-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VSO Proxy Support #638
Comments
Hi @hinrichd, Thank you for the detailed report. I see two issues here.
I took a closer look at the code and did some internal testing, and it seems setting HTTPS_PROXY (lower or upper case) is being honoured. So more than likely the issue is related to the permission settings on the HCP Vault Secrets side not matching what you have in your service principal credentials. You will want to verify those credentials match the OrganizationID/ProjectID configured on your HCPAuth. Also, just be aware that the approach you are taking by setting the proxy globally for VSO, may cause some unexpected behaviour. Ideally, VSO would support granular proxy configuration on the HCPAuth or VaultConnection custom resources. We will probably add support for that use case in a future VSO release. Ben |
Hi @benashz Thank you for pointing out some details to my related problem. I could solve it now by changing the sp permissions. THX |
Describe the bug
When using vso on an onpremise cluster behind a proxy, vso do not use the proxy varibales from extraEnv to lookup and connect to Hashicorp Vault Secrets. Connection Test fails due to lookup on KubenDNS and not using proxy.
To Reproduce
Steps to reproduce the behavior:
helm install vault-secrets-operator hashicorp/vault-secrets-operator -f values.yaml
"error": "connection check failed, err=dial tcp: lookup api.cloud.hashicorp.com on 10.200.X.X53: server misbehaving"
Lookup using internal kubedns and not using proxy, so it will fail.
Environment
Thank You for your help.
The text was updated successfully, but these errors were encountered: