From 2d8f60000c09b0dbcc6a12c90a2d485c0a68501a Mon Sep 17 00:00:00 2001 From: Aleksandr Karabanov Date: Thu, 1 Jun 2023 06:23:45 +0300 Subject: [PATCH] Solves #2933: Allow http_proxy, https_proxy and no_proxy environment variables in cert-manager playbook (#10162) --- .../cert_manager/defaults/main.yml | 5 +++ .../templates/cert-manager.yml.j2 | 36 +++++++++++++++++++ 2 files changed, 41 insertions(+) diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml b/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml index ae5918a3785..b7751d5121f 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/defaults/main.yml @@ -8,6 +8,11 @@ cert_manager_dns_policy: "ClusterFirst" cert_manager_dns_config: {} cert_manager_controller_extra_args: [] +## Allow http_proxy, https_proxy and no_proxy environment variables +## Details https://github.com/kubernetes-sigs/kubespray/blob/master/docs/proxy.md +cert_manager_http_proxy: "{{ http_proxy|default('') }}" +cert_manager_https_proxy: "{{ https_proxy|default('') }}" +cert_manager_no_proxy: "{{ no_proxy|default('') }}" ## Change leader election namespace when deploying on GKE Autopilot that forbid the changes on kube-system namespace. ## See https://github.com/jetstack/cert-manager/issues/3717 diff --git a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 index 2fc60bb87d6..d4e791c3800 100644 --- a/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 +++ b/roles/kubernetes-apps/ingress_controller/cert_manager/templates/cert-manager.yml.j2 @@ -870,6 +870,18 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace +{% if cert_manager_http_proxy is defined and cert_manager_http_proxy != "" %} + - name: HTTP_PROXY + value: "{{ cert_manager_http_proxy }}" +{% endif %} +{% if cert_manager_https_proxy is defined and cert_manager_https_proxy != "" %} + - name: HTTPS_PROXY + value: "{{ cert_manager_https_proxy }}" +{% endif %} +{% if cert_manager_no_proxy is defined and cert_manager_no_proxy != "" %} + - name: NO_PROXY + value: "{{ cert_manager_no_proxy }}" +{% endif %} securityContext: allowPrivilegeEscalation: false capabilities: @@ -967,6 +979,18 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace +{% if cert_manager_http_proxy is defined and cert_manager_http_proxy != "" %} + - name: HTTP_PROXY + value: "{{ cert_manager_http_proxy }}" +{% endif %} +{% if cert_manager_https_proxy is defined and cert_manager_https_proxy != "" %} + - name: HTTPS_PROXY + value: "{{ cert_manager_https_proxy }}" +{% endif %} +{% if cert_manager_no_proxy is defined and cert_manager_no_proxy != "" %} + - name: NO_PROXY + value: "{{ cert_manager_no_proxy }}" +{% endif %} {% if cert_manager_trusted_internal_ca is defined %} volumeMounts: - mountPath: /etc/ssl/certs/internal-ca.pem @@ -1083,6 +1107,18 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace +{% if cert_manager_http_proxy is defined and cert_manager_http_proxy != "" %} + - name: HTTP_PROXY + value: "{{ cert_manager_http_proxy }}" +{% endif %} +{% if cert_manager_https_proxy is defined and cert_manager_https_proxy != "" %} + - name: HTTPS_PROXY + value: "{{ cert_manager_https_proxy }}" +{% endif %} +{% if cert_manager_no_proxy is defined and cert_manager_no_proxy != "" %} + - name: NO_PROXY + value: "{{ cert_manager_no_proxy }}" +{% endif %} {% if cert_manager_tolerations %} tolerations: {{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}