Allow adding trusted certificates to DWOC from CheCluster CR - Githubissues

eclipse-che / che

Kubernetes based Cloud Development Environments for Enterprise Teams

http://eclipse.org/che

Eclipse Public License 2.0

6.99k stars 1.19k forks source link

Allow adding trusted certificates to DWOC from CheCluster CR #22979

Open dkwon17 opened 6 months ago

dkwon17 commented 6 months ago

Is your enhancement related to a problem? Please describe

This PR https://github.com/devfile/devworkspace-operator/pull/1259 allows for injecting certificates to the http client when the devworkspace operator resolves devfiles and uri plugins.

This requires defining certificate.pem content using the DWO's global DWOC config, and not the Che-owned DWOC config.

Describe the solution you'd like

It would be easier if this can be configured on the CheCluster level, and not require the admin to create or modify the global DWOC.

To do this, we can:

Have DWO support injecting certificates from external DWOC (since the Che-owned DWOC is considered an external DWOC)
Possibly have Che read the devEnvironments.trustedCerts.gitTrustedCertsConfigMapName field in the CheCluster to find certificates, and provide it to the Che-owned DWOC:
```
spec:
devEnvironments:
trustedCerts:
  gitTrustedCertsConfigMapName: <configmap name>
```

Describe alternatives you've considered

No response

Additional context

No response

che-bot commented 1 week ago

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.