Workaround for Proxy Issues with Git Repo SSH Endpoint in cos-configuration-k8s-operator

The Problem: cos-configuration-k8s-operator and SSH Git Proxies

When working with the cos-configuration-k8s-operator (version 3.5.0, observed on microk8s with cos-lite), users might encounter an issue where proxies are not respected when the git_repo configuration uses an SSH endpoint. Even with JUJU_HTTP_PROXY and JUJU_HTTPS_PROXY environment variables correctly set, the git-sync process within the operator fails to utilize these proxies for SSH-based Git operations. This can lead to failures when the operator attempts to clone repositories in environments requiring proxy access.

This issue was reported in canonical/cos-configuration-k8s-operator#119.

The Workaround: Manual SSH Config within git-sync Container

Until a permanent fix is implemented, a temporary workaround involves manually configuring the SSH client within the git-sync container to use the desired proxy. This can be achieved by modifying the /root/.ssh/config file inside the git-sync container.

Here’s an example of how you might add proxy configuration to your SSH config:

Host *
    ProxyCommand nc -X connect -x YOUR_PROXY_HOST:YOUR_PROXY_PORT %h %p

Note:

Seeking a Permanent Solution

The ideal solution would involve the cos-configuration-k8s-operator or the underlying git-sync tool to natively support proxy configuration for both HTTPS and SSH Git endpoints, respecting standard proxy environment variables. The GitHub issue linked above is tracking this feature request and bug fix. Users affected by this issue are encouraged to follow and contribute to the discussion on the GitHub issue.