che icon indicating copy to clipboard operation
che copied to clipboard
verified publisher icon eclipse-che

Issue on Che 7.90.0 and corporate proxy with https://registry.devfile.io

Open disaster37 opened this issue 1 year ago • 4 comments

Describe the bug

As documented on release note of Eclipse che 7.90.0. The internal devfile registry is no more deployed and consume directly the https://registry.devfile.io.

This new enhance not working when Eclipse che is under cooporate proxy. When open Eclipse che, it stuck a long time without any error (maybee 5 minutes), then it display error because of it can't access to https://registry.devfile.io. I suppect that the global proxy setting is not injected on dashboard pod ``spec.components.cheServer.proxy`.

For moment, I haven't found a workaround to inject env on dashboard deployment ...

Che version

7.90@latest

Steps to reproduce

  1. deploy eclipse che 7.90.0 with chectl under coororate proxy
  2. Open Eclipse che, it stuck and then it display error

Expected behavior

It can access to https://registry.devfile.io. throughout the coorporate proxy

Runtime

Kubernetes (vanilla)

Screenshots

No response

Installation method

chectl/latest

Environment

Linux

Eclipse Che Logs

No response

Additional context

No response

disaster37 avatar Aug 23 '24 07:08 disaster37

I finnaly found a way to set env on pod che-dashboard.

apiVersion: org.eclipse.che/v2
kind: CheCluster
spec:
  components:
    dashboard:
      deployment:
        containers:
          - name: che-dashboard
            env:
              - name: "HTTP_PROXY"
                value: "http://squid.squid.svc.cluster.local:8080"
              - name: "HTTPS_PROXY"
                value: "http://squid.squid.svc.cluster.local:8080"
              - name: "NO_PROXY"
                value: "127.0.0.1,localhost,.svc.cluster.local,.svc,10.43.0.1"

I now get immediate error 500 instead "502 - bad gateway".

When I look Chrome devtools, it failed when it call dashboard/api/data/resolver. The Coorporate proxy server (Mcafee) responde with error code 500 and display on body "The SSL handshake could not be performed". When I curl directly from the che-dahboard pod, it' work fine.

curl  https://registry.devfile.io/index

disaster37 avatar Aug 23 '24 09:08 disaster37

@akurinnoy Do you happen to know if dashboard take into account proxy settings while requesting external resources?

@disaster37 Meanwile you can disable external devfile registry

kubeclt patch checluster/eclipse-che --patch '{"spec": {"components": {"devfileRegistry": {"externalDevfileRegistries": []}}}}' --type=merge -n eclipse-che

tolusha avatar Aug 26 '24 10:08 tolusha

@tolusha the dashboard doesn't take the proxy settings into account. That's something we need to implement.

akurinnoy avatar Aug 26 '24 11:08 akurinnoy

The same issue

crvt4722 avatar Sep 17 '24 03:09 crvt4722

Hi, on eclipse-che 7.98.0, the proxy env is now mounted on che-dashboard pod. But the access on external devfile registry to more working.

disaster37 avatar Feb 17 '25 14:02 disaster37