How to Configure devworkspaces proxy setting for https_proxy/http_proxy and no_proxy

[gss2002]

Summary

After working through many git issues and che doc I dont seem to see any specific thing that actually pushes the http_proxy/https_proxy/no_proxy down into a workspace environment? Is this is the proper methodology below or are their other settings please advise...

spec: components: cheServer: debug: false extraProperties: CHE_OIDC_USERNAMECLAIM: email CHE_WORKSPACE_HTTPPROXY: http://zproxy.example.com:9480 CHE_WORKSPACE_HTTPSPROXY: http://zproxy.example.com:9480 CHE_WORKSPACE_NOPROXY: .k8s.dbar.hdp.example.com,.hdp.example.com,.dbar.hdp.example.com,.example.com,172.17.0.0/16,10.70.16.0/20,10.69.16.0/20,192.168.0.0/16,10.96.0.0/12,.default.svc.cluster.local,.svc.cluster.local,.cluster.local,.svc,.metallb-system.svc,127.0.0.1,localhost

Relevant information

~ $ env NVM_DIR=/home/user/.nvm SECONDS_OF_DW_RUN_BEFORE_IDLING=-1 WORKSPACE2534AB8A253446CF_SERVICE_SERVICE_PORT_WS_ROUTE=3030 HTTPD_DATA_ORIG_PATH=/var/www PHP_SYSCONF_PATH=/etc MODULES_RUN_QUARANTINE=LD_LIBRARY_PATH LD_PRELOAD WORKSPACE2534AB8A253446CF_SERVICE_PORT_3030_TCP_PROTO=tcp LANG=C.utf8 NODEJS_HOME_18=/home/tooling/.nvm/versions/node/v18.16.1 DEVWORKSPACE_CREATOR= HISTCONTROL=ignoredups HTTPD_DATA_PATH=/var/www HOSTNAME=workspace2534ab8a253446cf-86b84c678c-6mvpt OLDPWD=/projects SDKMAN_CANDIDATES_API=https://api.sdkman.io/2 KUBECONFIG=/home/user/.kube/config MAVEN_HOME=/home/tooling/.sdkman/candidates/maven/current RUSTUP_HOME=/home/tooling/.rustup CHE_PLUGIN_REGISTRY_INTERNAL_URL=http://plugin-registry.eclipse-che.svc:8080/v3 COLORTERM=truecolor NVM_CD_FLAGS= WORKSPACE2534AB8A253446CF_SERVICE_PORT_13131_TCP_PORT=13131 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13133_TCP_PORT=13133 TKN_VERSION=1.13.0 JAVA_HOME=/home/tooling/.sdkman/candidates/java/current KUBEDOCK_VERSION=0.13.0 DEVWORKSPACE_NAME=empty-otq3 VSCODE_GIT_ASKPASS_EXTRA_ARGS= PHP_HTTPD_CONF_FILE=php.conf KAMEL_VERSION=1.11.0 HTTPD_VAR_RUN=/var/run/httpd DOTNET_ROOT=/usr/lib64/dotnet CHE_PLUGIN_REGISTRY_URL=https://che.k8s.dbar.hdp.example.com/plugin-registry/v3 which_declare=declare -f KUBERNETES_PORT_443_TCP_PROTO=tcp KUBERNETES_PORT_443_TCP_ADDR=10.96.0.1 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13133_TCP_PROTO=tcp container=oci CHE_DASHBOARD_URL=https://che.k8s.dbar.hdp.example.com MODULES_CMD=/usr/share/Modules/libexec/modulecmd.tcl DOTNET_BUNDLE_EXTRACT_BASE_DIR=/home/user/.cache/dotnet_bundle_extract USER=user MACHINE_EXEC_PORT=3333 JBANG_HOME=/home/tooling/.sdkman/candidates/jbang/current WORKSPACE2534AB8A253446CF_SERVICE_PORT_13131_TCP=tcp://10.106.130.156:13131 KUBERNETES_PORT=tcp://10.96.0.1:443 GRADLE_HOME=/home/tooling/.sdkman/candidates/gradle/current WORKSPACE2534AB8A253446CF_SERVICE_PORT=tcp://10.106.130.156:3030 DEVWORKSPACE_METADATA=/devworkspace-metadata WORKSPACE2534AB8A253446CF_SERVICE_PORT_13132_TCP_PORT=13132 PWD=/home/user SECONDS_OF_DW_INACTIVITY_BEFORE_IDLING=1800 HOME=/home/user BROWSER=/checode/checode-linux-libc/bin/helpers/browser.sh VSCODE_GIT_ASKPASS_NODE=/checode/checode-linux-libc/node OPENVSX_REGISTRY_URL=https://open-vsx.org NODEJS_HOME_20=/home/tooling/.nvm/versions/node/v20.7.0 