ws-manager: NODE_EXTRA_CA_CERTS is the value of the gitpod internals

[utam0k]

Description

NODE_EXTRA_CA_CERTS is a variable used inside gitpod, but it was encrypted.

Related Issue(s)

Fixes #13735

How to test

• Open a workspace on https://c16f5-aws.tests.gitpod-self-hosted.com/workspaces

Release Notes

Documentation

Werft options:

• /werft with-local-preview
  If enabled this will build install/preview
• /werft with-preview
• /werft with-integration-tests=all
  Valid options are all, workspace, webapp, ide

[werft-gitpod-dev-com]

started the job as gitpod-build-to-ca-secret.1 because the annotations in the pull request description changed
(with .werft/ from main)

[utam0k]

/werft run

👍 started the job as gitpod-build-to-ca-secret.2
(with .werft/ from main)

[Furisto]

Workspace is creates successfully. I had problems with the IDE not being displayed but I doubt this has anything to do with this PR and more with the browser not liking self signed certificates.

/hold in case you would like to investigate the IDE issue

[utam0k]

@Furisto I guess you should check the network column of the developer tool you use. I think js and css are blocked.

[kylos101]

👋 @Pothulapati hey there, is this behavior expected / normal? It seems like yes given @Furisto 's description and the browser not liking self signed certificates..

[Pothulapati]

👋 @kylos101 @utam0k

This is not related to the issue, and is about importing the CA into the browser root trust to make it work. This is a required step for IDE to render in the browser. So, We can go ahead now.

[kylos101]

/werft run with-integration-tests=workspace with-large-vm=true

👍 started the job as gitpod-build-to-ca-secret.3
(with .werft/ from main)

[kylos101]

Added ☝️ a job run for integration tests, I expect most will pass, except for perhaps a known flakey one for prebuilds. Should have results in ~45m.

[kylos101]

/werft run with-integration-tests=workspace with-large-vm=true

👍 started the job as gitpod-build-to-ca-secret.4
(with .werft/ from main)

[kylos101]

/hold

Integration test job fails with Error: /tmp/installer validate config -c config.yaml exit with non-zero status code.

If we merge "as is", the risk is that it'll break harvester VM preview environment experience for others.

[Furisto]

/werft run with-integration-tests=workspace with-large-vm=true with-clean-slate-deployment=true

👍 started the job as gitpod-build-to-ca-secret.5
(with .werft/ from main)

[Furisto]

Fails with Error: error loading config: error unmarshaling JSON: while decoding JSON: json: unknown field "minForUsersOnStripe". I am going to rebase this. Related to #13798

[Furisto]

/werft run with-integration-tests=workspace with-large-vm=true with-clean-slate-deployment=true

👍 started the job as gitpod-build-to-ca-secret.7
(with .werft/ from main)

[Furisto]

/werft run with-integration-tests=workspace with-large-vm=true

👍 started the job as gitpod-build-to-ca-secret.8
(with .werft/ from main)

[kylos101]

@Furisto may want to rebease with main once more, some tests were fixed here.

[Furisto]

/werft run with-integration-tests=workspace with-large-vm=true

👍 started the job as gitpod-build-to-ca-secret.10
(with .werft/ from main)

[kylos101]

/werft run with-integration-tests=workspace with-large-vm=true

👍 started the job as gitpod-build-to-ca-secret.11
(with .werft/ from main)

[kylos101]

tests passed in https://werft.gitpod-dev.com/job/gitpod-build-to-ca-secret.11/raw

[kylos101]

/unhold

[kylos101]

@Pothulapati this is in main now 🙌

[roboquat]

@utam0k: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.