Loading...

XML

Word

Printable

Type: Story
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: Operator
Labels:
- 2024Q2
- doc-req
- gitops
- release-note-item
- rfe
- route
- sso
- team-gitops-scarlet
- triage

Story Points:
8
Epic Link:
Add host attribute to SSO provider spec
Blocked:
False
Ready:
False
Target Version:

1.13.0

Sprint:
GitOps Scarlet - Sprint 2261, GitOps Scarlet - Sprint 3257

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Story: Add host attribute to SSO provider spec

As a user of OpenShift GitOps, I want to customize the route name of the keycloak instance that is instantiated by the OpenShift GitOps operator, to support advanced routing uses cases, such as Routes split between multiple ingress controller shards.

Background (Required)

This Story came as an RFE from a customer (~~RFE-3089~~).

The customer’s specific use case is:

When using Ingress Controller sharding it's important that route name can be specified as domain respectively DNSsuffix can change depending on what IngressController the route is exposed too. The ArgoCD server hostname can already be specified. Now the same needs to be possible for the sso part, where Red Hat SSO/Keycloak is being used.

Why does the customer need this? (List the business requirements here)
With Ingress Controller sharding we need to be able to either automatically detect the DNSsuffix configured for the IngressController the route is exposed too and use that or otherwise allow configure it in the ArgoCD custom resource. Allowing to configure it will provide more flexibility and therefore is the preferred approach.

Approach (Required)

Ultimately this boils down into adding a new field to the ArgoCD CR which can be use to customize the Keycloak Route/Ingress. The keycloak Route/Ingress are already automatically created by OpenShift GitOps.

An example how the ArgoCD could potentially look like to configure sso route name:

apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
  name: example-argocd
  namespace: foobar
[...]
spec:
  server:
    host: argocd-foobar.apps.example.com
    route:
      enabled: true
  sso:
    provider: keycloak
      host: sso-foobar.apps.example.com <<-- something like that

Acceptance Criteria (Mandatory)

Add a new field to 'ArgoCDKeycloakSpec' similar to above, which will control the contents of the keycloak Route's .spec.host field of the Route that is generated.
You will see in the code that there are two code paths for reconciling: one that is for OpenShift (based on templates), and one that is not (based on Ingress).
- For this story, both need to be modified (since we are modifying an API that is shared between them)
Unit/E2E tests

is cloned by

GITOPS-4451 Add host attribute to SSO provider spec

RFE-3089 Ability to configure the Red Hat SSO/Keycloak host name

Accepted

links to

Ability to configure the Red Hat SSO/Keycloak hostname in OpenShift GitOps

Assignee:: Rizwana Naaz

Reporter:: Simon Reber

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2022/02/02 9:56 AM

Updated:: 2024/04/23 1:47 PM

Details

Description

Story: Add host attribute to SSO provider spec

Background (Required)

Approach (Required)

Acceptance Criteria (Mandatory)

Attachments

Issue Links

Activity

People

Dates

Hide