TERM_PROGRAM=vscode TERM_PROGRAM_VERSION=1.87.0 HTTPD_VAR_PATH=/var PROFILE_EXT=/etc/profile.d/udi_environment.sh JAVA_HOME_8=/home/tooling/.sdkman/candidates/java/8.0.332-tem WORKSPACE2534AB8A253446CF_SERVICE_SERVICE_HOST=10.106.130.156 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13133_TCP_ADDR=10.106.130.156 KUBERNETES_SERVICE_PORT_HTTPS=443 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13133_TCP=tcp://10.106.130.156:13133 DEVWORKSPACE_NAMESPACE=gs-user-example-com-che-u6xtos LOMBOK_VERSION=1.18.18 OC_VERSION=4.6 DEVWORKSPACE_POD_NAME=workspace2534ab8a253446cf-86b84c678c-6mvpt KUBERNETES_PORT_443_TCP_PORT=443 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13132_TCP_PROTO=tcp PROJECT_SOURCE=/projects BUILDAH_ISOLATION=chroot VSCODE_IPC_HOOK_CLI=/tmp/vscode-ipc-cb6b6737-0ec8-4473-bf47-bed839fef186.sock NODEJS_18_VERSION=18.16.1 CARGO_HOME=/home/tooling/.cargo LOADEDMODULES= SDKMAN_DIR=/home/tooling/.sdkman KUBERNETES_PORT_443_TCP=tcp://10.96.0.1:443 HTTPD_MODULES_CONF_D_PATH=/etc/httpd/conf.modules.d MAIL=/var/spool/mail/user SDKMAN_OLD_PWD=/home/user NODEJS_20_VERSION=20.7.0 VSCODE_GIT_ASKPASS_MAIN=/checode/checode-linux-libc/extensions/git/dist/askpass-main.js WORKSPACE2534AB8A253446CF_SERVICE_PORT_13132_TCP_ADDR=10.106.130.156 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13131_TCP_ADDR=10.106.130.156 TERM=xterm-256color GRAALVM_HOME=/home/tooling/.sdkman/candidates/java/22.1.0.0.r17-mandrel NVM_BIN=/home/user/.nvm/versions/node/v18.16.1/bin SDKMAN_CANDIDATES_DIR=/home/tooling/.sdkman/candidates _BUILDAH_STARTED_IN_USERNS= PHP_VERSION=7.4 WORKSPACE_NAME=empty-otq3 WORKSPACE2534AB8A253446CF_SERVICE_PORT_3030_TCP=tcp://10.106.130.156:3030 SHLVL=4 VSCODE_GIT_IPC_HANDLE=/tmp/vscode-git-c81a279304.sock DASHBOARD_URL=https://che.k8s.dbar.hdp.example.com MANPATH=/home/user/.nvm/versions/node/v18.16.1/share/man:: KUBERNETES_SERVICE_PORT=443 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13132_TCP=tcp://10.106.130.156:13132 MODULEPATH=/etc/scl/modulefiles:/etc/scl/modulefiles:/usr/share/Modules/modulefiles:/etc/modulefiles:/usr/share/modulefiles WORKSPACE_NAMESPACE=gs-exampleuser-example-com-che-u6xtos WORKSPACE2534AB8A253446CF_SERVICE_SERVICE_PORT_CODE_REDIRECT_2=13132 WORKSPACE2534AB8A253446CF_SERVICE_SERVICE_PORT_CODE_REDIRECT_3=13133 JAVA_HOME_17=/home/tooling/.sdkman/candidates/java/17.0.3-tem WORKSPACE2534AB8A253446CF_SERVICE_SERVICE_PORT_CODE_REDIRECT_1=13131 JAVA_HOME_11=/home/tooling/.sdkman/candidates/java/11.0.15-tem DEVWORKSPACE_FLATTENED_DEVFILE=/devworkspace-metadata/flattened.devworkspace.yaml LOGNAME=user DEVWORKSPACE_ORIGINAL_DEVFILE=/devworkspace-metadata/original.devworkspace.yaml GIT_ASKPASS=/checode/checode-linux-libc/extensions/git/dist/askpass.sh DOTNET_RPM_VERSION=6.0 WORKSPACE2534AB8A253446CF_SERVICE_PORT_3030_TCP_ADDR=10.106.130.156 MODULEPATH_modshare=/usr/share/Modules/modulefiles:2:/etc/modulefiles:2:/usr/share/modulefiles:2 PROJECTS_ROOT=/projects GOBIN=/home/tooling/go/bin/ NODEJS_DEFAULT_VERSION=18.16.1 WORKSPACE2534AB8A253446CF_SERVICE_SERVICE_PORT=3030 WORKSPACE2534AB8A253446CF_SERVICE_PORT_13131_TCP_PROTO=tcp DEVWORKSPACE_ID=workspace2534ab8a253446cf