Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy configuration is not applied before SAML setup -- breaks deployment #1183

Open
rajali opened this issue Aug 29, 2024 · 0 comments
Open

Proxy configuration is not applied before SAML setup -- breaks deployment #1183

rajali opened this issue Aug 29, 2024 · 0 comments
Labels
bug Something isn't working

Comments

@rajali
Copy link

rajali commented Aug 29, 2024

Describe the bug

  • proxy configuration does not get applied before SAML plugin tries to connect to external IDP url.
  • I have to comment out SAML configuration to let proxy applied then re-apply the config update for SAML to work
  • this is not an issue when the instance is always running, it becomes an issue when the Kubernetes cluster nodes scale-down and scale-up (which is done daily).

Version of Helm and Kubernetes

- Helm: v3.15.1
- Kubernetes: 1.28.10

Chart version

5.1.4

What happened?

1.On fresh install of helm chart with the above proxy and saml configuration, the deployment fails as the Idp url is not accessible.
2.When SAML config is commented the deployment completes and proxy configured.
3.On update of chart with SAML config uncommented the SSO starts working.
4.The issue triggers again, when the K8s cluster nodes go through a scale down/up cycle.
...

What you expected to happen?

  • I want the configuration to persist
  • where proxy is always setup first before any external connectivity is performed

How to reproduce it

controller:
  initContainerEnv:
    - name: http_proxy
      value: "http://192.168.64.1:3128"
    - name: https_proxy
      value: "http://192.168.64.1:3128"
    - name: no_proxy
      value: ""
    - name: JAVA_OPTS
      value: "-Dhttps.proxyHost=proxy_host_name_without_protocol -Dhttps.proxyPort=3128 - Dhttp.noProxyHosts=''"
  containerEnv:
    - name: http_proxy
      value: "http://192.168.64.1:3128"
    - name: https_proxy
      value: "http://192.168.64.1:3128"

  JCasC:
    configScripts:
      jenkins-casc: |-
        jenkins:
          globalNodeProperties:
            - envVars:
                env:
                  - key: "PROXY_HOST"
                    value: ${proxy_host}
                  - key: "PROXY_PORT"
                    value: ${proxy_port}
          proxy:
            name: ${proxy_host}
            noProxyHost: ${no_proxy}
            port: ${port}
            testUrl: "https://google.com"

    securityRealm: |-
      saml:
        idpMetadataConfiguration:
          period: 10
          url: ${idpMetadataUrl}
       # rest of the saml config here


### Anything else we need to know?

_No response_
@rajali rajali added the bug Something isn't working label Aug 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rajali