operator: Refactor proxy env variables (#7682)

operator/CHANGELOG.md

@@ -1,5 +1,6 @@
 ## Main
 
+- [7682](https://github.com/grafana/loki/pull/7682) **periklis**: Refactor cluster proxy to use configv1.Proxy on OpenShift
 - [7711](https://github.com/grafana/loki/pull/7711) **Red-GV**: Remove default value from replicationFactor field
 - [7617](https://github.com/grafana/loki/pull/7617) **Red-GV**: Modify ingestionRate for respective shirt size
 - [7592](https://github.com/grafana/loki/pull/7592) **aminesnow**: Update API docs generation using gen-crd-api-reference-docs

operator/apis/loki/v1/lokistack_types.go

@@ -343,13 +343,6 @@ type ClusterProxy struct {
 	// +kubebuilder:validation:optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="NoProxy"
 	NoProxy string `json:"noProxy,omitempty"`
-	// ReadVarsFromEnv defines a flag to use Operator-lib provides a helper function
-	//
-	// +optional
-	// +kubebuilder:validation:optional
-	// +kubebuilder:default:=false
-	// +operator-sdk:csv:customresourcedefinitions:type=spec,xDescriptors="urn:alm:descriptor:com.tectonic.ui:booleanSwitch",displayName="ReadVarsFromEnv"
-	ReadVarsFromEnv bool `json:"readVarsFromEnv,omitempty"`
 }
 
 // ObjectStorageTLSSpec is the TLS configuration for reaching the object storage endpoint.
@@ -698,9 +691,9 @@ type LokiStackSpec struct {
 	// Proxy defines the spec for the object proxy to configure cluster proxy information.
 	//
 	// +optional
-	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:Optional
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="Cluster Proxy"
-	Proxy *ClusterProxy `json:"proxy"`
+	Proxy *ClusterProxy `json:"proxy,omitempty"`
 
 	// ReplicationFactor defines the policy for log stream replication.
 	//

operator/bundle/manifests/loki-operator.clusterserviceversion.yaml

@@ -428,12 +428,6 @@ spec:
       - description: NoProxy configures the NO_PROXY/no_proxy env variable.
         displayName: NoProxy
         path: proxy.noProxy
-      - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a
-          helper function
-        displayName: ReadVarsFromEnv
-        path: proxy.readVarsFromEnv
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: ReplicationFactor defines the policy for log stream replication.
         displayName: Replication Factor
         path: replicationFactor
@@ -1048,7 +1042,7 @@ spec:
           resources:
           - apiservers
           - dnses
-          - proxy
+          - proxies
           verbs:
           - get
           - list

operator/bundle/manifests/loki.grafana.com_lokistacks.yaml

@@ -307,11 +307,6 @@ spec:
                   noProxy:
                     description: NoProxy configures the NO_PROXY/no_proxy env variable.
                     type: string
-                  readVarsFromEnv:
-                    default: false
-                    description: ReadVarsFromEnv defines a flag to use Operator-lib
-                      provides a helper function
-                    type: boolean
                 type: object
               replicationFactor:
                 description: ReplicationFactor defines the policy for log stream replication.

operator/config/crd/bases/loki.grafana.com_lokistacks.yaml

@@ -290,11 +290,6 @@ spec:
                   noProxy:
                     description: NoProxy configures the NO_PROXY/no_proxy env variable.
                     type: string
-                  readVarsFromEnv:
-                    default: false
-                    description: ReadVarsFromEnv defines a flag to use Operator-lib
-                      provides a helper function
-                    type: boolean
                 type: object
               replicationFactor:
                 description: ReplicationFactor defines the policy for log stream replication.

operator/config/manifests/bases/loki-operator.clusterserviceversion.yaml

@@ -283,12 +283,6 @@ spec:
       - description: NoProxy configures the NO_PROXY/no_proxy env variable.
         displayName: NoProxy
         path: proxy.noProxy
-      - description: ReadVarsFromEnv defines a flag to use Operator-lib provides a
-          helper function
-        displayName: ReadVarsFromEnv
-        path: proxy.readVarsFromEnv
-        x-descriptors:
-        - urn:alm:descriptor:com.tectonic.ui:booleanSwitch
       - description: ReplicationFactor defines the policy for log stream replication.
         displayName: Replication Factor
         path: replicationFactor

operator/config/rbac/role.yaml

@@ -57,7 +57,7 @@ rules:
   resources:
   - apiservers
   - dnses
-  - proxy
+  - proxies
   verbs:
   - get
   - list

