Web Proxy support

[antoinetran]

Short Description of the issue

In a closed network environment, with internet access only though a authenticated web proxy, the interlink deployment fails.

Environment

• Operating System: Redhat 8
• Other related components versions: interlink 0.3.0

Steps to reproduce

Logs, stacktrace, or other symptoms

kubectl -n interlink logs my-vk-node-5dfb4b48cc-btdb7
Defaulted container "inttw-vk" out of: inttw-vk, refresh-token
time="2024-07-11T09:53:42Z" level=info msg="Loading Virtual Kubelet config from /etc/interlink/InterLinkConfig.yaml"
time="2024-07-11T09:53:42Z" level=info msg="Trying InCluster configuration"
time="2024-07-11T09:53:42Z" level=info msg="Loading Virtual Kubelet config from /etc/interlink/InterLinkConfig.yaml"
time="2024-07-11T09:53:42Z" level=info msg=nodeLoop
time="2024-07-11T09:53:42Z" level=fatal msg="open /opt/interlink/token: no such file or directory"

No token because no internet.

Summary of proposed changes

Add in ~/.interlink.yaml, a config like this:

proxy:
  user:
  password
  https_proxy
  http_proxy
  no_proxy

[antoinetran]

Workaround:
I confirm that adding these env variables to ~/.interlink/interlink.yaml fixed the issue:

        - name: TOKEN_PATH
          value: /opt/interlink/token
        - name: HTTPS_PROXY
          value: http://user:password@proxy:port
        - name: HTTP_PROXY
          value: http://user:password@proxy:port
        command:
        - python3
        - /opt/refresh.py

[dciangot]

hi @antoinetran , thanks for the report. I think we can include this in the next release, looks like quite a simple enhancement to be put in.

I'm curious, is this a pecularity of your use case? Or just due to a particular setup which you are using to play with interlink?

[antoinetran]

I'm curious, is this a pecularity of your use case? Or just due to a particular setup which you are using to play with interlink?

I'm not sure I understand, if I rephrase, is-it normal to have a web proxy in our environment? Yes, it is quite the standard in lots of environments to have internet only through a corporate proxy. I expect the interlink to get its token through the web proxy for test purpose, although I would have like it to not rely on internet at all.

[dciangot]

The only requirement for internet is at the authentication level b/w the cluster and the remote interlink server. If you have an oauth2 compatible identity provider inside your corporate perimeter is just as fine as using github. The alternative (not coming in 0.3, but probably in 0.4) is to use x509 certs.

The purpose of the question was a bit different though, I just wanted to know more about your use case (at large) to understand how we can help.

[antoinetran]

The purpose of the question was a bit different though, I just wanted to know more about your use case (at large) to understand how we can help.

No problem, let me answer you in private by email :)