[Ingest Manager] Use optional registryProxyUrl setting when contacting Registry
#78648
Conversation
There was a problem hiding this comment.
Change LGTM. One part I was wondering is we need to support an HTTP Proxy?
Happy to get this in as is as the most important part first is that it does not break any existing setup. As long as no environment variables are set, it seems to be the exact same options as before so we should be fine here.
We need to follow up with the config options in the yaml file and docs on this.
@EricDavisX Could you help test this as soon as it got merged.
x-pack/plugins/ingest_manager/server/services/epm/registry/requests.ts
Outdated
Show resolved
Hide resolved
|
@jfsiii We should document that feature. |
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
|
@elasticmachine merge upstream |
jfsiii
changed the title
|
@elasticmachine merge upstream |
|
ping @spalger for |
|
@jfsiii I would use If you'd like to take a stab at writing public docs, you can open a PR in observability-docs or file an issue in there. |
|
@elasticmachine merge upstream |
|
@kobelb Just to clarify the intend of you comment, you are suggesting to block this change and that we do no allow users to use environment variables and instead make an explicit choice to use configuration options in the yaml instead? This seems weird to me, just to the nature of _HTTP(S)PROXY variables and expectations. WhereI think the expectation would be the following.
This would align with other Elastic products like beats. |
Correct.
So you're suggesting that when the |
Yes they can via set it via I'd like to highlight that this PR only adds the proxy information to the outbound request from Kibana server to the Registry server. Communication with ES is via the Saved Object & legacy ES clients from the core context and is unaffected. In my view, we're trying to be good citizens and respect the intentional & low-level settings the user has made. If the user sets a If the user sets both a proxy URL and a registry URL, but doesn't want the registry request to be proxied, there are ways to specify that using the environment variables like The original issue #70710 shows the user doing something like this by combining a few of the variables together to specify "All requests (except this list) should go through proxy" We use The library has a nice test suite which covers a host of combinations. |
|
@kobelb Our posts crossed but I think I answered your questions with mine. Just in case:
This PR only adds the proxy info for Kibana's outbound request to EPR. None of the communication with ES is affected.
only requests to EPR are involved. The function makes no distinction between public/private internet. Merely "does given URL need to be proxied based on these system-level rules". The interaction between the variables isn't a formal spec but it's a strong convention and widely supported. |
|
I was previously unaware of the behavior of the NO_PROXY environment variable, that does change some of my concerns. Thanks for bringing that to my attention @jfsiii. However, there is a de-facto standard within Kibana that proxy servers should be configured using I do think it's worth-while to have a broader discussion about whether or not Kibana, and potentially the entire Stack, should respect the It's worth noting that ES does not support these environment variables because they are not standard for the Java ecosystem. There's some discussion about this here. We've recently changed our attitude and no longer expect users to know that Elasticsearch is built in Java, or that Kibana is built in Node, so it's worth re-evaluating the justification. |
|
Looking at the discussion, as much as I would like to fix that quickly for our users, I do understand the concerns of @kobelb for changing the behavior like this, even if I think its was right behavior to do. I would prefer we do not change the behavior of kibana. @jfsiii Can you look into adding settings in the kibana.yml file to support that behavior and remove environment handling? @kobelb Concerning the environment variables, I think this fall into platform and should be tracked on your side. WDYT? |
|
@ph I totally agree and remaining consistent (config values) was always the plan #78968. This PR used the env variables in an attempt to merge something that would allow testing/feedback ahead of FF while we sorted out the config name and any other items. That window has closed and FF is tomorrow, so I'll add the config value and resubmit. I'll update the description and #78968 but I'm going to use |
|
@elasticmachine merge upstream |
jfsiii
changed the title
xpack.fleet.registryProxyUrl when contacting Registry
jfsiii
changed the title
xpack.fleet.registryProxyUrl when contacting RegistryregistryProxyUrl setting when contacting Registry
|
This will fail until #79724 is in main. Will update ASAP |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]distributable file count
History
To update your PR or re-run it, just comment with: |
…ing Registry (#78648) (#79758) ## Summary If given a `xpack.fleet.registryProxyUrl` setting, Package Manager will use it when contacting the Registry. This only affects the outbound connection Package Manager makes to the Registry to search for available packages, download assets, etc. ### Configuration <details><summary><strike>Initial PR: common environment variables</strike></summary> <p>Currently the value must come from a <a href="https://github.com/Rob--W/proxy-from-env#environment-variables">list of popular environment variables</a> which include <code>ALL_PROXY</code>, <code>HTTPS_PROXY</code>, lowercase versions of those, and many more.</p> <p>Start kibana with a proxy set in an environment variable like: <code>HTTPS_PROXY=https://localhost:8443 yarn start</code></p> </details> _update_ based on discussion in the comments, the initial environment variables approach was removed in favor of `xpack.ingestManager.registryProxyUrl` #### see #78968 for additional configuration coming later ### Checklist - [ ] ~~[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials.~~ Created #78961 to track - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Created #78968 to track the additional configuration work refs #70710
Summary
If given a
xpack.fleet.registryProxyUrlsetting, Package Manager will use it when contacting the Registry. This only affects the outbound connection Package Manager makes to the Registry to search for available packages, download assets, etc.Configuration
Initial PR: common environment variablesCurrently the value must come from a list of popular environment variables which include
ALL_PROXY,HTTPS_PROXY, lowercase versions of those, and many more.Start kibana with a proxy set in an environment variable like:
HTTPS_PROXY=https://localhost:8443 yarn startupdate based on discussion in the comments, the initial environment variables approach was removed in favor of
xpack.ingestManager.registryProxyUrlsee #78968 for additional configuration coming later
Checklist
Documentation was added for features that require explanation or tutorials.Created [Ingest Manager] Document proxy feature from #78648 #78961 to trackCreated #78968 to track the additional configuration work
refs #70710