operator/controllers/loki/lokistack_controller.go

@@ -85,7 +85,7 @@ type LokiStackReconciler struct {
 // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=alertmanagers,verbs=patch
 // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;create;update
 // +kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch;create;update
-// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers;proxy,verbs=get;list;watch
+// +kubebuilder:rbac:groups=config.openshift.io,resources=dnses;apiservers;proxies,verbs=get;list;watch
 // +kubebuilder:rbac:groups=route.openshift.io,resources=routes,verbs=get;list;watch;create;update;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to

operator/go.mod

@@ -26,7 +26,6 @@ require (
 	github.com/google/go-cmp v0.5.8
 	github.com/grafana/loki v1.6.2-0.20220718071907-6bd05c9a4399
 	github.com/openshift/library-go v0.0.0-20220622115547-84d884f4c9f6
-	github.com/operator-framework/operator-lib v0.11.0
 	github.com/prometheus/prometheus v1.8.2-0.20220303173753-edfe657b5405
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/apiserver v0.25.0

operator/go.sum

@@ -1017,8 +1017,6 @@ github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NH
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
 github.com/opentracing/opentracing-go v1.2.0 h1:uEJPy/1a5RIPAJ0Ov+OIO8OxWu77jEv+1B0VhjKrZUs=
 github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc=
-github.com/operator-framework/operator-lib v0.11.0 h1:eYzqpiOfq9WBI4Trddisiq/X9BwCisZd3rIzmHRC9Z8=
-github.com/operator-framework/operator-lib v0.11.0/go.mod h1:RpyKhFAoG6DmKTDIwMuO6pI3LRc8IE9rxEYWy476o6g=
 github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=

operator/internal/handlers/internal/openshift/proxy.go

@@ -0,0 +1,36 @@
+package openshift
+
+import (
+	"context"
+
+	lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
+	"github.com/grafana/loki/operator/internal/external/k8s"
+	configv1 "github.com/openshift/api/config/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+const proxyName = "cluster"
+
+// GetProxy returns the cluster-wide proxy configuration of OpenShift, if one is set.
+// It can also return an error.
+func GetProxy(ctx context.Context, k k8s.Client) (*lokiv1.ClusterProxy, error) {
+	key := client.ObjectKey{Name: proxyName}
+	p := &configv1.Proxy{}
+	if err := k.Get(ctx, key, p); err != nil {
+		if errors.IsNotFound(err) {
+			return nil, nil
+		}
+		return nil, err
+	}
+
+	if p.Status.HTTPProxy == "" && p.Status.HTTPSProxy == "" && p.Status.NoProxy == "" {
+		return nil, nil
+	}
+
+	return &lokiv1.ClusterProxy{
+		HTTPProxy:  p.Status.HTTPProxy,
+		HTTPSProxy: p.Status.HTTPSProxy,
+		NoProxy:    p.Status.NoProxy,
+	}, nil
+}

operator/internal/handlers/internal/openshift/proxy_test.go

@@ -0,0 +1,62 @@
+package openshift
+
+import (
+	"context"
+	"testing"
+
+	"github.com/grafana/loki/operator/internal/external/k8s/k8sfakes"
+	configv1 "github.com/openshift/api/config/v1"
+	"github.com/stretchr/testify/require"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func TestGetProxy_ReturnError_WhenOtherThanNotFound(t *testing.T) {
+	k := &k8sfakes.FakeClient{}
+
+	k.GetStub = func(_ context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error {
+		return apierrors.NewBadRequest("bad request")
+	}
+
+	_, err := GetProxy(context.TODO(), k)
+	require.Error(t, err)
+}
+
+func TestGetProxy_ReturnEmpty_WhenNotFound(t *testing.T) {
+	k := &k8sfakes.FakeClient{}
+
+	k.GetStub = func(_ context.Context, name types.NamespacedName, object client.Object, _ ...client.GetOption) error {
+		return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found")
+	}
+
+	proxy, err := GetProxy(context.TODO(), k)
+	require.NoError(t, err)
+	require.Nil(t, proxy)
+}
+
+func TestGetProxy_ReturnEnvVars_WhenProxyExists(t *testing.T) {
+	k := &k8sfakes.FakeClient{}
+
+	k.GetStub = func(_ context.Context, name types.NamespacedName, out client.Object, _ ...client.GetOption) error {
+		if name.Name == proxyName {
+			k.SetClientObject(out, &configv1.Proxy{
+				Status: configv1.ProxyStatus{
+					HTTPProxy:  "http-test",
+					HTTPSProxy: "https-test",
+					NoProxy:    "noproxy-test",
+				},
+			})
+			return nil
+		}
+		return apierrors.NewNotFound(schema.GroupResource{}, "something wasn't found")
+	}
+
+	proxy, err := GetProxy(context.TODO(), k)
+	require.NoError(t, err)
+	require.NotNil(t, proxy)
+	require.Equal(t, "http-test", proxy.HTTPProxy)
+	require.Equal(t, "https-test", proxy.HTTPSProxy)
+	require.Equal(t, "noproxy-test", proxy.NoProxy)
+}

