Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API Validation for EgressProxySpec #3077

Closed
DerekV opened this issue Jul 28, 2017 · 3 comments
Closed

API Validation for EgressProxySpec #3077

DerekV opened this issue Jul 28, 2017 · 3 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@DerekV
Copy link
Contributor

DerekV commented Jul 28, 2017

We are adding support for clusters behind http forward proxies to the ClusterSpec, called EgressProxySpec. Validation should be added for this.

I would suggest also requiring an explicit Port for HTTPProxy rather than allowing the user to omit it at this stage, as in practice, using the transport default ports 80 and 443 for proxy servers is not the typical case, and I think it might prevent users some pain to just make them state what it is explicitly.
@DerekV DerekV mentioned this issue Jul 28, 2017
Merged
17 tasks
k8s-github-robot pushed a commit that referenced this issue Aug 7, 2017
Merge pull request #2777 from MadDogTechnology/master
38608bd 
Automatic merge from submit-queue

Add support for cluster using http forward proxy #2481

Adds support for running a cluster where access to external resources must be done through an http forward proxy.  This adds a new element to the ClusterSpec, `EgressProxy`, and then sets up environment variables where appropriate.  Access to API servers is additionally assumed to be done through the proxy, in particular this is necessary for AWS VPCs with private topology and egress by proxy (no NAT), at least until Amazon implements VPC Endpoints for the APIs.

Additionally, see my notes in #2481


TODOs

- [x] Consider editing files from nodeup rather than cloudup
- [x] Add support for RHEL
    - [x] Validate on RHEL
- [x] ~Add support for CoreOS~ See #3032
- [x] ~Add support for vSphere~ See #3071
- [x] Minimize services effected
- [x] ~Support seperate https_proxy configuration~ See #3069
- [x] ~Remove unvalidated proxy auth support (save for future PR)~ See #3070
- [x] Add Documentation
- [x] Fill in some sensible default exclusions for the user, allow the user to extend this list
- [x] Address PR review comments
- [x] Either require port or handle nil
- [x] ~Do API validation (or file an issue for validation)~ See #3077 
- [x] Add uppercase versions of proxy env vars to cover our bases
- [x] ~File an issue for unit tests~ 😬  See #3072 
- [x] Validate cluster upgrades and updates
- [x] Remove ftp_proxy (nothing uses)
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

Prevent issues from auto-closing with an /lifecycle frozen comment.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 1, 2018
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten
/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Feb 7, 2018
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@DerekV @k8s-ci-robot @fejta-bot