-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Add overriding proxy for OLM #20591
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add overriding proxy for OLM #20591
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,93 @@ | ||
// Module included in the following assemblies: | ||
// | ||
// * operators/olm-adding-operators-to-cluster.adoc | ||
|
||
[id="olm-overriding-proxy-settings_{context}"] | ||
= Overriding an Operator's proxy settings | ||
|
||
If a cluster-wide egress proxy is configured, applications created from | ||
Operators using the Operator Lifecycle Manager (OLM) inherit the cluster-wide | ||
proxy settings on their Deployments and Pods. Cluster administrators can also | ||
override these proxy settings by configuring the Operator's Subscription. | ||
|
||
.Prerequisites | ||
|
||
- Access to an {product-title} cluster using an account with | ||
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[] | ||
`cluster-admin` permissions. | ||
endif::[] | ||
ifdef::openshift-dedicated[] | ||
`dedicated-admins-cluster` permissions. | ||
endif::[] | ||
|
||
.Procedure | ||
|
||
. Navigate in the web console to the *Operators → OperatorHub* page. | ||
|
||
. Select the Operator and click *Install*. | ||
|
||
. On the *Create Operator Subscription* page, modify the Subscription object's | ||
YAML to include one or more of the following environment variables in the | ||
`spec` section: | ||
+ | ||
-- | ||
* `HTTP_PROXY` | ||
* `HTTPS_PROXY` | ||
* `NO_PROXY` | ||
-- | ||
+ | ||
For example: | ||
+ | ||
.Subscription object with proxy setting overrides | ||
[source,yaml] | ||
---- | ||
apiVersion: operators.coreos.com/v1alpha1 | ||
kind: Subscription | ||
metadata: | ||
name: etcd-config-test | ||
namespace: openshift-operators | ||
spec: | ||
config: | ||
env: | ||
- name: HTTP_PROXY | ||
value: test_http | ||
- name: HTTPS_PROXY | ||
value: test_https | ||
- name: NO_PROXY | ||
value: test | ||
channel: clusterwide-alpha | ||
installPlanApproval: Automatic | ||
name: etcd | ||
source: community-operators | ||
sourceNamespace: openshift-marketplace | ||
startingCSV: etcdoperator.v0.9.4-clusterwide | ||
---- | ||
+ | ||
[NOTE] | ||
==== | ||
These environment variables can also be unset using an empty value to remove any | ||
previously set cluster-wide or custom proxy settings. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This note will go into master and 4.4, but will be swapped in 4.2 and 4.3 for info on the Known Issue https://bugzilla.redhat.com/show_bug.cgi?id=1751903, with a link to the relevant release note. |
||
==== | ||
+ | ||
OLM handles these environment variables as a unit; if at least one of them is | ||
set, all three are considered overridden and the cluster-wide defaults are not | ||
used for the subscribed Operator's Deployments. | ||
|
||
. Click *Subscribe* to make the Operator available to the selected namespaces. | ||
|
||
. After the Operator's CSV appears in the relevant namespace, you can verify that | ||
custom proxy environment variables are set in the Deployment. For example, using | ||
the CLI: | ||
+ | ||
---- | ||
$ oc get deployment -n openshift-operators etcd-operator -o yaml | grep -i "PROXY" -A 2 | ||
|
||
- name: HTTP_PROXY | ||
value: test_http | ||
- name: HTTPS_PROXY | ||
value: test_https | ||
- name: NO_PROXY | ||
value: test | ||
image: quay.io/coreos/etcd-operator@sha256:66a37fd61a06a43969854ee6d3e21088a98b93838e284a6086b13917f96b0d9c | ||
... | ||
---- |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -6,7 +6,7 @@ include::modules/common-attributes.adoc[] | |
toc::[] | ||
|
||
This guide walks cluster administrators through installing Operators to an | ||
{product-title} cluster. | ||
{product-title} cluster and subscribing Operators to namespaces. | ||
|
||
include::modules/olm-installing-operators-from-operatorhub.adoc[leveloffset=+1] | ||
include::modules/olm-installing-from-operatorhub-using-web-console.adoc[leveloffset=+2] | ||
|
@@ -15,4 +15,9 @@ include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+2] | |
.Additional resources | ||
|
||
* xref:../operators/understanding_olm/olm-understanding-operatorgroups.adoc#olm-operatorgroups-about_olm-understanding-operatorgroups[About OperatorGroups] | ||
|
||
include::modules/olm-overriding-proxy-settings.adoc[leveloffset=+1] | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does this need a space after the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The only spacing like this I've found that's required is a blank line before the |
||
.Additional resources | ||
|
||
* xref:../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[Configuring the cluster-wide proxy] | ||
endif::[] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is it permission or permissions?
I've always written permissions, but I do wonder.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't find guidance on this, though I see way more "permissions" in our source versus "permission" (particularly if you omit
modules/apis.adoc
🙂).