Add proxy support for registry cache

gardener · Oct 16, 2024 · aedc679 · aedc679
1 parent 405dc71
commit aedc679
Show file tree

Hide file tree

Showing 9 changed files with 305 additions and 8 deletions.
diff --git a/docs/usage/registry-cache/configuration.md b/docs/usage/registry-cache/configuration.md
@@ -96,6 +96,15 @@ The `providerConfig.caches[].secretReferenceName` is the name of the reference f
 > [!NOTE]
 > It is only possible to provide one set of credentials for one private upstream registry.
 
+The `providerConfig.caches[].proxy.httpProxy` field contains settings for a proxy which is used by the registry cache.
+The registry-cache extension sets this value as `HTTP_PROXY` ENV in the StatefulSet.
+
+The `providerConfig.caches[].proxy.httpsProxy` field contains settings for a proxy which is used by the registry cache.
+The registry-cache extension sets this value as `HTTPS_PROXY` ENV in the StatefulSet.
+
+The `providerConfig.caches[].proxy.noProxy` field contains settings for a proxy which is used by the registry cache.
+The registry-cache extension sets this value as `NO_PROXY` ENV in the StatefulSet.
+
 ## Garbage Collection
 
 When the registry cache receives a request for an image that is not present in its local store, it fetches the image from the upstream, returns it to the client and stores the image in the local store. The registry cache runs a scheduler that deletes images when their time to live (ttl) expires. When adding an image to the local store, the registry cache also adds a time to live for the image. The ttl defaults to `168h` (7 days) and is configurable. The garbage collection can be disabled by setting the ttl to `0s`. Requesting an image from the registry cache does not extend the time to live of the image. Hence, an image is always garbage collected from the registry cache store when its ttl expires.

diff --git a/hack/api-reference/registry.md b/hack/api-reference/registry.md
@@ -44,6 +44,61 @@ Defaults to 168h (7 days).</p>
 </tr>
 </tbody>
 </table>
+<h3 id="registry.extensions.gardener.cloud/v1alpha3.Proxy">Proxy
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#registry.extensions.gardener.cloud/v1alpha3.RegistryCache">RegistryCache</a>)
+</p>
+<p>
+<p>Proxy contains settings for a proxy used in the registry cache.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>httpProxy</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>HTTPProxy is used as HTTP_PROXY env in the StatefulSet.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>httpsProxy</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>HTTPSProxy is used as HTTPS_PROXY env in the StatefulSet.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>noProxy</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>NoProxy is used as NO_PROXY env in the StatefulSet.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="registry.extensions.gardener.cloud/v1alpha3.RegistryCache">RegistryCache
 </h3>
 <p>
@@ -129,6 +184,20 @@ string
 <p>SecretReferenceName is the name of the reference for the Secret containing the upstream registry credentials.</p>
 </td>
 </tr>
+<tr>
+<td>
+<code>proxy</code></br>
+<em>
+<a href="#registry.extensions.gardener.cloud/v1alpha3.Proxy">
+Proxy
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Proxy contains settings for a proxy used in the registry cache.</p>
+</td>
+</tr>
 </tbody>
 </table>
 <h3 id="registry.extensions.gardener.cloud/v1alpha3.RegistryCacheStatus">RegistryCacheStatus

diff --git a/pkg/apis/registry/types.go b/pkg/apis/registry/types.go
@@ -38,6 +38,8 @@ type RegistryCache struct {
 	GarbageCollection *GarbageCollection
 	// SecretReferenceName is the name of the reference for the Secret containing the upstream registry credentials
 	SecretReferenceName *string
+	// Proxy contains settings for a proxy used in the registry cache.
+	Proxy *Proxy
 }
 
 // Volume contains settings for the registry cache volume.
@@ -58,6 +60,16 @@ type GarbageCollection struct {
 	TTL metav1.Duration
 }
 
+// Proxy contains settings for a proxy used in the registry cache.
+type Proxy struct {
+	// HTTPProxy is used as HTTP_PROXY env in the StatefulSet.
+	HTTPProxy *string
+	// HTTPSProxy is used as HTTPS_PROXY env in the StatefulSet.
+	HTTPSProxy *string
+	// NoProxy is used as NO_PROXY env in the StatefulSet.
+	NoProxy *string
+}
+
 var (
 	// DefaultTTL is the default time to live of a blob in the cache.
 	DefaultTTL = metav1.Duration{Duration: 7 * 24 * time.Hour}

diff --git a/pkg/apis/registry/v1alpha3/types.go b/pkg/apis/registry/v1alpha3/types.go
@@ -43,6 +43,9 @@ type RegistryCache struct {
 	// SecretReferenceName is the name of the reference for the Secret containing the upstream registry credentials.
 	// +optional
 	SecretReferenceName *string `json:"secretReferenceName,omitempty"`
+	// Proxy contains settings for a proxy used in the registry cache.
+	// +optional
+	Proxy *Proxy `json:"proxy,omitempty"`
 }
 
 // Volume contains settings for the registry cache volume.
@@ -66,6 +69,19 @@ type GarbageCollection struct {
 	TTL metav1.Duration `json:"ttl"`
 }
 
+// Proxy contains settings for a proxy used in the registry cache.
+type Proxy struct {
+	// HTTPProxy is used as HTTP_PROXY env in the StatefulSet.
+	// +optional
+	HTTPProxy *string `json:"httpProxy"`
+	// HTTPSProxy is used as HTTPS_PROXY env in the StatefulSet.
+	// +optional
+	HTTPSProxy *string `json:"httpsProxy"`
+	// NoProxy is used as NO_PROXY env in the StatefulSet.
+	// +optional
+	NoProxy *string `json:"noProxy"`
+}
+
 var (
 	// DefaultTTL is the default time to live of a blob in the cache.
 	DefaultTTL = metav1.Duration{Duration: 7 * 24 * time.Hour}

diff --git a/pkg/apis/registry/v1alpha3/zz_generated.conversion.go b/pkg/apis/registry/v1alpha3/zz_generated.conversion.go
diff --git a/pkg/apis/registry/v1alpha3/zz_generated.deepcopy.go b/pkg/apis/registry/v1alpha3/zz_generated.deepcopy.go
diff --git a/pkg/apis/registry/zz_generated.deepcopy.go b/pkg/apis/registry/zz_generated.deepcopy.go
diff --git a/pkg/component/registrycaches/registry_caches.go b/pkg/component/registrycaches/registry_caches.go
@@ -380,6 +380,27 @@ func (r *registryCaches) computeResourcesDataForRegistryCache(ctx context.Contex
 		},
 	}
 
+	if cache.Proxy != nil {
+		if cache.Proxy.HTTPProxy != nil {
+			statefulSet.Spec.Template.Spec.Containers[0].Env = append(statefulSet.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "HTTP_PROXY",
+				Value: *cache.Proxy.HTTPProxy,
+			})
+		}
+		if cache.Proxy.HTTPSProxy != nil {
+			statefulSet.Spec.Template.Spec.Containers[0].Env = append(statefulSet.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "HTTPS_PROXY",
+				Value: *cache.Proxy.HTTPSProxy,
+			})
+		}
+		if cache.Proxy.NoProxy != nil {
+			statefulSet.Spec.Template.Spec.Containers[0].Env = append(statefulSet.Spec.Template.Spec.Containers[0].Env, corev1.EnvVar{
+				Name:  "NO_PROXY",
+				Value: *cache.Proxy.NoProxy,
+			})
+		}
+	}
+
 	var vpa *vpaautoscalingv1.VerticalPodAutoscaler
 	if r.values.VPAEnabled {
 		updateMode := vpaautoscalingv1.UpdateModeAuto