Enable single port exposure on Che #5115
Conversation
benoitf
added
kind/enhancement
…e. (CHE_SINGLE_PORT=true, default is false) By enabling single-port, all browser traffic to Che or any workspace will be routed through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this property will transform the launch sequence of Che to launch a Traefik reverse proxy. The reverse proxy will act as the traffic endpoint for all browser communications. When a new workspace is started or stopped, Che will update Traefik's configuration with rules for how browser traffic should be routed to Che or a workspace. It’s now using an official Traefik image (before I was using a custom made image) There is an interceptor with a kill switch. It means interceptor is applied only if plug-in is enabled (not only if plug-in is added at compilation) It is automatically enabled when CHE_SINGLE_PORT is turned on docker-compose file is handling if the single_port is turned on or off and then add the traefik container and redirect port only if the property is enabled. (not enabled by default) using —debug flag when launching che is also turning on the traffic web console to view traefik routes It is not enabled by default, so it means that without user change, there is no overhead, no useless container started, etc. Change-Id: I12644d9202dadc0b10104f78bb055425ca6611ac Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
ok for me, just needs the docs ;) |
|
Build # 2617 - FAILED Please check console output at https://ci.codenvycorp.com/job/che-pullrequests-build/2617/ to view the results. |
dockerfiles/init/manifests/che.env
Outdated
| # The reverse proxy will act as the traffic endpoint for all browser communications. | ||
| # When a new workspace is started or stopped, Che will update Traefik's configuration | ||
| # with rules for how browser traffic should be routed to Che or a workspace. | ||
| CHE_SINGLE_PORT=false |
There was a problem hiding this comment.
This explanation doesn't describe how it interferes with DNS resolution. I wonder whether it does?
There was a problem hiding this comment.
You need extra doc ?
There was a problem hiding this comment.
Right now I want to understand how it would work in the different situation. Then I would understand whether I believe additional docs are needed.
| protected void configure() { | ||
|
|
||
| // add logic only if plug-in is enabled. | ||
| if (Boolean.parseBoolean(firstNonNull(System.getenv("CHE_PLUGIN_TRAEFIK_ENABLED"), "false"))) { |
There was a problem hiding this comment.
I suppose Boolean.parseBoolean(System.getenv("CHE_PLUGIN_TRAEFIK_ENABLED")) would do the same, how do you think?
There was a problem hiding this comment.
yes correct, I will fix
| import static java.lang.String.format; | ||
|
|
||
| /** | ||
| * Intercept the calls on createContainer on docker Connector. |
There was a problem hiding this comment.
Can you add the purpose of such an addition to the docs? Without context, it is not clear why it does so.
| public Object invoke(MethodInvocation methodInvocation) throws Throwable { | ||
| ServerEvaluationStrategy serverEvaluationStrategy = serverEvaluationStrategyProvider.get(); | ||
| // Abort if custom server evaluation strategy is not enabled. | ||
| if (!(CustomServerEvaluationStrategy.class.isInstance(serverEvaluationStrategy))) { |
There was a problem hiding this comment.
Correct me if I'm mistaken but with this code, the interceptor is enabled whenever the custom strategy is applied.
If so what if the custom strategy is used with some external proxy instead of Traefik.
Then the custom strategy looks rather Traefik oriented than custom while from the configuration point of view it looks like it really custom and can be used in a wide range of situations.
There was a problem hiding this comment.
in Guice module, we do not bind the interceptor if we do not enabled traefik.
https://github.com/eclipse/che/blob/683b6f4b8253cc83c8ce7500020c7bf2ee8a8130/plugins/plugin-traefik/plugin-traefik-docker/src/main/java/org/eclipse/che/plugin/traefik/TraefikDockerModule.java#L35-L40
so it's an extra check in case the interceptor is bound but the strategy is not the expected one.
And you can still enable the custom strategy without enabling the traefik plug-in/interceptor
| DockerConnector dockerConnector = (DockerConnector)methodInvocation.getThis(); | ||
|
|
||
| // only one parameter which is CreateContainerParams | ||
| CreateContainerParams createContainerParams = (CreateContainerParams)methodInvocation.getArguments()[0]; |
There was a problem hiding this comment.
Florent, do you know whether this code works with Openshift based Che? I wonder whether workarounds with replacing DockerConnector with Openshift related entities and this code may work correctly together.
