Description of problem: When deploying an application using the provided S2I images the environment variables "http_proxy", "https_proxy" and "no_proxy" are built into the container image. Container images should not contain proxy related env variables. Version-Release number of selected component (if applicable): * OpenShift Container Platform 3.x Steps to Reproduce: 1] Create deployment config with "http_proxy", "https_proxy" and "no_proxy" in “/etc/origin/master/master-config.yaml” file 2] Deploy an application and observe that the proxy environment variables gets injected in to an application container. Actual results: - Proxy environment variables injects in to an application container. Expected results: - Proxy environment variables should inject in to build pod and once build gets completed the variables should not injected in to an application container. Additional info:
Unfortunately there's nothing we can do about this, it's a limitation of the architecture of s2i which has to provide the env vars to the container running your assemble script (so your assemble logic has a proper proxy configuration), and then commits that container as your new image. The behavior is documented: https://docs.openshift.org/latest/dev_guide/builds/build_strategies.html#configuring-the-source-environment "Variables provided will be present during the build process and in the output image."