operator/internal/handlers/lokistack_create_or_update.go

@@ -152,6 +152,17 @@ func CreateOrUpdateLokiStack(
 			if err != nil {
 				return err
 			}
+
+			if stack.Spec.Proxy == nil {
+				// If the LokiStack has no proxy set but there is a cluster-wide proxy setting,
+				// set the LokiStack proxy to that.
+				ocpProxy, proxyErr := openshift.GetProxy(ctx, k)
+				if proxyErr != nil {
+					return proxyErr
+				}
+
+				stack.Spec.Proxy = ocpProxy
+			}
 		default:
 			tenantSecrets, err = gateway.GetTenantSecrets(ctx, k, req, &stack)
 			if err != nil {
@@ -213,7 +224,6 @@ func CreateOrUpdateLokiStack(
 			ll.Error(err, "failed to check OCP AlertManager")
 			return err
 		}
-
 	}
 
 	certRotationRequiredAt := ""

operator/internal/manifests/compactor.go

@@ -43,6 +43,10 @@ func BuildCompactor(opts Options) ([]client.Object, error) {
 		}
 	}
 
+	if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return []client.Object{
 		statefulSet,
 		NewCompactorGRPCService(opts),
@@ -115,8 +119,6 @@ func NewCompactorStatefulSet(opts Options) *appsv1.StatefulSet {
 		SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile),
 	}
 
-	podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec)
-
 	if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption {
 		podSpec.Containers[0].Args = append(podSpec.Containers[0].Args,
 			fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()),

operator/internal/manifests/distributor.go

@@ -39,6 +39,10 @@ func BuildDistributor(opts Options) ([]client.Object, error) {
 		}
 	}
 
+	if err := configureProxyEnv(&deployment.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return []client.Object{
 		deployment,
 		NewDistributorGRPCService(opts),

operator/internal/manifests/indexgateway.go

@@ -43,6 +43,10 @@ func BuildIndexGateway(opts Options) ([]client.Object, error) {
 		}
 	}
 
+	if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return []client.Object{
 		statefulSet,
 		NewIndexGatewayGRPCService(opts),
@@ -115,8 +119,6 @@ func NewIndexGatewayStatefulSet(opts Options) *appsv1.StatefulSet {
 		SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile),
 	}
 
-	podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec)
-
 	if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption {
 		podSpec.Containers[0].Args = append(podSpec.Containers[0].Args,
 			fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()),

operator/internal/manifests/ingester.go

@@ -45,6 +45,10 @@ func BuildIngester(opts Options) ([]client.Object, error) {
 		}
 	}
 
+	if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return []client.Object{
 		statefulSet,
 		NewIngesterGRPCService(opts),
@@ -127,8 +131,6 @@ func NewIngesterStatefulSet(opts Options) *appsv1.StatefulSet {
 		SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile),
 	}
 
-	podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec)
-
 	if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption {
 		podSpec.Containers[0].Args = append(podSpec.Containers[0].Args,
 			fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()),

