Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-2.9] Add support for custom proxy ca (#1293) #1302

Merged
merged 1 commit into from
Jan 24, 2024
Merged

[release-2.9] Add support for custom proxy ca (#1293) #1302

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions collectors/metrics/pkg/forwarder/forwarder_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,9 @@ import (
"github.com/prometheus/client_golang/prometheus"
)

// Base64 encoded CA cert string
var customCA = "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURXVENDQWtHZ0F3SUJBZ0lVWTRHWjZPWk5uTnZySjFjNUk1RjNYZzQrRTFjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1BERUxNQWtHQTFVRUJoTUNSRVV4RHpBTkJnTlZCQWdNQm1KbGNteHBiakVQTUEwR0ExVUVCd3dHWW1WeQpiR2x1TVFzd0NRWURWUVFLREFKeWFEQWVGdzB5TXpFeU1URXhNelF6TURaYUZ3MHpNekV5TURneE16UXpNRFphCk1Ed3hDekFKQmdOVkJBWVRBa1JGTVE4d0RRWURWUVFJREFaaVpYSnNhVzR4RHpBTkJnTlZCQWNNQm1KbGNteHAKYmpFTE1Ba0dBMVVFQ2d3Q2NtZ3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDdwprNEhLV3VBOFptN0JQR2IvZEJjaGtNUFZhWGw0dzJlVHhxRG14OVhYaGVCRFZva0lKZkFGTGZ6a3YwYUd0NWV4ClprenQxc0tQVHk0NEY5ckRKSEg2dWpEODA4U1FPV0p3WFJCakI4Tk1zSjhTTVRCUm5KUE5YNTJ0akdQNjc3UEUKNWpINnc2OW9hMG9tcGVvRDk2eUM2RTZmWU9pbFl0cVF5UFdsT0MzNEQ3TnNXU1gxdnN4cmx3VTBsQXJCbWdQYQpuZURFMnQ1cU1aK1F5TXBhQi80SFh4L2NLYU5XYXJWN3FzV3ZwSE9mOGN2OUNKd1c3VkhWdjJvNUVReVI1MkcrCitOYXE4bTduSVBzaFJSMjBHMjRsR01sVUFaTjFaMkl6VjN3UExUUmZNTXRYdGtIMFVKT3pnZTQvaExSWVJBSzMKTnhZU0xJYmFscWJsa2lUTWxFbEpBZ01CQUFHalV6QlJNQjBHQTFVZERnUVdCQlNJVFZVY2s2Wmg2WTZkY2RxZwo0VHVYRjMxcjFqQWZCZ05WSFNNRUdEQVdnQlNJVFZVY2s2Wmg2WTZkY2RxZzRUdVhGMzFyMWpBUEJnTlZIUk1CCkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQ0FKUWFKM2RkYVkvNVMydHU0TnNVeXNiVG8KY3BrL3YyZkxpUkthdmtiZk1kTjBFdkV6K2gwd3FqOUpQdGJjUm5Md2tlQWdmQ3Uzb29zSG4rOXc4SkFaRjJNcwpEM1FucVovaVNNVjVHSDdQTjlIK0h0M1lVQTIwWWh3QkY0RFVXYm5wS0lnL2p4NWdmVTFYZEljK2JpUWJhdHk3CmxUL0hVOVhPRmlqM3VwbWRFakgrQVlJT2QxSFh4M3dsZlFhNHFrdWhHeUMwWXNkeldidWFxaE1tdnJkQksrSDAKUUxPcnAzN3l2OHVwUFVlMXhwTzZTeUg5QjVEeXhEWkVjMXN6WVpSVXdNVzZxc3NkWEZvWGZ0SjYxZmo3S05XagoyamcwZkQ1ZEhFT1RObDFDT3p3Q1lvR1k5ejVWOHNhYy9sSDg3UkxYWXdBcXdvcEdpanM4QXBCeklURm8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="

func init() {
os.Setenv("UNIT_TEST", "true")
}
Expand Down Expand Up @@ -125,10 +128,23 @@ func TestNew(t *testing.T) {
},
err: true,
},
{
// Providing CustomCA should not error.
c: Config{
From: from,
ToUpload: toUpload,
ToUploadCA: customCA,
Logger: log.NewNopLogger(),
},
err: false,
},
}

