Details
-
Story
-
Resolution: Done
-
Major
-
None
-
None
-
False
-
None
-
False
-
Compatibility/Configuration, User Experience
-
Undefined
-
OSSM 2.2 - 1, OSSM 2.2 - 2, OSSM 2.2 - 3, OSSM 2.2 - 4, Sprint 50, Sprint 51, Sprint 52, Sprint 53
Description
Requirement
===========
Customer is requesting a feature to let them configuring an external legacy (non-istio) HTTPS proxy in the egress gateway without any configuration on the application side, so applications will use the HTTP CONNECT method to establish connections with legacy proxies.
Also, this feature has to let customers define Proxy HTTPS_PROXY, NO_PROXY and Proxy credentials for the connection from the egress instead of the application container.
Use Case
========
Applications that need to access an external service are required to connect via HTTP CONNECT to an external HTTPSproxy in order to reach external services.
Additional info
===============
There's a recommended configuration by Istio [1] but it has some important limitations:
Configuration
- Define a TCP Service Entry for the legacy HTTPS proxy.
- Set the HTTPS_PROXY and/or NO_PROXY environment variables on the application container.
Limitations
- It has to specify the IP addresses of the HTTPS proxy in the Service Entry in order to be able to connect. This is a problem if this addresses change, so no DNS resolution.
- It has to configure the HTTPS_PROXY environment variable on the application container and It requires changes on the application side, so the point here is provide a feature to let application use a proxy configured and handled by OpenShift Service Mesh.
[1] https://istio.io/v1.6/docs/tasks/traffic-management/egress/http-proxy/
Attachments
Issue Links
- is documented by
-
-
- Closed
-
