Add document for che installation on eks #2808
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,105 @@ | ||||||||||||
| :_content-type: PROCEDURE | ||||||||||||
| :navtitle: Installing {prod-short} on the {eks} cluster | ||||||||||||
| :description: Installing {prod-short} on the {eks} cluster | ||||||||||||
| :keywords: installing-{prod-short}-on-the-eks-cluster | ||||||||||||
| :page-aliases: | ||||||||||||
|
|
||||||||||||
| [id="installing-{prod-short}-on-AWS-EKS.adoc"] | ||||||||||||
| = Installing {prod-short} on the {eks} cluster | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
|
|
||||||||||||
|
There was a problem hiding this comment. docs usually have a short introductory paragraph about the process they describe. can you add it, please? examples: |
||||||||||||
| .Prerequisites | ||||||||||||
| * A Che domain name | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| * A certificate for the che domain name: private and public keys in PEM format | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| * An external OIDC provider, you need the following information from your provider: Issuer URL, Client ID, Client Secret | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
|
|
||||||||||||
| .Install required components | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| . Install link:https://kubernetes.github.io/ingress-nginx/[Ingress-Nginx Controller] | ||||||||||||
| + | ||||||||||||
| [source,shell] | ||||||||||||
|
There was a problem hiding this comment. please check the Red Hat Style Guide section about commands with root privileges: https://redhat-documentation.github.io/supplementary-style-guide/#commands-with-root-privileges you'll need to edit out mentions of shell in this doc |
||||||||||||
| ---- | ||||||||||||
| kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.11.1/deploy/static/provider/aws/deploy.yaml | ||||||||||||
| ---- | ||||||||||||
|
|
||||||||||||
| . Install the link:https://github.com/devfile/devworkspace-operator/tree/main[devworkspace-operator] | ||||||||||||
| + | ||||||||||||
| [source,shell] | ||||||||||||
| ---- | ||||||||||||
| kubectl create namespace devworkspace | ||||||||||||
| kubectl apply -f https://raw.githubusercontent.com/devfile/devworkspace-operator/refs/heads/main/deploy/deployment/kubernetes/combined.yaml | ||||||||||||
| ---- | ||||||||||||
|
|
||||||||||||
| . Install the link:https://github.com/eclipse-che/che-operator[eclipse-che-operator] | ||||||||||||
| + | ||||||||||||
| [source,shell] | ||||||||||||
| ---- | ||||||||||||
| kubectl apply -f https://raw.githubusercontent.com/eclipse-che/che-operator/refs/heads/main/deploy/deployment/kubernetes/combined.yaml | ||||||||||||
| ---- | ||||||||||||
|
|
||||||||||||
| .Integrate the external OIDC provider with the EKS cluster | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| * Select your EKS cluster, and then select the `Access` tab. | ||||||||||||
| * In the OIDC Identity Providers section, select Associate Identity Provider. | ||||||||||||
| * On the Associate OIDC Identity Provider page, enter or select the following options, and then select Associate. | ||||||||||||
|
There was a problem hiding this comment. what's the correct name of the page, please? Associate OIDC Identity Provider or Associate Identity Provider |
||||||||||||
| [subs="+quotes,attributes"] | ||||||||||||
| ---- | ||||||||||||
| For Name, enter a unique name for the provider. | ||||||||||||
| For Issuer URL, enter the URL for your provider | ||||||||||||
| For Client ID, enter the OIDC identity provider's client ID | ||||||||||||
| For Username claim, enter `email` | ||||||||||||
| ---- | ||||||||||||
| .Create secret for the seft sign certificate | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| . Create a `che-tls` secret: | ||||||||||||
| + | ||||||||||||
| [subs="+quotes,attributes"] | ||||||||||||
| ---- | ||||||||||||
| $ {orch-cli} create secret tls che-tls \ | ||||||||||||
| --key <key_file> \ | ||||||||||||
| --cert <cert_file> \ | ||||||||||||
| -n {prod-namespace} | ||||||||||||
| ---- | ||||||||||||
|
|
||||||||||||
| . Add the required labels to the secret: | ||||||||||||
| + | ||||||||||||
| [subs="+quotes,attributes"] | ||||||||||||
| ---- | ||||||||||||
| $ {orch-cli} label secret che-tls app.kubernetes.io/part-of=che.eclipse.org -n {prod-namespace} | ||||||||||||
| ---- | ||||||||||||
|
|
||||||||||||
| .Deploy che cluster | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| . Prepare `CheCluster` manifest file | ||||||||||||
|
There was a problem hiding this comment.
Suggested change
|
||||||||||||
| [source,shell,subs="+attributes,+quotes"] | ||||||||||||
| ---- | ||||||||||||
| cat > /tmp/che-clsuter.yaml << EOF | ||||||||||||
| kind: CheCluster | ||||||||||||
| apiVersion: org.eclipse.che/v2 | ||||||||||||
| metadata: | ||||||||||||
| name: eclipse-che | ||||||||||||
| namespace: ecclipse-che | ||||||||||||
| spec: | ||||||||||||
| networking: | ||||||||||||
| ingressClassName: nginx | ||||||||||||
| auth: | ||||||||||||
| oAuthClientName: <Client ID> | ||||||||||||
| oAuthSecret: <Client Secret> | ||||||||||||
| identityProviderURL: <Issuer URL> | ||||||||||||
| gateway: | ||||||||||||
| oAuthProxy: | ||||||||||||
| cookieExpireSeconds: 300 | ||||||||||||
| deployment: | ||||||||||||
| containers: | ||||||||||||
| - name: oauth-proxy | ||||||||||||
| env: | ||||||||||||
| - name: OAUTH2_PROXY_COOKIE_CSRF_PER-REQUEST | ||||||||||||
| value: "true" | ||||||||||||
| domain: <che domain name> | ||||||||||||
| tlsSecretName: che-tls | ||||||||||||
| components: | ||||||||||||
| cheServer: | ||||||||||||
| extraProperties: | ||||||||||||
| CHE_OIDC_USERNAME__CLAIM: email | ||||||||||||
| EOF | ||||||||||||
| ---- | ||||||||||||
| . Deploy cluster | ||||||||||||
| [source,shell] | ||||||||||||
| ---- | ||||||||||||
| kubectl apply -f /tmp/che-clsuter.yaml | ||||||||||||
| ---- | ||||||||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.