Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1566545 - Proxy related environment variables gets injected in to application container
Summary: Proxy related environment variables gets injected in to application container
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Build
Version: 3.7.0
Hardware: x86_64
OS: Linux
Target Milestone: ---
: ---
Assignee: Ben Parees
QA Contact: Wenjing Zheng
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-12 13:43 UTC by Manikandan Somasundaram
Modified: 2021-06-10 15:47 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2018-04-12 13:50:08 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Manikandan Somasundaram 2018-04-12 13:43:22 UTC
Description of problem:
  When deploying an application using the provided S2I images the environment variables "http_proxy", "https_proxy" and "no_proxy" are built into the container image.  Container images should not contain proxy related env variables.

Version-Release number of selected component (if applicable):

* OpenShift Container Platform 3.x

Steps to Reproduce:

1] Create deployment config with "http_proxy", "https_proxy" and "no_proxy" in “/etc/origin/master/master-config.yaml” file
2] Deploy an application and observe that the proxy environment variables gets injected in to an application container. 

Actual results: 
-  Proxy environment variables injects in to an application container.

Expected results:
- Proxy environment variables should inject in to build pod and once build gets completed the variables should not injected in to an application container.

Additional info:

Comment 1 Ben Parees 2018-04-12 13:50:08 UTC
Unfortunately there's nothing we can do about this, it's a limitation of the architecture of s2i which has to provide the env vars to the container running your assemble script (so your assemble logic has a proper proxy configuration), and then commits that container as your new image.

The behavior is documented:


"Variables provided will be present during the build process and in the output image."

Note You need to log in before you can comment on or make changes to this bug.