Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Proxy #130

Open
abudavis opened this issue Jan 2, 2025 · 0 comments
Open

Support for Proxy #130

abudavis opened this issue Jan 2, 2025 · 0 comments

Comments

@abudavis
Copy link

abudavis commented Jan 2, 2025
edited
Loading

Environment: Single Node Openshift (SNO) v4.16 for edge sites
Helm Chart version: akv2k8s v2.7.2
Deployed using ArgoCD which is part of Openshift GitOps Operator

Somehow passing the proxy variables in the deployment using ArgoCD did not work and we got the following error. The SNO cluster has a cluster wide proxy configured but Openshift requires that individual applications implement proxy using environment variables.

Akv2k8s pod startup error when a secret object is added:
I0102 09:39:38.147960 1 worker.go:97] Error syncing key ace/conf-barauth: Failed to get secret for 'conf-barauth' from Azure Key Vault 'company-deep-test-vault': context deadline exceeded

Workaround: Only upon manually adding the "HTTP_PROXY", "HTTPS_PROXY" and "NO_PROXY" environment variables directly into the deployment "akv2k8s-controller" did it actually work.

Following is the ArgoCD app that successfully installed akv2k8s on target SNO cluster but did not add the PROXY environment variables above into the deployment "akv2k8s-controller".
Is this something you could fix in the helm chart?

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: deep-akv2k8s
  namespace: openshift-gitops
  annotations:
    argocd.argoproj.io/sync-wave: "-2"
spec:
  destination:
    namespace: akv2k8s
    server: 'https://api.deep.423.tst.ocp.company.com:6443'
  project: default
  source:
    chart: akv2k8s
    helm:
      parameters:
        - name: global.keyVaultAuth
          value: environment
        - name: controller.enabled
          value: 'true'
        - name: controller.metrics.enabled
          value: 'true'
        - name: env_injector.enabled
          value: 'false'
        - name: controller.securityContext.allowPrivilegeEscalation
          value: 'false'
        - name: global.env.AZURE_TENANT_ID
          value: xxx
        - name: global.env.AZURE_CLIENT_ID
          value: xxx
        - name: global.env.AZURE_CLIENT_SECRET
          value: xxx
        - name: global.httpProxy
          value: http://internetproxy.company.com:8080
        - name: global.httpsProxy
          value: http://internetproxy.company.com:8080
        - name: global.noProxy
          value: .cluster.local,.svc,.company.com,10.0.0.0/8,10.128.0.0/14,127.0.0.1,172.30.0.0/16,192.168.0.0/16,192.168.30.0/23,api-int.deep.423.tst.ocp.company.com,localhost
      releaseName: akv2k8s
    repoURL: 'https://charts.spvapi.no'
    targetRevision: 2.7.2
  syncPolicy:
    automated:
      prune: true
      selfHeal: true
    syncOptions:
      - CreateNamespace=true
      - Replace=true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@abudavis