configure proxy for control plane components in a seed

[kdomanski]

User Story
Components of the control plane, like the machine-controller or the controller-manager might need to issue requests to external destinations, e.g. cloud provider API endpoints. However, if they are located in a DC that doesn't normally have Internet access, then such requests must go over an HTTP proxy. For that purpose, the proxy must be configurable for this DC.

Acceptance criteria

• a new top-level field ProxySettings is added to the Datacenter struct and contains settings for both "https proxy" and "no proxy", analogous to the settings in NodeSettings
• if set, then they are applied as env vars (or command line options, if applicable) to the following control plane components:
  • machine-controller
  • controller-manager
  • usercluster-controller
  • apiserver
• they are also used as fallback for the node proxy settings, if the relevant values in NodeSettings are not specified

[kdomanski]

@alvaroaleman Would it make sense to move out the http proxy settings out of NodeSettings now, since their usage is now twofold?

[alvaroaleman]

I bet someone will come up with a case where the proxy settings for the machine-controller must be different than the ones for the nodes.

What about adding a top-level ProxySettings attribute to the Datacenter and and using its value per default for the nodes, but still allowing to overwrite it on node-level?

[kdomanski]

@alvaroaleman That sounds perfect, I'll edit the criteria.

[toschneck]

@alvaroaleman / @kdomanski where could I configure the proxy in the charts? If i saw it correctly, we now respect the environment vars in the kubermatic components, but we need still to configure it somewhere, or how does it work?

Can you confirm that also the cloud provider calls are respecting the proxy? E.g. the AWS Endpoints need to be called also trough the proxy.