Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to Che deployment.yaml to allow self-signed certificates for OIDC #12874

Merged
merged 1 commit into from
Mar 19, 2019
Merged

Add option to Che deployment.yaml to allow self-signed certificates for OIDC #12874

merged 1 commit into from
Mar 19, 2019

Conversation

johnmcollier
Copy link
Contributor

@johnmcollier johnmcollier commented Mar 12, 2019
edited
Loading

Signed-off-by: John Collier John.J.Collier@ibm.com

What does this PR do?

If Che is installed via Helm on to a Kubernetes cluster with self-signed certificates and multiuser is enabled, Eclipse Che will fail to start with the following error:

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This PR adds a global.tls.useSelfSignedCerts value to values.yaml. When enabled, it has the CHE_SELF__SIGNED__CERT environment variable added to Che's deployment.yaml, allowing the user to pass in the cluster's ca.crt into the self-signed-certificate secret.

What issues does this PR fix or reference?

#12863

Release Notes

N/A

Docs PR

N/A

@johnmcollier
Add option to Che deployment.yaml to allow self-signed certificates
9e2add2 
Signed-off-by: John Collier <John.J.Collier@ibm.com>
@johnmcollier johnmcollier requested a review from a user March 12, 2019 18:36
@johnmcollier johnmcollier requested a review from garagatyi as a code owner March 12, 2019 18:36
@che-bot
Copy link
Contributor

che-bot commented Mar 12, 2019

Can one of the admins verify this patch?

1 similar comment
@che-bot
Copy link
Contributor

che-bot commented Mar 12, 2019

Can one of the admins verify this patch?

@che-bot
Copy link
Contributor

che-bot commented Mar 12, 2019

Can one of the admins verify this patch?

@sleshchenko
Copy link
Member

ci-build

@johnmcollier
Copy link
Contributor Author

Hey, just wondering - Is there anything else I need to do for this PR before it's merged? Thanks!

@l0rd l0rd merged commit 7948770 into eclipse-che:master Mar 19, 2019
@l0rd
Copy link
Contributor

l0rd commented Mar 19, 2019

Thank you @johnmcollier!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sleshchenko sleshchenko sleshchenko approved these changes

@l0rd l0rd l0rd approved these changes

@garagatyi garagatyi Awaiting requested review from garagatyi

@riuvshin riuvshin Awaiting requested review from riuvshin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@johnmcollier @che-bot @sleshchenko @l0rd