Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

k8s_metadata_decorator operator breaks when using a proxy #238

Closed
jsirianni opened this issue Dec 31, 2020 · 0 comments · Fixed by #239
Closed

k8s_metadata_decorator operator breaks when using a proxy #238

jsirianni opened this issue Dec 31, 2020 · 0 comments · Fixed by #239
Assignees
@jsirianni
Labels
bug Something isn't working

Comments

@jsirianni
Copy link
Member

Describe the bug

When HTTP_PROXY is set, the k8s_metadata_decorator attempts to connect to Kubernetes APIs using the proxy. This is by design: type rest.Config

...
// Proxy is the proxy func to be used for all requests made by this
// transport. If Proxy is nil, http.ProxyFromEnvironment is used. If Proxy
// returns a nil *URL, no proxy is used.
//
// socks5 proxying does not currently support spdy streaming endpoints.
Proxy func(*http.Request) (*url.URL, error)

To Reproduce
Steps to reproduce the behavior:

  1. Deploy Stanza with HTTP_PROXY set and use the OpenShift plugin
  2. Watch stanza logs for error:
{"level":"info","timestamp":"2020-12-31T17:26:23.902Z","message":"Starting stanza agent"}
{"level":"error","timestamp":"2020-12-31T17:26:34.421Z","message":"Failed to start stanza agent","error":{"description":"test connection list namespaces: Get \"https://172.30.0.1:443/api/v1/namespaces\": context deadline exceeded"}}

The agent fails to connect to the Kubernetes API because the Proxy (external to the cluster) cannot reach the kubernetes API (internal to Kubernetes.

Expected behavior

Kubernetes API interactions should be treated as "internal" traffic, and not pass through the proxy that Stanza is using for outgoing connections.

Proxy support for this operator should be an optional parameter, defaulting to false (no proxy).

Environment:

  • RHEL 7
  • OpenShift 3.11
  • Fresh build 92e9403
@jsirianni jsirianni added the bug Something isn't working label Dec 31, 2020
@jsirianni jsirianni self-assigned this Dec 31, 2020
jsirianni pushed a commit that referenced this issue Dec 31, 2020
Added allow_proxy option (default: false) for enabling or
069d482 
disabling the use of a proxy for this operator. Generally, you would
not want to use a proxy for connections to the Kubernetes API.

The Kubernetes client, by default, will use any proxy set at HTTP_PROXY or
HTTPS_PROXY unless the proxy function is set.

supporting docs:
- https://godoc.org/k8s.io/client-go/rest#Config
- https://golang.org/pkg/net/http/#ProxyFromEnvironment

resolves #238
@jsirianni jsirianni mentioned this issue Dec 31, 2020
Merged
4 tasks
jsirianni pushed a commit that referenced this issue Jan 4, 2021
@djaglowski
Make proxy optional for k8s_metadata_decorator (#239)
0a43d10 
* Added `allow_proxy` option (default: false) for enabling or
disabling the use of a proxy for this operator. Generally, you would
not want to use a proxy for connections to the Kubernetes API.

The Kubernetes client, by default, will use any proxy set at HTTP_PROXY or
HTTPS_PROXY unless the proxy function is set.

supporting docs:
- https://godoc.org/k8s.io/client-go/rest#Config
- https://golang.org/pkg/net/http/#ProxyFromEnvironment

resolves #238

* changelog: using a proxy causes internal API timeout

* Clarify that boolean is enabling / disabling proxy support when communicating with the k8s api

* Use mocked time function for tests

Co-authored-by: Dan Jaglowski <dan.jaglowski@bluemedora.com>
@jsirianni jsirianni mentioned this issue Feb 4, 2021
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsirianni jsirianni

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make proxy optional for k8s_metadata_decorator observIQ/stanza
1 participant
@jsirianni