Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to get port redirect ingress hostnames to use dashes instead of periods #22267

Closed
brandonp42 opened this issue Jun 5, 2023 · 5 comments
Closed

How to get port redirect ingress hostnames to use dashes instead of periods #22267

brandonp42 opened this issue Jun 5, 2023 · 5 comments
Labels
kind/question Questions that haven't been identified as being feature requests or bugs.

Comments

@brandonp42
Copy link

brandonp42 commented Jun 5, 2023
edited
Loading

Summary

I can't figure out why ingresses created to redirect to ports have periods in the host name. Ie they are being generated like: <username>.<workspace>.<endpoint_name>.<domain_name>

The problem is I have a wildcard certificate with *.<domain_name>, so I want the hostnames to be generated with dashes instead of periods. How can I fix this?

Relevant information

Kubernetes (K3S) v1.26.5+k3s1

installed via chectl

checluster.spec.networking.ingressClassName = traefik
checluster.spec.networking.hostname = che.<domain_name>
checluster.spec.networking.domain = <domain_name>

SSL cert is using Lets Encrypt and is a wildcard for *.<domain_name>

chectl server:status
Eclipse Che Version : 7.68.0
@brandonp42 brandonp42 added the kind/question Questions that haven't been identified as being feature requests or bugs. label Jun 5, 2023
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jun 5, 2023
@brandonp42
Copy link
Author

Also FWIW I looked into having cert-manager create individual certificates for each ingress and I don't think that's possible right now because I don't see a way to have either Che or cert-manager generate the TLS secret name in a unique way. The CheCluster resource appears to only let you specify a static name (not a template) and I don't see any way to get cert-manager to generate it either and update the ingress.

If the CheCluster CRD had a way to generate the TLS secret names uniquely for each ingress I think that might work but it would be better IMHO to keep the ingress hostnames in the same domain with dashes instead so I'm not generating tons of certificate requests.

@brandonp42
Copy link
Author

I found the PR when this was merged, it was just last week. See eclipse-che/che-operator#1672.

@dkwon17 dkwon17 mentioned this issue Jun 6, 2023
Merged
10 tasks
@dkwon17
Copy link
Contributor

dkwon17 commented Jun 6, 2023

Hi @brandonp42 this is an important use case that I've missed, sorry about that, I've made a PR to address it.

After the PR is merged, you can try to:

  • Update the che-operator deployment to use the newly built quay.io/eclipse/che-operator:next image to get the latest change right away
  • Wait for the new Che release set for Jun 14

Then you can delete the old workspace ingresses which will then be recreated with new ingresses with the new host names

@brandonp42
Copy link
Author

@dkwon17 thank you, I will keep an eye on the PR and try it out after the merge.

@brandonp42
Copy link
Author

I updated my deployment and it looks good to me, thank you again.

@AObuchow AObuchow removed the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jun 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/question Questions that haven't been identified as being feature requests or bugs.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AObuchow @che-bot @dkwon17 @brandonp42