Deploying Che with support for Git repositories with self-signed certificates
You can configure Che to support operations on Git providers that use self-signed certificates.
ocsession with administrative permissions to the OpenShift cluster. See Getting started with the OpenShift CLI.
Git version 2 or later
Create a new ConfigMap with details about the Git server:
$ kubectl create configmap che-git-self-signed-cert \ --from-file=ca.crt=<path_to_certificate> \ (1) --from-literal=githost=<host:port> -n eclipse-che (2)
1 Path to self-signed certificate 2 The host and port of the HTTPS connection on the Git server (optional).
githostis not specified, the given certificate is used for all HTTPS repositories.
Certificate files are typically stored as Base64 ASCII files, such as.
.ca-bundle. Also, they can be encoded as binary data, for example,
Secretsthat hold certificate files should use the Base64 ASCII certificate rather than the binary data certificate.
Add the required labels to the ConfigMap:
$ kubectl label configmap che-git-self-signed-cert \ app.kubernetes.io/part-of=che.eclipse.org -n eclipse-che
Configure Che operand to use self-signed certificates for Git repositories. See Using the CLI to configure the CheCluster Custom Resource.
spec: devEnvironments: trustedCerts: gitTrustedCertsConfigMapName: che-git-self-signed-cert
Create and start a new workspace. Every container used by the workspace mounts a special volume that contains a file with the self-signed certificate. The repository’s
.git/configfile contains information about the Git server host (its URL) and the path to the certificate in the
httpsection (see Git documentation about git-config).Example 1. A
[http "https://10.33.177.118:3000"] sslCAInfo = /etc/che/git/cert/ca.crt