Authenticating with OpenShift Connector from Che when the OpenShift OAuth service does not authenticate the Che instance

This section describes how to authenticate with an OpenShift cluster when the OpenShift OAuth service does not authenticate the Che instance. It enables the user to develop and push Components from Che to the OpenShift instance that contains Che.

When the OpenShift OAuth service authenticates the Che instance, the OpenShift Connector plugin automatically establishes the authentication with the OpenShift instance containing Che.

OpenShift Connector offers the following methods for logging in to the OpenShift Cluster from the Che instance:

  • Using the notification asking to log in to the OpenShift instance containing Che.

  • Using the Log in to the cluster button.

  • Using the Command Palette.

OpenShift Connector plugin requires manual connecting to the target cluster.

The OpenShift Connector plugin logs in to the cluster as inClusterUser. If this user does not have manage project permission, this error message appears when creating a project using OpenShift Application Explorer:

Failed to create Project with error 'Error: Command failed: "/tmp/vscode-unpacked/redhat.vscode-openshift -connector.latest.qvkozqtkba.openshift-connector-0.1.4-523.vsix/extension/out/tools/linux/odo" project create test-project ✗ projectrequests.project.openshift.io is forbidden

To work around this issue:

  1. Log out from the local cluster.

  2. Log in to OpenShift cluster using the OpenShift user’s credentials.

When using a local instance of OpenShift such as Red Hat OpenShift Local, Che stores the user’s credentials in a ~/.kube/config file in the workspace. Use this file for automatic authentication in subsequent logins. In the context of Che, the ~/.kube/config is stored as a part of the plugin sidecar container.

Prerequisites

  • A running instance of Che.

  • A Che workspace is available.

  • The OpenShift Connector plugin is available. See Installing OpenShift Connector in Che.

  • The OpenShift OAuth provider is available only for the auto-login to the OpenShift instance containing Che.

Procedure

  1. In the left panel, click the OpenShift Application Explorer icon.

  2. In the OpenShift Connector panel, log in using the OpenShift Application Explorer. Use one of the following methods:

    • Click the Log in to cluster button in the top left corner of the pane.

    • Press F1 to open the Command Palette, or navigate to View > Find Command in the top menu.

      Search for OpenShift: Log in to cluster and press Enter.

  3. If a You are already logged in a cluster. message appears, click Yes.

  4. Select the method to log in to the cluster: Credentials or Token, and follow the login instructions.

    To authenticate with a token, the required token information is in the upper right corner of the main OpenShift Container Platform screen, under <User name> > Copy Login Command.