-
Feature Request
-
Resolution: Unresolved
-
Undefined
-
None
-
openshift-4.18, openshift-4.20
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
1. Proposed title of this feature request
Provide official support for HTTP_PROXY and HTTPS_PROXY variables
2. What is the nature and description of the request?
Currently, in order to implement proxy access one has to install Red Hat Build of Keycloak which itself has support for setting a proxy and the operator version appears intended to support the same configuration judging from the existence of the "proxy:" stanza on the "Keycloak" CRD
But for business reasons the partner (Nokia) can not use RHBK as part of their ACM deployed workload. They also can not configure a cluster-wide proxy for all traffic and wish to only direct Oauth2/OpenID connect traffic through a web proxy for online access to MS Entra while leaving the rest of the VLAN disconnected from the internet.
The source code the authentication operator appears to support these variables:
https://github.com/openshift/cluster-authentication-operator/blob/master/pkg/controllers/deployment/default_deployment.go#L146
but the goal here is to get a supported and documented solution.
3. Why does the customer need this? (List the business requirements here)
The cluster needs to generally be disconnected but redirect only OAuth2 traffic over the proxy server. They also need a configuration that would be supported by Red Hat and doesn't involve using RHBK.
4. List any affected packages or components.
OCP OAuth and OCP Authentication in general.