OpenVSX Server Setup in Local Kubernetes Failing via Web UI

[dipuharidasan]

I'm trying to set up an OpenVSX server in my local Kubernetes cluster.

OPENVSX_VERSION=v0.22.2
Service Type: LoadBalancer
Ingress Setup: No ingress configured (using LoadBalancer IP directly)

After publishing extensions, the UI shows a warning:

"This version of the extension was published by super_user. That user is not a verified publisher of the namespace of this extension."

I confirmed that the correct publisher is set in package.json.
Running ovsx verify-pat confirms my PAT is valid.

I downloaded a vsix file from the public registry and published that. Facing the same issue there as well.

MacBook-Pro-2:Downloads dipuh$ ovsx create-namespace cweijan
🚀  Created namespace cweijan
MacBook-Pro-2:Downloads dipuh$ ovsx publish cweijan.vscode-mysql-client2-8.1.9.vsix
🚀  Published cweijan.vscode-mysql-client2 v8.1.9
MacBook-Pro-2:Downloads dipuh$ ovsx verify-pat cweijan
🚀  PAT valid to publish at cweijan
MacBook-Pro-2:Downloads dipuh$

Still the UI shows the above publish related warning and gives a blank page while clicking on any published extension. So, I am not having any option to download the extension via the webui now.

My docker file is as below:

ARG OPENVSX_VERSION

# Builder image to compile the website
FROM ubuntu:22.04 AS builder

WORKDIR /workdir

# Set up environment to handle SSL issues
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
ENV NODE_OPTIONS=--no-warnings

RUN apt-get update \
  && apt-get install --no-install-recommends -y \
    bash \
    ca-certificates \
    git \
    curl \
    jq \
  && apt-get clean \    
  && rm -rf /var/lib/apt/lists/* \
  && curl -k -sSL https://deb.nodesource.com/setup_20.x | bash - \
  && apt-get update \
  && apt-get install -y nodejs \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* \
  && npm install -g [email protected] \
  && npm config set strict-ssl false \
  && yarn config set strict-ssl false \
  && yarn --version

ARG OPENVSX_VERSION
ENV VERSION=$OPENVSX_VERSION

RUN git -c http.sslVerify=false clone --branch ${VERSION} --depth 1 https://github.com/eclipse/openvsx.git /workdir

RUN if [ -f webui/package.json ]; then \
      cat webui/package.json | jq 'del(.packageManager)' > webui/package.json.tmp && \
      mv webui/package.json.tmp webui/package.json; \
    fi && \
    # Also remove .yarnrc.yml which enforces yarn 4
    rm -f webui/.yarnrc.yml

RUN echo "strict-ssl=false" > ~/.npmrc && \
    echo "registry=http://registry.npmjs.org/" >> ~/.npmrc

# Install dependencies and build
RUN cd webui && \
    # First try with regular yarn
    (yarn install --network-timeout 600000 --no-lockfile || \
    # If that fails, try with npm directly
    npm install) && \
    yarn build && \
    yarn build:default

FROM ghcr.io/eclipse/openvsx-server:${OPENVSX_VERSION}
ARG OPENVSX_VERSION

COPY --from=builder --chown=openvsx:openvsx /workdir/webui/static/ BOOT-INF/classes/static/
COPY application.yml config/

USER root
RUN sed -i "s/OPENVSX_VERSION/${OPENVSX_VERSION}/g" config/application.yml
USER openvsx

# Local storage:
RUN mkdir -p /tmp/extensions && chmod 777 /tmp/extensions

My application.yml file is as below:

logging:
  pattern:
    level: '%5p [${spring.application.name:},%X{traceId:-},%X{spanId:-}]'

server:
  port: 8080
  jetty:
    threads:
      max-queue-capacity: 100
  compression:
    enabled: true
    mime-types: text/html,text/plain,text/css,application/javascript,application/json,text/xml,application/xml,application/xml+rss,text/javascript
    min-response-size: 1024

spring:
  application:
    name: openvsx-server
  autoconfigure:
    exclude: 
     - org.springframework.boot.actuate.autoconfigure.tracing.zipkin.ZipkinAutoConfiguration
  profiles:
    include: ovsx
  cache:
    jcache:
      config: classpath:ehcache.xml
  datasource:
    url: jdbc:postgresql://openvsx.stage-db:5432/openvsx
    username: admin
    password: postgrespass
  flyway:
    baseline-on-migrate: false
  jpa:
    open-in-view: false
    properties:
      hibernate:
        dialect: org.hibernate.dialect.PostgreSQLDialect
  session:
    store-type: jdbc
    jdbc:
      initialize-schema: never
  security:
    oauth2:
      client:
        registration:
          github:
            client-id: 1234567890
            client-secret: 1234567890

management:
  health:
    probes:
      enabled: true
  endpoints:
    web:
      exposure:
        include:
          - health
          - metrics
          - prometheus
  metrics:
    distribution:
      percentiles-histogram:
        http:
          server:
            requests: true
          client:
            requests: true

springdoc:
  swagger-ui:
    path: /swagger-ui
    docExpansion: list
    operationsSorter: alpha
    supportedSubmitMethods:
      - get

org:
  jobrunr:
    job-scheduler:
      enabled: true
    background-job-server:
      enabled: true
      worker-count: 2
    dashboard:
      enabled: false
    database:
      type: sql
    miscellaneous:
      allow-anonymous-data-usage: false

bucket4j:
  enabled: false

ovsx:
  webui:
    url: 'http://10.47.245.72:443'
    frontendRoutes: "/extension/**,/namespace/**,/user-settings/**,/admin-dashboard/**,/about,/publisher-agreement-*,/terms-of-use"
  extension-control:
    enabled: false
  databasesearch:
    enabled: true
  elasticsearch:
    enabled: false
  integrity:
    key-pair: create # create, renew, delete, 'undefined'
  oauth:
    github:
      enabled: false # explicitly disable GitHub OAuth
  registry:
    version: 'OPENVSX_VERSION'
  storage:
    local:
      directory: /tmp/extensions
  publishing:
    require-license: false

I am not using SSL along with the loadbalancer now. Wondering if that is a problem.

I can download the published plugins without any issue via ovsx get. In Chrome developer tools, I see the following errors while opening any plugin.

TypeError: e.sanitize is not a function
    at Wu (sanitized-markdown.tsx:110:11)
    at vi (react-dom.production.min.js:160:137)
    at As (react-dom.production.min.js:289:337)
    at bc (react-dom.production.min.js:279:389)
    at gc (react-dom.production.min.js:279:320)
    at vc (react-dom.production.min.js:279:180)
    at ac (react-dom.production.min.js:270:88)
    at oc (react-dom.production.min.js:267:429)
    at k (scheduler.production.min.js:13:203)
    at MessagePort.O (scheduler.production.min.js:14:128)
pl @ react-dom.production.min.js:188
n.callback @ react-dom.production.min.js:188
qa @ react-dom.production.min.js:156
xs @ react-dom.production.min.js:261
bs @ react-dom.production.min.js:259
ys @ react-dom.production.min.js:258
(anonymous) @ react-dom.production.min.js:282
wc @ react-dom.production.min.js:280
oc @ react-dom.production.min.js:269
k @ scheduler.production.min.js:13
O @ scheduler.production.min.js:14Understand this errorAI
sanitized-markdown.tsx:110 Uncaught TypeError: e.sanitize is not a function
    at Wu (sanitized-markdown.tsx:110:11)
    at vi (react-dom.production.min.js:160:137)
    at As (react-dom.production.min.js:289:337)
    at bc (react-dom.production.min.js:279:389)
    at gc (react-dom.production.min.js:279:320)
    at vc (react-dom.production.min.js:279:180)
    at ac (react-dom.production.min.js:270:88)
    at oc (react-dom.production.min.js:267:429)
    at k (scheduler.production.min.js:13:203)
    at MessagePort.O (scheduler.production.min.js:14:128)
Wu @ sanitized-markdown.tsx:110
vi @ react-dom.production.min.js:160
As @ react-dom.production.min.js:289
bc @ react-dom.production.min.js:279
gc @ react-dom.production.min.js:279
vc @ react-dom.production.min.js:279
ac @ react-dom.production.min.js:270
oc @ react-dom.production.min.js:267
k @ scheduler.production.min.js:13
O @ scheduler.production.min.js:14

I am also not using elasticsearch as this is a small scale testing that I do currently. Appreciate any pointers. Thanks in advance.