modules/ignition,platforms/*: Enable install behind HTTP proxy #2663
Conversation
|
Can one of the admins verify this patch? |
platforms/azure/main.tf
Outdated
| @@ -184,6 +194,8 @@ module "ignition_workers" { | |||
| kubelet_debug_config = "${var.tectonic_kubelet_debug_config}" | |||
| kubelet_node_label = "node-role.kubernetes.io/node" | |||
| kubelet_node_taints = "" | |||
| no_proxy = "${var.tectonic_no_proxy}" | |||
| tectonic_vanilla_k8s = "${var.tectonic_vanilla_k8s}" | |||
There was a problem hiding this comment.
tectonic_vanilla_k8s has been removed, need rebase
There was a problem hiding this comment.
Ugh. Sorry 'bout that. I did see it had been removed. Mistakenly left in during merge conflict resolution.
|
@lander2k2 @enxebre lets wait for this #2662 to be merged and then we rebase this PR as well |
lander2k2
force-pushed
the
master_http_proxy
branch
from
ae7c62f
to
5c0ac21
Compare
|
Does this actually need changes to 42 files? If that's the case what's the argument for avoiding some type of inheritance to keep it DRY? |
|
@brianredbeard In order to implement across all platforms, it does indeed need changes to 42 files. 8 of those files are just docs and examples, but nonetheless, there is considerable repetition. The ignition module has improved the DRYness of these kinds of changes but deeper changes to the installer are probably a little beyond the scope of this PR. We're definitely stretching the capabilities of terraform here. |
|
DRYness issues are planned to be resolved in forthcoming PRs. |
lander2k2
force-pushed
the
master_http_proxy
branch
from
5c0ac21
to
c4c503b
Compare
|
@lander2k2 As this is referencing an internal resource which is not managed by the installing administrator, this should also allow for the specification of an internal certificate authority (common with the use of BlueCoat and similar products). |
|
@brianredbeard I haven't encountered the internal CA requirement related to the proxy at Ford or T-Mobile. I bet you're right about needing to do it in the future. Hopefully, we'll be on track 2 by that time and will have a cleaner mechanism to meet that requirement. |
cpanato
force-pushed
the
master_http_proxy
branch
2 times, most recently
from
fbc3232
to
e66961e
Compare
|
ok to test |
|
ok to test |
This addition will allow a cluster to be installed behind an HTTP proxy on VMware. The changes have been implemented in the ignition module to allow it to be readily added to the other platforms. Note: this only addresses the env vars needed on the CL nodes. There are tectonic components - like tectonic-channel-operator - that also need these env vars to properly function. That will be addressed separately.
trawler
force-pushed
the
master_http_proxy
branch
from
e66961e
to
fb6fdc9
Compare
This addition will allow a cluster to be installed behind an HTTP proxy
on all platforms.