Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement autodetetion for self-signed certificate flag #301

Merged
merged 9 commits into from
Jun 15, 2020
Merged

Implement autodetetion for self-signed certificate flag #301

merged 9 commits into from
Jun 15, 2020

Conversation

mmorhun
Copy link
Contributor

@mmorhun mmorhun commented Jun 4, 2020
edited
Loading

Signed-off-by: Mykola Morhun mmorhun@redhat.com

What this PR does

Deprecates selfSignedCert option. CR value is present, but actually has no effect.

In case of Kubernetes, self-signed-certificate secret is checked for presence. If it exists, then it will be propagated to Che components. Also, if no secrets are precreated, they will be generated and treated as self-signed.

In case of Openshift, router certificate is examined for self-signed certificate presence. If so, then self-signed-certificate secret will be created and propagated to Che trust store. Otherwise, it is considered that commonly trusted certificate is used.

Related issues:

eclipse-che/che#16764

Tests

Tested on:

  • Openshift wih self-signed-certificate
  • Openshift wiht commonly trusted certificate
  • Minikube
  • CRC
  • Minishift (requires manual secret creation as Che docs says).

@mmorhun mmorhun self-assigned this Jun 4, 2020
@mmorhun mmorhun mentioned this pull request Jun 4, 2020
Closed
@tolusha tolusha mentioned this pull request Jun 4, 2020
Closed
34 tasks
@mmorhun mmorhun changed the title Implement autodecetion for self-signed certificate flag Implement autodetetion for self-signed certificate flag Jun 4, 2020
tolusha
tolusha reviewed Jun 4, 2020
View reviewed changes
README.md Outdated Show resolved Hide resolved
@che-bot
Copy link
Contributor

che-bot commented Jun 4, 2020

Latest version of Eclipse installed and tested successfully on minikube.

tolusha
tolusha reviewed Jun 5, 2020
View reviewed changes
deploy/crds/org_v1_che_crd.yaml Outdated
required when activating the `tlsSupport` field on demo OpenShift
clusters that have not been setup with a valid certificate for
the routes. This is disabled by default.
description: Obsolete. The value of this flag is ignored. Che operator
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Obsolete - Deprecated

Copy link
Contributor

@tolusha tolusha Jun 5, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Make changes in che_types and update olm files

tolusha
tolusha approved these changes Jun 5, 2020
View reviewed changes
Copy link
Contributor

@tolusha tolusha left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well done

AndrienkoAleksandr
AndrienkoAleksandr reviewed Jun 5, 2020
View reviewed changes
pkg/deploy/tls.go
return nil, err
}

for i := range peerCertificates {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can avoid using index of element and simple get element from range: for _, peerCertificate := range peerCertificates {

@che-bot
Copy link
Contributor

che-bot commented Jun 5, 2020

Latest version of Eclipse installed and tested successfully on minikube.

2 similar comments
@che-bot
Copy link
Contributor

che-bot commented Jun 5, 2020

Latest version of Eclipse installed and tested successfully on minikube.

@che-bot
Copy link
Contributor

che-bot commented Jun 5, 2020

Latest version of Eclipse installed and tested successfully on minikube.

@nickboldt
Copy link
Contributor

will this fix be backported to the 7.14.x branch? Seems like a great UX improvement for CRW 2.2 too

@che-bot
Copy link
Contributor

che-bot commented Jun 9, 2020

Latest version of Eclipse installed and tested successfully on minikube.

@mmorhun
Implement autodecetion for self-signed certificate flag
6293ea2 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Fixes according to review
5ef802f 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Update OLM files
43692b1 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Optimaze test route lifecycle
41bf652 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Minor update of OLM files
8ce49f2 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Minor foreach fix
d507e89 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Fix test route lifecycle
968dfdd 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Update OLM files
de1bebe 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun
Update OLM files
8d11e3a 
Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Jun 15, 2020

Latest version of Eclipse installed and tested successfully on minikube.

@mmorhun
Copy link
Contributor Author

mmorhun commented Jun 15, 2020

Rebased and updated OLM files

@mmorhun mmorhun merged commit 912fd52 into master Jun 15, 2020
@mmorhun mmorhun deleted the che-16764-2 branch June 15, 2020 08:01
mmorhun added a commit that referenced this pull request Jun 16, 2020
@mmorhun
Implement autodetetion for self-signed certificate flag (#301)
10305c3 
Implement autodecetion for self-signed certificate flag

Signed-off-by: Mykola Morhun <mmorhun@redhat.com>
@mmorhun mmorhun mentioned this pull request Jun 16, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tolusha tolusha tolusha approved these changes

@AndrienkoAleksandr AndrienkoAleksandr AndrienkoAleksandr approved these changes

@davidfestal davidfestal Awaiting requested review from davidfestal

@l0rd l0rd Awaiting requested review from l0rd

@nickboldt nickboldt Awaiting requested review from nickboldt

@rhopp rhopp Awaiting requested review from rhopp

@vparfonov vparfonov Awaiting requested review from vparfonov

Assignees

@mmorhun mmorhun

Labels
new&noteworthy
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@mmorhun @che-bot @nickboldt @tolusha @AndrienkoAleksandr @benoitf