image-reflector-controller icon indicating copy to clipboard operation
image-reflector-controller copied to clipboard

Published 20 hours ago verified publisher icon fluxcd

Proxy configuration is not honored by `image-reflector-controller`

Open zzvara opened this issue 2 years ago • 2 comments

The image-reflector-controller adds the following status to an ImageRepository:

canonicalImageName: example.com/whatnot/image
  conditions:
    - lastTransitionTime: '2022-11-09T11:59:38Z'
      message: 'Get "https://example.com/v2/": context deadline exceeded'
      reason: ReconciliationFailed
      status: 'False'
      type: Ready
  observedGeneration: 1

All components within the flux-system go their proxy settings injected by kyverno as follows:

  • HTTP_PROXY
  • HTTPS_PROXY
  • NO_PROXY
  • http_proxy
  • https_proxy
  • no_proxy

The same environment variables and as they are injected, work on all other Pods, except flux Pods. For example, when called from flux controller pods, using wget example.com results in 400 Bad Request from the proxy server. Going into all flux Pods, I can confirm that env prints the proper proxy settings. This issue with wget may be related to Alpine #10446 or Docker Alpine #51.

The context deadline exceeded above may suggest that the image-reflector-controller does not use the proxy settings after all.

Does the image-reflector-controller support proxy settings? And if so, how?

(I found evidence for that in the source-controller but not here.)

zzvara avatar Nov 09 '22 14:11 zzvara

The same here, seems the wget pod using is from busybox and that version ignored the no_proxy environment variables

BarrieShieh avatar Apr 07 '23 09:04 BarrieShieh

To configure HTTP/S proxies please see https://fluxcd.io/flux/cheatsheets/bootstrap/#using-https-proxy-for-egress-traffic

stefanprodan avatar Apr 07 '23 09:04 stefanprodan