Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose devfile endpoints on subdomains in single-host mode #17840

Closed
skabashnyuk opened this issue Sep 11, 2020 · 5 comments
Closed

Expose devfile endpoints on subdomains in single-host mode #17840

skabashnyuk opened this issue Sep 11, 2020 · 5 comments
Assignees
@sparkoo
Labels
area/che-server kind/task Internal things, technical debt, and to-do tasks to be performed.
Milestone
7.20

Comments

@skabashnyuk
Copy link
Contributor

skabashnyuk commented Sep 11, 2020
edited by sparkoo
Loading

Is your task related to a problem? Please describe.

When we were working with a single host we faced quite strict requirements for the content that is served by endpoints. https://www.eclipse.org/che/docs/che-7/installation-guide/configuring-workspace-exposure-strategies/#_single_host_strategy
that become complicated or even impossible to follow for user application see. #17783

Describe the solution you'd like

We would like to change the way how we exposing ports in single-host mode.

  • all endpoints defined in devfiles will have a separate subdomain route
  • all endpoints from the component in registries that is not marked with a special flag are going to be exposed with gateway as a subpath of the same host.

Describe alternatives you've considered

N/A

Additional context

N/A
@skabashnyuk skabashnyuk added kind/task Internal things, technical debt, and to-do tasks to be performed. area/che-server team/platform labels Sep 11, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Sep 11, 2020
@skabashnyuk skabashnyuk removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Sep 11, 2020
@skabashnyuk skabashnyuk mentioned this issue Sep 11, 2020
Closed
35 tasks
@sparkoo
Copy link
Member

sparkoo commented Sep 14, 2020

we should do a quick POC to test how che-theia behaves with preview view with untrusted cert.

@sparkoo sparkoo self-assigned this Sep 14, 2020
@skabashnyuk skabashnyuk added this to the 7.20 milestone Sep 17, 2020
@sparkoo sparkoo mentioned this issue Sep 22, 2020
Merged
11 tasks
@sparkoo sparkoo mentioned this issue Sep 29, 2020
Merged
6 tasks
@sparkoo
Copy link
Member

sparkoo commented Sep 30, 2020
edited
Loading

opened PR #17928 enables exposing all devfile's public endpoints on subdomains, so user applications that are using absolute paths on web UI will work.

Q:

  • it can be enabled/disabled with global configuration option. Should it be enabled by default or do we want to keep current single-host behavior.
  • We typically don't have wildcard cert in single-host, so we decided to expose such endpoints on HTTP only. This has limitation that preview can't be loaded in the editor directly, because HTTP can't be loaded from HTTPS pages, so users has to open it in separate tab. Is it ok like this at this stage?

cc: @l0rd

@l0rd
Copy link
Contributor

l0rd commented Sep 30, 2020

Should it be enabled by default or do we want to keep current single-host behavior

I would say that the default should be che.infra.kubernetes.singlehost.workspace.devfile_endpoint_exposure=multi-host. That's because otherwise our samples and users application may get broken.

so we decided to expose such endpoints on HTTP only

Even if attributes.protocol=https? Otherwise I am ok with it. For the limitation on theia preview panel I think that's a separate issue on for area/editors/theia: if we know that an application won't render decently on the preview panel we should open it on a separate tab instead. Could you please open a separate issue?

@sparkoo
Copy link
Member

sparkoo commented Sep 30, 2020

Even if attributes.protocol=https? Otherwise I am ok with it. For the limitation on theia preview panel I think that's a separate issue on for area/editors/theia: if we know that an application won't render decently on the preview panel we should open it on a separate tab instead. Could you please open a separate issue?

In that case, it's really on https, but it's not usable because the lack of certificate for the subdomain. There is not even "accept the risk" button in editor preview (I guess some browser security feature). You have to again open it in new tab, "accept the risk" there, then you can actually load it in editor preview.

I'll create a new issue to improve the UX for this. Thanks!

@sparkoo sparkoo changed the title A flag to explicitly ask for a separate route for exposing endpoints in single-host mode Expose devfile endpoints on subdomains in single-host mode Sep 30, 2020
This was referenced Sep 30, 2020
Closed
Closed
@sparkoo
Copy link
Member

sparkoo commented Sep 30, 2020

I've created the editor UX issue #18002

@sparkoo sparkoo closed this as completed in e541b7e Oct 1, 2020
@artaleks9 artaleks9 mentioned this issue Dec 16, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sparkoo sparkoo

Labels
area/che-server kind/task Internal things, technical debt, and to-do tasks to be performed.
Projects
None yet
Milestone
7.20
Development

No branches or pull requests
4 participants
@l0rd @sparkoo @skabashnyuk @che-bot