Improve PROXY/NO_PROXY usage, populate 3 dots of DNS
Summary
To better service those customers making use of environment variables for PROXY
and NO_PROXY
, we should re-visit the populate of any host
value backed by a Service. Instead of populating just the Service name, let us populate Service.Namespace.svc
, such as gitlab-minio-svc.default.svc.
. This will provide users the ability to populate items such as .Namespace.svc
. This would align to how we're populating Gitaly instances.
Steps to reproduce
Populate *_PROXY
and attempt to populate NO_PROXY
Configuration used
global:
extraEnv:
http_proxy: 'http://some.proxy:8080'
https_proxy: 'http://some.proxy:8081'
no_proxy: '.ads.google.com,10.0.0.0/16,gitlab-minio-svc,gitlab-gitlab-shell, ...`
Current behavior
Repeated, individual entries are required to cover all inter-Pod communications that should not be proxied.
gitlab.yml
looks like:
# Consolidated object storage configuration
object_store:
enabled: true
direct_upload: true
background_upload: false
proxy_download: true
connection:
provider: AWS
region: us-east-1
host: minio.separate-containers.party
endpoint: http://gitlab-minio-svc:9000
## Registry Integration
registry:
enabled: true
host: registry.separate-containers.party
api_url: http://gitlab-registry:5000
# Gitaly Servers
repositories:
storages: # You must have at least a `default` storage path.
default:
path: /var/opt/gitlab/repo
gitaly_address: tcp://gitlab-gitaly-0.gitlab-gitaly.default:8075
Expected behavior
Configuring no_proxy
is easy, because many services can be simplified to:
global:
extraEnv:
no_proxy: '.ads.google.com,10.0.0.0/16,.gitlab.svc.'
gitlab.yml
looks like:
# Consolidated object storage configuration
object_store:
enabled: true
direct_upload: true
background_upload: false
proxy_download: true
connection:
provider: AWS
region: us-east-1
host: minio.separate-containers.party
endpoint: http://gitlab-minio-svc.default.svc:9000
## Registry Integration
registry:
enabled: true
host: registry.separate-containers.party
api_url: http://gitlab-registry.default.svc:5000
# Gitaly servers
repositories:
storages: # You must have at least a `default` storage path.
default:
path: /var/opt/gitlab/repo
gitaly_address: tcp://gitlab-gitaly-0.gitlab-gitaly.default:8075
Versions
- Chart: all as of 18d15572
Edited by Jason Plum