fix: configure proxy env vars in serving controller

charms/knative-serving/config.yaml

@@ -53,3 +53,15 @@ options:
     description: >
       Image to use for the `queue-proxy` sidecar container in a Knative Service workload Pod.
     type: string
+  http-proxy:
+    default: ""
+    description: The value of HTTP_PROXY environment variable in the serving controller.
+    type: string
+  https-proxy:
+    default: ""
+    description: The value of HTTPS_PROXY environment variable in the serving controller.
+    type: string  
+  no-proxy:
+    default: ""
+    description: The value of NO_PROXY environment variable in the serving controller.
+    type: string

charms/knative-serving/src/charm.py

@@ -173,6 +173,9 @@ def _context(self):
             "registries_skip_tag_resolving": self.model.config[
                 "registries-skipping-tag-resolving"
             ],
+            "http_proxy": self.model.config["http-proxy"],
+            "https_proxy": self.model.config["https-proxy"],
+            "no_proxy": self.model.config["no-proxy"],
         }
         if self._otel_collector_relation_data:
             context.update(self._otel_collector_relation_data)

charms/knative-serving/src/manifests/KnativeServing.yaml.j2

@@ -44,3 +44,22 @@ spec:
       {{ container }}: {{ image }}
       {% endfor %}
 {% endif %}
+{% if http_proxy or https_proxy or no_proxy %}
+  workloads:
+  - name: controller
+    env:
+    - container: controller
+      envVars:
+    {% if http_proxy %}
+      - name: HTTP_PROXY
+        value: {{ http_proxy }}
+    {% endif %}
+    {% if https_proxy %}
+      - name: HTTPS_PROXY
+        value: {{ https_proxy }}
+    {% endif %}
+    {% if no_proxy %}
+      - name: NO_PROXY
+        value: {{ no_proxy }}
+    {% endif %}
+{% endif %}

charms/knative-serving/tests/unit/test_charm.py

@@ -164,6 +164,9 @@ def test_context_changes(harness):
             "namespace": "knative-serving",
             "istio.gateway.name": "knative-gateway",
             "istio.gateway.namespace": "istio-namespace",
+            "http-proxy": "my_http_proxy",
+            "https-proxy": "my_https_proxy",
+            "no-proxy": "my_no_proxy",
         }
     )
     harness.begin()
@@ -176,6 +179,9 @@ def test_context_changes(harness):
         "registries_skip_tag_resolving": harness.model.config["registries-skipping-tag-resolving"],
         "serving_namespace": harness.model.config["namespace"],
         "serving_version": harness.model.config["version"],
+        "http_proxy": harness.model.config["http-proxy"],
+        "https_proxy": harness.model.config["https-proxy"],
+        "no_proxy": harness.model.config["no-proxy"],
         CUSTOM_IMAGE_CONFIG_NAME: DEFAULT_IMAGES,
     }
 

tests/test_bundle.py

@@ -448,3 +448,52 @@ async def test_queue_sidecar_image_config(
 
     # Assert that the Knative Service is trying to use the custom image.
     assert cloudevents_deployment.spec.template.spec.containers[1].image == fake_image
+
+
+async def test_serving_proxy_config(ops_test: OpsTest):
+    """
+    Changes `http-proxy`, `https-proxy` and `no-proxy` configs and checks that the Knative Serving
+    controller container is using the values from configs as environment variables.
+    """
+
+    # Act
+    test_http_proxy = "my_http_proxy"
+    test_https_proxy = "my_https_proxy"
+    test_no_proxy = "no_proxy"
+
+    await ops_test.model.applications["knative-serving"].set_config(
+        {"http-proxy": test_http_proxy, "https-proxy": test_https_proxy, "no-proxy": test_no_proxy}
+    )
+
+    await ops_test.model.wait_for_idle(
+        ["knative-serving"],
+        status="active",
+        raise_on_blocked=False,
+        timeout=60 * 1,
+    )
+
+    client = Client()
+
+    # Get Knative Serving controller Deployment
+    controller_deployment = client.get(
+        Deployment, "controller", namespace=KNATIVE_SERVING_NAMESPACE
+    )
+
+    # Get Knative Serving controller environment variables
+    serving_controller_env_vars = controller_deployment.spec.template.spec.containers[0].env
+
+    http_proxy_env = https_proxy_env = no_proxy_env = None
+
+    # Get proxy environment variables from all Knative Serving controller env vars
+    for env_var in serving_controller_env_vars:
+        if env_var.name == "HTTP_PROXY":
+            http_proxy_env = env_var.value
+        elif env_var.name == "HTTPS_PROXY":
+            https_proxy_env = env_var.value
+        elif env_var.name == "NO_PROXY":
+            no_proxy_env = env_var.value
+
+    # Assert Deployment spec contains correct proxy environment variables
+    assert http_proxy_env == test_http_proxy
+    assert https_proxy_env == test_https_proxy
+    assert no_proxy_env == test_no_proxy