Fixup

Signed-off-by: Anatolii Bazko <abazko@redhat.com>

Author: tolusha

modules/administration-guide/pages/installing-che-on-amazon-elastic-kubernetes-service.adoc

@@ -32,4 +32,6 @@ include::partial$proc_creating-lets-encrypt-certificate-for-che-on-amazon-elasti
 
 include::partial$proc_installing-keycloak-on-amazon-elastic-kubernetes-service.adoc[leveloffset=+1]
 
+include::partial$proc_associate-keycloak-as-oidc-identity-provider-on-amazon-elastic-kubernetes-service.adoc[leveloffset=+1]
+
 include::partial$proc_installing-che-on-amazon-elastic-kubernetes-service.adoc[leveloffset=+1]

modules/administration-guide/partials/proc_associate-keycloak-as-oidc-identity-provider-on-amazon-elastic-kubernetes-service.adoc

@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// installing-{prod-id-short}-on-amazon-elastic-kubernetes-service
+
+[id="associate-keycloak-as-oidc-identity-provider-on-amazon-elastic-kubernetes-service"]
+= Associate keycloak as OIDC identity provider on {eks-short}
+
+Follow these instructions to associate Keycloak an OIDC identity provider on {eks-short}.
+
+.Procedure
+
+. Associate an identity provider using `eksctl`:
++
+[source,shell,subs="attributes+"]
+----
+eksctl associate identityprovider \
+  --cluster $CHE_EKS_CLUSTER_NAME \
+  --region $CHE_EKS_CLUSTER_REGION \
+  --wait \
+  --config-file - << EOF
+---
+apiVersion: eksctl.io/v1alpha5
+kind: ClusterConfig
+identityProviders:
+  - name: my-provider
+    type: oidc
+    issuerUrl: https://$KEYCLOAK_DOMAIN/realms/che
+    clientId: k8s-client
+    usernameClaim: email
+EOF
+----
+
+.Additional resources
+
+* link:https://docs.aws.amazon.com/eks/latest/userguide/authenticate-oidc-identity-provider.html[Grant users access to {kubernetes} with an external OIDC provider]

modules/administration-guide/partials/proc_installing-che-on-amazon-elastic-kubernetes-service.adoc

@@ -19,15 +19,15 @@ spec:
     auth:
       oAuthClientName: k8s-client
       oAuthSecret: eclipse-che
-      identityProviderURL: "https://$KEYCLOAK_HOST/realms/che"
+      identityProviderURL: "https://$KEYCLOAK_DOMAIN/realms/che"
       gateway:
         oAuthProxy:
           cookieExpireSeconds: 300
         deployment:
           containers:
           - env:
              - name: OAUTH2_PROXY_BACKEND_LOGOUT_URL
-               value: "http://$KEYCLOAK_HOST/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}"
+               value: "http://$KEYCLOAK_DOMAIN/realms/che/protocol/openid-connect/logout?id_token_hint=\{id_token}"
             name: oauth-proxy
   components:
     cheServer:

modules/administration-guide/partials/proc_installing-keycloak-on-amazon-elastic-kubernetes-service.adoc

@@ -9,7 +9,7 @@ Learn how to install https://www.keycloak.org/[Keycloak] as the OpenID Connect (
 +
 [source,subs="+attributes"]
 ----
-KEYCLOAK_HOST=keycloak.$DOMAIN_NAME
+KEYCLOAK_DOMAIN=keycloak.$DOMAIN_NAME
 ----
 
 . Install Keycloak:
@@ -37,9 +37,9 @@ spec:
   issuerRef:
     name: che-letsencrypt
     kind: ClusterIssuer
-  commonName: '$KEYCLOAK_HOST'
+  commonName: '$KEYCLOAK_DOMAIN'
   dnsNames:
-  - '$KEYCLOAK_HOST'
+  - '$KEYCLOAK_DOMAIN'
   usages:
     - server auth
     - digital signature
@@ -112,10 +112,10 @@ spec:
   ingressClassName: nginx
   tls:
     - hosts:
-        - $KEYCLOAK_HOST
+        - $KEYCLOAK_DOMAIN
       secretName: keycloak.tls
   rules:
-  - host: $KEYCLOAK_HOST
+  - host: $KEYCLOAK_DOMAIN
     http:
       paths:
       - path: /