Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cheHostTLSSecret is not used to secure dashboard ingress/route when server.cheHost is set #19888

Closed
5 tasks done
tolusha opened this issue May 31, 2021 · 0 comments
Closed
5 tasks done

cheHostTLSSecret is not used to secure dashboard ingress/route when server.cheHost is set #19888

tolusha opened this issue May 31, 2021 · 0 comments
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.32

Comments

@tolusha
Copy link
Contributor

tolusha commented May 31, 2021
edited
Loading

Describe the bug

cheHostTLSSecret is not used to secure dashboard ingress/route when server.cheHost is set

Che version

  • nightly

Steps to reproduce

  1. Deploy Eclipse Che chectl server:deploy --platform minikube
  2. Generate certificates for a custom che-host [1]
  3. Create chehost secret and configmap with a custom certificate
kubectl create configmap custom-certs --from-file=custom.crt=ca.crt -n=eclipse-che
kubectl label configmap custom-certs app.kubernetes.io/part-of=che.eclipse.org app.kubernetes.io/component=ca-bundle -n eclipse-che
kubectl create secret tls chehost --key ./domain.key --cert ./domain.crt -n eclipse-che
  1. Patch checluster
kubectl patch checluster/eclipse-che --patch "{\"spec\":{\"server\":{\"cheHost\": \"my-new-ide.com\"}}}" --type=merge -n eclipse-che
kubectl patch checluster/eclipse-che --patch "{\"spec\":{\"server\":{\"cheHostTLSSecret\": \"chehost\"}}}" --type=merge -n eclipse-che
  1. Wait until all components are redeployed
  2. Modify /etc/hosts by adding 192.168.99.100 my-new-ide.com
  3. Import certificates into a browser
  4. Open dashboard
  5. You can see that connection is not private (see screenshot)

Expected behavior

Runtime

  • minikube (include output of minikube version and kubectl version) v1.20.0

Screenshots

Screenshot from 2021-05-31 13-53-56

Installation method

  • chectl
    • chectl server:deploy --platform minikube
    • chectl/0.0.20210527-next.68b3356 linux-x64 node-v12.22.1

Environment

  • my computer
    • Linux

Eclipse Che Logs

N/A

Additional context

  1. Attempt to fix: eclipse-che/che-operator@main...fixexposewithcustomhost
  2. Doc [2] says that it is needed to update redirect urls and weborigins. It seems operator is able to update redirect urls automatically (when restarted) but weborigins are still required to be updates manually. So, we need add changes to che-operator get rid of any manual works and update the doc.
  3. Try to open workspace in Firefox otherwise create workspace failed when customize the hostname #18344

[1] https://gist.github.com/tolusha/ac9e11e04b1d4b3e6da43acc872425b7
[2] https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-che-hostname/
[3] https://www.eclipse.org/che/docs/che-7/installation-guide/importing-untrusted-tls-certificates/
@tolusha tolusha added kind/bug Outline of a bug - must adhere to the bug report template. area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator severity/P1 Has a major impact to usage or development of the system. sprint/next sprint/current team/deploy and removed sprint/next labels May 31, 2021
This was referenced Jun 1, 2021
Closed
Merged
Merged
@tolusha tolusha closed this as completed Jun 7, 2021
@tolusha tolusha added this to the 7.32 milestone Jun 7, 2021
@tolusha tolusha mentioned this issue Jun 8, 2021
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.32
Development

No branches or pull requests
1 participant
@tolusha