1. Proposed title of this feature request =>Cannot use ssh for git repos when http/s proxy is set 3. What is the nature and description of the request? => A check in the build validation (func validateGitSource) will prevent any use of ssh to access git repos when the http or https proxy variables are set in the cluster proxy settings. The cluster is installed with openshift_http_proxy and openshift_https_proxy variables set in installer variables. However, when gitHTTProxy and gitHTTPSProxy are set as a consequence, we cannot access internal git repositories with ssh:// URIs due to the mentioned build validation. Our current workaround to access internal private git repositories with SSH is to set gitHTTPProxy and gitHTTPSProxy to blank values in /etc/origin/master/master-config.yaml. This way users can access local git repositories as expected with ssh:// URIs as expected. However, to access any external repository (access to external repos would use HTTP/S) we would need to use a proxy. This ticket is for investigating possibilities of changing the build validation to allow SSH-accessed git repos even when gitHTTPProxy, gitHTTPSProxy parameters are set. The result is an error message 'only http:// and https:// GIT protocols are allowed with HTTP or HTTPS proxy set' Expected behavior: The proxy settings for http should not interfere with the ability to access internal ssh git repos.
To fix this we should just remove the validation rule and allow proxy values to be set regardless of git protocol.
Removing the check would be fine with me.
This is not a new feature request, but just a regression due to https://github.com/openshift/origin/pull/5959 I hope that this ticket should be handled in a more timely manner...
One of the customers is asking the ETA. Could you please tell us the ETA?
The enterprise customer is asking us to provide the fix for 3.3. If you will fix this on the upstream, please backport to OCP 3.3.
https://github.com/openshift/origin/pull/12463
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/cd8299b4556452dc0c1543d74253197a8cc37e70 allow proxy values to be specified with non-http git uris bug 1397475
Verified with below version, git repo can be used when http/s proxy is set: openshift v3.4.1.0 kubernetes v1.4.0+776c994 etcd 3.1.0-rc.0
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0218