Merge pull request #98 from eclipse-che/ab/removesingleuserfromhelmch…

…arts

chore: remove single-user mode from helmchats

deploy/kubernetes/helm/che/requirements.yaml

@@ -23,11 +23,10 @@ dependencies:
   - name: che-postgres
     repository: file://./custom-charts/che-postgres/
     version: 1.0.0
-    condition: global.multiuser
   - name: che-keycloak
     repository: file://./custom-charts/che-keycloak/
     version: 1.0.0
-    condition: global.cheDedicatedKeycloak,global.multiuser
+    condition: global.cheDedicatedKeycloak
   - name: che-jaeger
     repository: file://./custom-charts/che-jaeger
     version: 1.0.0

deploy/kubernetes/helm/che/templates/configmap.yaml

@@ -49,18 +49,16 @@ data:
   CHE_INFRA_KUBERNETES_TLS__ENABLED: "false"
   CHE_INFRA_KUBERNETES_TLS__SECRET: ""
 {{- end }}
-{{- if .Values.global.multiuser }}
   CHE_KEYCLOAK_CLIENT__ID: {{ .Values.cheKeycloakClientId | quote}}
   CHE_KEYCLOAK_AUTH__SERVER__URL: {{ template "keycloakAuthUrl" . }}
   {{- if .Values.global.useInternalClusterSVCNames }}
   CHE_KEYCLOAK_AUTH__INTERNAL__SERVER__URL: http://keycloak.{{ .Release.Namespace }}.svc:5050/auth
   {{- end }}
   CHE_KEYCLOAK_REALM: {{ .Values.cheKeycloakRealm }}
-{{- end }}
-{{- if (and .Values.global.multiuser .Values.customOidcProvider) }}
+{{- if .Values.customOidcProvider }}
   CHE_KEYCLOAK_OIDC__PROVIDER: {{ .Values.customOidcProvider }}
 {{- end }}
-{{- if and .Values.global.multiuser .Values.customOidcUsernameClaim }}
+{{- if .Values.customOidcUsernameClaim }}
   CHE_KEYCLOAK_USERNAME__CLAIM: {{ .Values.customOidcUsernameClaim }}
 {{- end }}
 {{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
@@ -84,7 +82,7 @@ data:
   CHE_LOCAL_CONF_DIR: /etc/conf
   CHE_LOGS_DIR: /data/logs
   CHE_LOG_LEVEL: {{ .Values.che.logLevel | quote }}
-  CHE_MULTIUSER: {{ .Values.global.multiuser | quote }}
+  CHE_MULTIUSER: "true"
   CHE_OAUTH_GITHUB_CLIENTID: {{ .Values.global.gitHubClientID | quote}}
   CHE_OAUTH_GITHUB_CLIENTSECRET: {{ .Values.global.gitHubClientSecret | quote}}
   CHE_OAUTH_OPENSHIFT_CLIENTID: {{ .Values.global.openShiftClientID | quote}}

deploy/kubernetes/helm/che/templates/deployment.yaml

@@ -33,7 +33,6 @@ spec:
       securityContext:
         fsGroup: {{ .Values.global.securityContext.fsGroup }}
       initContainers:
-{{- if .Values.global.multiuser }}
       - name: wait-for-postgres
         image: {{ .Values.global.endpointWatcher.image }}
         env:
@@ -43,9 +42,8 @@ spec:
                 fieldPath: metadata.namespace
           - name: ENDPOINT
             value: postgres
-{{- end }}
-#wait for keycloak if in multiuser mode and .Values.customOidcProvider was not defined
-{{- if (and .Values.global.multiuser (not .Values.customOidcProvider)) }}
+#wait for keycloak if .Values.customOidcProvider was not defined
+{{- if not .Values.customOidcProvider }}
       - name: wait-for-keycloak
         image: {{ .Values.global.endpointWatcher.image }}
         env:
@@ -55,15 +53,6 @@ spec:
                 fieldPath: metadata.namespace
           - name: ENDPOINT
             value: keycloak
-{{- end }}
-{{- if not .Values.global.multiuser }}
-      - name: fmp-volume-permission
-        image: busybox
-        command: ["chmod", "777", "/data"]
-        volumeMounts: [{
-              "mountPath": "/data",
-              "name": "che-data-volume"
-        }]
 {{- end }}
       containers:
       - envFrom:
@@ -160,31 +149,17 @@ spec:
             memory: 600Mi
           requests:
             memory: 256Mi
-{{- if or (not .Values.global.multiuser) (not (eq .Values.global.tls.serverTrustStoreConfigMapName "")) }}
-        volumeMounts:
-{{- if not .Values.global.multiuser }}
-        - mountPath: /data
-          name: che-data-volume
-{{- end }}
 # If serverTrustStoreConfigMapName is defined, then add the che-public-certs volume mount with certificate contents
 # to propagate them to trust store.
 {{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
+      volumeMounts:
         - mountPath: /public-certs
           name: che-public-certs
-{{- end }}
       volumes:
-{{- if not .Values.global.multiuser }}
-      - name: che-data-volume
-        persistentVolumeClaim:
-          claimName: che-data-volume
-{{- end }}
-# If serverTrustStoreConfigMapName is defined, then add config-map volume.
-{{- if not (eq .Values.global.tls.serverTrustStoreConfigMapName "") }}
       - name: che-public-certs
         configMap:
           name: {{ .Values.global.tls.serverTrustStoreConfigMapName }}
 {{- end }}
-{{- end }}
 {{- if .Values.registry }}
 {{- if and .Values.registry.password .Values.registry.username }}
       imagePullSecrets:

deploy/kubernetes/helm/che/values.yaml

@@ -32,8 +32,7 @@ cheKeycloakClientId: "che-public"
 #workspaceSidecarDefaultRamLimit: ""
 
 global:
-  multiuser: false
-  #  This value can be passed if custom Oidc provider is used, and there is no need to deploy keycloak in multiuser mode
+  #  This value can be passed if custom Oidc provider is used, and there is no need to deploy keycloak
   #  default (if empty) is true
   #cheDedicatedKeycloak: false
   ingressDomain: 192.168.99.100.nip.io

deploy/kubernetes/helm/che/values/default-host.yaml

@@ -8,6 +8,5 @@
 #
 
 global:
-  multiuser: true
   ingressDomain: 192.168.99.100
   serverStrategy: default-host

deploy/kubernetes/helm/che/values/multi-user.yaml

@@ -7,5 +7,5 @@
 # SPDX-License-Identifier: EPL-2.0
 #
 
-global:
-  multiuser: true
+# multi user authentication mode the only available and enabled by default
+# keep this file for backward compatibility