You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
✨ Update koncur-tackle-hub action for hub built-in OIDC auth (#234)
The operator no longer deploys Keycloak (tackle2-operator#567) - auth
moved to the hub's built-in OIDC provider, which seeds a default
admin/admin user. The koncur-tackle-hub action was waiting on and
patching a tackle-keycloak-sso deployment that no longer exists,
timing out every run.
- koncur-tackle-hub: drop the tackle.local/Keycloak reconfiguration
and keycloak pod wait; reach the hub via port-forward at
http://localhost:8081 with Basic auth admin/admin, and assert that
unauthenticated requests get a 401 so the auth path is genuinely
exercised.
- nightly-koncur/e2e-hub-koncur: remove the dead tackle-keycloak-init
artifact from image_pattern globs.
- global-ci-bundle/setup-konveyor-minikube: keep the keycloak_sso/
keycloak_init inputs for backward compatibility with pre-hub-IdP
operator branches (release-0.9), marked DEPRECATED with BACKCOMPAT
comments explaining when they can be deleted.
Signed-off-by: Fabian von Feilitzsch <fabian@fabianism.us>
Co-authored-by: Claude Opus 8 <noreply@anthropic.com>
Copy file name to clipboardExpand all lines: koncur-tackle-hub/README.md
+12-14Lines changed: 12 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -195,7 +195,7 @@ Installs the Tackle Hub operator and components using `make hub-install-auth` fr
195
195
196
196
The environment variables from image loading are passed to the installation, allowing custom images to be used instead of the defaults.
197
197
198
-
After installation, the action adds `127.0.0.1 tackle.local` to `/etc/hosts` and reconfigures Keycloak to use `https://tackle.local:8443/auth` so Hub is reached at `https://tackle.local:8443/hub` instead of `http://localhost:8080`.
198
+
Auth is provided by the Hub's built-in OIDC provider, which seeds a default `admin`/`admin` user — no separate identity server is deployed. The action reaches the Hub via `kubectl port-forward svc/tackle-hub 8081:8080` at `http://localhost:8081`.
199
199
200
200
### 5. Wait for Readiness
201
201
@@ -206,7 +206,7 @@ Waits for Hub to be fully operational:
206
206
-n konveyor-tackle --timeout=300s
207
207
```
208
208
209
-
2. **Ingress readiness**: Polls `https://tackle.local:8443/hub/applications` until it responds (up to 2.5 minutes)
209
+
2. **API readiness**: Polls `http://localhost:8081/applications` with Basic auth (`admin`/`admin`) until it responds (up to 2.5 minutes), and asserts that an unauthenticated request is rejected with `401` (proving auth is enforced)
210
210
211
211
### 6. Maven Configuration (Optional)
212
212
@@ -221,10 +221,9 @@ If `skip_maven: false`:
221
221
```yaml
222
222
type: tackle-hub
223
223
tackleHub:
224
-
url: https://tackle.local:8443/hub
224
+
url: http://localhost:8081
225
225
username: admin
226
226
password: admin
227
-
insecure: true
228
227
mavenSettings: '/path/to/settings.xml'
229
228
```
230
229
@@ -284,14 +283,14 @@ The action automatically outputs this information on failure.
284
283
285
284
### Port Forward Fails
286
285
287
-
**Issue**: Cannot connect to Hub API on `https://tackle.local:8443`
286
+
**Issue**: Cannot connect to Hub API on `http://localhost:8081`
288
287
289
-
**Solution**: Verify `/etc/hosts` contains `127.0.0.1 tackle.local`, then check ingress and Keycloak:
288
+
**Solution**: Verify the Hub pod is ready and the port-forward is running, then check auth:
290
289
```bash
291
-
grep tackle.local /etc/hosts
292
-
kubectl get ingress -n konveyor-tackle
293
-
kubectl get pods -n konveyor-tackle -l app.kubernetes.io/name=tackle-keycloak-sso
0 commit comments