Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[installer]: add HTTP_PROXY envvars to the Installer #12726

Merged
merged 5 commits into from
Sep 13, 2022
Merged

[installer]: add HTTP_PROXY envvars to the Installer #12726

merged 5 commits into from
Sep 13, 2022

Conversation

mrsimonemms
Copy link
Contributor

@mrsimonemms mrsimonemms commented Sep 7, 2022
edited
Loading

Description

Adds preliminary support for HTTP_PROXY (and HTTPS_PROXY and NO_PROXY) in the Installer. This adds an optional secret which receives the proxy settings from the KOTS CLI settings - the NO_PROXY envvar also hard-codes some additional parameters required for the application to work.

Important - this is not a full feature. It is merely the initial work to enable other teams to help out in their areas of expertise. This adds the appropriate envvars to the resources and wires them all up in a fashion that allows the Gitpod stack to run without error. However, it DOES NOT allow an image to be built or workspace to be run. There are additional tickets in #10769 that detail these tasks

An interesting thing of note is that the @grpc/grpc-node library does not respect wildcard NO_PROXY URLs. To address that, the server adds an addition no_grpc_proxy (which is the primary envvar for this library) and changes all resources it calls to the FQDN. See the issue for more details.

Related Issue(s)

Fixes #12835
Fixes #12820
Fixes #12821

How to test

This will also need testing in a non-proxied instance to ensure no regressions are introduced

  • Create a new server with Squid installed. This server must have unrestricted internet access
  • Configure an airgapped installation and configure the k3s cluster to access the proxy
  • Run kubectl kots install gitpod --http-proxy <http-proxy> --https-proxy <https-proxy> --no-proxy <no-proxy> to install Gitpod

Configuring your cluster

A repo exists that will create a k3s cluster for you in Azure. Run make azure-k3s with the following settings in your .auto.tfvars file

domain_name = "<your domain name>"
azure_k3s = true
enable_airgapped = true
http_proxy = "<your proxy settings - eg http://user:password@ip-address:3128">

Release Notes

[installer]: add HTTP_PROXY envvars to the Installer

Documentation

Werft options:

  • /werft with-preview

@mrsimonemms mrsimonemms force-pushed the sje/installer-proxy-config branch 4 times, most recently from 4c3637c to 208853e Compare September 7, 2022 13:00
@mrsimonemms
Copy link
Contributor Author

mrsimonemms commented Sep 7, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-sje-installer-proxy-config.5
(with .werft/ from main)

@mrsimonemms mrsimonemms force-pushed the sje/installer-proxy-config branch 15 times, most recently from 6cd0c30 to ef3867d Compare September 9, 2022 12:16
@mrsimonemms mrsimonemms changed the title [installer]: add support for HTTP_PROXY [installer]: add HTTP_PROXY envvars to the Installer Sep 9, 2022
@mrsimonemms mrsimonemms marked this pull request as ready for review September 9, 2022 13:34
@mrsimonemms mrsimonemms requested review from a team September 9, 2022 13:34
@kylos101 kylos101 mentioned this pull request Sep 9, 2022
Closed
@mrsimonemms mrsimonemms force-pushed the sje/installer-proxy-config branch from ef3867d to a9c91bb Compare September 12, 2022 11:31
@mrsimonemms mrsimonemms force-pushed the sje/installer-proxy-config branch from a9c91bb to ee71ee5 Compare September 12, 2022 11:49
Pothulapati
Pothulapati approved these changes Sep 12, 2022
View reviewed changes
Copy link
Contributor

@Pothulapati Pothulapati left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:shipit:

@mrsimonemms mrsimonemms mentioned this pull request Sep 12, 2022
Closed
@geropl geropl self-assigned this Sep 13, 2022
@werft-gitpod-dev-com
Copy link

started the job as gitpod-build-sje-installer-proxy-config.26 because the annotations in the pull request description changed
(with .werft/ from main)

@geropl
Copy link
Member

geropl commented Sep 13, 2022

Waiting for the build ☝️ to see if the default case is running.

Simon Emms added 3 commits September 13, 2022 07:42
[installer]: set proxy server configuration in installer
0ba9406
[installer]: explicitly set all host addresses to 0.0.0.0
3dbf7b7
[installer]: set the server URLs to the FQDN and add no_grpc_proxy en…
1de08a6 
…vvar

The @grpc/grpc-node package does not support wildcards in the no_proxy
envvar. Add the FQDN's for the components that the server calls to the
no_grpc_proxy envvar so that these calls are not proxied
@mrsimonemms mrsimonemms force-pushed the sje/installer-proxy-config branch from ee71ee5 to 67a8365 Compare September 13, 2022 07:42
mrsimonemms
mrsimonemms commented Sep 13, 2022
View reviewed changes
install/installer/pkg/components/server/deployment.go
@@ -122,6 +125,20 @@ func deployment(ctx *common.RenderContext) ([]runtime.Object, error) {
},
)

if ctx.Config.HTTPProxy != nil {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@geropl have updated as-per your comment 👍🏻

@mrsimonemms
Copy link
Contributor Author

mrsimonemms commented Sep 13, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-sje-installer-proxy-config.28
(with .werft/ from main)

@werft-gitpod-dev-com
Copy link

started the job as gitpod-build-sje-installer-proxy-config.29 because the annotations in the pull request description changed
(with .werft/ from main)

@mrsimonemms mrsimonemms force-pushed the sje/installer-proxy-config branch from 67a8365 to f791db5 Compare September 13, 2022 09:45
@werft-gitpod-dev-com
Copy link

started the job as gitpod-build-sje-installer-proxy-config.31 because the annotations in the pull request description changed
(with .werft/ from main)

geropl
geropl approved these changes Sep 13, 2022
View reviewed changes
Copy link
Member

@geropl geropl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(WebApp related) Code LGTM, tested the preview and workspaces still start 🙃 ✔️

@roboquat roboquat merged commit 3d55ab2 into main Sep 13, 2022
@roboquat roboquat deleted the sje/installer-proxy-config branch September 13, 2022 10:38
@mrsimonemms
Copy link
Contributor Author

Thanks @geropl

@roboquat roboquat added deployed: webapp Meta team change is running in production deployed: workspace Workspace team change is running in production labels Sep 14, 2022
@AlexTugarev AlexTugarev mentioned this pull request Feb 10, 2023
Merged
15 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geropl geropl geropl approved these changes

@sagor999 sagor999 sagor999 approved these changes

@Pothulapati Pothulapati Pothulapati approved these changes

Assignees

@geropl geropl

Labels
deployed: webapp Meta team change is running in production deployed: workspace Workspace team change is running in production release-note size/XXL team: delivery Issue belongs to the self-hosted team team: webapp Issue belongs to the WebApp team team: workspace Issue belongs to the Workspace team
Projects
No open projects
🚚 Security, Infrastructure, and Delivery Team (SID)
Archived in project
Milestone
No milestone
6 participants
@mrsimonemms @corneliusludmann @geropl @Pothulapati @sagor999 @roboquat