From 22396d28251e42a52a0bb238bceb5b5d071d9803 Mon Sep 17 00:00:00 2001
From: Alexandre Allard <alexandre.allard@scality.com>
Date: Fri, 22 Nov 2019 16:31:24 +0100
Subject: [PATCH] salt: set NO_PROXY for containerd

Set NO_PROXY environment variable with
control, workload plane and K8s internal
networks in containerd systemd unit file,
to avoid using system wide defined HTTP(S)
proxy, if any, when trying to pull resources
from metalk8s registry.

Refs: #2052
---
 .../files/{50-metalk8s.conf => 50-metalk8s.conf.j2}        | 1 +
 salt/metalk8s/container-engine/containerd/installed.sls    | 7 ++++++-
 2 files changed, 7 insertions(+), 1 deletion(-)
 rename salt/metalk8s/container-engine/containerd/files/{50-metalk8s.conf => 50-metalk8s.conf.j2} (82%)

diff --git a/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf b/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2
similarity index 82%
rename from salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf
rename to salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2
index 3cdd037a6a..6966d22e77 100644
--- a/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf
+++ b/salt/metalk8s/container-engine/containerd/files/50-metalk8s.conf.j2
@@ -2,3 +2,4 @@
 # See https://github.com/containerd/containerd/issues/3201
 # See https://github.com/containerd/containerd/pull/3202
 LimitNOFILE=1048576
+Environment="{{ environment }}"
diff --git a/salt/metalk8s/container-engine/containerd/installed.sls b/salt/metalk8s/container-engine/containerd/installed.sls
index 9951096677..7c9b383ced 100644
--- a/salt/metalk8s/container-engine/containerd/installed.sls
+++ b/salt/metalk8s/container-engine/containerd/installed.sls
@@ -2,6 +2,7 @@
 {%- from "metalk8s/map.jinja" import metalk8s with context %}
 {%- from "metalk8s/map.jinja" import kubelet with context %}
 {%- from "metalk8s/map.jinja" import repo with context %}
+{%- from "metalk8s/map.jinja" import networks with context %}
 
 {%- set registry_ip = metalk8s.endpoints['repositories'].ip %}
 {%- set registry_port = metalk8s.endpoints['repositories'].ports.http %}
@@ -36,12 +37,16 @@ Install containerd:
 Create containerd service drop-in:
   file.managed:
     - name: /etc/systemd/system/containerd.service.d/50-metalk8s.conf
-    - source: salt://{{ slspath }}/files/50-metalk8s.conf
+    - source: salt://{{ slspath }}/files/50-metalk8s.conf.j2
+    - template: jinja
     - user: root
     - group: root
     - mode: 0644
     - makedirs: true
     - dir_mode: 0755
+    - context:
+      environment: >-
+        NO_PROXY=127.0.0.1,localhost,{{ networks.values() | join(",") }}
     - require:
       - metalk8s_package_manager: Install containerd