Installing version 7.42+ with external Keycloak instance

[celalsahin]

Summary

I would like to install/configure eclipse-che with an external keycloak instance

Relevant information

Install instructions for EKS: https://www.eclipse.org/che/docs/che-7/installation-guide/installing-che-on-aws/ does not work anymore for 7.42+.

I found this comment #21041 (comment) - if I understand it correctly "you must have Kubernetes configured with OIDC provider":

• Where is this documented? I found this Provide instructions to setup an OIDC provider for the major public cloud vendors #20909 but cannot find the documentation that reflects the changes.
• Isn't it really possible to install eclipse-che without referring to k8s users & referring to an external keycloak or similar?

Overall I feel like I am missing an overview of installation possibilities & consistent howTos or I am checking the wrong places.
Can you please point me to a/the docu which I can follow to get eclipse-che running on EKS?

Regards
Celal

[tolusha]

Have a look pls
#21049 (comment)

[tolusha]

I've prepared draft doc about installing Eclipse Che on minikube with Keycloak as OIDC provider.
It might give some hints about configuring it for other Kubernetes providers.

[1] eclipse-che/che-docs#2408

[celalsahin]

Thanks I will try to reflect that to my work & let's see if I can make it work with EKS

[celalsahin]

I got somewhat of a success - with EKS + our companies OIDC provider(not keycloak) - but I am stuck after a successful login to dashboard.

Accessing the dashboard URL forwards me to my OIDC provider & after successful login dashboard returns a page with following text:

Error
OPTIONS request to "/api/" failed, reason: <!doctype html><title>HTTP Status 400 – Bad Request</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style>

HTTP Status 400 – Bad Request

---

Type Exception Report

Message Request header is too large

Description The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Exception

java.lang.IllegalArgumentException: Request header is too large

org.apache.coyote.http11.Http11InputBuffer.fill(Http11InputBuffer.java:790)

org.apache.coyote.http11.Http11InputBuffer.parseHeader(Http11InputBuffer.java:899)

org.apache.coyote.http11.Http11InputBuffer.parseHeaders(Http11InputBuffer.java:604)

org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:292)

org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)

org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:872)

org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1705)

org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)

org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)

org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

java.base/java.lang.Thread.run(Thread.java:829)

Note The full stack trace of the root cause is available in the server logs.

