Chapter 7. Known issues
7.1. OpenShift Welcome page and Ansible content creator page fail to load
There is a known issue affecting workspaces using the Ansible sample and a self-signed TLS certificate. The OpenShift Welcome and the Ansible content creator tabs are empty and the following message appears: "Error loading webview: Error: Could not register service worker: SecurityError: Failed to register a ServiceWorker for scope." There is a workaround available.
Workaround
Add the self-signed TLS certificate to the browser’s trusted root authority by following this procedure.
Additional resources
7.2. Issues with starting a new workspace from a URL that points to a branch of a repository that doesn’t have a devfile
There is a known issue affecting repositories without a devfile.yaml
file. If you start a new workspace from a branch of such repository, the default branch (e.g. 'main') is used for project cloning instead of the expected branch.
Additional resources
7.3. Refresh token mode causes cyclic reload of the workspace start page
There is a known issue when experimental refresh token mode is applied using the CHE_FORCE_REFRESH_PERSONAL_ACCESS_TOKEN
property for the GitHub and Microsoft Azure DevOps OAuth providers. This causes the workspace starts to reload the dashboard cyclically, creating a new personal access token on each page restart. The refresh token mode works correctly for 'GitLab' and 'BitBucket' OAuth providers.
Additional resources
7.4. FIPS compliance update
There’s a known issue with FIPS compliance that results in certain cryptographic modules not being FIPS-validated. Below is a list of requirements and limitations for using FIPS with OpenShift Dev Spaces:
Required cluster and operator updates
Update your Red Hat OpenShift Container Platform installation to the latest z-stream update for 4.11, 4.12, or 4.13 as appropriate. If you do not already have FIPS enabled, you will need to uninstall and reinstall.
Once the cluster is up and running, install OpenShift Dev Spaces 3.7.1 (3.7-264) and verify that the latest DevWorkspace operator bundle 0.21.2 (0.21-7) or newer is also installed and updated. See https://catalog.redhat.com/software/containers/devworkspace/devworkspace-operator-bundle/60ec9f48744684587e2186a3
Golang compiler in UDI image
The Universal Developer Image (UDI) container includes a golang compiler, which was built without the CGO_ENABLED=1
flag. The check-payload scanner ( https://github.com/openshift/check-payload ) will throw an error, but this can be safely ignored provided that anything you build with this compiler sets the correct flag CGO_ENABLED=1
and does NOT use extldflags -static
or -tags no_openssl
.
The resulting binaries can be scanned and should pass without error.
Statically linked binaries
You can find statically linked binaries not related to cryptography in these two containers:
- code-rhel8
- idea-rhel8.
As they are not related to cryptography, they do not affect FIPS compliance.
Helm support for FIPS
The UDI container includes the helm
binary, which was not compiled with FIPS support. If you are in a FIPS environment do not use helm
.
Additional resources
7.5. Debugger does not work in the .NET sample
Currently, the debugger in Microsoft Visual Studio Code - Open Source does not work in the .NET sample.
Workaround
Use a different image from the following sources:
Additional resources