Do not create internal servers for public endpoints;

infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/KubernetesServerExposer.java

@@ -186,7 +186,14 @@ public class KubernetesServerExposer<T extends KubernetesEnvironment> {
 
     provisionServicesForDiscoverableServers(servers);
 
-    exposeNonSecureServers(internalServers, externalServers, unsecuredPorts);
+    Optional<Service> serviceOpt = createService(internalServers, unsecuredPorts);
+
+    if (serviceOpt.isPresent()) {
+      Service service = serviceOpt.get();
+      String serviceName = service.getMetadata().getName();
+      k8sEnv.getServices().put(serviceName, service);
+      exposeNonSecureServers(serviceName, externalServers, unsecuredPorts);
+    }
 
     exposeSecureServers(secureServers, securedPorts);
   }
@@ -254,29 +261,11 @@ public class KubernetesServerExposer<T extends KubernetesEnvironment> {
   }
 
   private void exposeNonSecureServers(
-      Map<String, ServerConfig> internalServers,
+      String serviceName,
       Map<String, ServerConfig> externalServers,
       Map<String, ServicePort> unsecuredPorts)
       throws InfrastructureException {
 
-    if (unsecuredPorts.isEmpty()) {
-      return;
-    }
-
-    Map<String, ServerConfig> allNonSecureServers = new HashMap<>(internalServers);
-    allNonSecureServers.putAll(externalServers);
-    Service service =
-        new ServerServiceBuilder()
-            .withName(generate(SERVER_PREFIX, SERVER_UNIQUE_PART_SIZE) + '-' + machineName)
-            .withMachineName(machineName)
-            .withSelectorEntry(CHE_ORIGINAL_NAME_LABEL, pod.getMetadata().getName())
-            .withPorts(new ArrayList<>(unsecuredPorts.values()))
-            .withServers(allNonSecureServers)
-            .build();
-
-    String serviceName = service.getMetadata().getName();
-    k8sEnv.getServices().put(serviceName, service);
-
     for (ServicePort servicePort : unsecuredPorts.values()) {
       // expose service port related external servers if exist
       Map<String, ServerConfig> matchedExternalServers = match(externalServers, servicePort);
@@ -290,6 +279,25 @@ public class KubernetesServerExposer<T extends KubernetesEnvironment> {
     }
   }
 
+  private Optional<Service> createService(
+      Map<String, ServerConfig> internalServers, Map<String, ServicePort> unsecuredPorts) {
+    Map<String, ServerConfig> allInternalServers = new HashMap<>(internalServers);
+    if (unsecuredPorts.isEmpty()) {
+      return Optional.empty();
+    }
+
+    Service service =
+        new ServerServiceBuilder()
+            .withName(generate(SERVER_PREFIX, SERVER_UNIQUE_PART_SIZE) + '-' + machineName)
+            .withMachineName(machineName)
+            .withSelectorEntry(CHE_ORIGINAL_NAME_LABEL, pod.getMetadata().getName())
+            .withPorts(new ArrayList<>(unsecuredPorts.values()))
+            .withServers(allInternalServers)
+            .build();
+
+    return Optional.of(service);
+  }
+
   private void exposeSecureServers(
       Map<String, ServerConfig> securedServers, Map<String, ServicePort> securedPorts)
       throws InfrastructureException {

infrastructures/kubernetes/src/test/java/org/eclipse/che/workspace/infrastructure/kubernetes/server/KubernetesServerExposerTest.java

@@ -512,6 +512,13 @@ public class KubernetesServerExposerTest {
     Annotations.Deserializer serviceAnnotations =
         Annotations.newDeserializer(service.getMetadata().getAnnotations());
     assertEquals(serviceAnnotations.machineName(), machineName);
+    // check that we did not create servers for public endpoints
+    assertFalse(
+        serviceAnnotations
+            .servers()
+            .keySet()
+            .stream()
+            .anyMatch(key -> expectedServers.containsKey(key)));
 
     verify(externalServerExposer)
         .expose(