search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.29k stars 5.24k forks source link

Add `no_proxy` field to repo-creds #18323

Closed the-technat closed 2 weeks ago

the-technat commented 3 months ago

Summary

Add a no_proxy field to repo-creds that will be respected when working with a repository matching the repo-cred.

Motivation

Use-case 1 - internal helm charts

We @swisspost are using GH in combination with a cluster + helm registry behind a corporate proxy. To reach GH from Argo CD we have created a repo-cred matching our GH org, specifying the proxy to use in the repo-cred.

Now when we try to add a new Argo CD app that references a GH repository which again has references to helm charts from our internal registry, the proxy is used both for accessing GH but also the private registry (which obviously fails).

Use-case 2 - kustomize bases from private git

The same enhancement would also help for GH repositories that contain kustomize references to a private git server, which is only accessible internally.

Workaround

Specifying NO_PROXY as env variable globally on the argocd-repo-server solves the problem, but we think a field in the repo creds would be the cleaner solution without any potential side-effects (since the config is only specified where it applies).

Proposal

Add new no_proxy field here: https://github.com/argoproj/argo-cd/blob/master/util/settings/settings.go#L338

Extend the UpsertEnv function to take a no_proxy argument and make sure references of this function pass that down from their repository struct.

In case the enhancement gets accepted @swisspost is willing to contribute this feature.

nikzayn commented 3 months ago

Hey @the-technat, can I take this up or should we need to wait for triaging on this from the project member?

the-technat commented 3 months ago

As far as I know it should first go through the triage process. So we should better wait.