for i := range tc {
tc[i].c.Metrics = NewWorkerMetrics(prometheus.NewRegistry())
if tc[i].c.ToUploadCA == customCA {
os.Setenv("HTTPS_PROXY_CA_BUNDLE", customCA)
}
if _, err := New(tc[i].c); (err != nil) != tc[i].err {
no := "no"
if tc[i].err {
Expand Down
18 changes: 16 additions & 2 deletions collectors/metrics/pkg/metricsclient/metricsclient.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (
"context"
"crypto/tls"
"crypto/x509"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -373,18 +374,31 @@ func MTLSTransport(logger log.Logger, caCertFile, tlsCrtFile, tlsKeyFile string)
tlsCrtFile = "../../testdata/tls/tls.crt"
}
// Load Server CA cert
caCert, err := os.ReadFile(filepath.Clean(caCertFile))
var caCert []byte
var err error

caCert, err = os.ReadFile(filepath.Clean(caCertFile))
if err != nil {
return nil, fmt.Errorf("failed to load server ca cert file: %w", err)
}

// Load client cert signed by Client CA
cert, err := tls.LoadX509KeyPair(tlsCrtFile, tlsKeyFile)
if err != nil {
return nil, fmt.Errorf("failed to load client ca cert: %w", err)
}

caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)

if os.Getenv("HTTPS_PROXY_CA_BUNDLE") != "" {
customCaCert, err := base64.StdEncoding.DecodeString(os.Getenv("HTTPS_PROXY_CA_BUNDLE"))
logger.Log(logger, logger.Log("msg", "caCert", "caCert", caCert))
if err != nil {
return nil, fmt.Errorf("failed to decode server ca cert: %w", err)
}
caCertPool.AppendCertsFromPEM(customCaCert)
}

