Merge pull request #2037 from yuqi-zhang/inject-proxy-into-mcd

Bug 1857162: daemon: inject proxy vars into MCD container
openshift · Sep 3, 2020 · 1e336ef · 1e336ef
2 parents c60d972 + 197db25
commit 1e336ef
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 0 deletions.
diff --git a/lib/resourcemerge/core.go b/lib/resourcemerge/core.go
@@ -99,6 +99,23 @@ func ensureContainer(modified *bool, existing *corev1.Container, required corev1
 
 	setStringIfSet(modified, &existing.WorkingDir, required.WorkingDir)
 
+	// also sync the env vars here, added to handle proxy
+	for _, required := range required.Env {
+		var existingCurr *corev1.EnvVar
+		for j, curr := range existing.Env {
+			if curr.Name == required.Name {
+				existingCurr = &existing.Env[j]
+				break
+			}
+		}
+		if existingCurr == nil {
+			*modified = true
+			existing.Env = append(existing.Env, corev1.EnvVar{})
+			existingCurr = &existing.Env[len(existing.Env)-1]
+		}
+		ensureEnvVar(modified, existingCurr, required)
+	}
+
 	// any port we specify, we require
 	for _, required := range required.Ports {
 		var existingCurr *corev1.ContainerPort
@@ -177,6 +194,13 @@ func ensureContainerPort(modified *bool, existing *corev1.ContainerPort, require
 	}
 }
 
+func ensureEnvVar(modified *bool, existing *corev1.EnvVar, required corev1.EnvVar) {
+	if !equality.Semantic.DeepEqual(required, *existing) {
+		*modified = true
+		*existing = required
+	}
+}
+
 func ensureVolumeMount(modified *bool, existing *corev1.VolumeMount, required corev1.VolumeMount) {
 	if !equality.Semantic.DeepEqual(required, *existing) {
 		*modified = true

diff --git a/manifests/machineconfigdaemon/daemonset.yaml b/manifests/machineconfigdaemon/daemonset.yaml
@@ -34,6 +34,20 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: spec.nodeName
+          {{if .ControllerConfig.Proxy}}
+          {{if .ControllerConfig.Proxy.HTTPProxy}}
+          - name: HTTP_PROXY
+            value: {{.ControllerConfig.Proxy.HTTPProxy}}
+          {{end}}
+          {{if .ControllerConfig.Proxy.HTTPSProxy}}
+          - name: HTTPS_PROXY
+            value: {{.ControllerConfig.Proxy.HTTPSProxy}}
+          {{end}}
+          {{if .ControllerConfig.Proxy.NoProxy}}
+          - name: NO_PROXY
+            value: {{.ControllerConfig.Proxy.NoProxy}}
+          {{end}}
+          {{end}}
       - name: oauth-proxy
         image: {{.Images.OauthProxy}}
         ports:

diff --git a/pkg/daemon/update.go b/pkg/daemon/update.go
@@ -271,6 +271,8 @@ func podmanCopy(imgURL, osImageContentDir string) (err error) {
 
 // ExtractOSImage extracts OS image content in a temporary directory under /run/machine-os-content/
 // and returns the path on successful extraction.
+// Note that since we do this in the MCD container, cluster proxy configuration must also be injected
+// into the container. See the MCD daemonset.
 func ExtractOSImage(imgURL string) (osImageContentDir string, err error) {
 	var registryConfig []string
 	if _, err := os.Stat(kubeletAuthFile); err == nil {

diff --git a/pkg/operator/assets/bindata.go b/pkg/operator/assets/bindata.go
@@ -1429,6 +1429,20 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: spec.nodeName
+          {{if .ControllerConfig.Proxy}}
+          {{if .ControllerConfig.Proxy.HTTPProxy}}
+          - name: HTTP_PROXY
+            value: {{.ControllerConfig.Proxy.HTTPProxy}}
+          {{end}}
+          {{if .ControllerConfig.Proxy.HTTPSProxy}}
+          - name: HTTPS_PROXY
+            value: {{.ControllerConfig.Proxy.HTTPSProxy}}
+          {{end}}
+          {{if .ControllerConfig.Proxy.NoProxy}}
+          - name: NO_PROXY
+            value: {{.ControllerConfig.Proxy.NoProxy}}
+          {{end}}
+          {{end}}
       - name: oauth-proxy
         image: {{.Images.OauthProxy}}
         ports: