Switching between external and internal DNS names in inter-component communication

By default, new Che deployments use Kubernetes services DNS names for communications between Che server, Keycloak, registries, and helps with:

  • Bypassing proxy, certificates, and firewalls issues

  • Speeding up the traffic

This type of communication is an alternative to the external method of inter-component communication, which uses Kubernetes Ingress or OpenShift Route cluster host names. In the situations described below, using Kubernetes internal DNS names is not supported. By disabling the use of the internal cluster host name in inter-component communication, the communication using external Kubernetes Ingress or OpenShift Route will come into effect.

Internal inter-component communication restrictions in Kubernetes or OpenShift
  • The Che components are deployed across multi-cluster Kubernetes or OpenShift environments.

  • The Kubernetes NetworkPolicies restricts communication between namespaces.

The following section describes how to enable and disable the external inter-component communication for Kubernetes Ingress or OpenShift Route.

Prerequisites
  • The kubectl tool is available.

  • An instance of Che running in Kubernetes or OpenShift.

Procedure

Switching between external and internal inter-component communication method is reached through the update against Custom Resource (CR).

  • For Che deployed using Operators

    1. To use external Kubernetes Ingress or OpenShift Route in inter-component communication:

      $ kubectl patch checluster eclipse-che -n eclipse-che --type=json -p \
      '[{"op": "replace", "path": "/spec/server/useInternalClusterSVCNames", "value": false}]'
    2. To use internal Kubernetes DNS names in the inter-component communication:

      $ kubectl patch checluster eclipse-che -n eclipse-che --type=json -p \
      '[{"op": "replace", "path": "/spec/server/useInternalClusterSVCNames", "value": true}]'
  • For Che deployed using a Helm Chart

    1. Clone the che project

    2. Go to deploy/kubernetes/helm/che directory

    3. Update the global.useInternalClusterSVCNames property. To do that, add the following option to the helm upgrade command:

      • To use external Kubernetes Ingress or OpenShift Route in inter-component communication:

        $ helm upgrade che -n eclipse-che --set global.useInternalClusterSVCNames=false \
        -f values/multi-user.yaml -f values/tls.yaml .
      • To use internal Kubernetes DNS names in the inter-component communication:

        $ helm upgrade che -n eclipse-che --set global.useInternalClusterSVCNames=true  \
        -f values/multi-user.yaml -f values/tls.yaml .
        if Eclipse Che has been deployed in single-host mode or without TLS then remove the corresponding flags from the helm upgrade command and add others if needed.