From d73bfb9d867ffc2a448baef54e18c4793e160b06 Mon Sep 17 00:00:00 2001 From: Praveen Kumar Date: Thu, 4 Jun 2026 13:24:04 +0530 Subject: [PATCH] Add optional cluster-wide proxy support for snc.sh Allow provisioning behind an HTTP/HTTPS proxy via SNC_USE_PROXY, SNC_HTTP_PROXY, and SNC_HTTPS_PROXY. When enabled, patch install-config with proxy URLs and a noProxy list that includes the internal API (api-int..) plus standard cluster-local entries. --- README.md | 13 +++++++++++++ snc-library.sh | 17 ++++++++++++++++- snc.sh | 4 ++++ 3 files changed, 33 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 333b9b39..b98ddc40 100644 --- a/README.md +++ b/README.md @@ -83,4 +83,17 @@ SNC_GENERATE_MACOS_BUNDLE : if set to 0, bundle generation for MacOS is disabled SNC_GENERATE_WINDOWS_BUNDLE : if set to 0, bundle generation for Windows is disabled, any other value will enable it. SNC_GENERATE_LINUX_BUNDLE : if set to 0, bundle generation for Linux is disabled, any other value will enable it. +SNC_USE_PROXY : set to `enabled` to configure cluster-wide proxy in install-config (default: `disabled`). +SNC_HTTP_PROXY : HTTP proxy URL (required when `SNC_USE_PROXY=enabled`). +SNC_HTTPS_PROXY : HTTPS proxy URL (required when `SNC_USE_PROXY=enabled`). + +Example: + +```bash +export SNC_USE_PROXY=enabled +export SNC_HTTP_PROXY=http://proxy.example.com:8080 +export SNC_HTTPS_PROXY=http://proxy.example.com:8080 +./snc.sh +``` + Please note the SNC project is “as-is” on this Github repository. At this time, it is not an offically supported Red Hat solution. diff --git a/snc-library.sh b/snc-library.sh index 1f8c3d11..17723cf7 100755 --- a/snc-library.sh +++ b/snc-library.sh @@ -113,6 +113,22 @@ function replace_pull_secret() { set -x } +function configure_install_config_proxy() { + local install_config=$1 + if [[ ${SNC_USE_PROXY} != "enabled" ]]; then + return 0 + fi + if [[ -z "${SNC_HTTP_PROXY}" || -z "${SNC_HTTPS_PROXY}" ]]; then + echo "SNC_USE_PROXY=enabled requires SNC_HTTP_PROXY and SNC_HTTPS_PROXY" + exit 1 + fi + local api_int="api-int.${SNC_PRODUCT_NAME}.${BASE_DOMAIN}" + local no_proxy="localhost,.cluster.local,.svc,127.0.0.1,${api_int}" + ${YQ} eval --inplace ".proxy.httpProxy = \"${SNC_HTTP_PROXY}\"" "${install_config}" + ${YQ} eval --inplace ".proxy.httpsProxy = \"${SNC_HTTPS_PROXY}\"" "${install_config}" + ${YQ} eval --inplace ".proxy.noProxy = \"${no_proxy}\"" "${install_config}" +} + function create_json_description { local bundle_type=$1 sncGitHash=$(git describe --abbrev=4 HEAD 2>/dev/null || git rev-parse --short=4 HEAD) @@ -274,4 +290,3 @@ function wait_till_cluster_stable() { # Wait till all the pods are either running or complete state retry all_pods_are_running_completed "${ignoreNamespace}" } - diff --git a/snc.sh b/snc.sh index b547dcfa..9e45e001 100755 --- a/snc.sh +++ b/snc.sh @@ -34,6 +34,9 @@ SCP="scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i id_ecdsa MIRROR=${MIRROR:-https://mirror.openshift.com/pub/openshift-v4/$ARCH/clients/ocp} CERT_ROTATION=${SNC_DISABLE_CERT_ROTATION:-enabled} USE_PATCHED_RELEASE_IMAGE=${SNC_USE_PATCHED_RELEASE_IMAGE:-disabled} +SNC_USE_PROXY=${SNC_USE_PROXY:-disabled} +SNC_HTTP_PROXY=${SNC_HTTP_PROXY:-} +SNC_HTTPS_PROXY=${SNC_HTTPS_PROXY:-} HTPASSWD_FILE='users.htpasswd' run_preflight_checks ${BUNDLE_TYPE} @@ -134,6 +137,7 @@ ${YQ} eval --inplace ".baseDomain = \"${BASE_DOMAIN}\"" ${INSTALL_DIR}/install-c ${YQ} eval --inplace ".metadata.name = \"${SNC_PRODUCT_NAME}\"" ${INSTALL_DIR}/install-config.yaml replace_pull_secret ${INSTALL_DIR}/install-config.yaml ${YQ} eval ".sshKey = \"$(cat id_ecdsa_crc.pub)\"" --inplace ${INSTALL_DIR}/install-config.yaml +configure_install_config_proxy ${INSTALL_DIR}/install-config.yaml # Create the manifests using the INSTALL_DIR OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=$OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE ${OPENSHIFT_INSTALL} --dir ${INSTALL_DIR} create manifests