Connect to Red Hat OpenShift Dev Spaces or Eclipse Che workspaces from Kiro IDE or VS Code. No SSH, no CLI tools, no configuration files.
- One-click connect — Browser-based OAuth2 authentication. Click Connect and you're in.
- Workspace management — Start, stop, restart, create, and delete workspaces from the sidebar.
- K8s exec transport — Connects via Kubernetes exec + port-forward. No SSH server needed in the pod.
- Multi-cluster — Register and manage multiple DevSpaces clusters simultaneously.
- Auto-reconnect — Automatically reconnects when pods are rescheduled or restarted.
- Port forwarding — Access ports running in the workspace from localhost.
- IDE detection — Automatically adapts to Kiro IDE or VS Code with appropriate defaults.
- Air-gapped support — Handles connecting to cluster with restricted network traffic.
- Install the extension (VSIX or marketplace)
- Click the Dev Spaces icon in the Activity Bar
- Click Sign In to Dev Spaces
- Enter your cluster URL (e.g.
https://devspaces.apps.your-cluster.example.com) - Authenticate in your browser
- Your workspaces appear — click Connect on any workspace
- Kiro IDE or VS Code 1.107+
- Network access to your OpenShift Dev Spaces cluster
- OpenShift credentials (SSO)
| Setting | Default | Description |
|---|---|---|
devspaces.clusters |
[] |
List of Dev Spaces cluster URLs. First entry is the default. |
devspaces.syncKiroIDECredentials |
true |
Sync Kiro IDE AWS SSO credentials to remote workspace (Kiro only). |
devspaces.autoConnect |
false |
Auto-connect to last workspace on startup. |
devspaces.autoOpenFolder |
true |
Auto-open project folder after connecting. |
devspaces.rehDownloadUrl |
"" |
URL template for REH server download. Supports ${commit}, ${os}, ${arch}. If empty, uses IDE built-in. |
devspaces.connectionTimeout |
300 |
Max seconds to wait for workspace start. |
devspaces.reconnect.enabled |
true |
Auto-reconnect on connection loss. |
devspaces.reconnect.maxRetries |
5 |
Max reconnection attempts. |
devspaces.logLevel |
"info" |
Logging verbosity: debug, info, warn, error. |
devspaces.openBehavior |
"newWindow" |
How to open remote sessions: newWindow, currentWindow, prompt. |
devspaces.hideRemoteExplorer |
true |
Hide the Remote-SSH explorer sidebar. |
devspaces.initialization.roleBindingName |
"devspaces-user-container-build" |
RoleBinding to wait for during namespace init. |
devspaces.initialization.timeout |
120 |
Max seconds to wait for namespace initialization. |
devspaces.initialization.pollInterval |
2 |
Poll interval (seconds) for readiness check. |
devspaces.initialization.namespaceAgeThreshold |
300 |
Namespace age threshold (seconds). Set to 0 to always check. |
devspaces.certificateValidation.enabled |
true |
Whether to reject cluster SSL/TLS certificates that are invalid, expired or self-signed. |
All commands are in the Command Palette under Dev Spaces:
- Sign In / Sign Out — Authenticate or sign out from a cluster
- Add / Remove Cluster — Manage registered clusters
- Connect / Disconnect — Open or close remote sessions
- Start / Stop / Restart — Workspace lifecycle
- New Workspace — Create from Git URL or empty
- Delete Workspace — Remove with confirmation
- Open in Browser — Open in DevSpaces dashboard
For environments with custom/enterprise CAs, set before launching:
export NODE_EXTRA_CA_CERTS=/path/to/ca-bundle.pemThe extension also loads system-trusted CAs automatically.
| Problem | Solution |
|---|---|
| Sign-in never completes | Check network access to cluster; ensure no proxy blocks localhost callback |
| TLS/certificate errors | Set NODE_EXTRA_CA_CERTS to your CA bundle |
| Connection drops | Enable devspaces.reconnect.enabled, increase maxRetries |
For detailed troubleshooting, see the Setup Guide in the repository's docs/ folder.
Additional documentation is available in the docs/ folder of the source repository:
- Setup Guide — Full installation, configuration, and usage guide
- Architecture — Technical internals, diagrams, and design decisions
- Development — Build, test, and contribute
- OAuth tokens stored locally (never as plain text files)
- All communication over TLS
- Bearer tokens redacted from logs
- Unique connection token per session
- No telemetry collected
MIT