search

eclipse-che / che

Kubernetes based Cloud Development Environments for Enterprise Teams
http://eclipse.org/che
Eclipse Public License 2.0
6.99k stars 1.19k forks source link

Add ability to override base domain of workspaces endpoints to match custom Che server hostname base domain #23249

Open achdmbp opened 1 week ago

achdmbp commented 1 week ago

Is your enhancement related to a problem? Please describe

When configuring custom hostname for Che as described Configuring Eclipse Che server hostname. Let's say we use che.devs.mycompany.com as the hostname, the behavior will be:

Describe the solution you'd like

to support switching to a new cluster and keep same custom domain of che server, add ability to use same base domain of custom hostname to be used also to generate workspace endpoints

Describe alternatives you've considered

No response

Additional context

No response

tolusha commented 1 week ago

@achdmbp Try this by updating CheCluster CR:

spec:
  components:
    cheServer:
      extraProperties:
        CHE_INFRA_OPENSHIFT_ROUTE_HOST_DOMAIN__SUFFIX: "<...>"
achdmbp commented 1 week ago

@tolusha thank you very much. this worked! I'm surprised this wasn't documented in the admin guide or maybe I missed it somewhere ?

also is there a way to change the strategy to serve the endpoints via the main che gateway. for example,

https://<che _url>/<user>-<workspace>-<endpoint-name>

instead of creating the endpoint as new routes. Using https://<che _url>/<user>-<workspace>-<endpoint-name> is much easier to point explicit DNS entry to openshift ingress router NLB. vs having to use wild card domain record to cover all endpoints

tolusha commented 6 days ago

@achdmbp Unfortunately we didn't have that in the doc. We will add.

also is there a way to change the strategy to serve the endpoints via the main che gateway. for example,

cc @dkwon17

cgruver commented 2 days ago

@tolusha thank you very much. this worked! I'm surprised this wasn't documented in the admin guide or maybe I missed it somewhere ?

also is there a way to change the strategy to serve the endpoints via the main che gateway. for example,

https://<che _url>/<user>-<workspace>-<endpoint-name>

instead of creating the endpoint as new routes. Using https://<che _url>/<user>-<workspace>-<endpoint-name> is much easier to point explicit DNS entry to openshift ingress router NLB. vs having to use wild card domain record to cover all endpoints

Putting this here for visibility since I don't think it is documented:

Adding the attribute: urlRewriteSupported: true will achieve the desired result.

Note: The endpoints will now require authentication, so they will not be easily shared with others on your dev team if you are collaborating between developer of two services, or frontend & backend.

    endpoints:
    - name: node
      targetPort: 4200
      exposure: public
      protocol: https
      attributes:
        urlRewriteSupported: true
    - name: https-quarkus
      targetPort: 8080
      exposure: public
      protocol: https
      attributes:
        urlRewriteSupported: true
achdmbp commented 2 days ago

it will be great to have a global config to control the route generation strategy vs having it configured at the endpoint level.

It would also be great to control whether we need the generated endpoints to be authenticated or not