
- Install self-signed certificates for local multi user setup: https://www.eclipse.org/che/docs/che-7/installing-che-in-tls-mode-with-self-signed-certificates/
- Start che:
chectl server:start --platform=minikube --installer=operator --self-signed-cert --multiuser --skip-cluster-availability-check
https://keycloak-che.192.168.99.100.nip.io/
https://che-che.192.168.99.100.nip.io/
https://che-che.192.168.99.100.nip.io/swagger
- Get settings from https://che-che.192.168.99.100.nip.io/api/keycloak/settings
- go to https://keycloak-che.192.168.99.100.nip.io/ and log in to the admin console (User: admin | Password: admin)
- Navigate Clients -> Che-public -> add localhost:3000 to "Valid Redirect URIs" and "Web Origins". See the existing entries and create similar ones using the local host URL (Add http and https urls. urls end with /*/ for "Valid Redirect URIs")
The Che API can be opened with or without using the Che operator.
- Disable Operator
kubectl scale --replicas=0 deployment/che-operator -n che
because the operator will undo the changes we make in the next step. kubectl edit configmap che -n che
and add the following (the keys should not exist yet)
CHE_CORS_ENABLED: "true"
CHE_CORS_ALLOW__CREDENTIALS: "false"
CHE_CORS_ALLOWED__ORIGINS: "*"
CHE_WSAGENT_CORS_ENABLED: "true"
CHE_WSAGENT_CORS_ALLOW__CREDENTIALS: "true"
CHE_WSAGENT_CORS_ALLOWED__ORIGINS: "NULL"
kubectl scale --replicas=0 deployment/che -n che
kubectl scale --replicas=1 deployment/che -n che
Set the required environment variables by patching the operator configuration. The operator will then automatically restart affected deployments of Che.
kubectl patch checluster/eclipse-che -n che --type=merge --patch "$(cat che-cors-settings-patch.yaml)"
- Do not use your company account for this!
- Go to https://console.developers.google.com/ and create a project
- Create new credentials. We want OAuth Client ID.
- Choose web application as application type.
- Authorized redirct URI is https://keycloak-che.192.168.99.100.nip.io/auth/realms/che/broker/google/endpoint
- Note down client id and secret (Keepass)
- Login to admin console
- Identify providers page -> Add provider... -> Google
- Enter client ID and Secret
- Login to admin console in keycloak
- Authentication menu item -> Flows Tab -> Select Browser from Drop down -> In Identity Provider row select Actions -> Config
- Create authenticator config with "google" as Default identify provider
Please see the LICENSE
file for licensing information.