che icon indicating copy to clipboard operation
che copied to clipboard
verified publisher icon eclipse-che

Allow adding trusted certificates to DWOC from CheCluster CR

Open dkwon17 opened this issue 1 year ago • 1 comments

Is your enhancement related to a problem? Please describe

This PR https://github.com/devfile/devworkspace-operator/pull/1259 allows for injecting certificates to the http client when the devworkspace operator resolves devfiles and uri plugins.

This requires defining certificate.pem content using the DWO's global DWOC config, and not the Che-owned DWOC config.

Describe the solution you'd like

It would be easier if this can be configured on the CheCluster level, and not require the admin to create or modify the global DWOC.

To do this, we can:

  1. Have DWO support injecting certificates from external DWOC (since the Che-owned DWOC is considered an external DWOC)
  2. Possibly have Che read the devEnvironments.trustedCerts.gitTrustedCertsConfigMapName field in the CheCluster to find certificates, and provide it to the Che-owned DWOC:
spec:
  devEnvironments:
    trustedCerts:
      gitTrustedCertsConfigMapName: <configmap name>

Describe alternatives you've considered

No response

Additional context

No response

dkwon17 avatar May 22 '24 20:05 dkwon17

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

che-bot avatar Nov 21 '24 16:11 che-bot