Skip to content
This repository has been archived by the owner on Nov 1, 2022. It is now read-only.

HTTP Proxy not used when connecting with remote GIT repository #1535

Closed
demikl opened this issue Nov 20, 2018 · 5 comments
Closed

HTTP Proxy not used when connecting with remote GIT repository #1535

demikl opened this issue Nov 20, 2018 · 5 comments
Labels
bug helm

Comments

@demikl
Copy link

demikl commented Nov 20, 2018
edited
Loading

Pods in my environment don't have direct access to Internet resources, they have to use a proxy. So, for flux-helm-operator, the deployment manifest contains these environments variables:

          env:
            - name: HTTP_PROXY
              value: http://proxy.internalorg:80
            - name: http_proxy
              value: http://proxy.internalorg:80
            - name: HTTPS_PROXY
              value: http://proxy.internalorg:80
            - name: https_proxy
              value: http://proxy.internalorg:80
            - name: NO_PROXY
              value: 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.internalorg,...
            - name: no_proxy
              value: 127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.internalorg,....

Whenever I'm creating a HelmRelease object (using v0.5.0) specifying an external (github) GIT repository, those proxy env variables are not used:

---
apiVersion: flux.weave.works/v1beta1
kind: HelmRelease
metadata:
  name: consul
  namespace: cluster-tools
  labels:
    chart: consul
spec:
  chart:
    git: https://github.com/hashicorp/consul-helm.git
    path: "/"
    ref: "v0.3.0"
  releaseName: consul

Logs from flux-helm-operator:

ts=2018-11-20T10:11:32.776998797Z caller=chartsync.go:243 component=chartsync info="Start of releasesync"
ts=2018-11-20T10:11:32.803799336Z caller=chartsync.go:318 component=chartsync info="chart repo not ready yet" releaseName=consul resource=cluster-tools:HelmRelease/consul status=new err="git clone --mirror: fatal: unable to access 'https://github.com/hashicorp/consul-helm.git/': Could not resolve host: github.com"

The Could not resolve host: github.com is an indicator that the proxy is not used since DNS resolution should not occur on the client side, but on the proxy. When I manually call git clone... from within the pod (using kubectl exec -ti ... sh), it works fine since environment variables are set.

My guess is that the git command is launched within the operator without retrieving environment variables:
https://github.com/weaveworks/flux/blob/8f09ae615bc9e12e34567d5bd6e1505998c1f608/git/operations.go#L268

Maybe something like c.Env = os.Environ() might work ?
@demikl
Copy link
Author

demikl commented Nov 20, 2018

I've confirmed that using os.Environ() works fine, do you want me to create a pull request ?

@hiddeco
Copy link
Member

hiddeco commented Nov 20, 2018

@demikl

Hi! Thanks for the bug report write-up and testing out os.Environ(). Your contribution would be appreciated! 🥇

@hiddeco hiddeco mentioned this issue Nov 25, 2018
Merged
@demikl
Copy link
Author

demikl commented Nov 29, 2018

Hi ! I was in the move to open a pull request with my changes for using an HTTP proxy when calling the git commands, but I can see I've waited for too long and you've already worked on it.

May I suggest to also include lowercase environment variables ? Not only HTTP_PROXY, HTTPS_PROXY and NO_PROXY are allowed, but also their lowercase counterparts: http_proxy, https_proxy, no_proxy.

@hiddeco
Copy link
Member

hiddeco commented Nov 29, 2018

@demikl as more applications tend to like the lowercase version I will just change it.

@hiddeco
Copy link
Member

hiddeco commented Dec 3, 2018

@demikl no official release yet but it has just been merged in to master and should be available as quay.io/weaveworks/flux:master-5cdd3149.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug helm
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@demikl @hiddeco