Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --use-cluster-certificate flag to secure Che endpoints with cluster TLS certificate on Kubernetes #963

Closed
wants to merge 1 commit into from
Closed

Add --use-cluster-certificate flag to secure Che endpoints with cluster TLS certificate on Kubernetes #963

wants to merge 1 commit into from

Conversation

mmorhun
Copy link
Contributor

@mmorhun mmorhun commented Oct 30, 2020

Signed-off-by: Mykola Morhun mmorhun@redhat.com

What does this PR do?

Adds flag --use-cluster-certificate to server:deploy command to use default ingress certificate for Che ingresses.

What issues does this PR fix or reference?

eclipse-che/che#18079
Depends on: eclipse-che/che-operator#508

How to test this PR?

The same way as eclipse-che/che-operator#508 but instead of CR patch use --use-cluster-certificate flag.

PR Checklist

As the author of this Pull Request I made sure that:

Reviewers

Reviewers, please comment how you tested the PR when approving it.

@mmorhun mmorhun requested a review from l0rd as a code owner October 30, 2020 09:18
@mmorhun mmorhun self-assigned this Oct 30, 2020
@mmorhun
Add --use-cluster-certificate flag to secure Che endpoints with clust…
a9a6c61 
…er TLS certificate on Kubernetes

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@tolusha tolusha mentioned this pull request Oct 30, 2020
Closed
46 tasks
@mmorhun mmorhun marked this pull request as draft October 30, 2020 10:39
@mmorhun mmorhun mentioned this pull request Nov 2, 2020
Merged
9 tasks
@tolusha
Copy link
Collaborator

tolusha commented Nov 10, 2020
edited
Loading

I am against adding more flags to server:deploy command since we are supporting --helm-patch-yaml and --che-operator-cr-patch-yaml flags.

For the time being we can deploy Eclipse Che without generating an untrusted SSL cert in the following way:

  1. helm
cat >/tmp/che-cr-patch.yaml <<EOL
global:
  tls:
    secretName: ''
EOL

chectl server:deploy --installer helm ... --helm-patch-yaml /tmp/che-cr-patch.yaml

2. operator
```bash
cat >/tmp/che-cr-patch.yaml <<EOL
spec:
  k8s:
    tlsSecretName: ''
EOL

chectl server:deploy --installer operator ... --che-operator-cr-patch-yaml /tmp/che-cr-patch.yaml

Here is the issue to improve Eclipse Che deployment by specifying patch file content directly in the command line eclipse-che/che#18324

@tolusha tolusha closed this Nov 10, 2020
@tolusha tolusha deleted the che-18079 branch November 10, 2020 12:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tolusha tolusha Awaiting requested review from tolusha

@AndrienkoAleksandr AndrienkoAleksandr Awaiting requested review from AndrienkoAleksandr

@flacatus flacatus Awaiting requested review from flacatus

@l0rd l0rd Awaiting requested review from l0rd

Assignees

@mmorhun mmorhun

Labels
do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@mmorhun @tolusha @openshift-ci-robot