Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Devfile endpoints does not work when exposed on single-host #20593

Closed
Tracked by #20553
sparkoo opened this issue Oct 6, 2021 · 1 comment
Closed
Tracked by #20553

Devfile endpoints does not work when exposed on single-host #20593

sparkoo opened this issue Oct 6, 2021 · 1 comment
Assignees
@sparkoo
Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.

Comments

@sparkoo
Copy link
Member

sparkoo commented Oct 6, 2021
edited
Loading

Describe the bug

spec:
  server:
    customCheProperties:
      CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_DEVFILE__ENDPOINT__EXPOSURE: single-host
    serverExposureStrategy: single-host

che-workspace endpoints does not work with CheCluster patch ^. Sometimes user can't get into the workspace.

Analysis

In single-host, by default we expose devfile endpoints on subdomain by adding requireSubdomain attribute to the endpoint: https://github.com/eclipse-che/che-server/blob/main/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/devfile/DockerimageComponentToWorkspaceApplier.java#L145 -> https://github.com/eclipse-che/che-server/blob/47ebe7c372ea0d405a4bdb707a7166808c8d6240/wsmaster/che-core-api-workspace/src/main/java/org/eclipse/che/api/workspace/server/model/impl/ServerConfigImpl.java#L199

This behavior can be changed with CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_DEVFILE__ENDPOINT__EXPOSURE, but the issue is we don't check it here. So we set this to every devfile endpoint everytime. This will cause issue later, when we're constructing the endpoint URL https://github.com/eclipse-che/che-server/blob/main/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/resolver/ConfigMapServerResolver.java#L76. See that we don't append the endpoint origin to the url if endpoint has requiresSubdomain parameter. That's the reason, why opening endpoint from theia does open just che-host, without any subpath to the endpoint.

For the cases when workspace is not accessible, the issue pops up in this filter in workspace loader https://github.com/eclipse-che/che-server/blob/main/assembly/assembly-root-war/src/main/webapp/_app/loader.js#L140. We're finding here the url to use for authentication (which suppose to be jwt-proxy endpoint), but we're doing it only by checking the prefix (redirectUrl.startsWith(_server.url)). Now our wrong endpoint url has just host-url, without any subdomain or subpath, so in cases when this endpoint is in the list before the jwt-endpoint, it is matched and we try to do the keycloak machinetoken auth with this endpoint, which of course does not work.

Che version

next (development version)

Steps to reproduce

  1. deploy with chectl server:deploy --platform openshift --che-operator-cr-patch-yaml=patch.yml where patch.yml is:
spec:
  server:
    customCheProperties:
      CHE_INFRA_KUBERNETES_SINGLEHOST_WORKSPACE_DEVFILE__ENDPOINT__EXPOSURE: single-host
    serverExposureStrategy: single-host
  1. Start any workspace that has endpoint defined in the devfile component
  2. Workspace should start fine, but maybe you won't get there
  3. If you get there, try to run the application that uses the endpoint and try to open the endpoint. It has wrong url.

Expected behavior

Workspace must be accessible and endpoint urls correct

Runtime

OpenShift

Screenshots

No response

Installation method

chectl/next

Environment

other (please specify in additional context)

Eclipse Che Logs

No response

Additional context

No response
@sparkoo sparkoo added the kind/bug Outline of a bug - must adhere to the bug report template. label Oct 6, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Oct 6, 2021
@sparkoo sparkoo mentioned this issue Oct 6, 2021
Merged
9 tasks
@skabashnyuk skabashnyuk added area/che-server severity/P1 Has a major impact to usage or development of the system. sprint/current team/platform and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Oct 6, 2021
@skabashnyuk skabashnyuk mentioned this issue Oct 6, 2021
Closed
15 tasks
@sparkoo sparkoo self-assigned this Oct 6, 2021
@sparkoo
Copy link
Member Author

sparkoo commented Oct 6, 2021

fixed by eclipse-che/che-server#157

@sparkoo sparkoo closed this as completed Oct 6, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sparkoo sparkoo

Labels
area/che-server kind/bug Outline of a bug - must adhere to the bug report template. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sparkoo @skabashnyuk @che-bot