diff --git a/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go b/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go index fa33c2622..eaddb9d8a 100644 --- a/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go +++ b/apis/controller/v1alpha1/devworkspaceoperatorconfig_types.go @@ -61,6 +61,8 @@ type RoutingConfig struct { // DevWorkspaces. However, changing the proxy configuration for the DevWorkspace Operator itself // requires restarting the controller deployment. ProxyConfig *Proxy `json:"proxyConfig,omitempty"` + // DisableTLSVerification turns off TLS verification for http requests. + DisableTLSVerification *bool `json:"disableTLSVerification,omitempty"` } type WorkspaceConfig struct { diff --git a/controllers/workspace/http.go b/controllers/workspace/http.go index 32f317225..83a1334ee 100644 --- a/controllers/workspace/http.go +++ b/controllers/workspace/http.go @@ -29,13 +29,16 @@ var ( ) func setupHttpClients() { - transport := http.DefaultTransport.(*http.Transport).Clone() - healthCheckTransport := http.DefaultTransport.(*http.Transport).Clone() - healthCheckTransport.TLSClientConfig = &tls.Config{ + globalConfig := config.GetGlobalConfig() + insecureTlsConfig := &tls.Config{ InsecureSkipVerify: true, } - - globalConfig := config.GetGlobalConfig() + transport := http.DefaultTransport.(*http.Transport).Clone() + if globalConfig.Routing != nil && globalConfig.Routing.DisableTLSVerification != nil && *globalConfig.Routing.DisableTLSVerification { + transport.TLSClientConfig = insecureTlsConfig + } + healthCheckTransport := http.DefaultTransport.(*http.Transport).Clone() + healthCheckTransport.TLSClientConfig = insecureTlsConfig if globalConfig.Routing != nil && globalConfig.Routing.ProxyConfig != nil { proxyConf := httpproxy.Config{} diff --git a/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml b/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml index 091f804cb..65c8f3316 100644 --- a/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml +++ b/deploy/bundle/manifests/controller.devfile.io_devworkspaceoperatorconfigs.yaml @@ -42,6 +42,9 @@ spec: defaultRoutingClass: description: DefaultRoutingClass specifies the routingClass to be used when a DevWorkspace specifies an empty `.spec.routingClass`. Supported routingClasses can be defined in other controllers. If not specified, the default value of "basic" is used. type: string + disableTLSVerification: + description: DisableTLSVerification turns off TLS verification for http requests. + type: boolean proxyConfig: description: "ProxyConfig defines the proxy settings that should be used for all DevWorkspaces. These values are propagated to workspace containers as environment variables. \n On OpenShift, the operator automatically reads values from the \"cluster\" proxies.config.openshift.io object and this value only needs to be set to override those defaults. Values for httpProxy and httpsProxy override the cluster configuration directly. Entries for noProxy are merged with the noProxy values in the cluster configuration. To ignore automatically read values from the cluster, set values in fields to the empty string (\"\") \n Changes to the proxy configuration are detected by the DevWorkspace Operator and propagated to DevWorkspaces. However, changing the proxy configuration for the DevWorkspace Operator itself requires restarting the controller deployment." properties: