Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support git operation for repos with self-signed SSL certs #15218

Merged
merged 2 commits into from
Nov 21, 2019
Merged

Support git operation for repos with self-signed SSL certs #15218

merged 2 commits into from
Nov 21, 2019

Conversation

vparfonov
Copy link
Contributor

@vparfonov vparfonov commented Nov 18, 2019
edited

What does this PR do?

Support git operations for repositories with self-signed SSL certs #14527

How it works:

For testing on my laptop I setup local git server which support cloning my https (e.g. https://gogs.io/) pretty easy for installation.

minikube:

After successfully deploy Eclipse on minikube need to execute next command:
kubectl create configmap che-git-self-signed-cert --from-file=ca.crt --from-literal=githost={host}:{port} -n=che
where:

ca.crt - your self-signed certificate 
{host}:{port} - host and port for HTTPS connection on your git server.  (optional if not set it given certificate will be used for all HTTPS repositories)

minishift:

After deploy Eclipse Che on minishift

  1. start minishift dasfboard
  2. Go to the "Resources -> Config Map"
  3. Create new Config Map:
    ca.crt : certificate content
    githost : host and port for HTTPS connection on your git server (optional if not set it given certificate will be used for all HTTPS repositories).

configmap

  1. Go to "Applications -> Deployments - > Che" and in Actions menu select "Edit YAML". In containers sections add configuration like this:
            - name: CHE_GIT_SELF__SIGNED__CERT
              valueFrom:
                configMapKeyRef:
                  key: ca.crt
                  name: che-git-self-signed-cert
                  optional: false
            - name: CHE_GIT_SELF__SIGNED__CERT__HOST
              valueFrom:
                configMapKeyRef:
                  key: githost
                  name: che-git-self-signed-cert
                  optional: true

deployments

Now you can create and start new workspace.
On each container of your workspace will be mount special volume that contains file with your self-signed certificate and to the gitconfig section with information about git server host and path to the certificate. E.g.

[http "https://10.33.177.118:3000"]
        sslCAInfo = /etc/che/git/cert/cert.pem

What issues does this PR fix or reference?

#14527

Release Notes

Docs PR

eclipse-che/che-docs#936

@che-bot che-bot added status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community. kind/task Internal things, technical debt, and to-do tasks to be performed. labels Nov 18, 2019
@che-bot
Copy link
Contributor

che-bot commented Nov 18, 2019

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Single User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@vparfonov
Support git operation for repos with self-signed SSL certs
bb4fefb 
Signed-off-by: Vitalii Parfonov <vparfono@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Nov 18, 2019

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Single User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

sleshchenko
sleshchenko approved these changes Nov 18, 2019
View reviewed changes
Copy link
Member

@sleshchenko sleshchenko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@che-bot
Copy link
Contributor

che-bot commented Nov 18, 2019

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Single User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@che-bot
Copy link
Contributor

che-bot commented Nov 18, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@vparfonov
fix javadocs
8e0bcb4 
Signed-off-by: Vitalii Parfonov <vparfono@redhat.com>
@che-bot
Copy link
Contributor

che-bot commented Nov 18, 2019

❌ E2E Happy path tests failed ❗

See Details

Tested with Eclipse Che Single User on K8S (minikube v1.1.1)

⚠️ https://github.com/orgs/eclipse/teams/eclipse-che-qa please check this report.

ℹ️ Use comment "crw-ci-test" to rerun happy path E2E test.

@che-bot
Copy link
Contributor

che-bot commented Nov 18, 2019

E2E tests of Eclipse Che Multiuser on OCP has failed:

@vparfonov vparfonov added this to the 7.5.0 milestone Nov 18, 2019
amisevsk
amisevsk approved these changes Nov 18, 2019
View reviewed changes
Copy link
Contributor

@amisevsk amisevsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@vparfonov vparfonov merged commit 1b2a484 into master Nov 21, 2019
@vparfonov vparfonov deleted the gitSelfSignCert branch November 21, 2019 15:29
@vparfonov vparfonov mentioned this pull request Nov 22, 2019
Closed
@vinokurig vinokurig mentioned this pull request Dec 21, 2019
Merged
vinokurig added a commit to eclipse-che/che-operator that referenced this pull request Dec 26, 2019
@vinokurig
Support git self-signed SSL certs (#142)
c673710 
Add new boolean property gitSelfSignedCertthat applies environment variables that contain SSL certificate and git host written from che-git-self-signed-cert config map.
The same logic is applied for the helm deployment: eclipse-che/che#15218

fixes eclipse-che/che#15285

Docs PR: eclipse-che/che-docs#1001

Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
@sunix sunix mentioned this pull request Jan 29, 2020
Closed
nickboldt pushed a commit to nickboldt/che-operator that referenced this pull request Jan 31, 2020
@vinokurig @nickboldt
Support git self-signed SSL certs (eclipse-che#142)
0d65fe7 
Add new boolean property gitSelfSignedCertthat applies environment variables that contain SSL certificate and git host written from che-git-self-signed-cert config map.
The same logic is applied for the helm deployment: eclipse-che/che#15218

fixes eclipse-che/che#15285

Docs PR: eclipse-che/che-docs#1001

Signed-off-by: Igor Vinokur <ivinokur@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vzhukovs vzhukovs vzhukovs approved these changes

@sleshchenko sleshchenko sleshchenko approved these changes

@amisevsk amisevsk amisevsk approved these changes

@l0rd l0rd Awaiting requested review from l0rd

@metlos metlos Awaiting requested review from metlos

@nickboldt nickboldt Awaiting requested review from nickboldt

@rhopp rhopp Awaiting requested review from rhopp

@skabashnyuk skabashnyuk Awaiting requested review from skabashnyuk

Assignees
No one assigned
Labels
kind/task Internal things, technical debt, and to-do tasks to be performed. status/code-review This issue has a pull request posted for it and is awaiting code review completion by the community.
Projects
None yet
Milestone
7.5.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@vparfonov @che-bot @vzhukovs @sleshchenko @amisevsk