-
Notifications
You must be signed in to change notification settings - Fork 148
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Injected proxy variables into endpoint elasticsearch does not include NO_PROXY variable #6209
Comments
Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane) |
Since the env vars are injected as a regular output proxy settings, there's no place for NO_PROXY (endpoint won't recognize it, ignore it). However since the output URL is known, I think the NO_PROXY can be matched against the output URL at Agent side before deciding to inject HTTP_PROXY/HTTPS_PROXY variable to the output config. |
Alternative solution would be to pass all three |
Hi Team, The issue is related to case 01791476. From what I understand from the @intxgo statement, you’re suggesting including these proxy configurations directly in the agent's environment settings, right? It would look something like the configuration below: proxy_settings:
http_proxy:
https_proxy:
no_proxy: Adding the above parameters to the configuration should fix the issue, correct me if I’m wrong. |
@ManojPraveeen it's more complicated. Since quite some time we're not forwarding the config between components anymore, instead we have a GRPC base communication, see demo client https://github.com/elastic/elastic-agent-client The GRPC is roughly equivalent to the config, however currently the protobuf definition doesn't have a place to forward the Agent env proxy settings, so instead Agent's env variables (only the first 2) are evaluated at Agent side and injected as regular proxy setting as if it came from Fleet. If we follow the path to revert the injection, introducing a proper means to forward all the variables via protobuf, we will have to update Agent and Endpoint to support the change. BTW, since these are env variables, they won't be ever stored in Endpoint vault as they are volatile. The other option, a quicker patch to existing solution, was to evaluate all three env variables at Agent side to see if NO_PROXY nullifies HTTP_PROXY setting for the Elasticsearch address. |
@intxgo If that's what you are saying, could you explain how we can achieve this workaround? |
@ManojPraveeen there is already a workaround in place #5044 which unfortunately didn't account for NO_PROXY so either it has to be further improved or reverted to be replaced with a new mechanism |
Hello,
We did an upgrade from 8.14.2 to 8.16.1.
In our environment the agent has the HTTP_PROXY, HTTPS-PROXY and NO_PROXY configured.
NO_PROXY variable is not being injected into endpoint .
As a result, the elastic endpoint is trying to connect the ES cluster Via proxy, which is not correct.
Thank you
The text was updated successfully, but these errors were encountered: