Ingress/Route per plugin endpoint #15432
Conversation
…te per public endpoint instead of merging the endpoints by port and only creating ingresses/routes per exposed port. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
che-bot
added
kind/task
metlos
added
kind/enhancement
|
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
…erver be exposed on a unique location, separate from the other endpoints sharing the same port. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
This comment has been minimized.
This comment has been minimized.
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
✅ E2E Happy path tests succeed 🎉 See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) |
|
E2E tests of Eclipse Che Multiuser on OCP has been successful:
|
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
This PR adds a new attribute called Example configuration: apiVersion: v2
publisher: eclipse
name: che-theia
version: next
type: Che Editor
displayName: theia-ide
title: Eclipse Theia development version.
description: Eclipse Theia, get the latest release each day.
icon: https://raw.githubusercontent.com/theia-ide/theia/master/logo/theia-logo-no-text-black.svg?sanitize=true
category: Editor
repository: https://github.com/eclipse/che-theia
firstPublicationDate: "2019-03-07"
spec:
endpoints:
- name: "theia"
public: true
targetPort: 3100
attributes:
protocol: http
type: ide
secure: true
cookiesAuthEnabled: true
discoverable: false
unique: true
...In the current state, there seems to be some problem with single-host server strategy and this implementation - at least the welcome plugin is not able to correctly show the welcome page, but that hints possibly at some larger problem. The multi-host mode doesn't exhibit that problem though. |
|
Note that I've uploaded a new image that contains the code from this PR on top the master in revision 4744a70: quay.io/lkrejci/che-server:7.7.0-issue-15283 |
|
Hi @metlos, Are you planning to merge this PR in master soon? |
|
Hello, @metlos I a bit tested your pr, and found that it works only if the server attribute |
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
Could you please provide some sample plugin and a description of what does not work? |
|
@AndrienkoAleksandr I've used this |
|
So given @azatsarynnyy 's comment, I think this PR is feature complete. I am locally making some small refactorings to improve the code structure, so once that's done, I think we're ready to review and test this to get it merged. So the outstanding tasks are the following:
While webviews are meant to only work with TLS, I think che server still needs to work in non-tls deployments because users might not be using Che Theia as their editor. |
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
✅ E2E Happy path tests succeed 🎉 See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) |
|
|
||
| try { | ||
| ServicePort exposedServicePort = | ||
| proxyProvisioner.expose( |
There was a problem hiding this comment.
Why do we need a dedicated port for each exposableServerSet here?
It's kind of surprise me that here we are in a loop of onEachExposableServerSet invoke exposer.expose that will do iterate on onEachExposableServerSet more more time https://github.com/eclipse/che/blob/d46eb20398472a8e2a751002b1ae0ac85b5f56ef/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/external/ExternalServerExposer.java#L97
Did I miss something, if not - can we avoid it?
There was a problem hiding this comment.
We need a dedicated port, because a server set needs to be exposed uniquely. So we need a unique route so that the user "sees" it as unique, but we also need a unique jwt service (and therefore a port), so that the backing service sees it as a request coming from a unique domain.
Good catch of calling onEachExposableServerSet twice unnecessarily. Because of the changes to correctly handle the preview URL, the exposeAsSingle method is now public on the server exposer as well, so we can use that instead in the jwt server exposer.
There was a problem hiding this comment.
but we also need a unique jwt service (and therefore a port), so that the backing service sees it as a request coming from a unique domain.
Sorry, but I did not get it. Why backing service cares about domain requests come? Could you elaborate more?
In my understanding purpose why we introduce unique servers: for browser not to send all shared cookies...
And I don't understand how using one JwtProxy can break it...
|
@metlos can you please provide some updates to https://github.com/eclipse/che-plugin-registry#plugin-meta-yaml-structure documentation explaining the usage of |
It will be good to have this information also in the che-doc https://github.com/eclipse/che-docs/blob/master/src/main/pages/che-7/end-user-guide/ref_che-theia-plug-in-metadata.adoc |
exposure. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
|
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
…3-multiple-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
There was a problem hiding this comment.
I suppose code can be a bit simplified by moving onExposableSet on KubernetesServerExposer level but it requires some work and I'm not sure it will work in all corner cases. It needs to try to understand it better.
So, the current state is good enough to proceed with it 👍
location. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
|
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
|
ci-test |
|
crw-ci-test |
|
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
|
ci-test |
|
crw-ci-test |
|
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
|
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
|
✅ E2E Happy path tests succeed 🎉 See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) |
|
E2E tests of Eclipse Che Multiuser on OCP has been successful:
|
che-bot
removed
the
status/code-review
What does this PR do?
Changes the way we create ingresses/routes, so that there is 1:1 mapping between an ingress/route and a plugin endpoint.
More than anything else, this enables 1 service to be reached from multiple URLs which hopefully helps enabling webview.
What issues does this PR fix or reference?
#15410 #15283
Additional Notes
This PR is a draft, because we've not gone through the design phase with this and I've not added any tests and most possibly broke others. Comments both on the possible better approach to this as well as the code itself are more than welcome.