Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Respect HTTP proxies when rendering Guardian policy #3475

Merged
merged 3 commits into from
Sep 11, 2024
Merged

Respect HTTP proxies when rendering Guardian policy #3475

merged 3 commits into from
Sep 11, 2024

Conversation

pasanw
Copy link
Contributor

@pasanw pasanw commented Aug 23, 2024
edited
Loading

Description

The operator will inspect the tigera-guardian pod to determine if a proxy is in use, and update egress policy rules accordingly.

The proxy environment variables are read from the Guardian pod as it is expected they are injected via a mutating admission webhook on the pod spec.

The approach limits to amount of queries done for pods, in anticipation of pods no longer being cached by the operator. The query for pods is only made when the cluster-connection controller has observed a new availability condition and that condition indicates that the deployment is available.

For PR author

  • Tests for change.
  • If changing pkg/apis/, run make gen-files
  • If changing versions, run make gen-versions

For PR reviewers

A note for code reviewers - all pull requests must have the following:

  • Milestone set according to targeted release.
  • Appropriate labels:
    • kind/bug if this is a bugfix.
    • kind/enhancement if this is a a new feature.
    • enterprise if this PR applies to Calico Enterprise only.

@pasanw pasanw requested a review from a team as a code owner August 23, 2024 21:15
@marvin-tigera marvin-tigera added this to the v1.36.0 milestone Aug 23, 2024
@pasanw pasanw force-pushed the ev-5037-proxy branch 2 times, most recently from 722926e to a9b3862 Compare August 24, 2024 00:34
@pasanw pasanw force-pushed the ev-5037-proxy branch 2 times, most recently from 4be411f to 3594812 Compare September 3, 2024 19:50
rene-dekker
rene-dekker reviewed Sep 5, 2024
View reviewed changes
pkg/controller/clusterconnection/clusterconnection_controller.go
@@ -19,6 +19,12 @@ import (
"fmt"
"net"

"github.com/tigera/operator/pkg/url"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs formatting

@pasanw pasanw merged commit ec635bf into tigera:master Sep 11, 2024
5 checks passed
@pasanw pasanw deleted the ev-5037-proxy branch September 11, 2024 18:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rene-dekker rene-dekker rene-dekker left review comments

@Brian-McM Brian-McM Brian-McM approved these changes

Assignees
No one assigned
Labels
docs-pr-required release-note-required
Projects
None yet
Milestone
v1.36.0
Development

Successfully merging this pull request may close these issues.
4 participants
@pasanw @Brian-McM @rene-dekker @marvin-tigera