-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ingress/Route per plugin endpoint #15432
Ingress/Route per plugin endpoint #15432
Conversation
…te per public endpoint instead of merging the endpoints by port and only creating ingresses/routes per exposed port. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
…erver be exposed on a unique location, separate from the other endpoints sharing the same port. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
This comment has been minimized.
This comment has been minimized.
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
✅ E2E Happy path tests succeed 🎉 See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) |
E2E tests of Eclipse Che Multiuser on OCP has been successful:
|
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
This PR adds a new attribute called Example configuration: apiVersion: v2
publisher: eclipse
name: che-theia
version: next
type: Che Editor
displayName: theia-ide
title: Eclipse Theia development version.
description: Eclipse Theia, get the latest release each day.
icon: https://raw.githubusercontent.com/theia-ide/theia/master/logo/theia-logo-no-text-black.svg?sanitize=true
category: Editor
repository: https://github.com/eclipse/che-theia
firstPublicationDate: "2019-03-07"
spec:
endpoints:
- name: "theia"
public: true
targetPort: 3100
attributes:
protocol: http
type: ide
secure: true
cookiesAuthEnabled: true
discoverable: false
unique: true
... In the current state, there seems to be some problem with single-host server strategy and this implementation - at least the welcome plugin is not able to correctly show the welcome page, but that hints possibly at some larger problem. The multi-host mode doesn't exhibit that problem though. |
Note that I've uploaded a new image that contains the code from this PR on top the master in revision 4744a70: quay.io/lkrejci/che-server:7.7.0-issue-15283 |
Hi @metlos, Are you planning to merge this PR in master soon? |
Hello, @metlos I a bit tested your pr, and found that it works only if the server attribute |
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
Could you please provide some sample plugin and a description of what does not work? |
@AndrienkoAleksandr I've used this |
So given @azatsarynnyy 's comment, I think this PR is feature complete. I am locally making some small refactorings to improve the code structure, so once that's done, I think we're ready to review and test this to get it merged. So the outstanding tasks are the following:
While webviews are meant to only work with TLS, I think che server still needs to work in non-tls deployments because users might not be using Che Theia as their editor. |
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
✅ E2E Happy path tests succeed 🎉 See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) |
|
||
try { | ||
ServicePort exposedServicePort = | ||
proxyProvisioner.expose( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need a dedicated port for each exposableServerSet here?
It's kind of surprise me that here we are in a loop of onEachExposableServerSet
invoke exposer.expose
that will do iterate on onEachExposableServerSet
more more time https://github.com/eclipse/che/blob/d46eb20398472a8e2a751002b1ae0ac85b5f56ef/infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/external/ExternalServerExposer.java#L97
Did I miss something, if not - can we avoid it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We need a dedicated port, because a server set needs to be exposed uniquely. So we need a unique route so that the user "sees" it as unique, but we also need a unique jwt service (and therefore a port), so that the backing service sees it as a request coming from a unique domain.
Good catch of calling onEachExposableServerSet
twice unnecessarily. Because of the changes to correctly handle the preview URL, the exposeAsSingle
method is now public on the server exposer as well, so we can use that instead in the jwt server exposer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but we also need a unique jwt service (and therefore a port), so that the backing service sees it as a request coming from a unique domain.
Sorry, but I did not get it. Why backing service cares about domain requests come? Could you elaborate more?
In my understanding purpose why we introduce unique servers: for browser not to send all shared cookies...
And I don't understand how using one JwtProxy can break it...
@metlos can you please provide some updates to https://github.com/eclipse/che-plugin-registry#plugin-meta-yaml-structure documentation explaining the usage of |
It will be good to have this information also in the che-doc https://github.com/eclipse/che-docs/blob/master/src/main/pages/che-7/end-user-guide/ref_che-theia-plug-in-metadata.adoc |
exposure. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
…3-multiple-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose code can be a bit simplified by moving onExposableSet on KubernetesServerExposer level but it requires some work and I'm not sure it will work in all corner cases. It needs to try to understand it better.
So, the current state is good enough to proceed with it 👍
location. Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now code is even simpler 🎉
ci-test |
crw-ci-test |
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
ci-test |
crw-ci-test |
❌ E2E Happy path tests failed ❗ See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) ℹ️ |
E2E tests of Eclipse Che Multiuser on OCP has failed:
|
Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
…e-plugin-endpoints-on-the-same-port Signed-off-by: Lukas Krejci <lkrejci@redhat.com>
✅ E2E Happy path tests succeed 🎉 See Details
Tested with Eclipse Che Multiuser User on K8S (minikube v1.1.1) |
E2E tests of Eclipse Che Multiuser on OCP has been successful:
|
What does this PR do?
Changes the way we create ingresses/routes, so that there is 1:1 mapping between an ingress/route and a plugin endpoint.
More than anything else, this enables 1 service to be reached from multiple URLs which hopefully helps enabling webview.
What issues does this PR fix or reference?
#15410 #15283
Additional Notes
This PR is a draft, because we've not gone through the design phase with this and I've not added any tests and most possibly broke others. Comments both on the possible better approach to this as well as the code itself are more than welcome.