---

Apache Tomcat/10.0.14

Please try Shift+Refresh

As far as I can see in gateway pod logs authentication succeeds but not sure why it starts throwing http 400 codes.
[2022/08/08 09:55:09] [session_store.go:163] WARNING: Multiple cookies are required for this session as it exceeds the 4kb cookie limit. Please use server side session storage (eg. Redis) instead.
10.3.118.81:40834 - 980dc1ebe8eafc2621a81263b6167f91 - [2022/08/08 09:55:09] [AuthSuccess] Authenticated via OAuth2: Session{email: user: PreferredUsername: token:true id_token:true created:2022-08-08 09:55:09.624013573 +0000 UTC m=+3638.377745267 expires:2022-08-08 11:55:08.623744135 +0000 UTC m=+10837.377475821 refresh_token:true}
10.3.118.81:40834 - 980dc1ebe8eafc2621a81263b6167f91 - - [2022/08/08 09:55:09] GET - "/oauth/callback?code=YyvJqGI5XT8ZkAUhBi6TZjOwFrpcGQMR6EZXTcqj&state=XbL2IVE8b5NzM535Cf1Bp7eEgXFn7iANjLeej-RUW40%3A%2Fdashboard%2F" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 302 34 0.034
10.3.118.81:40834 - 040807ddef1697913df110cce20c97fe - [2022/08/08 09:55:09] GET / "/dashboard/" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 916 0.006
10.3.118.81:40834 - 9007c232716f4481a9e130ddd39df61c - [2022/08/08 09:55:09] GET / "/dashboard/assets/branding/branding.css" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 670 0.003
10.3.118.81:40834 - a45c6f20544adae5ee3c69ca3ba117a7 - [2022/08/08 09:55:09] GET / "/dashboard/assets/branding/loader.svg" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 456 0.004
10.3.118.81:51324 - 4ba510e1a36d95f135c9331e533a8c6c - [2022/08/08 09:55:09] GET / "/dashboard/client.a5a7a8ed6119579f3eff.js" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 157748 0.010
10.3.118.81:51336 - 189a9b84168b7620083c5d5531f0e384 - [2022/08/08 09:55:09] GET / "/dashboard/editor.worker.js" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 1627 0.002
10.3.118.81:40834 - 7bec00b37fa75f8dfdf3b7b321e82236 - [2022/08/08 09:55:09] GET / "/dashboard/service-worker.js" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 63 0.007
10.3.118.81:51306 - 17b45deb8c7540958ee44ace4145bcae - [2022/08/08 09:55:09] GET / "/dashboard/monaco.a5a7a8ed6119579f3eff.js" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 2429834 0.082
10.3.118.81:51322 - 3b0128b9b0880a947ff2f935e1b7c6a9 - [2022/08/08 09:55:09] GET / "/dashboard/vendor.a5a7a8ed6119579f3eff.js" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 5626335 0.102
10.3.118.81:51322 - c29d42bd6114e72ea6cd613c79d0d4d9 - [2022/08/08 09:55:11] GET / "/dashboard/assets/branding/product.json" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 3 0.002
10.3.118.81:51306 - 60252528d556057497a95bfc530cd395 - [2022/08/08 09:55:11] GET / "/api/workspace/settings" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.006
10.3.118.81:51322 - da21da2000afc9287fc082c4a703d9b6 - [2022/08/08 09:55:11] POST / "/api/kubernetes/namespace/provision" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.007
10.3.118.81:40834 - 9e6773ab87a5ca59bd6a06f67133cd15 - [2022/08/08 09:55:11] GET / "/dashboard/assets/branding/favicon.ico" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 32988 0.005
10.3.118.81:51324 - 3d5ea3ae3a40068778ef878339fb6d29 - [2022/08/08 09:55:11] GET / "/dashboard/api/server-config" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 43 0.039
10.3.118.81:51324 - 67695c55087a45fb19d60cd4bf7467d0 - [2022/08/08 09:55:11] OPTIONS / "/api/" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.194.81:39380 - f523db184b102da851f7b20032c74f47 - [2022/08/08 09:55:11] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.118.81:51324 - a9d5cf56b4792f9ac0e6f386bc7e6ea3 - [2022/08/08 09:55:11] GET / "/dashboard/service-worker.js" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 63 0.003
10.3.118.81:51324 - 59473581ddd3c134f1ba8f789ff57dfe - [2022/08/08 09:55:11] GET / "/dashboard/fonts/RedHatDisplay-Medium.woff" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 36532 0.004
10.3.118.81:40834 - d1507a8a1db51533953aa09556d1024a - [2022/08/08 09:55:11] GET / "/dashboard/fonts/RedHatText-Regular.woff" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 200 35980 0.004
10.3.194.81:39384 - 36cf6f3d9fba940ef3f03098422a85b7 - [2022/08/08 09:55:11] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.004
10.3.194.81:39380 - f686e70a7c31dbe40647694f88d0e700 - [2022/08/08 09:55:12] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.194.81:39384 - b35e969d60cea925e976dc012bde478b - [2022/08/08 09:55:14] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.118.81:40834 - 85dc117a3de5600c90e54b8d39c34d87 - [2022/08/08 09:55:15] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.194.81:39384 - 5da41a3623b56fde5b91f65a77faa578 - [2022/08/08 09:55:16] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.118.81:40834 - 7d44b0d9c0a650b37e6ef980b96b24b2 - [2022/08/08 09:55:18] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.118.81:46324 - 5a026ae77e4dd36920568ce523e0f838 - [2022/08/08 09:55:19] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.118.81:46324 - d566f9483b526ef204de6174f7fa1347 - [2022/08/08 09:55:21] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.194.81:39380 - 33c157846c2586d0b0d23a7eb78f43de - [2022/08/08 09:55:23] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005
10.3.118.81:46324 - 639decd2cfffb118b8dac9c63bdc4a06 - [2022/08/08 09:55:25] GET / "/api/websocket?token=" HTTP/1.1 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" 400 1981 0.005

Any idea how can I debug/proceed further?

[che-bot]

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.