Configuring communication between Che components

You can select whether Che components communicate by using the internal network or external Kubernetes Ingress or OpenShift Route.

By default, Che components communicate by using the internal network. Che components use their internal services names, which are exposed in the internal Kubernetes or OpenShift network.

As the administrator, disable the use of the internal services names to force the Che components to use external Kubernetes Ingress or OpenShift Route in the following situations:

  • To deploy Che on a cluster where NetworkPolicies restricts communications between namespaces.

  • To deploy Che with the multitenant network plug-in.

Using the external Kubernetes Ingress or OpenShift Route might slow the traffic and lead to issues because it uses proxies, certificates, and firewalls.

Prerequisites
  • An instance of Che running on Kubernetes or OpenShift.

Procedure
  • In the CheCluster Custom Resource server settings, for the disableInternalClusterSVCNames property, set <property-value> to:

    true

    To use external Kubernetes Ingress or OpenShift Route.

    false

    To use internal Kubernetes DNS names.

    apiVersion: org.eclipse.che/v1
    kind: CheCluster
    # ...
    spec:
      server:
        # ...
        disableInternalClusterSVCNames: <property-value>
Verification steps
  1. Specify Che as the default project:

    $ kubectl project eclipse-che
  2. Inspect the ConfigMap properties to determine which communication method Che uses:

    $ kubectl get configmap che -o \
    jsonpath='{.data.CHE_KEYCLOAK_AUTH__INTERNAL__SERVER__URL}'
    $ kubectl get configmap che -o \
    jsonpath='{.data.CHE_WORKSPACE_PLUGIN__REGISTRY__INTERNAL__URL}'
    • If Che components communicate internally, the output is following:

      http://keycloak.eclipse-che.svc:8080/auth
      http://plugin-registry.eclipse-che.svc:8080/v3
    • Otherwise, if the components communicate externally, the output is empty.