operator/internal/manifests/proxy_env.go

@@ -0,0 +1,110 @@
+package manifests
+
+import (
+	"strings"
+
+	lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
+	"github.com/imdario/mergo"
+	corev1 "k8s.io/api/core/v1"
+)
+
+const (
+	httpProxyKey  = "HTTP_PROXY"
+	httpsProxyKey = "HTTPS_PROXY"
+	noProxyKey    = "NO_PROXY"
+)
+
+var proxyEnvNames = []string{
+	httpProxyKey,
+	strings.ToLower(httpProxyKey),
+	httpsProxyKey,
+	strings.ToLower(httpsProxyKey),
+	noProxyKey,
+	strings.ToLower(noProxyKey),
+}
+
+func configureProxyEnv(pod *corev1.PodSpec, opts Options) error {
+	for _, envVar := range proxyEnvNames {
+		resetProxyVar(pod, envVar)
+	}
+
+	proxySpec := opts.Stack.Proxy
+	if proxySpec == nil {
+		return nil
+	}
+
+	src := corev1.Container{
+		Env: toEnvVars(proxySpec),
+	}
+
+	for i, dst := range pod.Containers {
+		if err := mergo.Merge(&dst, src, mergo.WithAppendSlice); err != nil {
+			return err
+		}
+		pod.Containers[i] = dst
+	}
+
+	return nil
+}
+
+func resetProxyVar(podSpec *corev1.PodSpec, name string) {
+	for i, container := range podSpec.Containers {
+		found, index := findEnvVar(name, container.Env)
+		if found {
+			podSpec.Containers[i].Env = append(podSpec.Containers[i].Env[:index], podSpec.Containers[i].Env[index+1:]...)
+		}
+	}
+}
+
+func findEnvVar(name string, envVars []corev1.EnvVar) (bool, int) {
+	for i, env := range envVars {
+		if env.Name == name || env.Name == strings.ToLower(name) {
+			return true, i
+		}
+	}
+	return false, 0
+}
+
+func toEnvVars(proxySpec *lokiv1.ClusterProxy) []corev1.EnvVar {
+	var envVars []corev1.EnvVar
+	if proxySpec.HTTPProxy != "" {
+		envVars = append(envVars,
+			corev1.EnvVar{
+				Name:  httpProxyKey,
+				Value: proxySpec.HTTPProxy,
+			},
+			corev1.EnvVar{
+				Name:  strings.ToLower(httpProxyKey),
+				Value: proxySpec.HTTPProxy,
+			},
+		)
+	}
+
+	if proxySpec.HTTPSProxy != "" {
+		envVars = append(envVars,
+			corev1.EnvVar{
+				Name:  httpsProxyKey,
+				Value: proxySpec.HTTPSProxy,
+			},
+			corev1.EnvVar{
+				Name:  strings.ToLower(httpsProxyKey),
+				Value: proxySpec.HTTPSProxy,
+			},
+		)
+	}
+
+	if proxySpec.NoProxy != "" {
+		envVars = append(envVars,
+			corev1.EnvVar{
+				Name:  noProxyKey,
+				Value: proxySpec.NoProxy,
+			},
+			corev1.EnvVar{
+				Name:  strings.ToLower(noProxyKey),
+				Value: proxySpec.NoProxy,
+			},
+		)
+	}
+
+	return envVars
+}

operator/internal/manifests/proxy_env_test.go

@@ -0,0 +1,97 @@
+package manifests
+
+import (
+	"strings"
+	"testing"
+
+	lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
+	"github.com/stretchr/testify/require"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+)
+
+func TestContainerEnvVars_ReadVarsFromCustomResource(t *testing.T) {
+	opt := Options{
+		Name:      "test",
+		Namespace: "test",
+		Image:     "test",
+		Stack: lokiv1.LokiStackSpec{
+			Size: lokiv1.SizeOneXExtraSmall,
+			Proxy: &lokiv1.ClusterProxy{
+				HTTPProxy:  "http-test",
+				HTTPSProxy: "https-test",
+				NoProxy:    "noproxy-test",
+			},
+			Template: &lokiv1.LokiTemplateSpec{
+				Compactor: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				Distributor: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				Ingester: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				Querier: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				QueryFrontend: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				Gateway: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				IndexGateway: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+				Ruler: &lokiv1.LokiComponentSpec{
+					Replicas: 1,
+				},
+			},
+		},
+	}
+
+	for _, cs := range lokiContainers(t, opt) {
+		for _, c := range cs {
+			require.Contains(t, c.Env, corev1.EnvVar{Name: httpProxyKey, Value: "http-test"},
+				"missing envVar HTTP_PROXY for: %s", c.Name)
+			require.Contains(t, c.Env, corev1.EnvVar{Name: strings.ToLower(httpProxyKey), Value: "http-test"},
+				"missing envVar http_proxy for: %s", c.Name)
+			require.Contains(t, c.Env, corev1.EnvVar{Name: httpsProxyKey, Value: "https-test"},
+				"missing envVar HTTPS_PROXY for: %s", c.Name)
+			require.Contains(t, c.Env, corev1.EnvVar{Name: strings.ToLower(httpsProxyKey), Value: "https-test"},
+				"missing envVar https_proxy for: %s", c.Name)
+			require.Contains(t, c.Env, corev1.EnvVar{Name: noProxyKey, Value: "noproxy-test"},
+				"missing envVar NO_PROXY for: %s", c.Name)
+			require.Contains(t, c.Env, corev1.EnvVar{Name: strings.ToLower(noProxyKey), Value: "noproxy-test"},
+				"missing envVar no_proxy for: %s", c.Name)
+		}
+	}
+}
+
+func lokiContainers(t *testing.T, opt Options) [][]corev1.Container {
+	db, err := BuildDistributor(opt)
+	require.NoError(t, err)
+	in, err := BuildIngester(opt)
+	require.NoError(t, err)
+	qr, err := BuildQuerier(opt)
+	require.NoError(t, err)
+	qf, err := BuildQueryFrontend(opt)
+	require.NoError(t, err)
+	cm, err := BuildCompactor(opt)
+	require.NoError(t, err)
+	ig, err := BuildIndexGateway(opt)
+	require.NoError(t, err)
+	rl, err := BuildRuler(opt)
+	require.NoError(t, err)
+
+	return [][]corev1.Container{
+		db[0].(*appsv1.Deployment).Spec.Template.Spec.Containers,
+		in[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers,
+		qr[0].(*appsv1.Deployment).Spec.Template.Spec.Containers,
+		qf[0].(*appsv1.Deployment).Spec.Template.Spec.Containers,
+		cm[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers,
+		ig[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers,
+		rl[0].(*appsv1.StatefulSet).Spec.Template.Spec.Containers,
+	}
+}

