MG-66: Update egress proxy behaviour for support-log-gather operator #1903
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@praveencodes: This pull request references MG-66 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
|
||
| `mustgather.spec.proxyConfig` if set by the user in the CR, will be propagated as pod environment variables to the gather and upload containers of the Job. The configuration set in the resource is given precedence over the cluster-wide proxy settings set on the cluster through `configv1.Proxy` object. Due to the nature of SOCKS proxy protocol and the HTTP "CONNECT" verb in most proxy servers used with OpenShift, the upload process using SFTP's TCP can essentially make a CONNECT request over netcat and intercept to upload the mustgather bundle even when on a airgapped proxy setup. | ||
| The operator inherits cluster-wide proxy settings (typically propagated from the configv1.Proxy object via the operator's environment variables) and passes them to the upload container of the Job. The upload process uses an HTTP CONNECT proxy via netcat (nc --proxy-type http) as an SSH ProxyCommand, allowing SFTP traffic to tunnel through HTTP proxies commonly used in airgapped OpenShift environments. | ||
|
|
There was a problem hiding this comment.
Let's also mention that the cluster-wide proxy env vars are propagated/managed through OLM directly. If the user wishes to customise it, a cluster-admin can override the HTTP_PROXY, HTTPS_PROXY, NO_PROXY env vars through the OLM Subscription object.
|
@praveencodes: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
we should include that the trusted CA config map is copied from the operator to the operand namespace where MustGather CR is present. And, additionally discuss if it should add an ownerReference, given the copied config map will be created by the operator.
| ## Configuring egress proxy for Must Gather Operator | ||
|
|
||
| If a cluster wide egress proxy is configured on the OpenShift cluster, OLM automatically update all the operators' deployments with `HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY` environment variables. | ||
| Those variables are then propagated down to the must gather (operand) controllers by the must gather operator. | ||
|
|
||
| ### Trusted Certificate Authority | ||
|
|
||
| #### Running operator | ||
|
|
||
| Follow the instructions below to let Must Gather Operator trust a custom Certificate Authority (CA). The operator's OLM subscription has to be already created. |
There was a problem hiding this comment.
I don't think we need a doc-style instructions in here,
| ## Configuring egress proxy for Must Gather Operator | ||
|
|
||
| If a cluster wide egress proxy is configured on the OpenShift cluster, OLM automatically update all the operators' deployments with `HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY` environment variables. | ||
| Those variables are then propagated down to the must gather (operand) controllers by the must gather operator. |
There was a problem hiding this comment.
probably, a li'l confusing which "operand controllers" are being referred?
|
/retitle MG-66: Update egress proxy behaviour for support-log-gather operator |
openshift-ci
bot
changed the title
3 participants
No description provided.