Configuring OAuth 2.0 for GitLab

To enable users to work with a remote Git repository that is hosted using a GitLab instance:

  1. Set up the GitLab authorized application (OAuth 2.0).

  2. Apply the GitLab authorized application Secret.

Setting up the GitLab authorized application

Set up a GitLab authorized application using OAuth 2.0.

Prerequisites
  • You are logged in to GitLab.

Procedure
  1. Click your avatar and go to Edit profile  Applications.

  2. Enter Che as the Name.

  3. Enter https://<che_fqdn>/api/oauth/callback as the Redirect URI.

  4. Check the Confidential and Expire access tokens checkboxes.

  5. Under Scopes, check the api, write_repository, and openid checkboxes.

  6. Click Save application.

  7. Copy and save the GitLab Application ID for use when applying the GitLab-authorized application Secret.

  8. Copy and save the GitLab Client Secret for use when applying the GitLab-authorized application Secret.

Applying the GitLab-authorized application Secret

Prepare and apply the GitLab-authorized application Secret.

Prerequisites
  • Setting up the GitLab authorized application is completed.

  • The following values, which were generated when setting up the GitLab authorized application, are prepared:

    • GitLab Application ID

    • GitLab Client Secret

  • An active kubectl session with administrative permissions to the destination Kubernetes cluster. See Overview of kubectl.

Procedure
  1. Prepare the Secret:

    kind: Secret
    apiVersion: v1
    metadata:
      name: gitlab-oauth-config
      namespace: eclipse-che (1)
      labels:
        app.kubernetes.io/part-of: che.eclipse.org
        app.kubernetes.io/component: oauth-scm-configuration
      annotations:
        che.eclipse.org/oauth-scm-server: gitlab
        che.eclipse.org/scm-server-endpoint: <gitlab_server_url> (2)
    type: Opaque
    stringData:
      id: <GitLab_Application_ID> (3)
      secret: <GitLab_Client_Secret> (4)
    1 The Che namespace. The default is eclipse-che.
    2 The GitLab server URL. Use https://gitlab.com for the SAAS version.
    3 The GitLab Application ID.
    4 The GitLab Client Secret.
  2. Apply the Secret:

    $ kubectl apply -f - <<EOF
    <Secret_prepared_in_the_previous_step>
    EOF
  3. Verify in the output that the Secret is created.