Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate non-TLS deployments #17012

Closed
l0rd opened this issue May 25, 2020 · 3 comments
Closed

Deprecate non-TLS deployments #17012

l0rd opened this issue May 25, 2020 · 3 comments
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/epic A long-lived, PM-driven feature request. Must include a checklist of items that must be completed. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. roadmap/1-year Epics that are planned to complete in the short term (12 months or more) severity/P1 Has a major impact to usage or development of the system.

Comments

@l0rd
Copy link
Contributor

l0rd commented May 25, 2020
edited
Loading

Is your enhancement related to a problem? Please describe.

Latest Theia webview requires TLS. Hence Che workspaces exposing unsecured http endpoint to Theia won't work properly and the UX will be awful.

Describe the solution you'd like

We should progressively remove the support for deployments of Che that do not use TLS:

  1. Remove the option to deploy Che with no TLS but do not break existing installations. Http endpoints are still possible but deprecated. Remove no TLS option from:
    • chectl parameters
    • helm values
    • operator CSV
    • documentation
  2. Automatically switch to TLS-enabled when upgrading to newer version of Che and do not support http endpoints anymore Force TLS support when upgrading #17090
  3. Remove any reference to tlsSupport and .Values.global.tls.enabled from CheCluster CRD and Helm Chart

⚠️ User defined endpoints in workspaces and user applications automatically exposed ports should still be possible without TLS.
@l0rd l0rd added the kind/enhancement A feature request - must adhere to the feature request template. label May 25, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label May 25, 2020
@l0rd l0rd added area/install Issues related to installation, including offline/air gap and initial setup kind/epic A long-lived, PM-driven feature request. Must include a checklist of items that must be completed. severity/P1 Has a major impact to usage or development of the system. and removed kind/enhancement A feature request - must adhere to the feature request template. status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels May 25, 2020
@l0rd l0rd mentioned this issue May 25, 2020
Closed
@nickboldt nickboldt added this to the 7.15 milestone May 26, 2020
@tolusha tolusha modified the milestones: 7.15, Backlog - Deploy May 27, 2020
@tolusha tolusha mentioned this issue Jun 1, 2020
Closed
34 tasks
@benoitf benoitf added the new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes label Jun 2, 2020
@l0rd l0rd mentioned this issue Jun 4, 2020
Closed
@mmorhun mmorhun mentioned this issue Jun 23, 2020
Closed
14 tasks
@tolusha tolusha removed this from the Backlog - Deploy milestone Jul 9, 2020
@nickboldt
Copy link
Contributor

Deprecation was announced on Che-dev list on Jul 2:

We are going to deprecate non-TLS deployments soon.

What does it mean?
1. There won't be ability to deploy Eclipse Che with TLS disabled anymore
2. All existing non-TLS deployments will continue working.
3. Deployments will be automatically switched to TLS-enabled when upgrading to a newer version.

Therefore this could be done in sprint 189 for Che 7.19.

@nickboldt nickboldt added this to the 7.19 milestone Jul 9, 2020
@tolusha tolusha removed this from the 7.19 milestone Sep 10, 2020
@che-bot
Copy link
Contributor

che-bot commented Mar 17, 2021

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 17, 2021
@tolusha tolusha added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Mar 17, 2021
@l0rd l0rd added the roadmap/1-year Epics that are planned to complete in the short term (12 months or more) label Mar 26, 2021
@l0rd l0rd removed the new&noteworthy For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes label Sep 28, 2021
@tolusha tolusha mentioned this issue Jan 21, 2022
Merged
11 tasks
@tolusha
Copy link
Contributor

tolusha commented Jan 24, 2022

There is no way to deploy Eclipse Che with tls disabled since 7.43.0

@tolusha tolusha closed this as completed Jan 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/install Issues related to installation, including offline/air gap and initial setup kind/epic A long-lived, PM-driven feature request. Must include a checklist of items that must be completed. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. roadmap/1-year Epics that are planned to complete in the short term (12 months or more) severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@nickboldt @benoitf @l0rd @tolusha @che-bot