From fbc32e30324633c9622d06cac1471eccc5323337 Mon Sep 17 00:00:00 2001 From: samir-tahir Date: Wed, 10 Jul 2024 14:47:47 +0100 Subject: [PATCH] feat: Add optional env vars for setting proxy for Github and Vault - GITHUB_PROXY - VAULT_PROXY_ADDR --- README.md | 3 +++ cmd/main.go | 28 ++++++++++++++++++++++++---- config/manager/manager.yaml | 6 ++++++ 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 410b4d0..f594aaa 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,9 @@ Key features: - It will default to `5m` if not set - `EXPIRY_THRESHOLD` - i.e. to reconcile a new access token if there is less than 10 mins left from expiry, set the value to `10m` - It will default to `15m` if not set +- You can specify a proxy for GitHub and Vault using the env vars: + - `GITHUB_PROXY` - i.e. `http://myproxy.com:8080` + - `VAULT_PROXY_ADDR` - i.e. `http://myproxy.com:8080` - Optionally, you can enable rolling upgrade to deployments in the same namespace as the `GithubApp` that match any of the labels you define in `spec.rolloutDeployment.labels` - This is useful where pods need to be recreated to pickup the new secret data. - By default the logs are json formatted and log level is set to info and error, you can set `DEBUG_LOG` to `true` in the manager deployment environment variable for debug level logs. diff --git a/cmd/main.go b/cmd/main.go index fff71d9..8c44c59 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -19,6 +19,8 @@ package main import ( "crypto/tls" "flag" + "net/http" // http client + "net/url" "os" "strconv" @@ -27,7 +29,6 @@ import ( vault "github.com/hashicorp/vault/api" // vault client kubernetes "k8s.io/client-go/kubernetes" // k8s client _ "k8s.io/client-go/plugin/pkg/client/auth" - "net/http" // http client ctrlConfig "sigs.k8s.io/controller-runtime/pkg/client/config" "k8s.io/apimachinery/pkg/runtime" @@ -105,8 +106,27 @@ func main() { TLSOpts: tlsOpts, }) - // http client - httpClient := &http.Client{} + // http client with optional proxy configured + var httpClient *http.Client + // Check for GITHUB_PROXY environment variable and add to http client + if gitProxy := os.Getenv("GITHUB_PROXY"); gitProxy != "" { + // If the environment variable is set, use its value in the http client + proxyURL, _ := url.Parse(gitProxy) + + // Add proxy to transport + transport := &http.Transport{ + Proxy: http.ProxyURL(proxyURL), + } + + // Add transport to http client + httpClient = &http.Client{ + Transport: transport, + } + + // Else create default http client with on proxy + } else { + httpClient = &http.Client{} + } // Initialise vault client with default config - uses default Vault env vars for config // See - https://pkg.go.dev/github.com/hashicorp/vault/api#pkg-constants @@ -150,7 +170,7 @@ func main() { // Path to store private keys for local caching privateKeyCachePath := "/var/run/github-app-secrets/" - // Check for PRIVATE_KEY_CACHE_PATH environment variable amnd override privateKeyCachePath + // Check for PRIVATE_KEY_CACHE_PATH environment variable and override privateKeyCachePath if customCachePath := os.Getenv("PRIVATE_KEY_CACHE_PATH"); customCachePath != "" { // If the environment variable is set, use its value as the privateKeyCachePath privateKeyCachePath = customCachePath diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 691df8a..5c63178 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -113,9 +113,15 @@ spec: value: githubapp - name: VAULT_ADDR value: "http://vault.default:8200" + # Optional proxy for github + - name: GITHUB_PROXY + value: "" # Enterprise vault only - set namespace - name: VAULT_NAMESPACE value: "" + # Optional proxy for Vault + - name: VAULT_PROXY_ADDR + value: "" # optional vault env vars - https://pkg.go.dev/github.com/hashicorp/vault/api#pkg-constants # volume to cache private keys volumeMounts: