Cert-manager: Allow setting http_proxy and https_proxy in cert-manager deployment

Does setting http_proxy and https_proxy environment variables on the
cert-manager deployment work?

If so, we can expose these options in the Helm chart in future.
On Sun, 11 Feb 2018 at 22:41, Simon Boussekeyt notifications@github.com
wrote:

Hello,

My cluster is behind a proxy.

So i have the following error:
Error initializing issuer: Get
https://acme-staging.api.letsencrypt.org/directory: dial tcp
23.206.25.158:443: i/o timeout
ErrVerifyACMEAccount 11m (x17 over 27m) cert-manager-controller Failed to
verify ACME account: Get
https://acme-staging.api.letsencrypt.org/directory: dial tcp
23.206.25.158:443: i/o timeout

Is possible to set the proxy address somewhere ?

Best regards,
Simon

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
https://github.com/jetstack/cert-manager/issues/310, or mute the thread
https://github.com/notifications/unsubscribe-auth/AAMbP3BRreHfJ_UNzl8m_qqKc3VVPSB1ks5tT2x-gaJpZM4SBizK
.

Thanks for your help!

I added them (directly in the container). Il changed nothing, but i think a service restart is required to take vars in account.

So i am not sure.

Yep you'll need to edit the deployment and allow kubernetes to restart the
pod. A simple export within a running container will only effect
subprocesses of your current shell.
On Sun, 11 Feb 2018 at 22:57, Simon Boussekeyt notifications@github.com
wrote:

Thanks for your help!

I added them (directly in the container). Il changed nothing, but i think
a service restart is required to take vars in account.

So i am not sure.

—
You are receiving this because you commented.

Reply to this email directly, view it on GitHub
https://github.com/jetstack/cert-manager/issues/310#issuecomment-364797991,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAMbPzblF2f12L0SeMwCBHv0wGkXtGBeks5tT3BJgaJpZM4SBizK
.

Hello,

Sorry for the delay, i am newbie in kubernetess. I have managed to add both http_proxy env vars.

It works !!!

Thanks you,

Simon

Awesome! Glad you've got it working 😄

Will you add these feature ?

Thanks again for your help!

Ah yeah, sorry I've closed this too soon!

We should expose this option via the helm chart 😄 adding to 0.3 milestone.

Hello,

In fact, i am not sure all is right with proxy.

The certificate generation logs:

  Normal   PrepareCertificate     1m                cert-manager-controller  Preparing certificate with issuer
  Normal   PresentChallenge       1m                cert-manager-controller  Presenting http-01 challenge for domain mydomain.com
  Normal   SelfCheck              1m                cert-manager-controller  Performing self-check for domain mydomain.com

Is there a http request during this step (self-check) ?

Sorry for come back.

Simon

It's ok now. Some http request was redirected to proxy. I have added no_proxy env var.

Could you also add this var please ?

@munnerz hey! when are you planning to release v0.3? I see you have already released alpha version. I want to use this for our k8s cluster.

@sboussekeyt hey, can you please help me with the setup you did to make this work? I couldn't really figure it out from your comments.

@sboussekeyt would you be able to share your complete working config? I can then use that as a basis for determining what I should expose via the Helm chart in order to make it possible for others to do the same 😄

Hello,
I have found that in values.yaml it should be https_proxy in comments. Now http_proxy has two lines.
https://github.com/jetstack/cert-manager/blob/33f18811909bdd08d39fd8aa3f016734d1393d18/deploy/charts/cert-manager/values.yaml#L169