-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When DevWorkspace is enabled zip projects download fail because the devfile regitry certificate is untrusted #20709
Comments
Note that the namespace syncing code also creates a configmap suffixed with |
@l0rd the The namespace syncing code mounts the contents of the the We need to look into how |
Currently, DWO creates volume mounts for secrets/configmaps, but the limitations are similar to k8s itself so it will result in a failed DevWorkspace (error message similar to For git credentials, we do some merging into one secret, but the general case is hard to manage as we'd need to create a new secret/configmap to hold both pieces of data. I've created devfile/devworkspace-operator#665 for some follow-up here. In general, we should figure out a more robust way to manage certificates though. The |
@metlos oh ok, yes the config map with the certs to trust is even better. I was using the information here #19318 (comment) to understand what and where should be mounted in a workspace pod.
@amisevsk I don't know if a standard exist |
It avoids proxy/TLS/untrusted issue related to eclipse-che/che#20709 Change-Id: Ic39fa9928c4f86ff4543117a9092f0cadb0457bd Signed-off-by: Florent Benoit <[email protected]>
It avoids proxy/TLS/untrusted issue related to eclipse-che/che#20709 Change-Id: Ic39fa9928c4f86ff4543117a9092f0cadb0457bd Signed-off-by: Florent Benoit <[email protected]>
closing as devfile registry is making links to the internal links (no https, no proxy, no certificates) |
Is your enhancement related to a problem? Please describe
I am using a devfile that has a zip project:
But when I start the workspace the project doesn't appear in Theia.
I can see a file
/projects/project-clone-errors.log
that contains a certificate error:In the workpace namespace there is a secret with the
tls.crt
andtls.key
for192.168.64.10.nip.io
that is namedworkspace763675abe4674548-endpoints
. But this secret is not mounted in the workspace (it hasn't the annotations to be automounted by the devworkspce controller):Describe the solution you'd like
The secret should contain the right annotations and labels to be mounted in containers and used by curl and theia.
Describe alternatives you've considered
No response
Additional context
I have tried to edit the secret to have it automounted
As a result the secret get mounted and:
The text was updated successfully, but these errors were encountered: