Skip to content

Support http proxy configuration using a topology webhook #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dlipovetsky opened this issue Feb 17, 2023 · 4 comments
Closed

Support http proxy configuration using a topology webhook #30

dlipovetsky opened this issue Feb 17, 2023 · 4 comments

Comments

@dlipovetsky
Copy link
Contributor

To configure the cluster control and data plane to use an HTTP proxy, users need to provide two pieces of information:

  1. The http proxy URL (See the HTTP_PROXY, HTTPS_PROXY env vars)
  2. A set of IPs, DNS records, and CIDRs that must be reached directly, not through the proxy (See the NO_PROXY env var)

Providing (1) is trivial.

Providing (2) is not; values include localhost names and IPs, the cluster Pod network CIDR, Services CIDR, the cluster DNS zone, the "metadata service," and some infrastructure-dependent values. A typical value for a cluster in AWS might be:

localhost,127.0.0.1,10.96.0.0/12,192.168.0.0/16,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,.svc,.svc.cluster,.svc.cluster.local,169.254.169.254,.elb.amazonaws.com

A user can discover these different values, but doing so is a lot of work. A topology webhook should be able to derive most (hopefully, all) the required values for the user, and allow the user to provide optional values in addition to the required ones.
@jimmidyson
Copy link
Member

Brilliant idea! How would a cluster opt in to this though? Label selector? Possibly using annotation? Thinking about multiple clusters in same NS, that have different proxies to use.

@jimmidyson
Copy link
Member

@dlipovetsky Why is .elb.amazonaws.com required (obviously for AWS only I mean)?

@mhrabovcin mhrabovcin mentioned this issue Aug 31, 2023
Merged
@dlipovetsky
Copy link
Contributor Author

@jimmidyson Looks like I grabbed that string from our an internal e2e test, which happens to run in AWS.

@dlipovetsky dlipovetsky mentioned this issue Sep 8, 2023
Merged
@dlipovetsky
Copy link
Contributor Author

Done!

supershal added a commit to dlipovetsky/capi-runtime-extensions that referenced this issue Apr 5, 2024
@supershal
test: move all patch generator unit tests to their own packages (nuta…
184e7d6 
…nix-cloud-native#23)

* test: unit test for individual patch generator

* test: package level unit test for HTTPProxy

* test: move region and httpproxy patch generator unit test invocation

* fix: linting errors

* test: move all AWS patch unit tests to their own packages (nutanix-cloud-native#24)

* test: move instanceprofile tests to its own package

* test: move instancetype unit tests to its own package

* test: move ami unit tests to its own package

* test: move aws network tests to its own package

* test: move controlplaneloadbalancer unit tests to its own package

* test: move aws cni unit tests to its own package

* test: fix linting errors

* test: unit tests for AWS security groups

* test: move customimage unit tests to their own package (nutanix-cloud-native#30)

* test:  move all Nutanix patch handler unit tests (nutanix-cloud-native#32)

* test: move controlplane endpoint unit tests

* test: move PC endpoint unit tests

* test: nove machinedetails unit tests

* test: move generic patch unit tests to own packages (nutanix-cloud-native#31)

* test: move audit policy tests to their own package

* test: move etcd unit tests to their own package

* test: move extra api server cert sans to its own package

* test: move image registry unit tests to its own package

* test: move kubernetes image repository unit tests

* test: move mirror unit tests

* test: move users unit tests

* test: remove gereric unit tests from nutanix meta patch handler

* test: cleaned up meta level unit test suites
jimmidyson pushed a commit that referenced this issue Apr 11, 2024
@supershal @jimmidyson
test: move all patch generator unit tests to their own packages (#23)
c6cdfba 
* test: unit test for individual patch generator

* test: package level unit test for HTTPProxy

* test: move region and httpproxy patch generator unit test invocation

* fix: linting errors

* test: move all AWS patch unit tests to their own packages (#24)

* test: move instanceprofile tests to its own package

* test: move instancetype unit tests to its own package

* test: move ami unit tests to its own package

* test: move aws network tests to its own package

* test: move controlplaneloadbalancer unit tests to its own package

* test: move aws cni unit tests to its own package

* test: fix linting errors

* test: unit tests for AWS security groups

* test: move customimage unit tests to their own package (#30)

* test:  move all Nutanix patch handler unit tests (#32)

* test: move controlplane endpoint unit tests

* test: move PC endpoint unit tests

* test: nove machinedetails unit tests

* test: move generic patch unit tests to own packages (#31)

* test: move audit policy tests to their own package

* test: move etcd unit tests to their own package

* test: move extra api server cert sans to its own package

* test: move image registry unit tests to its own package

* test: move kubernetes image repository unit tests

* test: move mirror unit tests

* test: move users unit tests

* test: remove gereric unit tests from nutanix meta patch handler

* test: cleaned up meta level unit test suites
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimmidyson @dlipovetsky