Skip to content

Add overriding proxy for OLM #20591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 9, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions modules/olm-overriding-proxy-settings.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
// Module included in the following assemblies:
//
// * operators/olm-adding-operators-to-cluster.adoc

[id="olm-overriding-proxy-settings_{context}"]
= Overriding an Operator's proxy settings

If a cluster-wide egress proxy is configured, applications created from
Operators using the Operator Lifecycle Manager (OLM) inherit the cluster-wide
proxy settings on their Deployments and Pods. Cluster administrators can also
override these proxy settings by configuring the Operator's Subscription.

.Prerequisites

- Access to an {product-title} cluster using an account with
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
`cluster-admin` permissions.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it permission or permissions?

I've always written permissions, but I do wonder.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't find guidance on this, though I see way more "permissions" in our source versus "permission" (particularly if you omit modules/apis.adoc 🙂).

endif::[]
ifdef::openshift-dedicated[]
`dedicated-admins-cluster` permissions.
endif::[]

.Procedure

. Navigate in the web console to the *Operators → OperatorHub* page.

. Select the Operator and click *Install*.

. On the *Create Operator Subscription* page, modify the Subscription object's
YAML to include one or more of the following environment variables in the
`spec` section:
+
--
* `HTTP_PROXY`
* `HTTPS_PROXY`
* `NO_PROXY`
--
+
For example:
+
.Subscription object with proxy setting overrides
[source,yaml]
----
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: etcd-config-test
namespace: openshift-operators
spec:
config:
env:
- name: HTTP_PROXY
value: test_http
- name: HTTPS_PROXY
value: test_https
- name: NO_PROXY
value: test
channel: clusterwide-alpha
installPlanApproval: Automatic
name: etcd
source: community-operators
sourceNamespace: openshift-marketplace
startingCSV: etcdoperator.v0.9.4-clusterwide
----
+
[NOTE]
====
These environment variables can also be unset using an empty value to remove any
previously set cluster-wide or custom proxy settings.
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This note will go into master and 4.4, but will be swapped in 4.2 and 4.3 for info on the Known Issue https://bugzilla.redhat.com/show_bug.cgi?id=1751903, with a link to the relevant release note.

====
+
OLM handles these environment variables as a unit; if at least one of them is
set, all three are considered overridden and the cluster-wide defaults are not
used for the subscribed Operator's Deployments.

. Click *Subscribe* to make the Operator available to the selected namespaces.

. After the Operator's CSV appears in the relevant namespace, you can verify that
custom proxy environment variables are set in the Deployment. For example, using
the CLI:
+
----
$ oc get deployment -n openshift-operators etcd-operator -o yaml | grep -i "PROXY" -A 2

- name: HTTP_PROXY
value: test_http
- name: HTTPS_PROXY
value: test_https
- name: NO_PROXY
value: test
image: quay.io/coreos/etcd-operator@sha256:66a37fd61a06a43969854ee6d3e21088a98b93838e284a6086b13917f96b0d9c
...
----
7 changes: 6 additions & 1 deletion operators/olm-adding-operators-to-cluster.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ include::modules/common-attributes.adoc[]
toc::[]

This guide walks cluster administrators through installing Operators to an
{product-title} cluster.
{product-title} cluster and subscribing Operators to namespaces.

include::modules/olm-installing-operators-from-operatorhub.adoc[leveloffset=+1]
include::modules/olm-installing-from-operatorhub-using-web-console.adoc[leveloffset=+2]
Expand All @@ -15,4 +15,9 @@ include::modules/olm-installing-from-operatorhub-using-cli.adoc[leveloffset=+2]
.Additional resources

* xref:../operators/understanding_olm/olm-understanding-operatorgroups.adoc#olm-operatorgroups-about_olm-understanding-operatorgroups[About OperatorGroups]

include::modules/olm-overriding-proxy-settings.adoc[leveloffset=+1]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this need a space after the include?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only spacing like this I've found that's required is a blank line before the include, otherwise you get a verbatim leveloffset in the text. Works fine with no space after it, and I like to see the "Additional resources" list clearly adjacent to the module it's related to.

.Additional resources

* xref:../networking/enable-cluster-wide-proxy.adoc#enable-cluster-wide-proxy[Configuring the cluster-wide proxy]
endif::[]