search

devfile / devworkspace-operator

Apache License 2.0
59 stars 49 forks source link

Unable to resolve parent devworkspace when using self-signed certs on disconnected/airgap cluster #1248

Closed AObuchow closed 1 month ago

AObuchow commented 2 months ago

Description

When using self-signed certs to host a devworkspace on an air-gapped cluster, starting a devworkspace that references a parent devworkspace by URI will fail. The parent devworkspace will not be resolved, and the devworkspace will fail, citing a x509: certificate signed by unknown authority error

How To Reproduce

  1. Host the following devworkspace and parent devworkspace on a service that uses a self-signed certificate on an air-gapped cluster:

DevWorkspace:

kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
metadata:
  name: child-devworkspace
spec:
  started: true
  routingClass: 'basic'
  parent: <url to the parent devfile>
  template:
    components:
      - name: tools
        container:
          env:
            - name: DEVFILE_ENV_VAR
              value: 'true'

Parent DevWorkspace:

kind: DevWorkspace
apiVersion: workspace.devfile.io/v1alpha2
metadata:
  name: parent-devworkspace
spec:
  template:
    components:
      - name: tools
        attributes:
           controller.devfile.io/merge-contribution: true
        container:
          image:  quay.io/devspaces/udi-rhel8:latest
          env:
            - name: PARENT_ENV_VAR
              value: 'true'
    commands:
      - id: parent-command
        exec:
          label: '2. This command from the parent'
          component: tools
          commandLine: echo "Hello from parent"
  1. Apply/start the (child) DevWorkspace
  2. The Devworkspace will fail to start up, citing an error similar to:

failed to resolve component parent by URI: failed to fetch file from <URL>: Get <URL>: x509: certificate signed by unknown authority

Expected behavior

The DevWorkspace should start up successfully.

Additional context

Downstream DevSpaces issue