che: unable to access repository present inside an organization's gitlab account (visibility private)

Summary

The project repository i’m working on is maintained under gitlab.company.com. The gitlab.company.com is accessible only within the corporate network and sso is required to login into the gitlab.company.com. i can add ssh keys/generate accessTokens but this will be valid only inside corporate network.

The visibility of the project repository is private

i’m maintaining thedevfile.yaml inside the same project repository.

i have eclipseche installed in minikube. The installation is successful and i’m able to clone a public / private github repository in this eclipseche instance.

the problem i face is with private gitlab.company.com repository that is accessible only within corporate network.

i get below error message when i try to open the workspace.

Please let me know how to resolve this issue

image

Relevant information

No response

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 23 (9 by maintainers)

Most upvoted comments

Depends on your configuration. --che-operator-cr-patch-yaml merges the changes. That’s what we use for updating our configuration on a rancher provisioned cluster. Not sure if --skip-kubernetes-health-check still necessary, there was an issue with ranchers rbac implementation a while ago.

chectl server:update  \
  --deployment-name=dev-studio \
  --platform=k8s \
  --installer=operator \
  --che-operator-cr-patch-yaml=./operator-config.yaml  \
  --chenamespace=dev-studio \
  --skip-kubernetes-health-check \
  --batch

If users from OIDC are linked i would start fresh, just in case…

+1
nils-mosbach on Dec 22, 2021

the devfile.yaml will also be present inside the repository of gitlab.company.com with visibility private. Will this approach mentioned in this or this work for my scenario?

I think you are referring to factory flow. It’s not the silky smooth player with ssh way scenario. I recommend considering OAuth integration flow in this case.

+1
skabashnyuk on Dec 22, 2021

incase of ssh public key, should i encode(base64) the content of publickey file and put it as below ?

I think you need both. git client inside the Theia container has to have access to the private par. The public part would be checked on the opposite side (on gitlab)

However @vinokurig 's variant I like more.

+1
skabashnyuk on Dec 22, 2021

I found only this guide on how to mount a file https://www.eclipse.org/che/docs/che-7/end-user-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container/. If you are able to create secrets in your k8s namespace I think you can follow it to mount ssh files.

@vinokurig @svor do you remember if we have documentation about how to manage ssh keys from the Theia?

+1
skabashnyuk on Dec 22, 2021

@Divine1 thank you for the question. At this stage, it’s important to decide the flow you want to follow.

  • Is it OAuth2 integration - then you can use factories with automated authorization flow.
  • SSH flow - then you have to create a workspace, set up ssh keys. After that, you’ll be able to do clone/push.

Wich way do you want to follow?

+1
skabashnyuk on Dec 22, 2021
Read more comments on GitHub
← che: Theia should not offer to start apps for debugging
che: Unable to build che-ide-gwt-app →