Merge pull request #57402 from xenolinux/EDNS-cluster-wide-proxy

mburke5678 · web-flow · commit 859621ef96ee · 2023-03-29T09:26:04.000-04:00
OCPBUGS#10545: Configuring cluster wide proxy on the External DNS Operator
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -1160,6 +1160,8 @@ Topics:
     File: nw-creating-dns-records-on-gcp
   - Name: Creating DNS records on a public DNS zone for Infoblox
     File: nw-creating-dns-records-on-infoblox
+  - Name: Configuring the cluster-wide proxy on the External DNS Operator
+    File: nw-configuring-cluster-wide-egress-proxy
 - Name: Network policy
   Dir: network_policy
   Topics:
diff --git a/modules/configuring-egress-proxy-edns-operator.adoc b/modules/configuring-egress-proxy-edns-operator.adoc
@@ -0,0 +1,47 @@
+// Module included in the following assemblies:
+//
+// * networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc
+
+:_content-type: PROCEDURE
+[id="nw-configuring-cluster-wide-proxy_{context}"]
+= Configuring the External DNS Operator to trust the certificate authority of the cluster-wide proxy
+
+You can configure the External DNS Operator to trust the certificate authority of the cluster-wide proxy.
+
+.Procedure
+
+. Create the config map to contain the CA bundle in the `external-dns-operator` namespace by running the following command:
++
+[source,terminal]
+----
+$ oc -n external-dns-operator create configmap trusted-ca
+----
+
+. To inject the trusted CA bundle into the config map, add the `config.openshift.io/inject-trusted-cabundle=true` label to the config map by running the following command:
++
+[source,terminal]
+----
+$ oc -n external-dns-operator label cm trusted-ca config.openshift.io/inject-trusted-cabundle=true
+----
+
+. Update the subscription of the External DNS Operator by running the following command:
++
+[source,terminal]
+----
+$ oc -n external-dns-operator patch subscription external-dns-operator --type='json' -p='[{"op": "add", "path": "/spec/config", "value":{"env":[{"name":"TRUSTED_CA_CONFIGMAP_NAME","value":"trusted-ca"}]}}]'
+----
+
+.Verification
+
+* After the deployment of the External DNS Operator is completed, verify that the trusted CA environment variable is added to the `external-dns-operator` deployment by running the following command:
++
+[source,terminal]
+----
+$ oc -n external-dns-operator exec deploy/external-dns-operator -c external-dns-operator -- printenv TRUSTED_CA_CONFIGMAP_NAME
+----
++
+.Example output
+[source,terminal]
+----
+trusted-ca
+----
diff --git a/networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc b/networking/external_dns_operator/nw-configuring-cluster-wide-egress-proxy.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="external-dns-operator-cluster-wide-proxy"]
+= Configuring the cluster-wide proxy on the External DNS Operator
+include::_attributes/common-attributes.adoc[]
+:context: external-dns-operator-cluster-wide-proxy
+
+toc::[]
+
+You can configure the cluster-wide proxy in the External DNS Operator. After configuring the cluster-wide proxy in the External DNS Operator, Operator Lifecycle Manager (OLM) automatically updates all the deployments of the Operators with the environment variables such as `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`.
+
+include::modules/configuring-egress-proxy-edns-operator.adoc[leveloffset=+1]
