argoproj / argo-workflows

Workflow Engine for Kubernetes
https://argo-workflows.readthedocs.io/
Apache License 2.0
15.02k stars 3.2k forks source link

env `http_proxy` in wait/init container does not work for oss client #12313

Closed jingkkkkai closed 1 month ago

jingkkkkai commented 11 months ago

Pre-requisites

What happened/what did you expect to happen?

in my workflow-controller-configmap had configure http_proxy https_proxy and it can access gcs s3 artifact repository correctly, except for oss artifact repository

I created a test pod with setting the same proxy, I found that the oss-cli cannot not access the oss either but I can access the oss bucket after applying the args --proxy-host

# use oss-cli to list buckets 
[root@test /]# aliyun oss ls
^C

# curl 
[root@test /]# curl -I http://${my-oss-bucket}.aliyuncs.com
HTTP/1.1 200 OK
Server: AliyunOSS
Date: Mon, 27 Nov 2023 08:13:57 GMT
Content-Length: 0
x-oss-request-id: xxx
x-oss-bucket-region: xxx
x-oss-server-time: 11
X-Cache: MISS from mail101
X-Cache-Lookup: HIT from mail101:3128
Via: 1.1 mail101 (squid)
Connection: keep-alive

# use oss-cli to list buckets with setting proxy args
[root@test /]# aliyun oss ls oss://${my-oss-bucket} --proxy-host ${my_proxy}
LastModifiedTime                   Size(B)  StorageClass   ETAG                                  ObjectName
2023-11-21 10:00:11 +0000 UTC          130      Standard   XXX      ${my-oss-bucket}/test.tgz
Object Number is: 1

Ref: aliyun http proxy

The oss client in the argo code seems in the same case. The proxy can only be set through oss.ClientOption However, we cannot configure the proxy for oss client through pod env or argoexec args currently

func (ossDriver *ArtifactDriver) newOSSClient() (*oss.Client, error) {
    var options []oss.ClientOption
        options = append(options, oss.Proxy("${my_proxy}")) <--- here
    if token := ossDriver.SecurityToken; token != "" {
        options = append(options, oss.SecurityToken(token))
    }
    client, err := oss.New(ossDriver.Endpoint, ossDriver.AccessKey, ossDriver.SecretKey, options...)
    if err != nil {
        return nil, fmt.Errorf("failed to create new OSS client: %w", err)
    }
    return client, err
}

Version

v3.4.8 & v3.4.14

Paste a small workflow that reproduces the issue. We must be able to run the workflow; don't enter a workflows that uses private images.

N/A

Logs from the workflow controller

N/A

Logs from in your workflow's wait container

time="2023-12-02T11:58:27 UTC" level=info msg="Save artifact" artifactName=main-logs duration=37.278144ms error="<nil>" key=2023/12/02/examples.use-cloud-acc-putb
j8br/examples.use-cloud-acc-putbj8br-3396519514/main.log
time="2023-12-02T11:58:27 UTC" level=info msg="not deleting local artifact" localArtPath=/tmp/argo/outputs/logs/main.log
time="2023-12-02T11:58:27 UTC" level=info msg="Successfully saved file: /tmp/argo/outputs/logs/main.log"
time="2023-12-02T11:58:27 UTC" level=info msg="Alloc=11282 TotalAlloc=17790 Sys=33661 NumGC=5 Goroutines=7"
time="2023-12-02T11:58:27 UTC" level=fatal msg="timed out waiting for the condition: Put \"http://${my-oss-bucket}.aliyuncs.com/aaa.tgz\": dia
l tcp 47.75.18.199:80: i/o timeout"
terrytangyuan commented 11 months ago

Would you like to submit a PR?

jingkkkkai commented 10 months ago

Would you like to submit a PR?

I opened a PR, can you help me review it? #12383