Bug 1253675
Summary: | [RFE] Ability to specify global http proxy settings | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Josep 'Pep' Turro Mauri <pep> |
Component: | RFE | Assignee: | Scott Dodson <sdodson> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Gan Huang <ghuang> |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | 3.0.0 | CC: | bleanhar, bparees, csvoboda, dmcphers, erich, ghuang, gpei, jkaur, jokerman, knakayam, libra-bugs, mbarrett, misalunk, mmccomas, nhashimo, plarsen, rdasilva, rmartine, sauchter, sdodson, tkimura, xiama |
Target Milestone: | --- | Keywords: | FutureFeature |
Target Release: | --- | Flags: | misalunk:
needinfo-
|
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Enhancement | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-05-20 15:08:57 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1267746 |
Description
Josep 'Pep' Turro Mauri
2015-08-14 12:32:55 UTC
I can see some folks having use cases where they would want to ignore the global proxy settings to not use a proxy or even use a different proxy. Most likely this would be an application specific requirement where internet traffic would need to go through a certain proxy for a certain reason. We should still permit devs and ops to configure applications/pods to overwrite the global proxy settings if needed. (In reply to Chuck Svoboda from comment #3) > I can see some folks having use cases where they would want to ignore the > global proxy settings to not use a proxy or even use a different proxy. Most > likely this would be an application specific requirement where internet > traffic would need to go through a certain proxy for a certain reason. We > should still permit devs and ops to configure applications/pods to overwrite > the global proxy settings if needed. BuildConfigs already allow you to specify proxy settings manually. Actually, right now this is how you must do it: on every buildConfig, or dc's env settings, or templates generating them. The goal of the request here is to be able to specify global defaults on a single place and eliminate the tedious and prone to error manual configuration required now. But overriding settings via the [already existing] per-resource configuration would still be possible - although we probably want to keep global no_proxy settings active and maybe add any individual specifications instead of overriding. Overriding system configuration (e.g. the nodes' docker config in /etc/sysconfig/docker including proxy settings) is not possible at a resource level though. Does that make sense? *** Bug 1248365 has been marked as a duplicate of this bug. *** The two stories related to this RFE are: https://trello.com/c/aYry4Mpg/842-5-global-proxy-configuration https://trello.com/c/Wia7PSVf/168-3-global-proxy-configuration The support for this is in now, not sure about the install portion. Brenton? It's next on scott's list. There's a relate DNS card he's working on right now. Installer PR https://github.com/openshift/openshift-ansible/pull/1385 Advanced Installer Docs PR https://github.com/openshift/openshift-docs/pull/1607 Installer trello card https://trello.com/c/Wia7PSVf/168-3-global-proxy-configuration I guess since this is assigned to me I'm going to flip it back to ON_QA so that QE tests the installer bits. I'm putting this ON_QA as the PR has recently been updated and I'd like to get more feedback from QE. *** Bug 1321062 has been marked as a duplicate of this bug. *** I've pushed a much updated set of code to https://github.com/openshift/openshift-ansible/pull/1385 Key changes since previous revisions : - portal_net (kube svc ip CIDR) and SDN CIDR ranges are added to the master's NO_PROXY value by default. - node no longer gets proxy envars set by default, in most cases this is the right thing to do unless you require a proxy to reach the master API - BuildDefaults admission controller is additive to any other admission controller config you have. Anyone interested in testing this please take a look! We'll be working on getting this peer reviewed and merged soon. In openshift-ansible-3.0.85-1.git.0.7812917.el7 which is in latest puddle Have pasted related bugs in https://trello.com/c/Wia7PSVf/168-3-global-proxy-configuration Once finishing the testing of the card. I'll move it to verified. Test aganist with openshift-ansible-3.0.88-1.git.0.31c3daf.el7.noarch It's blocked in container installation, and ok for rpm installation. This issue will be tracked in BZ#1335063. Verified with openshift-ansible-3.0.90-1.git.0.a077b68.el7.noarch BZ#1335063 has been fixed, and the rest of bugs in https://trello.com/c/Wia7PSVf/168-3-global-proxy-configuration don't block global proxy setting anymore. Move it to verified. |