New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CFE-755: Support cluster-wide egress proxy injection #103
CFE-755: Support cluster-wide egress proxy injection #103
Conversation
Skipping CI for Draft Pull Request. |
7b07a19
to
de5a5cc
Compare
7b7beb2
to
6fe3276
Compare
@thejasn: This pull request references CFE-755 which is a valid jira issue. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
6fe3276
to
a8016c7
Compare
@thejasn: This pull request references CFE-755 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@thejasn: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
/cc @xingxingxia |
I'm executing below to try pre-merge testing:
If stuck due to whatever, will label directly to unblock merge, and test after merge. |
They are same as oc get proxy -o yaml.
In all 3 pods, there are both upper case and lower case proxy env vars ^^
In all 3 pods, there is proxy ca injected ^^ Then test functions of self-signed issuer, CA issuer, ACME http01 solver issuer with external server https://acme-v02.api.letsencrypt.org/directory which can't be accessed by cert-manager if the proxy stuff is not injected, and certificates, they work well. So adding qe label: |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: thejasn, TrilokGeer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes CM-37 |
/label docs-approved |
/cc @davemulford |
/label px-approved |
Description
This PR adds egress proxy injection support to the operator. Proxy environment variables will now be propagated to the operand from the operator deployment. This PR also provides an option to provide custom trusted CA certificates.
pkg/controller/deployment/cert_manager_cainjector_deployment.go
,pkg/controller/deployment/cert_manager_controller_set.go
,pkg/controller/deployment/cert_manager_controller_deployment.go
andpkg/controller/deployment/cert_manager_webhook_deployment.go
: Fix informers arg names and pass trusted CA configmap at runtime.pkg/controller/deployment/deployment_overrides.go
: Add 2 new deployment hooks to inject proxy env variables and inject trusted CA configmap as a volume.pkg/controller/deployment/generic_deployment_controller.go
: Add configmap informers to re-sync deployments (watch configmaps in the operand namespace).