-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
8
-
False
-
False
-
GitOps Scarlet - Sprint 2261, GitOps Scarlet - Sprint 3257
Story: Add host attribute to SSO provider spec
As a user of OpenShift GitOps, I want to customize the route name of the keycloak instance that is instantiated by the OpenShift GitOps operator, to support advanced routing uses cases, such as Routes split between multiple ingress controller shards.
Background (Required)
This Story came as an RFE from a customer (RFE-3089).
The customer’s specific use case is:
When using Ingress Controller sharding it's important that route name can be specified as domain respectively DNSsuffix can change depending on what IngressController the route is exposed too. The ArgoCD server hostname can already be specified. Now the same needs to be possible for the sso part, where Red Hat SSO/Keycloak is being used.
- Why does the customer need this? (List the business requirements here)
With Ingress Controller sharding we need to be able to either automatically detect the DNSsuffix configured for the IngressController the route is exposed too and use that or otherwise allow configure it in the ArgoCD custom resource. Allowing to configure it will provide more flexibility and therefore is the preferred approach.
Approach (Required)
Ultimately this boils down into adding a new field to the ArgoCD CR which can be use to customize the Keycloak Route/Ingress. The keycloak Route/Ingress are already automatically created by OpenShift GitOps.
An example how the ArgoCD could potentially look like to configure sso route name:
apiVersion: argoproj.io/v1alpha1
kind: ArgoCD
metadata:
name: example-argocd
namespace: foobar
[...]
spec:
server:
host: argocd-foobar.apps.example.com
route:
enabled: true
sso:
provider: keycloak
host: sso-foobar.apps.example.com <<-- something like that
Acceptance Criteria (Mandatory)
- Add a new field to 'ArgoCDKeycloakSpec' similar to above, which will control the contents of the keycloak Route's .spec.host field of the Route that is generated.
- You will see in the code that there are two code paths for reconciling: one that is for OpenShift (based on templates), and one that is not (based on Ingress).
- For this story, both need to be modified (since we are modifying an API that is shared between them)
- Unit/E2E tests
- is cloned by
-
GITOPS-4451 Add host attribute to SSO provider spec
-
- Closed
-
-
RFE-3089 Ability to configure the Red Hat SSO/Keycloak host name
-
- Accepted
-
- is related to
-
-
- Closed
-
- links to