Deploying Che with support for Git repositories with self-signed certificates
This procedure describes how to configure Che for deployment with support for Git operations on repositories that use self-signed certificates.
-
Git version 2 or later
-
Helm version 2.15 or higher
Configuring support for self-signed Git repositories.
In the instructions below, substitute kubectl
for oc
when running Che on Kubernetes.
-
Create a new configMap with details about the Git server:
$ oc create configmap che-git-self-signed-cert --from-file=ca.crt \ --from-literal=githost=<host:port> -n {prod-namespace}
In the command, substitute
<host:port>
for the host and port of the HTTPS connection on the Git server (optional).-
When
githost
is not specified, the given certificate is used for all HTTPS repositories. -
The certificate file must be named
ca.crt
. -
Certificate files are typically stored as Base64 ASCII files, such as.
.pem
,.crt
,.ca-bundle
. Also, they can be encoded as binary data, for example,.cer
. AllSecrets
that hold certificate files should use the Base64 ASCII certificate rather than the binary data certificate.
-
-
Configure the workspace exposure strategy:
For Che deployed using a Helm Chart-
Clone the che project
-
Go to
deploy/kubernetes/helm/che
directory -
Update the
global.useGitSelfSignedCerts
property. To do that, add the following option to thehelm upgrade
command:$ helm upgrade che -n eclipse-che --set global.useGitSelfSignedCerts=true \ --set global.ingressDomain=<kubernetes-cluster-domain> .
On Minikube, substitute
<kubernetes-cluster-domain>
with$(minikube ip).nip.io
.For Che deployed using OperatorsUpdate the
gitSelfSignedCert
property. To do that, execute:$ oc patch checluster eclipse-che -n eclipse-che --type=json \ -p '[{"op": "replace", "path": "/spec/server/gitSelfSignedCert", "value": true}]'
-
-
Create and start a new workspace. Every container used by the workspace mounts a special volume that contains a file with the self-signed certificate. The repository’s
.git/config
file contains information about the Git server host (its URL) and the path to the certificate in thehttp
section (see Git documentation about git-config). For example:[http "https://10.33.177.118:3000"] sslCAInfo = /etc/che/git/cert/ca.crt