// Setup HTTPS client
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
Expand Down
20 changes: 20 additions & 0 deletions collectors/metrics/testdata/tls/custom_ca.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDWTCCAkGgAwIBAgIUY4GZ6OZNnNvrJ1c5I5F3Xg4+E1cwDQYJKoZIhvcNAQEL
BQAwPDELMAkGA1UEBhMCREUxDzANBgNVBAgMBmJlcmxpbjEPMA0GA1UEBwwGYmVy
bGluMQswCQYDVQQKDAJyaDAeFw0yMzEyMTExMzQzMDZaFw0zMzEyMDgxMzQzMDZa
MDwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZiZXJsaW4xDzANBgNVBAcMBmJlcmxp
bjELMAkGA1UECgwCcmgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCw
k4HKWuA8Zm7BPGb/dBchkMPVaXl4w2eTxqDmx9XXheBDVokIJfAFLfzkv0aGt5ex
Zkzt1sKPTy44F9rDJHH6ujD808SQOWJwXRBjB8NMsJ8SMTBRnJPNX52tjGP677PE
5jH6w69oa0ompeoD96yC6E6fYOilYtqQyPWlOC34D7NsWSX1vsxrlwU0lArBmgPa
neDE2t5qMZ+QyMpaB/4HXx/cKaNWarV7qsWvpHOf8cv9CJwW7VHVv2o5EQyR52G+
+Naq8m7nIPshRR20G24lGMlUAZN1Z2IzV3wPLTRfMMtXtkH0UJOzge4/hLRYRAK3
NxYSLIbalqblkiTMlElJAgMBAAGjUzBRMB0GA1UdDgQWBBSITVUck6Zh6Y6dcdqg
4TuXF31r1jAfBgNVHSMEGDAWgBSITVUck6Zh6Y6dcdqg4TuXF31r1jAPBgNVHRMB
Af8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCAJQaJ3ddaY/5S2tu4NsUysbTo
cpk/v2fLiRKavkbfMdN0EvEz+h0wqj9JPtbcRnLwkeAgfCu3oosHn+9w8JAZF2Ms
D3QnqZ/iSMV5GH7PN9H+Ht3YUA20YhwBF4DUWbnpKIg/jx5gfU1XdIc+biQbaty7
lT/HU9XOFij3upmdEjH+AYIOd1HXx3wlfQa4qkuhGyC0YsdzWbuaqhMmvrdBK+H0
QLOrp37yv8upPUe1xpO6SyH9B5DyxDZEc1szYZRUwMW6qssdXFoXftJ61fj7KNWj
2jg0fD5dHEOTNl1COzwCYoGY9z5V8sac/lH87RLXYwAqwopGijs8ApBzITFo
-----END CERTIFICATE-----
18 changes: 9 additions & 9 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ require (
github.com/stolostron/observatorium-operator v0.0.0-20230411203847-4514321263d1
github.com/stretchr/testify v1.8.4
github.com/thanos-io/thanos v0.30.0
go.uber.org/zap v1.24.0
go.uber.org/zap v1.26.0
golang.org/x/exp v0.0.0-20221212164502-fae10dda9338
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.28.2
Expand All @@ -44,8 +44,8 @@ require (
k8s.io/client-go v12.0.0+incompatible
k8s.io/klog v1.0.0
k8s.io/kubectl v0.27.2
open-cluster-management.io/addon-framework v0.8.0
open-cluster-management.io/api v0.12.0
open-cluster-management.io/addon-framework v0.8.1-0.20231128122622-3bfdbffb237c
open-cluster-management.io/api v0.12.1-0.20231130134655-97a8a92a7f30
sigs.k8s.io/controller-runtime v0.15.1
sigs.k8s.io/kube-storage-version-migrator v0.0.4
sigs.k8s.io/kustomize/api v0.13.4
Expand Down Expand Up @@ -141,15 +141,15 @@ require (
go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
go.uber.org/atomic v1.10.0 // indirect
go.uber.org/goleak v1.2.0 // indirect
go.uber.org/multierr v1.8.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.13.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.10.0 // indirect
golang.org/x/sync v0.3.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/sync v0.5.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.3 // indirect
gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
Expand Down
29 changes: 16 additions & 13 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -443,7 +443,6 @@ github.com/baidubce/bce-sdk-go v0.9.81/go.mod h1:zbYJMQwE4IZuyrJiFO8tO8NbtYiKTFT
github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
github.com/beevik/ntp v0.2.0/go.mod h1:hIHWr+l3+/clUnF44zdK+CWW7fO8dR5cIylAQ76NRpg=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A=
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
Expand Down Expand Up @@ -2031,8 +2030,8 @@ go.uber.org/multierr v1.4.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+
go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.7.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
go.uber.org/multierr v1.8.0 h1:dg6GjLku4EH+249NNmoIciG9N/jURbDG+pFlTkhzIC8=
go.uber.org/multierr v1.8.0/go.mod h1:7EAYxJLBy9rStEaz58O2t4Uvip6FSURkq8/ppBp95ak=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
Expand All @@ -2042,8 +2041,9 @@ go.uber.org/zap v1.16.0/go.mod h1:MA8QOfq0BHJwdXa996Y4dYkAqRKB8/1K1QMMZVaNZjQ=
go.uber.org/zap v1.17.0/go.mod h1:MXVU+bhUf/A7Xi2HNOnopQOrmycQ5Ih87HtOu4q5SSo=
go.uber.org/zap v1.19.0/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI=
go.uber.org/zap v1.19.1/go.mod h1:j3DNczoxDZroyBnOT1L/Q79cfUMGZxlv/9dzN7SM1rI=
go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60=
go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
golang.org/x/crypto v0.0.0-20180608092829-8ac0e0d97ce4/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
Expand Down Expand Up @@ -2202,8 +2202,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
Expand Down Expand Up @@ -2351,17 +2351,19 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210615171337-6886f2dfbf5b/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
Expand All @@ -2379,8 +2381,9 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
Expand Down Expand Up @@ -2883,10 +2886,10 @@ k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
k8s.io/utils v0.0.0-20230505201702-9f6742963106 h1:EObNQ3TW2D+WptiYXlApGNLVy0zm/JIBVY9i+M4wpAU=
k8s.io/utils v0.0.0-20230505201702-9f6742963106/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
open-cluster-management.io/addon-framework v0.8.0 h1:i1OReMHuZIoAw2Q04SLjkieU25DnxYilzVZzBNyROwU=
open-cluster-management.io/addon-framework v0.8.0/go.mod h1:20DP06VXhJ9RE1PetAMEQyeFCP7+nhs92pCAkqbWUOg=
open-cluster-management.io/api v0.12.0 h1:sNkj4k2XyWA/GLsTiFg82bLIZ7JDZKkLLLyZjJUlJMs=
open-cluster-management.io/api v0.12.0/go.mod h1:/CZhelEH+30/pX7vXGSZOzLMX0zvjthYOkT/5ZTzVTQ=
open-cluster-management.io/addon-framework v0.8.1-0.20231128122622-3bfdbffb237c h1:s/xo9ggmrc0z4qdHdZU3q0E6vuyfu9JA0X8IQ17p1aQ=
open-cluster-management.io/addon-framework v0.8.1-0.20231128122622-3bfdbffb237c/go.mod h1:aj97pgpGJ0/LpQzBVtU2oDFqqIiZLOPnsjLKG/sVkFw=
open-cluster-management.io/api v0.12.1-0.20231130134655-97a8a92a7f30 h1:qzkatL1pCsMvA2KkuJ0ywWUqJ0ZI13ouMRVuAPTrhWk=
open-cluster-management.io/api v0.12.1-0.20231130134655-97a8a92a7f30/go.mod h1:fnoEBW9pbikOWOzF4zuT9DQAgWbY3PpPT/MSDZ/4bxw=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
Expand Down
10 changes: 10 additions & 0 deletions operators/endpointmetrics/controllers/observabilityendpoint/metrics_collector.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ type CollectorParams struct {
httpProxy string
httpsProxy string
noProxy string
CABundle string
replicaCount int32
}

