Container Scanning doesn't work behind a proxy
Summary
Container Scanning is failing when proxy is used.
Steps to reproduce
- Use a Proxy
- Set the
HTTP_PROXY
to its address - Run the Container Scanning job
Example Project
N/A
What is the current bug behavior?
Container Scanning is failing because clair-local-scan
needs to hit the local clair scanner.
But it's sharing the same env vars, so it will try to access it through the proxy.
The proxy doesn't know how to route to the clair server, and the job fails.
What is the expected correct behavior?
- clair can download the new signatures via the proxy
- clair-local-scan can access the clair server
Relevant logs and/or screenshots
See https://gitlab.com/gitlab-org/gitlab-ee/issues/10241
Possible fixes
Disable the proxy for clair-local-scan.