feat: Traefik plugin

[sparkoo]

What does this PR do?

updates deployment of nativeUserMode with using traefik plugin to rewrite authorization header

Screenshot/screencast of this PR

What issues does this PR fix or reference?

eclipse-che/che#20070

How to test this PR?

1. deploy che with devworkspaces enabled, che-operator templates from this PR (need new env value RELATED_IMAGE_single_host_gateway_native_user_mode) and CheCluster patch:

spec:
  auth:
    nativeUserMode: true

2. check that gateway has no header-rewrite-proxy container, it should have 4 containers
3. check configmap che-gateway-config-header-rewrite-plugin that should contain headerRewrite.go with plugin code
4. every route configmap should containe additional middleware configuring this plugin
5. test starting the devworkspace or whatever. Without the plugin working, you should get 403 on loading the dashboard and kubernetes proxy of che-server won't work as it relies on correct Authorization header

PR Checklist

As the author of this Pull Request I made sure that:

• The Eclipse Contributor Agreement is valid
• Code produced is complete
• Code builds without errors
• Tests are covering the bugfix
• Custom resource definition file is up to date
• Nightly OLM bundle is up to date
• The repository devfile is up to date and works
• Sections What issues does this PR fix or reference and How to test this PR completed
• Relevant user documentation updated
• Relevant contributing documentation updated
• CI/CD changes implemented, documented and communicated

Reviewers

Reviewers, please comment how you tested the PR when approving it.

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[sparkoo]

/retest

[sparkoo]

/retest

[tolusha]

OpenShift tests are not working right now.. until #947 is merged

[tolusha]

/retest

[tolusha]

This requires changed in downstream
https://github.com/redhat-developer/codeready-workspaces-images/blob/crw-2-rhel-8/codeready-workspaces-operator/get-sources.sh#L78-L92
/cc @nickboldt

[sparkoo]

thanks, I've opened a PR redhat-developer/devspaces-images#63
However, I have no idea about the process and how to test that

[nickboldt]

looks good to me, I'll merge it. But still blocked in https://issues.redhat.com/browse/CRW-1956 (all the huge changes in che-operator 7.34/main have not yet been implemented in downstream sync scripts) so can't test this yet.

[nickboldt]

Also I'm assuming that in downstream CSV I'll just remove RELATED_IMAGE_single_host_gateway_native_user_mode because we're not including 2 versions of traefik in the product when one of those is unreleased RC.

I hope the plan is to eventually use traefik 2.5 in both related images?

[sparkoo]

Also I'm assuming that in downstream CSV I'll just remove RELATED_IMAGE_single_host_gateway_native_user_mode because we're not including 2 versions of traefik in the product when one of those is unreleased RC.

Imho it won't work, che-operator code will complain that it does not know the env variable. I believe you can keep it empty. But why don't keep it there? Yes, it's RC version, but whole nativeUserMode is experimental. Alternatively I think you can set it empty, then nativeUserMode: true won't work.

I hope the plan is to eventually use traefik 2.5 in both related images?

yes, plan is to have only one stable Traefik in Che, once Traefik 2.5 is released.

[tolusha]

/retest

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: skabashnyuk, sparkoo, tolusha

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment