Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oci create cluster behind proxy not use parameter #21

Open
chris93111 opened this issue Nov 2, 2020 · 5 comments
Open

oci create cluster behind proxy not use parameter #21

chris93111 opened this issue Nov 2, 2020 · 5 comments
Assignees
@jlamillan

Comments

@chris93111
Copy link

Hi

rancher 2.4.8 , driver 1.15.0

The driver don't user proxy parameter set in rancher
all work aws/helm/download drivers with proxy
only oci doesn't work

i have try also rancher with directly internet and it's work with same account

Get "https://iaas.XXXXXX.oraclecloud.com/XXXXXXX/vcns?compartmentId=XXXXXXXXXdisplayName=XXXXX": dial tcp XXXXXXX:443: i/o timeout
@jlamillan
Copy link
Collaborator

Thanks for the report, we'll take a look. 

@jlamillan
Copy link
Collaborator

Which proxy environment variables are you setting on the Rancher server?

@jlamillan
Copy link
Collaborator

jlamillan commented Nov 19, 2020
edited

@chris93111 I've verified that when HTTP_PROXY and HTTPS_PROXY environment variables are present in the environment, the OKE driver (v1.5.0) will use the proxy. This is because to OCI SDK does not set the http.Transport, and the default implementation will pick up http.ProxyFromEnvironment by default - at least that's the way it's working with the SDK version being used in v1.5.0 of the driver.

I'm going to check with the folks at Rancher to confirm whether Rancher server / kontainerdriver are ensuring the environment variables are being passed into a non-built-in driver like OKE assuming they are set on the server i.e.

  containers:
  - name: rancher
    image: rancher/rancher:v2.4.8
    env:
    - name: HTTP_PROXY
      value: http://your-proxy.com
    - name: HTTPS_PROXY
      value: http://your-proxy.com
      ...

In the meantime, it'd be helpful if you could confirm a few things including whether you are setting these values on your Rancher server, and what version of the driver you are using (there is no such version 1.15.0). I'd also be curious about what the value of XXXXXX was in "https://iaas.XXXXXX.oraclecloud.com" just in case its somehow related to #20 (i.e. not being subscribed to PHX).

@jlamillan jlamillan self-assigned this Nov 19, 2020
@chris93111
Copy link
Author

Hi i not remember if i try with 1.5.0 because default in 2.4.8 is 1.4.0, I test and I give you a return

The proxy is set in rancher all work with aws

image

i give you the full url after try

@jlamillan
Copy link
Collaborator

jlamillan commented Nov 20, 2020
edited

OKE driver 1.4.0 used an older version of the OCI SDK. I suspect it works, but I have not verified the proxy behavior.

I did set up an HTTPS proxy (mitmproxy) and set theHTTP_PROXY environment variable on the Rancher server to point to it. I was able to verify that all the outgoing connections by the UI, Rancher server, and the OKE driver (version v1.5.0) all went through the proxy as expected.

Here is a screenshot of the mitmproxy console as the OKE driver was creating a cluster. You can see the calls the driver makes to create the VCN, cluster, and poll waiting for the cluster to be ready interwoven with the calls the Rancher server is making:

mitmproxy_output

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jlamillan jlamillan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jlamillan @chris93111