AObuchow
commented
5 days ago Add cert-manager annotations to renew certificate and restart pod for devworspace webhook.
I may be incorrect, but I believe these annotations should already be present in the devworkspace webhook. However, maybe these aren't being applied when installing Che with chectl?
@disaster37 I believe you accidentally provided the same URL twice.
We currently have an open DevWorkspace Operator issue regarding this: https://github.com/devfile/devworkspace-operator/issues/1157
The current plan is to have devworkspace operator watch for new certs being created, and update the devworkspace webhook server deployment. I still have to investigate further how Che goes about updating webhooks when a new cert is provisioned. @tolusha do you have any insight that could be helpful for understanding how Che accomplishes this?
disaster37
tolusha
Is your enhancement related to a problem? Please describe
When we deploy Eclipse che with chetctl on kubernetes, it use cert-manager for auto handle certificate on eclipse che mutating / validating webhook. Like you can see, it create Certificate ressource and add annotation
'cert-manager.io/inject-ca-from'on crd and webhook (mutating and validating). You can look that here:We need do the same for devworkspace operator. Without that, the certificate finished by expired and we need to manual delete the pods
devworkspace-webhook-serverfrom namespacedevworkspace-controller.Describe the solution you'd like
Add cert-manager annotations to renew certificate and restart pod for devworspace webhook.
Describe alternatives you've considered
No response
Additional context
No response