Deploying Che with support for Git repositories with self-signed certificates
You can configure Che to support operations on Git providers that use self-signed certificates.
ocsession with administrative permissions to the OpenShift cluster. See Getting started with the OpenShift CLI.
Git version 2 or later
Create a new ConfigMap with details about the Git server:
$ kubectl create configmap che-git-self-signed-cert \ --from-file=ca.crt=<path_to_certificate> \ (1) --from-literal=githost=<git_server_url> -n eclipse-che (2)
1 Path to the self-signed certificate. 2 Optional parameter to specify the Git server URL e.g.
https://git.example.com:8443. When omitted, the self-signed certificate is used for all repositories over HTTPS.
Certificate files are typically stored as Base64 ASCII files, such as.
ConfigMapsthat hold certificate files should use the Base64 ASCII certificate rather than the binary data certificate.
A certificate chain of trust is required. If the
ca.crtis signed by a certificate authority (CA), the CA certificate must be included in the
Add the required labels to the ConfigMap:
$ kubectl label configmap che-git-self-signed-cert \ app.kubernetes.io/part-of=che.eclipse.org -n eclipse-che
Configure Che operand to use self-signed certificates for Git repositories. See Using the CLI to configure the CheCluster Custom Resource.
spec: devEnvironments: trustedCerts: gitTrustedCertsConfigMapName: che-git-self-signed-cert
Create and start a new workspace. Every container used by the workspace mounts a special volume that contains a file with the self-signed certificate. The container’s
/etc/gitconfigfile contains information about the Git server host (its URL) and the path to the certificate in the
httpsection (see Git documentation about git-config).Example 1. Contents of an
[http "https://10.33.177.118:3000"] sslCAInfo = /etc/config/che-git-tls-creds/certificate