There was a problem hiding this comment.
well due to all changes on #5052 I will check once it is merged but either we can drop support for OpenShift connector or if there are issues, it will be fixed.
There was a problem hiding this comment.
In this particular comment, I meant the current state of Openshift packaging in master, not from that PR.
I have concerns because DockerConnector is replaced with Openshift patched version and it works in a different way. So I want to ensure that if those components don't work together we know that and document that.
There was a problem hiding this comment.
In the current state there is no issue.
|
@sunix @gorkem @benoitf Looks like this PR interferes with PR #5052 in the area of single port strategy. |
…env file. (CHE_SINGLE_PORT=true, default is false) Change-Id: I06183f745fcb58c4ad6249ffbae435e143ff3fa6 Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
|
Added link to documentation PR |
|
Build success. https://ci.codenvycorp.com/job/che-pullrequests-build/2622/ |
|
@garagatyi, about
OpenShift doesn't need a front-end (it's what is done in this PR) so this PR doesn't collide with #5052 but#5052 OpenShift PR collide with the existing https://github.com/eclipse/che/blob/52e418bc73c36eaa86c9a427a6014f923de797b7/plugins/plugin-docker/che-plugin-docker-machine/src/main/java/org/eclipse/che/plugin/docker/machine/CustomServerEvaluationStrategy.java that allow to provide a different naming for workspace urls. |
|
@garagatyi @gorkem @benoitf yes this interferes with #5052 we should discuss with @l0rd about that |
|
Also the discussion started a long time ago on #4269 |
|
I works for me as the 2 can live together (we select either one strategy or another in che.env). Though in a second step we should consider using a custom one in openshift connector |
benoitf
removed
the
status/code-review
|
@sunix can you create another issue to reuse this and replace the openshift one? |
|
@benoitf hey, is setting |
* Toggle Che single port by enabling CHE_SINGLE_PORT in the che.env file. (CHE_SINGLE_PORT=true, default is false) By enabling single-port, all browser traffic to Che or any workspace will be routed through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this property will transform the launch sequence of Che to launch a Traefik reverse proxy. The reverse proxy will act as the traffic endpoint for all browser communications. When a new workspace is started or stopped, Che will update Traefik's configuration with rules for how browser traffic should be routed to Che or a workspace. It’s now using an official Traefik image (before I was using a custom made image) There is an interceptor with a kill switch. It means interceptor is applied only if plug-in is enabled (not only if plug-in is added at compilation) It is automatically enabled when CHE_SINGLE_PORT is turned on docker-compose file is handling if the single_port is turned on or off and then add the traefik container and redirect port only if the property is enabled. (not enabled by default) using —debug flag when launching che is also turning on the traffic web console to view traefik routes It is not enabled by default, so it means that without user change, there is no overhead, no useless container started, etc. Change-Id: I12644d9202dadc0b10104f78bb055425ca6611ac Signed-off-by: Florent BENOIT <fbenoit@codenvy.com>
What does this PR do?
Enable single port exposure on Che
Toggle is made by enabling
CHE_SINGLE_PORTin theche.envfileBy enabling single-port, all browser traffic to Che or any workspace will be routed through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this property will transform the launch sequence of Che to launch a Traefik reverse proxy. The reverse proxy will act as the traffic endpoint for all browser communications. When a new workspace is started or stopped, Che will update Traefik's configuration with rules for how browser traffic should be routed to Che or a workspace.
It’s now using an official Traefik image (before I was using a custom made image (florentbenoit/traefik))
It is automatically enabled when
CHE_SINGLE_PORTis turned on--debugflag when launching Eclipse Che is also turning on the traffic web console to view traefik routesWhat issues does this PR fix or reference?
#4361
Changelog
Enable single port exposure on Che
Release Notes
By enabling single-port, all browser traffic to Che or any workspace will be routed through the value that you have set to CHE_PORT`, or 8080 if not set. Setting this property will transform the launch sequence of Che to launch a Traefik reverse proxy. The reverse proxy will act as the traffic endpoint for all browser communications. When a new workspace is started or stopped, Che will update Traefik's configuration with rules for how browser traffic should be routed to Che or a workspace.
Docs PR
eclipse-che/che-docs#229
Change-Id: I12644d9202dadc0b10104f78bb055425ca6611ac
Signed-off-by: Florent BENOIT fbenoit@codenvy.com