search

eclipse-che / che

Kubernetes based Cloud Development Environments for Enterprise Teams
http://eclipse.org/che
Eclipse Public License 2.0
6.96k stars 1.19k forks source link

All endpoints (ingress) have the same secretName #22935

Open batleforc opened 4 months ago

batleforc commented 4 months ago

Describe the bug

Will working on a web project (Api Rust, Front JSxRust), i set up 3 endpoints that end up with 3 different DNS and should likewise have 3 different secretname

Che version

7.84@latest

Steps to reproduce

  1. Create a workspace that have 3 endpoint setup (private)
  2. Wait for it to be up
  3. use the following command that will output the name of all the secret kubectl get ingress | grep "{Workspace Name}" | awk '{print "kubectl get ingress " $1 " -o yaml | yq .spec.tls[0].secretName"}' | bash

The endpoints is like the pod's name ending with "-endpoints"

Expected behavior

Each endpoint should have a different SecretName like {pod name}-{endpoint name}-endpoints wich would allow each endpoint to have a valid certificate generated with CertManager

Runtime

Kubernetes (vanilla)

Screenshots

No response

Installation method

chectl/latest, chectl/next

Environment

Linux

Eclipse Che Logs

No response

Additional context

No response

RomanNikitenko commented 4 months ago

@AObuchow could you take a look

batleforc commented 3 months ago

Any news ?

AObuchow commented 2 weeks ago

@batleforc do you happen to have a reproducer devfile for this? Is there some specific configuration required for the endpoints? I apologize for taking so long to look into this issue.

batleforc commented 2 weeks ago

Hello @AObuchow , Every devfile with at least one https endpoint:

- name: https-3000
  targetPort: 3000
  exposure: public
  secure: true
  protocol: https

Once the workspace created, you can check the main ingress and the one bind to https-3000 and see that they have the same secretName. (I have a similar problem for Openshift, but more in the annotations aren't applied to the sub routes)