Configure GitHub OAuth for your team
Configure a GitHub OAuth application so that developers can clone repositories and push code from Che workspaces without manually entering credentials. This procedure covers GitHub.com and GitHub Enterprise Cloud. For other providers, see the Additional resources.
-
An active
kubectlsession with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl. -
You are logged in to GitHub with an account that has permission to create OAuth applications for your organization.
-
Go to the GitHub OAuth application registration page.
-
Enter the following values:
-
Application name:
Che -
Homepage URL:
https://<che_fqdn>/ -
Authorization callback URL:
https://<che_fqdn>/api/oauth/callback
-
-
Click Register application.
-
Click Generate new client secret.
-
Copy the Client ID and the Client Secret. You need both values in the next step.
-
Prepare and apply the Kubernetes Secret:
kind: Secret apiVersion: v1 metadata: name: github-oauth-config namespace: eclipse-che labels: app.kubernetes.io/part-of: che.eclipse.org app.kubernetes.io/component: oauth-scm-configuration annotations: che.eclipse.org/oauth-scm-server: github type: Opaque stringData: id: <GitHub_OAuth_Client_ID> secret: <GitHub_OAuth_Client_Secret> -
Apply the Secret:
$ kubectl apply -f - <<EOF <Secret_prepared_in_the_previous_step> EOF
-
The output displays
secret/github-oauth-config created. -
A developer creates a new workspace from a private GitHub repository and is not prompted for credentials.