LOG-8068: Vector can't access log stores outside the cluster with cluster-wide proxy and RestrictIngressEgress #3147
Conversation
…trict network policy is enabled and the cluster has cluster-wide proxy.
openshift-ci-robot
added
the
jira/valid-reference
|
@Clee2691: This pull request references LOG-8068 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.8.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest |
|
@Clee2691: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| for _, envVar := range proxyEnvVars { | ||
| // Process proxy environment variables | ||
| if proxyEnvNames.Has(envVar.Name) { | ||
| if port := parsePortProtocolFromURL(envVar.Value); port != nil { |
There was a problem hiding this comment.
corrected:
In the case where the parseUrl fails, it will end up running url.Parse() twice .
maybe the line above could be changed to something like:
if (envVar.Name == "http_proxy" || envVar.Name == "https_proxy") && envVar.Value != "" {
in that case you wouldn't need to create the set and the extra nested if. lmk if you want to chat.
| } else if envVar.Value != "" { | ||
| // If no explicit port, add default port based on scheme | ||
| if parsedURL, err := url.Parse(envVar.Value); err == nil { | ||
| var defaultPort int32 |
There was a problem hiding this comment.
I would have thought you can use getDefaultPort() here?
There was a problem hiding this comment.
otherwise, I would create a quick helper below this: getProxyDefaultPort(scheme) to help clean up the many nested possibilities.
you could return a boolean so you don't have to run the final if > 0. To use the helper, my suggestion would be to simplify the final check:
defaultPort, ok := getProxyDefaultPort(parsedURL.Scheme); ok { portProtocolMap[....] = true }
| BeforeEach(func() { | ||
| // Save original environment variables | ||
| originalEnvVars = make(map[string]string) | ||
| for _, envVar := range []string{"HTTP_PROXY", "HTTPS_PROXY", "http_proxy", "https_proxy", "NO_PROXY", "no_proxy"} { |
There was a problem hiding this comment.
I would use util.GetProxyEnvVars() here.
|
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Clee2691, jcantrill The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
4 participants
Description
This PR fixes an issue where Vector collectors cannot access log stores outside the cluster when both restrictive network policies are enabled and the cluster has a cluster-wide proxy configured.
CLO will attempt to parse the port from the proxy URLS based on the proxy variables:
HTTP_PROXYHTTPS_PROXYIf the port is not specified for the proxy URL, it will add the default ports for the specific schema
HTTP:80HTTPS:443/cc @cahartma @vparfonov
/assign @jcantrill
Links