PATH=/home/user/.krew/bin:/checode/checode-linux-libc/bin/remote-cli:/home/user/.local/bin:/home/user/bin:/home/tooling/.sdkman/candidates/jbang/current/bin:/home/user/.krew/bin:/home/user/.nvm/versions/node/v18.16.1/bin:/usr/share/Modules/bin:/home/tooling/.cargo/bin:/home/tooling/go/bin/:/home/tooling/.local/bin:/home/user/.local/bin:/home/tooling/.nvm/versions/node/v18.16.1/bin:/home/tooling/.local/share/coursier/bin:/home/tooling/.sdkman/candidates/gradle/current/bin:/home/tooling/.sdkman/candidates/java/current/bin:/home/tooling/.sdkman/candidates/maven/current/bin:/home/tooling/.krew/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/home/user/.dotnet/tools HTTPD_MAIN_CONF_PATH=/etc/httpd/conf SDKMAN_VERSION=5.13.0 PS1=[]\W git branch --show-current 2>/dev/null | sed -r -e "s@^(.+)@\(\1\) @"$ [] DEVWORKSPACE_IDLE_TIMEOUT=15m MODULESHOME=/usr/share/Modules NODE_EXTRA_CA_CERTS=/tmp/node-extra-certificates/ca.crt NVM_INC=/home/user/.nvm/versions/node/v18.16.1/include/node PHP_DEFAULT_INCLUDE_PATH=/usr/share/pear HISTSIZE=1000 KUBERNETES_SERVICE_HOST=10.96.0.1 SDKMAN_PLATFORM=linuxx64 WORKSPACE2534AB8A253446CF_SERVICE_PORT_3030_TCP_PORT=3030 DEVWORKSPACE_COMPONENT_NAME=universal-developer-image LESSOPEN=||/usr/bin/lesspipe.sh %s HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d BASH_FUNC_which%%=() { ( alias; eval ${which_declare} ) | /usr/bin/which --tty-only --read-alias --read-functions --show-tilde --show-dot $@ } BASH_FUNC_module%%=() { _module_raw "$@" 2>&1 } BASH_FUNC__module_raw%%=() { unset _mlshdbg; if [ "${MODULES_SILENT_SHELL_DEBUG:-0}" = '1' ]; then case "$-" in vx) set +vx; _mlshdbg='vx' ;; v) set +v; _mlshdbg='v' ;; x) set +x; _mlshdbg='x' ;; ) _mlshdbg='' ;; esac; fi; unset _mlre _mlIFS; if [ -n "${IFS+x}" ]; then _mlIFS=$IFS; fi; IFS=' '; for _mlv in ${MODULES_RUN_QUARANTINE:-}; do if [ "${_mlv}" = "${mlv##*[!A-Za-z0-9]}" -a "${_mlv}" = "${_mlv#[0-9]}" ]; then if [ -n "eval 'echo ${'$_mlv'+x}'" ]; then _mlre="${_mlre:-}${_mlv}_modquar='eval 'echo ${'$_mlv'}'' "; fi; _mlrv="MODULESRUNENV${_mlv}"; _mlre="${_mlre:-}${_mlv}='eval 'echo ${'$_mlrv':-}'' "; fi; done; if [ -n "${_mlre:-}" ]; then eval eval ${_mlre} /usr/bin/tclsh /usr/share/Modules/libexec/modulecmd.tcl bash '"$@"'; else eval /usr/bin/tclsh /usr/share/Modules/libexec/modulecmd.tcl bash "$@"; fi; _mlstatus=$?; if [ -n "${_mlIFS+x}" ]; then IFS=$_mlIFS; else unset IFS; fi; unset _mlre _mlv _mlrv _mlIFS; if [ -n "${_mlshdbg:-}" ]; then set -$_mlshdbg; fi; unset _mlshdbg; return $_mlstatus } BASH_FUNC_switchml%%=() { typeset swfound=1; if [ "${MODULES_USE_COMPAT_VERSION:-0}" = '1' ]; then typeset swname='main'; if [ -e /usr/share/Modules/libexec/modulecmd.tcl ]; then typeset swfound=0; unset MODULES_USE_COMPAT_VERSION; fi; else typeset swname='compatibility'; if [ -e /usr/share/Modules/libexec/modulecmd-compat ]; then typeset swfound=0; MODULES_USE_COMPAT_VERSION=1; export MODULES_USE_COMPAT_VERSION; fi; fi; if [ $swfound -eq 0 ]; then echo "Switching to Modules $swname version"; source /usr/share/Modules/init/bash; else echo "Cannot switch to Modules $swname version, command not found"; return 1; fi } BASH_FUNC_scl%%=() { if [ "$1" = "load" -o "$1" = "unload" ]; then eval "module $@"; else /usr/bin/scl "$@"; fi } BASH_FUNCml%%=() { module ml "$@" } =/usr/bin/env

