Open disaster37 opened 6 days ago
Add cert-manager annotations to renew certificate and restart pod for devworspace webhook.
I may be incorrect, but I believe these annotations should already be present in the devworkspace webhook. However, maybe these aren't being applied when installing Che with chectl?
@disaster37 I believe you accidentally provided the same URL twice.
We currently have an open DevWorkspace Operator issue regarding this: https://github.com/devfile/devworkspace-operator/issues/1157
The current plan is to have devworkspace operator watch for new certs being created, and update the devworkspace webhook server deployment. I still have to investigate further how Che goes about updating webhooks when a new cert is provisioned. @tolusha do you have any insight that could be helpful for understanding how Che accomplishes this?
Hum I think is done like I describe previously. With cert-manager annotation, it's the cert-manager operator that will handle the lifecycle of certificate and then restart pod (webhook) if needed ...
@disaster37 Sounds good, if that's the case then resolving this issue shouldn't be too difficult. I'll see if @tolusha has any further insight into whether adding the annotation to the devworkspace validating and mutating webhooks would fix things.
chectl users [1] to deploy DWO, as you can see the annotation is missed on webhook resources
@tolusha Thank you for confirming. I'll have this annotation added to the webhook and hopefully that will resolve this issue.
Is your enhancement related to a problem? Please describe
When we deploy Eclipse che with chetctl on kubernetes, it use cert-manager for auto handle certificate on eclipse che mutating / validating webhook. Like you can see, it create Certificate ressource and add annotation
'cert-manager.io/inject-ca-from'
on crd and webhook (mutating and validating). You can look that here:We need do the same for devworkspace operator. Without that, the certificate finished by expired and we need to manual delete the pods
devworkspace-webhook-server
from namespacedevworkspace-controller
.Describe the solution you'd like
Add cert-manager annotations to renew certificate and restart pod for devworspace webhook.
Describe alternatives you've considered
No response
Additional context
No response