Expand Down Expand Up @@ -305,6 +306,13 @@ func createDeployment(params CollectorParams) *appsv1.Deployment {
Value: params.noProxy,
})
}
if params.httpsProxy != "" && params.CABundle != "" {
metricsCollectorDep.Spec.Template.Spec.Containers[0].Env = append(metricsCollectorDep.Spec.Template.Spec.Containers[0].Env,
corev1.EnvVar{
Name: "HTTPS_PROXY_CA_BUNDLE",
Value: params.CABundle,
})
}

if params.obsAddonSpec.Resources != nil {
metricsCollectorDep.Spec.Template.Spec.Containers[0].Resources = *params.obsAddonSpec.Resources
Expand Down Expand Up @@ -343,6 +351,8 @@ func updateMetricsCollectors(ctx context.Context, c client.Client, obsAddonSpec
params.httpsProxy = env.Value
} else if env.Name == "NO_PROXY" {
params.noProxy = env.Value
} else if env.Name == "HTTPS_PROXY_CA_BUNDLE" {
params.CABundle = env.Value
}
}
}
Expand Down
10 changes: 10 additions & 0 deletions operators/endpointmetrics/controllers/observabilityendpoint/metrics_collector_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ func checkAnnotationsAndProxySettings(
foundHTTPProxy := false
foundHTTPSProxy := false
foundNOProxy := false
foundCABundle := false
for _, e := range env {
if e.Name == "HTTP_PROXY" {
foundHTTPProxy = true
Expand All @@ -131,6 +132,11 @@ func checkAnnotationsAndProxySettings(
if e.Value != "bar.com" {
t.Fatalf("NO_PROXY is not set correctly: expected %s, got %s", "bar.com", e.Value)
}
} else if e.Name == "HTTPS_PROXY_CA_BUNDLE" {
foundCABundle = true
if e.Value != "custom-ca.crt" {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not set correctly: expected %s, got %s", "custom-ca.crt", e.Value)
}
}
}
if !foundHTTPProxy {
Expand All @@ -142,6 +148,9 @@ func checkAnnotationsAndProxySettings(
if !foundNOProxy {
t.Fatalf("NO_PROXY is not present in env")
}
if !foundCABundle {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not present in env")
}
}

func TestMetricsCollector(t *testing.T) {
Expand Down Expand Up @@ -174,6 +183,7 @@ func TestMetricsCollector(t *testing.T) {
httpProxy: "http://foo.com",
httpsProxy: "https://foo.com",
noProxy: "bar.com",
CABundle: "custom-ca.crt",
}

