Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make chectl deploy Che with ssl by default #15325

Closed
mmorhun opened this issue Nov 26, 2019 · 3 comments
Closed

Make chectl deploy Che with ssl by default #15325

mmorhun opened this issue Nov 26, 2019 · 3 comments
Labels
area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. status/duplicate Issue identified as a duplicate of another issue

Comments

@mmorhun
Copy link
Contributor

mmorhun commented Nov 26, 2019

Is your task related to a problem? Please describe.

Recently, some components of Eclipse Theia were reimplemented to work only with secured connection, i.e. they work only with https protocol. After that changes we have a batch of issues on Che Theia side.

Describe the solution you'd like

We should deploy Che with SSL by default. Chectl should take care about sertificates on its own without a batch of manual actions.
Ideally, would be great to use some free (say Let's Encrypt) service to get certificates.
Also option to provide own certificate should be present.
Would be nice to have documented the flow.

Describe alternatives you've considered

We may start from self-signed certificates as it is the simplest solution (however chectl should do it instead of user).
Maybe we should consider a common certificate for all dev instances (it might be not really secure, but Che will work on https by default).

Additional context

As for now to make everything work we need to do many manual steps to deploy Che with SSL. Here is some instructions how one may try to do it. However, there are some other issues which makes development in local Che instance not friendly, even complicated.
@mmorhun mmorhun added kind/task Internal things, technical debt, and to-do tasks to be performed. area/chectl Issues related to chectl, the CLI of Che labels Nov 26, 2019
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Nov 26, 2019
@mmorhun
Copy link
Contributor Author

mmorhun commented Nov 26, 2019
edited
Loading

As for now, all webviews doesn't work on http, so to make them work one need to setup Che with SSL.

@skabashnyuk
Copy link
Contributor

Duplicates #14742 ?

@l0rd
Copy link
Contributor

l0rd commented Nov 26, 2019

Yes closing as a duplicate of #14742

As a comment about your proposal @mmorhun on the generation of certs: we cannot use let's encrypt for local dev env and other user cases, we need to generate self signed cert and a great tool to do that on kube is https://github.com/jetstack/cert-manager

@l0rd l0rd closed this as completed Nov 26, 2019
@mmorhun mmorhun added the status/duplicate Issue identified as a duplicate of another issue label Nov 27, 2019
@amisevsk amisevsk removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Oct 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/chectl Issues related to chectl, the CLI of Che kind/task Internal things, technical debt, and to-do tasks to be performed. status/duplicate Issue identified as a duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@l0rd @skabashnyuk @mmorhun @amisevsk @che-bot