Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Che proxy settings configmaps are ignored on OpenShift if cluster-wide proxy is enabled. #22370

Closed
amisevsk opened this issue Jul 17, 2023 · 3 comments · Fixed by eclipse-che/che-operator#1741
Closed

Che proxy settings configmaps are ignored on OpenShift if cluster-wide proxy is enabled. #22370

amisevsk opened this issue Jul 17, 2023 · 3 comments · Fixed by eclipse-che/che-operator#1741
Assignees
@amisevsk
Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/devworkspace-operator kind/enhancement A feature request - must adhere to the feature request template. severity/P2 Has a minor but important impact to the usage or development of the system.

Comments

@amisevsk
Copy link
Contributor

Is your enhancement related to a problem? Please describe

When running in an OpenShift cluster, proxy environment variables provisioned by the Che Operator in user namespaces are ignored due to the DevWorkspace Operator explicitly setting the HTTP_PROXY, etc. environment variables in workspace containers.

The Che Operator provisions a che-proxy-settings configmap (see reconcileProxySettings()) that is intended to be automounted as environment variables to all workspaces in the namespace. However, since the DevWorkspace Operator has its own logic for detecting cluster-wide proxy settings and sets environment variables within workspaces according to its own configuration, these env vars are ignored.

Describe the solution you'd like

There are multiple ways we can resolve this issue:

  1. Configure the Che-owned DevWorkspaceOperatorConfig to not set any proxy values, and take full responsibility for proxy configuration in workspace containers (see prerequisite PR Allow cluster-detected proxy settings to be ignored in OpenShift devfile/devworkspace-operator#1147)
  2. Configure the Che-owned DevWorkspaceOperatorConfig to set values rather than reconciling the proxy-settings configmap to user namespaces (might be tricky to handle noProxy)
  3. Stop provisioning the proxy settings configmap, as it is having no effect and nobody has complained about a broken configuration (unconfirmed?)

Describe alternatives you've considered

I think 1) above is likely the best solution here, but multiple choices would work (including ignoring the issue, potentially)

Additional context

Related, old DevWorkspace Operator issue: devfile/devworkspace-operator#841
@amisevsk amisevsk added kind/enhancement A feature request - must adhere to the feature request template. area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/devworkspace-operator labels Jul 17, 2023
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Jul 17, 2023
@l0rd l0rd added severity/P1 Has a major impact to usage or development of the system. severity/P2 Has a minor but important impact to the usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. severity/P1 Has a major impact to usage or development of the system. labels Jul 17, 2023
@l0rd
Copy link
Contributor

l0rd commented Jul 17, 2023

We had a downstream use case requiring the setup of a proxy for Che workspaces on a cluster with no cluster-wide proxy. But I don't remember any requests to have a specific Che proxy on a cluster with a cluster-wide proxy. Setting P2 for now.

@l0rd
Copy link
Contributor

l0rd commented Jul 17, 2023

Also the title should probably be Eclipse "Che proxy settings configmaps..."

@amisevsk amisevsk changed the title OpenShift proxy settings configmaps are ignored on OpenShift if cluster-wide proxy is enabled. Che proxy settings configmaps are ignored on OpenShift if cluster-wide proxy is enabled. Jul 17, 2023
@amisevsk
Copy link
Contributor Author

We had a downstream use case requiring the setup of a proxy for Che workspaces on a cluster with no cluster-wide proxy.

This should still be fine, as the DWO-overriding-Che effect only occurs when a cluster-wide proxy is enabled. To my knowledge, it hasn't been an issue yet, but it might lead to some confusion in documentation (e.g. if you have a cluster-wide proxy enabled, and follow docs to configure additional domains in the CheCluster, those settings would be silently ignored for workspaces). I agree it's a P2 though.

@l0rd l0rd moved this to Ready for Review in Eclipse Che Team B Backlog Jul 18, 2023
@l0rd l0rd moved this from Ready for Review to 🚧 In Progress in Eclipse Che Team B Backlog Jul 18, 2023
@l0rd l0rd mentioned this issue Jul 26, 2023
Closed
@amisevsk amisevsk mentioned this issue Aug 11, 2023
Merged
10 tasks
@amisevsk amisevsk moved this from 🚧 In Progress to Ready for Review in Eclipse Che Team B Backlog Aug 11, 2023
@github-project-automation github-project-automation bot moved this from Ready for Review to ✅ Done in Eclipse Che Team B Backlog Oct 19, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@amisevsk amisevsk

Labels
area/che-operator Issues and PRs related to Eclipse Che Kubernetes Operator area/devworkspace-operator kind/enhancement A feature request - must adhere to the feature request template. severity/P2 Has a minor but important impact to the usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Configure DWO to not process proxy settings for workspaces Che manages amisevsk/che-operator
3 participants
@l0rd @amisevsk @che-bot