-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[devWorkspace] Adapt ssh-plugin to avoid requesting che-server API #20859
Comments
The approach I am going to follow is:
|
@vinokurig that's ok for me. @JPinkney @amisevsk is that consistent with secrets injection in DevWorkspaces? |
How does this interact with this PR eclipse-che/che-server#192? With the changes from that PR, and Che-side SSH keys will be mounted to Is there a reason the existing |
This PR retrieves SSH keys from che-server database: https://github.com/eclipse-che/che-server/pull/192/files#diff-e507f35404ee3af31b7d37cea6a97dbe19ff8d3d8cad0f65de3dbc8b25058541R114. In DevWorkspace Che, che-server will not contain any user SSH keys as we can't make requests to the SSH API service. The idea of this issue is to avoid API requests, for that we need to generate SSH key by the editor container.
|
So then is eclipse-che/che-server#192 unnecessary?
We can certainly add more secrets to the workspace RBAC set, but I'm not sure we should be catering to what Theia needs at the moment. Why can't Theia use a secret like apiVersion: v1
kind: Secret
metadata:
name: workspace-credentials-secret
type: Opaque
data:
theia-credentials: "<blob>"
ssh-keys: "<blob>" |
main advantage with Angel's proposal is that ssh keys are more user specific rather than IDE specific so using intellij or VSCode might reuse those keys more easily |
@vinokurig does that work for you? |
Yes, I agree to use the |
Is your task related to a problem? Please describe
For now ssh-plugin uses che-server API to work with ssh keys (generate, store, read, ...). When deWorkspace engine is enabled it shouldn't request che-server API.
Describe the solution you'd like
Ssh plug-in should create/use secrets as reported there: devfile/devworkspace-operator#613 (comment)
The text was updated successfully, but these errors were encountered: