[che-dev] Set tlsSupport flag to true by default for operator installer

[Mykola Morhun <mmorhun@xxxxxxxxxx>]

Hello all.

Deploy team are going to merge PR [1] which makes tlsSupport flag of Che CR to be set to true by default.

This means that all new deployments of Che using operator installer will be provisioned to target https connection.

If an Openshift cluster has commonly trusted certificate it shouldn't change anything. But in case of self-signed certificate some TLS pre requirements are expected. They are described in Che docs [2].

Short summary: If cluster has self-signed certificate,  --self-signed-cert flag should be passed to chectl server:start command and the cluster CA certificate should be imported into the user's browser [3].

To deploy Eclipse Che using operator installer without TLS (which is not recommended as some features will not work as they require TLS) one need to pass  --che-operator-cr-patch-yaml=patch.yaml flag to chectl server:start command, where patch.yaml is the amendment for default Che CR values and might look like:

----patch.yaml

spec:
  server:
    tlsSupport: false

----

Another way is to pass completely new CR configuration via --che-operator-cr-yaml flag.

An example of full command to deploy Che on Minikube with TLS disabled:

chectl server:start --self-signed-cert --platform=minikube --multiuser --installer=operator --che-operator-cr-patch-yaml=patch.yaml

P.S. If I am not mistaken, some of our tests, including PR checks, are run without TLS support, so an action is required.

[1] https://github.com/eclipse/che-operator/pull/186

[2] https://www.eclipse.org/che/docs/che-7/setup-che-in-tls-mode-with-self-signed-certificate/

[3] https://www.eclipse.org/che/docs/che-7/setup-che-in-tls-mode-with-self-signed-certificate/#che-usage-with-tls_setup-che-in-tls-mode-with-self-signed-certificate

--

Mykola Morhun

Software engineer

Red Hat