devfile · amisevsk · Dec 24, 2021 · Dec 10, 2021 · Dec 13, 2021 · Dec 14, 2021
@@ -42,6 +42,28 @@ type RoutingConfig struct {
 	// On OpenShift, the DevWorkspace Operator will attempt to determine the appropriate
 	// value automatically. Must be specified on Kubernetes.
 	ClusterHostSuffix string `json:"clusterHostSuffix,omitempty"`
+	// ProxyConfig defines the proxy settings that should be used for all DevWorkspaces.
+	// These values are propagated to workspace containers as environment variables.
+	//
+	// On OpenShift, the operator automatically reads values from the "cluster" proxies.config.openshift.io
+	// object and this value only needs to be set to override those defaults. Values for httpProxy
+	// and httpsProxy override the cluster configuration directly. Entries for noProxy are merged
+	// with the noProxy values in the cluster configuration.
+	//
+	// Changes to the proxy configuration are detected by the DevWorkspace Operator and propagated to
+	// DevWorkspaces. However, changing the proxy configuration for the DevWorkspace Operator itself
+	// requires restarting the controller deployment.
+	ProxyConfig *Proxy `json:"proxyConfig,omitempty"`
+}
+
+type Proxy struct {
+	// HttpProxy is the URL of the proxy for HTTP requests, in the format http://USERNAME:PASSWORD@SERVER:PORT/
+	HttpProxy string `json:"httpProxy,omitempty"`
+	// HttpsProxy is the URL of the proxy for HTTPS requests, in the format http://USERNAME:PASSWORD@SERVER:PORT/
+	HttpsProxy string `json:"httpsProxy,omitempty"`
+	// NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Ignored
+	// when HttpProxy and HttpsProxy are unset
+	NoProxy string `json:"noProxy,omitempty"`
 }
 
 type WorkspaceConfig struct {

@@ -18,13 +18,10 @@ package controllers
 import (
 	"context"
 	"fmt"
-	"net/http"
 	"strings"
 	"time"
 
 	devfilevalidation "github.com/devfile/api/v2/pkg/validation"
-	"github.com/devfile/devworkspace-operator/pkg/provision/sync"
-
 	"github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
 	controllerv1alpha1 "github.com/devfile/devworkspace-operator/apis/controller/v1alpha1"
 	"github.com/devfile/devworkspace-operator/controllers/workspace/metrics"
@@ -38,6 +35,7 @@ import (
 	"github.com/devfile/devworkspace-operator/pkg/library/projects"
 	"github.com/devfile/devworkspace-operator/pkg/provision/metadata"
 	"github.com/devfile/devworkspace-operator/pkg/provision/storage"
+	"github.com/devfile/devworkspace-operator/pkg/provision/sync"
 	wsprovision "github.com/devfile/devworkspace-operator/pkg/provision/workspace"
 	"github.com/devfile/devworkspace-operator/pkg/timing"
 
@@ -88,6 +86,7 @@ type DevWorkspaceReconciler struct {
 // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=roles;rolebindings;clusterroles;clusterrolebindings,verbs=get;list;watch;create;update
 // +kubebuilder:rbac:groups=oauth.openshift.io,resources=oauthclients,verbs=get;list;watch;create;update;patch;delete;deletecollection
 // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;create
+// +kubebuilder:rbac:groups=config.openshift.io,resources=proxies,verbs=get,resourceNames=cluster
 // +kubebuilder:rbac:groups=apps,resourceNames=devworkspace-controller,resources=deployments/finalizers,verbs=update
 /////// Required permissions for workspace ServiceAccount
 // +kubebuilder:rbac:groups="",resources=pods/exec,verbs=create
@@ -231,13 +230,13 @@ func (r *DevWorkspaceReconciler) Reconcile(ctx context.Context, req ctrl.Request
 	}
 
 	timing.SetTime(timingInfo, timing.ComponentsCreated)
-	// TODO#185 : Temporarily do devfile flattening in main reconcile loop; this should be moved to a subcontroller.
 	flattenHelpers := flatten.ResolverTools{
 		WorkspaceNamespace: workspace.Namespace,
 		Context:            ctx,
 		K8sClient:          r.Client,
-		HttpClient:         http.DefaultClient,
+		HttpClient:         httpClient,
 	}
+
 	flattenedWorkspace, warnings, err := flatten.ResolveDevWorkspace(&workspace.Spec.Template, flattenHelpers)
 	if err != nil {
 		return r.failWorkspace(workspace, fmt.Sprintf("Error processing devfile: %s", err), metrics.ReasonBadRequest, reqLogger, &reconcileStatus)
@@ -611,6 +610,8 @@ func dwRelatedPodsHandler() handler.EventHandler {
 }
 
 func (r *DevWorkspaceReconciler) SetupWithManager(mgr ctrl.Manager) error {
+	setupHttpClients()
+
 	maxConcurrentReconciles, err := config.GetMaxConcurrentReconciles()
 	if err != nil {
 		return err

@@ -0,0 +1,56 @@
+// Copyright (c) 2019-2021 Red Hat, Inc.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"crypto/tls"
+	"net/http"
+	"net/url"
+
+	"github.com/devfile/devworkspace-operator/pkg/config"
+	"golang.org/x/net/http/httpproxy"
+)
+
+var (
+	httpClient            *http.Client
+	healthCheckHttpClient *http.Client
+)
+
+func setupHttpClients() {
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+	healthCheckTransport := http.DefaultTransport.(*http.Transport).Clone()
+	healthCheckTransport.TLSClientConfig = &tls.Config{
+		InsecureSkipVerify: true,
+	}
+
+	if config.Routing != nil && config.Routing.ProxyConfig != nil {
+		proxyConf := httpproxy.Config{
+			HTTPProxy:  config.Routing.ProxyConfig.HttpProxy,
+			HTTPSProxy: config.Routing.ProxyConfig.HttpsProxy,
+			NoProxy:    config.Routing.ProxyConfig.NoProxy,
+		}
+		proxyFunc := func(req *http.Request) (*url.URL, error) {
+			return proxyConf.ProxyFunc()(req.URL)
+		}
+		transport.Proxy = proxyFunc
+		healthCheckTransport.Proxy = proxyFunc
+	}
+
+	httpClient = &http.Client{
+		Transport: transport,
+	}
+	healthCheckHttpClient = &http.Client{
+		Transport: healthCheckTransport,
+	}
+}
@@ -17,9 +17,7 @@ package controllers
 
 import (
 	"context"
-	"crypto/tls"
 	"fmt"
-	"net/http"
 	"net/url"
 	"sort"
 	"time"
@@ -62,13 +60,6 @@ type currentStatus struct {
 // This variable makes it easier to test conditions.
 var clock kubeclock.Clock = &kubeclock.RealClock{}
 
-// healthHttpClient is supposed to be used for performing health checks of workspace endpoints
-var healthHttpClient = &http.Client{
-	Transport: &http.Transport{
-		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-	},
-}
-
 // updateWorkspaceStatus updates the current workspace's status field with conditions and phase from the passed in status.
 // Parameters for result and error are returned unmodified, unless error is nil and another error is encountered while
 // updating the status.
@@ -171,7 +162,7 @@ func checkServerStatus(workspace *dw.DevWorkspace) (ok bool, err error) {
 	}
 	healthz.Path = healthz.Path + "healthz"
 
-	resp, err := healthHttpClient.Get(healthz.String())
+	resp, err := healthCheckHttpClient.Get(healthz.String())
 	if err != nil {
 		return false, err
 	}