_, err = updateMetricsCollector(ctx, c, params, false)
Expand Down
23 changes: 23 additions & 0 deletions operators/multiclusterobservability/controllers/placementrule/manifestwork.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ package placementrule

import (
"context"
"encoding/base64"
"encoding/json"
"errors"
"fmt"
Expand Down Expand Up @@ -314,6 +315,7 @@ func createManifestWorks(
spec.NodeSelector = map[string]string{}
spec.Tolerations = []corev1.Toleration{}
}
CustomCABundle := false
for i, container := range spec.Containers {
if container.Name == "endpoint-observability-operator" {
for j, env := range container.Env {
Expand All @@ -340,6 +342,14 @@ func createManifestWorks(
Name: "HTTPS_PROXY",
Value: addonConfig.Spec.ProxyConfig.HTTPSProxy,
})
//CA is allowed only when HTTPS proxy is set
if addonConfig.Spec.ProxyConfig.CABundle != nil {
CustomCABundle = true
container.Env = append(container.Env, corev1.EnvVar{
Name: "HTTPS_PROXY_CA_BUNDLE",
Value: base64.StdEncoding.EncodeToString(addonConfig.Spec.ProxyConfig.CABundle),
})
}
}
if addonConfig.Spec.ProxyConfig.NoProxy != "" {
container.Env = append(container.Env, corev1.EnvVar{
Expand All @@ -360,6 +370,19 @@ func createManifestWorks(
}
}
}
if CustomCABundle {
for i, manifest := range manifests {
if manifest.RawExtension.Object.GetObjectKind().GroupVersionKind().Kind == "Secret" {
secret := manifest.RawExtension.Object.DeepCopyObject().(*corev1.Secret)
if secret.Name == managedClusterObsCertName {
secret.Data["customCa.crt"] = addonConfig.Spec.ProxyConfig.CABundle
manifests[i].RawExtension.Object = secret
break
}
}
}
}

log.Info(fmt.Sprintf("Cluster: %+v, Spec.NodeSelector (after): %+v", clusterName, spec.NodeSelector))
log.Info(fmt.Sprintf("Cluster: %+v, Spec.Tolerations (after): %+v", clusterName, spec.Tolerations))
dep.Spec.Template.Spec = spec
Expand Down
10 changes: 10 additions & 0 deletions operators/multiclusterobservability/controllers/placementrule/manifestwork_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,6 +334,7 @@ func TestManifestWork(t *testing.T) {
HTTPProxy: "http://foo.com",
HTTPSProxy: "https://foo.com",
NoProxy: "bar.com",
CABundle: []byte{0x01, 0x02, 0x03, 0xAB, 0xCD, 0xEF},
},
},
}
Expand Down Expand Up @@ -361,6 +362,7 @@ func TestManifestWork(t *testing.T) {
foundHTTPProxy := false
foundHTTPSProxy := false
foundNOProxy := false
foundCABundle := false
for _, e := range env {
if e.Name == "HTTP_PROXY" {
foundHTTPProxy = true
Expand All @@ -377,6 +379,11 @@ func TestManifestWork(t *testing.T) {
if e.Value != "bar.com" {
t.Fatalf("NO_PROXY is not set correctly: expected %s, got %s", "bar.com", e.Value)
}
} else if e.Name == "HTTPS_PROXY_CA_BUNDLE" {
foundCABundle = true
if e.Value != base64.StdEncoding.EncodeToString([]byte{0x01, 0x02, 0x03, 0xAB, 0xCD, 0xEF}) {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not set correctly")
}
}
}
if !foundHTTPProxy {
Expand All @@ -388,6 +395,9 @@ func TestManifestWork(t *testing.T) {
if !foundNOProxy {
t.Fatalf("NO_PROXY is not present in env")
}
if !foundCABundle {
t.Fatalf("HTTPS_PROXY_CA_BUNDLE is not present in env")
}
}
}

Expand Down
Loading