feat: Add optional env vars for setting proxy for Github and Vault

- GITHUB_PROXY - VAULT_PROXY_ADDR
samirtahir91 · Jul 10, 2024 · fbc32e3 · fbc32e3
1 parent 948ee66
commit fbc32e3
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -49,6 +49,9 @@ Key features:
     - It will default to `5m` if not set
   - `EXPIRY_THRESHOLD` - i.e. to reconcile a new access token if there is less than 10 mins left from expiry, set the value to `10m`
     - It will default to `15m` if not set
+- You can specify a proxy for GitHub and Vault using the env vars:
+  - `GITHUB_PROXY` - i.e. `http://myproxy.com:8080`
+  - `VAULT_PROXY_ADDR` - i.e. `http://myproxy.com:8080`
 - Optionally, you can enable rolling upgrade to deployments in the same namespace as the `GithubApp` that match any of the labels you define in `spec.rolloutDeployment.labels`
   - This is useful where pods need to be recreated to pickup the new secret data.
 - By default the logs are json formatted and log level is set to info and error, you can set `DEBUG_LOG` to `true` in the manager deployment environment variable for debug level logs.

diff --git a/cmd/main.go b/cmd/main.go
@@ -19,6 +19,8 @@ package main
 import (
 	"crypto/tls"
 	"flag"
+	"net/http" // http client
+	"net/url"
 	"os"
 	"strconv"
 
@@ -27,7 +29,6 @@ import (
 	vault "github.com/hashicorp/vault/api"   // vault client
 	kubernetes "k8s.io/client-go/kubernetes" // k8s client
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
-	"net/http" // http client
 	ctrlConfig "sigs.k8s.io/controller-runtime/pkg/client/config"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -105,8 +106,27 @@ func main() {
 		TLSOpts: tlsOpts,
 	})
 
-	// http client
-	httpClient := &http.Client{}
+	// http client with optional proxy configured
+	var httpClient *http.Client
+	// Check for GITHUB_PROXY environment variable and add to http client
+	if gitProxy := os.Getenv("GITHUB_PROXY"); gitProxy != "" {
+		// If the environment variable is set, use its value in the http client
+		proxyURL, _ := url.Parse(gitProxy)
+
+		// Add proxy to transport
+		transport := &http.Transport{
+			Proxy: http.ProxyURL(proxyURL),
+		}
+
+		// Add transport to http client
+		httpClient = &http.Client{
+			Transport: transport,
+		}
+
+		// Else create default http client with on proxy
+	} else {
+		httpClient = &http.Client{}
+	}
 
 	// Initialise vault client with default config - uses default Vault env vars for config
 	// See - https://pkg.go.dev/github.com/hashicorp/vault/api#pkg-constants
@@ -150,7 +170,7 @@ func main() {
 
 	// Path to store private keys for local caching
 	privateKeyCachePath := "/var/run/github-app-secrets/"
-	// Check for PRIVATE_KEY_CACHE_PATH environment variable amnd override privateKeyCachePath
+	// Check for PRIVATE_KEY_CACHE_PATH environment variable and override privateKeyCachePath
 	if customCachePath := os.Getenv("PRIVATE_KEY_CACHE_PATH"); customCachePath != "" {
 		// If the environment variable is set, use its value as the privateKeyCachePath
 		privateKeyCachePath = customCachePath

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -113,9 +113,15 @@ spec:
             value: githubapp
           - name: VAULT_ADDR
             value: "http://vault.default:8200"
+          # Optional proxy for github
+          - name: GITHUB_PROXY
+            value: ""
           # Enterprise vault only - set namespace
           - name: VAULT_NAMESPACE
             value: ""
+          # Optional proxy for Vault
+          - name: VAULT_PROXY_ADDR
+            value: ""
           # optional vault env vars - https://pkg.go.dev/github.com/hashicorp/vault/api#pkg-constants
         # volume to cache private keys
         volumeMounts: