-
Epic
-
Resolution: Unresolved
-
Major
-
Logging 6.0.0
-
http-proxy
-
Improvement
-
False
-
None
-
False
-
Green
-
NEW
-
In Progress
-
OBSDA-877 - HTTP output proxy should be configurable.
-
-
NEW
-
0% To Do, 100% In Progress, 0% Done
-
With this update, HTTP outputs have a 'proxy' field, which allows log data to be sent via a HTTP proxy.
-
Enhancement
Problem
When the HCP cluster forwards audit logs to the private guest cluster via a konnectivity proxy, it's necessary to forward logs via HTTP/HTTPS proxy.
The current CLF spec does not allow to config custom proxy for the outputs.
This is not just a HCP issue, other customers may want to be able to route HTTP traffic through a non-standard HTTP proxy.
Solution
Add a new field spec.outputs.http.proxyURL to specify a proxy URL. If this field is specified, HTTP and HTTPS connections for that output will use the specified proxy instead of a direct connection or a default proxy.
This setting overrides any default proxy configured for the cluster or the cluster log forwarder container, for that output. No other outputs or HTTP connections made by the collector are affected.
#example config
spec:
outputs:
- name: remote
type: http
url: https://172.30.159.35:9110
http:
proxyURL: "https://somewhere.org/proxy"
The corresponding generated vector sink configuration would look like this:
roxy.enabled = true proxy.http = "https://somewhere.org/proxy" proxy.https = "https://somewhere.org/proxy"
Note: vector allows separate HTTP and HTTPS proxies for the same sink, CLF does not. You can achieve the same effect by making two outputs, one for HTTP traffic and one for HTTPS.
Done Criteria
- Allow to config http/https proxy to CLF CR
- Collector pods should forward logs via HTTP/HTTPS proxy
- Provide/schedule iser documentation of the description above.
