djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #785 from enj/enj/i/no_proxy_env

Browse Source 
Provide good defaults for NO_PROXY
This commit is contained in:
Mo Khan 2021-08-17 12:55:12 -04:00 committed by GitHub
commit 9d11be899c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
deploy/concierge/deployment.yaml
View File

@ -152,6 +152,15 @@ spec:
mountPath: /etc/podinfo mountPath: /etc/podinfo
- name: impersonation-proxy - name: impersonation-proxy
mountPath: /var/run/secrets/impersonation-proxy.concierge.pinniped.dev/serviceaccount mountPath: /var/run/secrets/impersonation-proxy.concierge.pinniped.dev/serviceaccount
env:
#@ if data.values.https_proxy:
- name: HTTPS_PROXY
value: #@ data.values.https_proxy
#@ end
#@ if data.values.https_proxy and data.values.no_proxy:
- name: NO_PROXY
value: #@ data.values.no_proxy
#@ end
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz

8
deploy/concierge/values.yaml
View File

@ -93,3 +93,11 @@ impersonation_proxy_spec:
{service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000"} {service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "4000"}
#! When mode LoadBalancer is set, this will set the LoadBalancer Service's Spec.LoadBalancerIP. #! When mode LoadBalancer is set, this will set the LoadBalancer Service's Spec.LoadBalancerIP.
load_balancer_ip: load_balancer_ip:
#! Set the standard golang HTTPS_PROXY and NO_PROXY environment variables on the Concierge containers.
#! These will be used when the Concierge makes backend-to-backend calls to authenticators using HTTPS,
#! e.g. when the Concierge fetches discovery documents, JWKS keys, and POSTs to token webhooks.
#! The Concierge never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.
#! Optional.
https_proxy: #! e.g. http://proxy.example.com
no_proxy: "$(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local" #! do not proxy Kubernetes endpoints

2
deploy/supervisor/deployment.yaml
View File

@ -107,7 +107,7 @@ spec:
- name: HTTPS_PROXY - name: HTTPS_PROXY
value: #@ data.values.https_proxy value: #@ data.values.https_proxy
#@ end #@ end
#@ if data.values.no_proxy: #@ if data.values.https_proxy and data.values.no_proxy:
- name: NO_PROXY - name: NO_PROXY
value: #@ data.values.no_proxy value: #@ data.values.no_proxy
#@ end #@ end

2
deploy/supervisor/values.yaml
View File

@ -72,4 +72,4 @@ api_group_suffix: pinniped.dev
#! The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY. #! The Supervisor never makes insecure HTTP calls, so there is no reason to set HTTP_PROXY.
#! Optional. #! Optional.
https_proxy: #! e.g. http://proxy.example.com https_proxy: #! e.g. http://proxy.example.com
no_proxy: #! e.g. 127.0.0.1 no_proxy: "$(KUBERNETES_SERVICE_HOST),169.254.169.254,127.0.0.1,localhost,.svc,.cluster.local" #! do not proxy Kubernetes endpoints