Skip to content

Add WebView Support #296#298

Merged
jfaltermeier merged 1 commit intomainfrom
jf/webviews
Jun 17, 2024
Merged

Add WebView Support #296#298
jfaltermeier merged 1 commit intomainfrom
jf/webviews

Conversation

@jfaltermeier
Copy link
Contributor

@jfaltermeier jfaltermeier commented Apr 23, 2024
edited
Loading

  • add ingressHostnamePrefixes to AppDefinition. This is a list that makes sures that these additional prefixes to the specified hostname will also be added in the ingress. This is a property of the AppDefinition since this can be configured on Theia side and may vary between app definitions.
  • update ingress rules accordingly with additional values from ingressHostnamePrefixes

also see https://github.com/eclipsesource/theia-cloud-helm/pull/57

Closes #296

Testing is easiest with the sub domain based Theia Cloud version, since this one generates all certificates itself.

Our path based minikube test version is configured to reuse the same certificate as generated for keycloak.
We added the hosts.paths.tlsSecretName value, which allows to provide fitting certificates via the secrets for each ingress (manually if needed).
This + the ingress.certManagerAnnotations allows the user to specify the certificates on a (remote) cluster, even without the cert manager.

For getting wildcard certificates from cert-manager we need to configure a DNS01 challenge: https://cert-manager.io/docs/configuration/acme/dns01/
Depending on the DNS provider this requires different configuration, so we cannot really provide a default here.

In the short run being able to provide the tls cert via a secret should be enough to get it working on all providers.
In the long run we have to extend our documentation and maybe the helm values/templates as we learn more about how people want to configure this.

Testing instructions:

WebView VSIX can be created with these two projects:
WebView Sample: https://github.com/microsoft/vscode-extension-samples/tree/main/webview-sample
WebView based EDitor Sample: https://github.com/microsoft/vscode-extension-samples/tree/main/custom-editor-sample

  • Check out this branch and https://github.com/eclipsesource/theia-cloud-helm/pull/57

  • Build the docker images

  • Local Testing / Sub Domain Based Theia Cloud

    • start 2-01_try-now test configuration
    • export the CA certificate:
      • kubectl get secret theia-cloud-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 --decode > ca.crt
    • Go to chrome://settings/certificates -> Authorities -> Import -> Select ca.crt -> Trust for identifying websites
    • Go to Theia Cloud Landing Page
      • (Accept Keycloak Certificate warning, if any)
    • Start a session, upload a vsix with a webview sample via drag and drop
    • Test WebViews
      • You may also check the ingress yaml to see the added paths
    • Shutdown 2-01_try-now

  • Test that the hosts.paths.tlsSecretName and ingress.certManagerAnnotations are working. With these options all use cases should be possible, since we may provide own tls secrets (without cert-manager if required)

  • Testing paths can be done like this (it's a bit messy, since multiple ingresses requests certs for the base domain, and I think the keycloak one wins, since it's the first one. However for the webviews the right cert is used so that it can be tested. )

    • Open 2-03_try-now_paths/theia_cloud.tf and add set { name = "hosts.paths.tlsSecretName" value = true }
    • start 2-03_try-now_paths
    • export the CA certificate:
      • kubectl get secret theia-cloud-ca-key-pair -n cert-manager -o jsonpath='{.data.tls\.crt}' | base64 --decode > ca.crt
    • Go to chrome://settings/certificates -> Authorities -> Import -> Select ca.crt -> Trust for identifying websites
    • Go to Theia Cloud Landing Page
      • (Accept Certificates if any. I think the landing page may get one that was generated for keycloak, so above CA is not used)
    • Start a session, upload a vsix with a webview sample via drag and drop
    • Test WebViews
      • You may also check the ingress yaml to see the added paths
    • Shutdown 2-03_try-now_paths

For more testing see this WIP documentation about custom certificates and how to create wildcard certificates with Let's encrypt manually: eclipsesource/theia-cloud-website#32 https://deploy-preview-32--theia-cloud.netlify.app/documentation/moredocumentation/#custom-certificates

@jfaltermeier jfaltermeier mentioned this pull request Apr 23, 2024
Merged
@jfaltermeier jfaltermeier force-pushed the jf/webviews branch 2 times, most recently from 54d619a to a6bf31e Compare May 17, 2024 12:53
@jfaltermeier jfaltermeier marked this pull request as ready for review May 17, 2024 12:55
@jfaltermeier
Add WebView Support #296
581cf55 
* add ingressHostnamePrefixes to AppDefinition
* update ingress rules with additional values from
ingressHostnamePrefixes
sgraband
sgraband approved these changes Jun 12, 2024
View reviewed changes
Copy link
Contributor

@sgraband sgraband left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works great! I have a few comments on the helm changes, but this LGTM 👍

@jfaltermeier jfaltermeier merged commit 5a5538b into main Jun 17, 2024
@jfaltermeier jfaltermeier deleted the jf/webviews branch June 17, 2024 08:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sgraband sgraband sgraband approved these changes

@lucas-koehler lucas-koehler Awaiting requested review from lucas-koehler

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

WebView Support

2 participants

@jfaltermeier @sgraband