Uploaded image for project: 'OpenShift Builds'
  1. OpenShift Builds
  2. BUILD-4

Shipwright proxy settings

XMLWordPrintable

    • Shipwright proxy settings
    • To Do
    • SECFLOWOTL-28 - Openshift Builds in clusters with restricted networks
    • 25% To Do, 0% In Progress, 75% Done

      Goal
      As an admin, I want Builds to use the global proxy settings configured for OpenShift, so that I don't have to configure proxy for each individual build.

      Problem
      OpenShift provides a way for admins to define cluster-wide proxy settings however it is up to each operator to make sure these settings consumed and removed the burden from the admin to re-configure proxy for each service.

      Why is this important?
      To enable customers to use global proxy settings with Builds

      Dependencies

      • OLM
      • OpenShift cluster configurations
      • OpenShift Pipelines

      Prioritized epics + deliverables (in scope / not in scope)

      • Add proxy settings to Builds.
      • Support for general additional certificate authority to clone source, download artifacts - out of scope
      • Support for registry-specific additional CAs to pull container images from private registries - out of scope

      Estimate (XS, S, M, L, XL, XXL):

      Previous Work:

      Open Questions:

      • Does OpenShift automatically set the *_PROXY environment variables in all pods if there is a cluster-wide proxy present? No, but OpenShift Pipelines does this for Tekton pods!
      • For the cluster-wide trust certificate - should we continue to rely on OpenShift's mechanism for generating a trust bundle, or should we move customers towards using cert-manager instead? Out of scope.
      • For private image registry certificates - same as above. Use OpenShift's existing mechanism, or move customers to cert-manager? Out of scope.

              rh-ee-asatyam Ayush Satyam
              rh-ee-ssadeghi Siamak Sadeghianfar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: