-
Notifications
You must be signed in to change notification settings - Fork 267
modules/ignition,platforms/*: Enable install behind HTTP proxy #2663
Conversation
Can one of the admins verify this patch? |
platforms/azure/main.tf
Outdated
@@ -184,6 +194,8 @@ module "ignition_workers" { | |||
kubelet_debug_config = "${var.tectonic_kubelet_debug_config}" | |||
kubelet_node_label = "node-role.kubernetes.io/node" | |||
kubelet_node_taints = "" | |||
no_proxy = "${var.tectonic_no_proxy}" | |||
tectonic_vanilla_k8s = "${var.tectonic_vanilla_k8s}" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tectonic_vanilla_k8s has been removed, need rebase
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ugh. Sorry 'bout that. I did see it had been removed. Mistakenly left in during merge conflict resolution.
@lander2k2 @enxebre lets wait for this #2662 to be merged and then we rebase this PR as well |
ae7c62f
to
5c0ac21
Compare
Does this actually need changes to 42 files? If that's the case what's the argument for avoiding some type of inheritance to keep it DRY? |
@brianredbeard In order to implement across all platforms, it does indeed need changes to 42 files. 8 of those files are just docs and examples, but nonetheless, there is considerable repetition. The ignition module has improved the DRYness of these kinds of changes but deeper changes to the installer are probably a little beyond the scope of this PR. We're definitely stretching the capabilities of terraform here. |
DRYness issues are planned to be resolved in forthcoming PRs. |
5c0ac21
to
c4c503b
Compare
@lander2k2 As this is referencing an internal resource which is not managed by the installing administrator, this should also allow for the specification of an internal certificate authority (common with the use of BlueCoat and similar products). |
@brianredbeard I haven't encountered the internal CA requirement related to the proxy at Ford or T-Mobile. I bet you're right about needing to do it in the future. Hopefully, we'll be on track 2 by that time and will have a cleaner mechanism to meet that requirement. |
fbc3232
to
e66961e
Compare
ok to test |
ok to test |
This addition will allow a cluster to be installed behind an HTTP proxy on VMware. The changes have been implemented in the ignition module to allow it to be readily added to the other platforms. Note: this only addresses the env vars needed on the CL nodes. There are tectonic components - like tectonic-channel-operator - that also need these env vars to properly function. That will be addressed separately.
e66961e
to
fb6fdc9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
This addition will allow a cluster to be installed behind an HTTP proxy
on all platforms.