Configuring OAuth 2.0 for GitLab
To enable users to work with a remote Git repository that is hosted using a GitLab instance:
-
Set up the GitLab authorized application (OAuth 2.0).
-
Apply the GitLab authorized application Secret.
Setting up the GitLab authorized application
Set up a GitLab authorized application using OAuth 2.0.
-
You are logged in to GitLab.
-
Click your avatar and go to .
-
Enter Che as the Name.
-
Enter
https://<che_fqdn>/api/oauth/callbackas the Redirect URI. -
Check the Confidential and Expire access tokens checkboxes.
-
Under Scopes, check the
api,write_repository, andopenidcheckboxes. -
Click Save application.
-
Copy and save the GitLab Application ID for use when applying the GitLab-authorized application Secret.
-
Copy and save the GitLab Client Secret for use when applying the GitLab-authorized application Secret.
Applying the GitLab-authorized application Secret
Prepare and apply the GitLab-authorized application Secret.
-
Setting up the GitLab authorized application is completed.
-
The following values, which were generated when setting up the GitLab authorized application, are prepared:
-
GitLab Application ID
-
GitLab Client Secret
-
-
An active
kubectlsession with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.
-
Prepare the Secret:
kind: Secret apiVersion: v1 metadata: name: gitlab-oauth-config namespace: eclipse-che (1) labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: oauth-scm-configuration annotations: che.eclipse.org/oauth-scm-server: gitlab che.eclipse.org/scm-server-endpoint: <gitlab_server_url> (2) type: Opaque stringData: id: <GitLab_Application_ID> (3) secret: <GitLab_Client_Secret> (4)1 The Che namespace. The default is eclipse-che.2 The GitLab server URL. Use https://gitlab.comfor theSAASversion.3 The GitLab Application ID. 4 The GitLab Client Secret. -
Apply the Secret:
$ kubectl apply -f - <<EOF <Secret_prepared_in_the_previous_step> EOF
-
Verify in the output that the Secret is created.