About the egress proxy for the External Secrets Operator for Red Hat OpenShift

If a cluster-wide egress proxy is configured in OpenShift Container Platform, Operator Lifecycle Manager (OLM) automatically configures Operators that it manages with the cluster-wide proxy. OLM automatically updates all of the Operator’s deployments with the HTTP_PROXY, HTTPS_PROXY, NO_PROXY environment variables.

Configuring the egress proxy for the External Secrets Operator for Red Hat OpenShift

The egress proxy can be configured in the ExternalSecretsConfig or the ExternalSecretsManager custom resource (CR). The Operator and the operand make use of the OpenShift Container Platform supported certificate authority (CA) bundle for the proxy validations.

Prerequisites

• You have access to the cluster as a user with the cluster-admin role.

• You have created the ExternalSecretsConfig custom CR.

Procedure

• To set the proxy in the ExternalSecretsConfig resource, perform the following steps:

  1. Edit the ExternalSecretsConfig resource by running the following command:

     $ oc edit externalsecretsconfigs.operator.openshift.io cluster

  2. Edit the spec.appConfig.proxy section to set the proxy values as follows:

     apiVersion: operator.openshift.io/v1alpha1
     kind: ExternalSecretsConfig
     ...
     spec:
       appConfig:
         proxy:
           httpProxy: <http_proxy>
           httpsProxy: <https_proxy>
           noProxy: <no_proxy>

     where:

     <http_proxy>

     Specifies the proxy URL for the http requests.

     <https_proxy>

     Specifies the proxy URL for the https requests.

     <no_proxy>

     Specifies a comma-separated list of hostnames, CIDRs, IPs or a combination of these, for which the proxy should not be used.

• To set the proxy in the ExternalSecretsManager CR, perform the following steps.

  1. Edit the ExternalSecretsManager CR by running the following command:

     $ oc edit externalsecretsmanagers.operator.openshift.io cluster

  2. Edit the spec.globalConfig.proxy section to set the proxy values as follows:

     apiVersion: operator.openshift.io/v1alpha1
     kind: ExternalSecretsManager
     ...
     spec:
       globalConfig:
         proxy:
           httpProxy: <http_proxy>
           httpsProxy: <https_proxy>
           noProxy: <no_proxy>

where:

<http_proxy>

Specifies the proxy URL for the http requests.

<https_proxy>

Proxy URL for the https requests.

<no_proxy>

Comma-separated list of hostnames, CIDRs, IPs or a combination of these for which the proxy should not be used.

Additional resources

• Configuring proxy support in Operator Lifecycle Manager