OCPBUGS-36932: Add HTTP konnectivity proxy to OAuth server

csrwng commented 1 month ago

What this PR does / why we need it: The socks5 konnectivity proxy does not honor user-configured HTTP/S proxies when sending traffic through the dataplane. Most identity providers handled by the OAuth server do use HTTP/S for external communication and should honor any user configured proxy. This commit adds an additional container to the oauth server deployment with the HTTP konnectivity proxy. This proxy does honor the user-configured HTTP/S proxy for the HostedCluster when sending traffic through the data plane. The socks5 proxy is still used for the LDAP identity provider which does not use the proxy for its traffic. On the OAuth server, the HTTP_PROXY and HTTPS_PROXY environment variables point to the HTTP proxy while the ALL_PROXY variable still points to the socks5 proxy.

Which issue(s) this PR fixes (optional, use fixes #<issue_number>(, fixes #<issue_number>, ...) format, where issue_number might be a GitHub issue, or a Jira story: Fixes #OCPBUGS-36932

Checklist

[x] Subject and description added to both, commit and PR.
[x] Relevant issues have been referenced.
[ ] This change includes docs.
[ ] This change includes unit tests.

openshift-ci-robot commented 1 month ago

@csrwng: This pull request references Jira Issue OCPBUGS-36932, which is invalid:

expected the bug to target the "4.17.0" version, but no target version was set

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/hypershift/pull/4381): >**What this PR does / why we need it**: >The socks5 konnectivity proxy does not honor user-configured HTTP/S proxies when sending traffic through the dataplane. Most identity providers handled by the OAuth server do use HTTP/S for external communication and should honor any user configured proxy. This commit adds an additional container to the oauth server deployment with the HTTP konnectivity proxy. This proxy does honor the user-configured HTTP/S proxy for the HostedCluster when sending traffic through the data plane. The socks5 proxy is still used for the LDAP identity provider which does not use the proxy for its traffic. On the OAuth server, the HTTP_PROXY and HTTPS_PROXY environment variables point to the HTTP proxy while the ALL_PROXY variable still points to the socks5 proxy. > >**Which issue(s) this PR fixes** *(optional, use `fixes #(, fixes #, ...)` format, where issue_number might be a GitHub issue, or a Jira story*: >Fixes #[OCPBUGS-36932](https://issues.redhat.com/browse/OCPBUGS-36932) > >**Checklist** >- [x] Subject and description added to both, commit and PR. >- [x] Relevant issues have been referenced. >- [ ] This change includes docs. >- [ ] This change includes unit tests. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fhypershift). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

openshift-ci[bot] commented 1 month ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: csrwng

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/hypershift/blob/main/OWNERS)~~ [csrwng] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

csrwng commented 1 month ago

/test e2e-conformance

csrwng commented 1 month ago

/jira refresh

openshift-ci-robot commented 1 month ago

@csrwng: This pull request references Jira Issue OCPBUGS-36932, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.17.0) matches configured target version for branch (4.17.0) * bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (jiezhao@redhat.com), skipping review request.

In response to [this](https://github.com/openshift/hypershift/pull/4381#issuecomment-2234323145): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fhypershift). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

netlify[bot] commented 1 month ago

Deploy Preview for hypershift-docs ready!

Name	Link
Latest commit	cac8cf412e7b760fe7374f94765564669a81b7c8
Latest deploy log	https://app.netlify.com/sites/hypershift-docs/deploys/669adbeb47b42300086537b8
Deploy Preview	https://deploy-preview-4381--hypershift-docs.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

enxebre commented 1 month ago

/lgtm

bryan-cox commented 1 month ago

/lgtm

openshift-ci-robot commented 1 month ago

/retest-required

Remaining retests: 0 against base HEAD fd652e260a454361bf2775978422a8ec1f1622b0 and 2 for PR HEAD da86b6b93b5ace669b2cb882d8b18b07200fd433 in total

openshift-ci-robot commented 1 month ago

/retest-required

Remaining retests: 0 against base HEAD 4cc5965900ca355f5cbc9a75879228163d07f20e and 1 for PR HEAD da86b6b93b5ace669b2cb882d8b18b07200fd433 in total

openshift-ci[bot] commented 1 month ago

@csrwng: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

openshift-ci-robot commented 1 month ago

@csrwng: Jira Issue OCPBUGS-36932: All pull requests linked via external trackers have merged:

openshift/hypershift#4381

Jira Issue OCPBUGS-36932 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/hypershift/pull/4381): >**What this PR does / why we need it**: >The socks5 konnectivity proxy does not honor user-configured HTTP/S proxies when sending traffic through the dataplane. Most identity providers handled by the OAuth server do use HTTP/S for external communication and should honor any user configured proxy. This commit adds an additional container to the oauth server deployment with the HTTP konnectivity proxy. This proxy does honor the user-configured HTTP/S proxy for the HostedCluster when sending traffic through the data plane. The socks5 proxy is still used for the LDAP identity provider which does not use the proxy for its traffic. On the OAuth server, the HTTP_PROXY and HTTPS_PROXY environment variables point to the HTTP proxy while the ALL_PROXY variable still points to the socks5 proxy. > >**Which issue(s) this PR fixes** *(optional, use `fixes #(, fixes #, ...)` format, where issue_number might be a GitHub issue, or a Jira story*: >Fixes #[OCPBUGS-36932](https://issues.redhat.com/browse/OCPBUGS-36932) > >**Checklist** >- [x] Subject and description added to both, commit and PR. >- [x] Relevant issues have been referenced. >- [ ] This change includes docs. >- [ ] This change includes unit tests. Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Fhypershift). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

openshift-bot commented 1 month ago

[ART PR BUILD NOTIFIER]

Distgit: hypershift This PR has been included in build ose-hypershift-container-v4.18.0-202407311041.p0.g4a34cb8.assembly.stream.el9. All builds following this will include this PR.

csrwng commented 1 month ago

/cherry-pick release-4.16

csrwng commented 1 month ago

/cherry-pick release-4.15

openshift-cherrypick-robot commented 1 month ago

@csrwng: new pull request created: #4496

In response to [this](https://github.com/openshift/hypershift/pull/4381#issuecomment-2272155813): >/cherry-pick release-4.16 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

openshift-cherrypick-robot commented 1 month ago

@csrwng: new pull request created: #4497

In response to [this](https://github.com/openshift/hypershift/pull/4381#issuecomment-2272157469): >/cherry-pick release-4.15 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

openshift / hypershift