diff --git a/src/main/pages/che-7/installation-guide/assembly_advanced-configuration-options.adoc b/src/main/pages/che-7/installation-guide/assembly_advanced-configuration-options.adoc index 7d6ba2eca6..28f77d94e6 100644 --- a/src/main/pages/che-7/installation-guide/assembly_advanced-configuration-options.adoc +++ b/src/main/pages/che-7/installation-guide/assembly_advanced-configuration-options.adoc @@ -39,6 +39,8 @@ include::proc_configuring-namespace-strategies.adoc[leveloffset=+1] // include::proc_configuring-che-with-openshift-oauth.adoc[leveloffset=+1] +include::proc_deploying-che-with-support-for-git-repositories-with-self-signed-certificates.adoc[leveloffset=+1] + include::ref_che-configmaps-fields-reference.adoc[leveloffset=+1] :context: {parent-context-of-advanced-configuration-options} diff --git a/src/main/pages/che-7/installation-guide/proc_deploying-che-with-support-for-git-repositories-with-self-signed-certificates.adoc b/src/main/pages/che-7/installation-guide/proc_deploying-che-with-support-for-git-repositories-with-self-signed-certificates.adoc new file mode 100644 index 0000000000..0896029fb5 --- /dev/null +++ b/src/main/pages/che-7/installation-guide/proc_deploying-che-with-support-for-git-repositories-with-self-signed-certificates.adoc @@ -0,0 +1,44 @@ +[id="deploying-{prod-id-short}-with-support-for-git-repositories-with-self-signed-certificates_{context}"] += Deploying {prod-short} with support for Git repositories with self-signed certificates + +This procedure describes how to configure {prod-short} for deployment with support for Git operations on repositories that use self-signed certificates. + +.Prerequisites + +* Git version 2 or later. + +.Procedure + +[discrete] +== Configuring support for self-signed Git repositories on Kubernetes + +.Deploying {prod-short} using a link:https://helm.sh/[Helm Chart] + +. Configure the workspace exposure strategy using the `global.useGitSelfSignedCerts` property. To do that, add the following option to the `helm upgrade` command: ++ +---- +$ helm upgrade che --set global.useGitSelfSignedCerts=true +---- + +. Create a new *configMap* with details about the Git server: ++ +[subs="+quotes"] +---- +$ kubectl create configmap che-git-self-signed-cert --from-file=____ \ + --from-literal=githost=____ -n=che +---- ++ +In the command, substitute `__` for the self-signed certificate and _`_` for the host and port of the HTTPS connection on the Git server (optional). ++ +NOTE: When `githost` is not specified, the given certificate is used for all HTTPS repositories. + +// TODO +// [discrete] +// == Configuring support for self-signed Git repositories on OpenShift + +Create and start new workspace. Every container used by the workspace mounts a special volume that contains a file with the self-signed certificate. The repository's `.git/config` file contains information about the Git server host (its URL) and the path to the certificate in the `http` section (see Git documentation about link:https://git-scm.com/docs/git-config#Documentation/git-config.txt-httpsslCAInfo[git-config]). For example: + +---- +[http "https://10.33.177.118:3000"] + sslCAInfo = /etc/che/git/cert/ca.crt +----