Closed pmorillon closed 3 years ago
@superseb comment :
Please create an issue with this so we can use that to track it. This sounds like changing this breaks the use-case where it is needed from the bastion host? So I guess we need a flag that defaults to the current behavior and can be used to disable it?
By flag, do you mean a cli flag ? Or an option into cluster configuration at the bastion_host
level ? like :
# Bastion/Jump host configuration
bastion_host:
address: x.x.x.x
user: ubuntu
port: 22
ssh_key_path: /home/user/.ssh/bastion_rsa
ignore_proxy_env_vars: true # Default to false
So we can use it with Terraform RKE provider in block bastion_host
block : https://github.com/rancher/terraform-provider-rke/blob/master/docs/resources/cluster.md#bastion_host
Yes, thats how I would do it so we don't break existing setups
I updated the PR #2520 to take into account this discussion
tested on rke 1-2-11 -- repro steps:
Trace[761280414]: "Create" url:/api/v1/namespaces/kube-system/configmaps,user-agent:rke-1-2-11/v0.0.0 (darwin/amd64) kubernetes/$Format,client:<PROXY_IP> (29-Jul-2021 22:50:41.790)
where that IP is the proxy IP (expected)ignore_proxy_env_vars: true
(proxy env vars still set)
The log included in the PR is "Unset http proxy environment variables"
, please share debug log from the rke up
performed. And the environment variables used.
retested on 1.3.0-rc10:
create 2 nodes for testing RKE
create 1 proxy node
create 1 bastion node
download newest (1.3.0-rc10) RKE
set proxy env vars locally
create yaml + run RKE using 1 of the 2 testing nodes, specifying to use the bastion (without the new var set)
Trace[761280414]: "Create" url:/api/v1/namespaces/kube-system/configmaps,user-agent:rke-1-3-0rc10/v0.0.0 (darwin/amd64) kubernetes/$Format,client:<PROXY_IP> (29-Jul-2021 22:50:41.790)
where that IP is the proxy IP (expected)create new yaml and run RKE using the other testing node, specifying to use the bastion + using the new flag ignore_proxy_env_vars: true
(proxy env vars still set)
"Unset http proxy environment variables"
Hello ! i use RKE command line for production cluster, all works fine, thanks a lot for this product !
For development and testing purpose, i use terraform RKE provider (based on rke lib) through an SSH bastion and i use terraform Kubernetes provider through a SOCKS proxy with HTTPS_PROXY env var. But, when rke create the rke-job-deployer ServiceAccount, the k8s client use local http proxy env vars through the SSH tunnel on the bastion, and cannot connect to the kubernetes controlplane.
I propose to unset http proxy env vars when an SSH bastion is used in the RKE configuration.
After recompiling the terraform rke provider with this patched rke lib, all works fine :
Related to PR rancher/rke#2520