Webhook URLs don't show public REST API address.

[GrahamDumpleton]

When the URL for web hooks are constructed by the OpenShift web console, it is using the REST API address used internal to the cluster. This have a URL which uses kubernetes.default.svc. This will work from workshop terminal, or from Git service deployed in same cluster, but not from external to cluster.

The console does have an option --k8s-mode-off-cluster-endpoint for URL of the Kubernetes API server. So one can possibly set BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT environment variable if have a way of knowing what the public REST API end point is.

[GrahamDumpleton]

URL for web console code where this option is defined.

• https://github.com/openshift/console/blob/52df5382ba3dc70a77b12cf4b7246d5787e628e4/cmd/bridge/main.go#L76

[andykrohg]

This also requires that you use BRIDGE_K8S_MODE=off-cluster, and potentially BRIDGE_K8S_MODE_OFF_CLUSTER_SKIP_VERIFY_TLS=true. @GrahamDumpleton Is it acceptable to pass the REST API endpoint into the spawner container as an environment variable? If so, I'd be happy to enter a PR

[GrahamDumpleton]

Don't understand what you are suggesting about passing REST API endpoint in the spawner and how that helps. BRIDGE_K8S_MODE variable must be set to in-cluster as that is the only way it can get credentials it needs.

[andykrohg]

If you pass the rest API endpoint into the spawner pod when it's provisioned, the spawner can pass it into the console container as BRIDGE_K8S_MODE_OFF_CLUSTER_ENDPOINT. It's possible I missed something, but I just ran a test with these settings in place and didn't observe problems retrieving credentials

[GrahamDumpleton]

Okay now understand, referring to my original comment about that variable.

How are you setting/overriding BRIDGE_K8S_MODE variable? Were you intending to change the Python script files to look for a parameter passed in giving the off cluster REST API endpoint and then changing all the environment variables set on console container? I know of no way with recent OpenShift versions that you can work out the external REST API endpoint by querying anything from the internal REST API endpoint. You could in OpenShift 3.X, but not 4.X.

Anyway, not sure who would even agree to any changes being made. I don't know that anyone really took this over when I left RH. It has never been formally handed off to anyone and I don't work on it any more.

[andykrohg]

I was thinking of something along those lines, yes! Indeed, the best I can do is something like: API_URL=https://api.$(oc get dns cluster -o jsonpath --template "{.spec.baseDomain}", except using the rest API instead of oc, but it might be easier to just pass that as a parameter to the OpenShift template.

Regarding ownership of the project, I'm at RH now and I've been really pleased with this method of delivering workshops. If you no longer wish to maintain it, I'd be happy to take the reins to help ensure it continues to evolve.

[GrahamDumpleton]

As to ownership, you probably need to chat to @jankleinert. I have no idea of what their plans are to keep using it, or whether they would change to current or future alternatives.