support adding a CA cert to http collector #1624
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description, Motivation and Context
http
collector now supports acacert
field and aproxy
field, in order to support testing for man-in-the-middle proxies. This will be most useful in a HostPreflight scenario, checking whether the proxy CA cert provided byembedded-cluster install --private-ca
can be used to successfully traverse the forward proxy. The expectation is that the proxy address and CA cert will be templated into a preflight spec at runtime.These params are new and optional:
cacert
: a path to a file, directory, or a literal string containing the CA certificate in PEM formatproxy
: a URL to a proxy, including port and scheme:https://10.128.0.4:3130
E.g.:
Relates to #1302
Depends on replicatedhq/embedded-cluster#1228
Checklist
Does this PR introduce a breaking change?