[svor]

Properties added for cheServer in Custom Resources like

spec:
  components:
    cheServer:
      debug: false
      extraProperties:
        MY_ENV: my_value

are injected into che pod: but not into the workspace pod

maybe @tolusha @ibuziuk can provide an information how to configure proxy settings

[gss2002]

This is what made it work on k8s... shrug

vi che-cluster-config.patch kind: CheCluster apiVersion: org.eclipse.che/v2 spec: components: cheServer: extraProperties: CHE_OIDC_USERNAME__CLAIM: email proxy: nonProxyHosts:

• .example.com
• localhost
• .k8s.dbar.hdp.example.com
• .hdp.example.com
• .dbar.hdp.example.com
• 172.17.0.0/16
• 10.70.16.0/20
• 10.69.16.0/20
• 192.168.0.0/16
• 10.96.0.0/12
• .default.svc.cluster.local
• .svc.cluster.local
• .cluster.local
• .svc
• .metallb-system.svc

• 127.0.0.1 url: http://zproxy.example.com:9480 dashboard:

  devEnvironments: storage: perUserStrategyPvcConfig: storageClass: nfs-client-retain pvcStrategy: per-user networking: auth: oAuthClientName: "k8s-che" oAuthSecret: "80dbdedaef1a3f934d4b8a6dae9c86a1bb8e" identityProviderURL: "https://dex.k8s.dbar.hdp.example.com"

[tolusha]

Let's keep this issue open until we add a section to the Eclipse Che documentation about proxy configuration. Currently we mention proxy only here [1]

[1] https://eclipse.dev/che/docs/stable/administration-guide/checluster-custom-resource-fields-reference/#checluster-custom-resource-components-cheServer-proxy-settings