search

sighupio / gatekeeper-policy-manager

A simple to use web-based OPA Gatekeeper policy manager
https://sighup.io
BSD 3-Clause "New" or "Revised" License
307 stars 33 forks source link

Route GPM traffic through proxy server #409

Open paunis opened 2 years ago

paunis commented 2 years ago

Hi team,

We are using GPM with multicluster support. We are able to switch between most of them. Some clusters need to be accessed through proxy server so we setup the pods with the environment variables: HTTP_PROXY="proxy address" HTTPS_PROXY="proxy address" Even though the env var are setup the clusters are still unaccessible. Either the proxy settings are ignored or there is another way of forcing the pod to route traffic through proxy. Could you, please, advise how we can achieve our requirement?

Thank you.

ralgozino commented 2 years ago

Hi @paunis

Thanks for reaching out and sorry you are having issues with GPM. From a first scouting it seems that the official Python Kubernetes client library does not support yet setting the proxy configuration through environment variables: https://github.com/kubernetes-client/python/issues/1175 and https://github.com/OpenAPITools/openapi-generator/issues/6786

maybe we can work around it, but I need to run some tests to confirm.

ralgozino commented 2 years ago

I've done some tests, but unfortunately I could not make it work.

I was able to make a connection to a single cluster through a proxy but switching contexts does not respect the proxy configuration, it seems to be a limitation of the python client or maybe I'm missing something.

Needs more investigation.

paunis commented 2 years ago

Thank you, please investigate more, perhaps there is a way.

ralgozino commented 1 year ago

Everything seems to be working behind a proxy with the new Go backend

meetreks commented 1 year ago

Hi @ralgozino how did you use the python kubernetes package and proxy setting to work for a single cluster? Can you share the info please?

ralgozino commented 1 year ago

Hi @ralgozino how did you use the python kubernetes package and proxy setting to work for a single cluster? Can you share the info please?

hi @meetreks , sorry for the delayed answer. For the single cluster, we use the in-cluster native client that uses the internal Kubernetes service to talk with the API server, so there's no need to pass through the HTTP Proxy. So, there's nothing to do.