operator/internal/manifests/querier.go

@@ -44,6 +44,10 @@ func BuildQuerier(opts Options) ([]client.Object, error) {
 		}
 	}
 
+	if err := configureProxyEnv(&deployment.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return []client.Object{
 		deployment,
 		NewQuerierGRPCService(opts),
@@ -116,8 +120,6 @@ func NewQuerierDeployment(opts Options) *appsv1.Deployment {
 		SecurityContext: podSecurityContext(opts.Gates.RuntimeSeccompProfile),
 	}
 
-	podSpec = addProxyEnvVar(opts.Stack.Proxy, podSpec)
-
 	if opts.Gates.HTTPEncryption || opts.Gates.GRPCEncryption {
 		podSpec.Containers[0].Args = append(podSpec.Containers[0].Args,
 			fmt.Sprintf("-server.tls-cipher-suites=%s", opts.TLSCipherSuites()),

operator/internal/manifests/query-frontend.go

@@ -39,6 +39,10 @@ func BuildQueryFrontend(opts Options) ([]client.Object, error) {
 		}
 	}
 
+	if err := configureProxyEnv(&deployment.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return []client.Object{
 		deployment,
 		NewQueryFrontendGRPCService(opts),

operator/internal/manifests/ruler.go

@@ -51,6 +51,10 @@ func BuildRuler(opts Options) ([]client.Object, error) {
 		objs = configureRulerObjsForMode(opts)
 	}
 
+	if err := configureProxyEnv(&statefulSet.Spec.Template.Spec, opts); err != nil {
+		return nil, err
+	}
+
 	return append(objs,
 		statefulSet,
 		NewRulerGRPCService(opts),

operator/internal/manifests/var.go

@@ -3,11 +3,8 @@ package manifests
 import (
 	"fmt"
 	"path"
-	"strings"
 
-	lokiv1 "github.com/grafana/loki/operator/apis/loki/v1"
 	"github.com/grafana/loki/operator/internal/manifests/openshift"
-	"github.com/operator-framework/operator-lib/proxy"
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/labels"
@@ -531,55 +528,3 @@ func podSecurityContext(withSeccompProfile bool) *corev1.PodSecurityContext {
 
 	return &context
 }
-
-func addProxyEnvVar(clusterProxy *lokiv1.ClusterProxy, podSpec corev1.PodSpec) corev1.PodSpec {
-	if clusterProxy == nil {
-		return podSpec
-	}
-
-	podSpec = resetProxyVar(podSpec, "HTTP_PROXY")
-	podSpec = resetProxyVar(podSpec, "HTTPS_PROXY")
-	podSpec = resetProxyVar(podSpec, "NO_PROXY")
-	if clusterProxy.ReadVarsFromEnv {
-		for i, container := range podSpec.Containers {
-			podSpec.Containers[i].Env = append(container.Env, proxy.ReadProxyVarsFromEnv()...)
-		}
-	} else {
-		for i, container := range podSpec.Containers {
-			podSpec.Containers[i].Env = append(container.Env,
-				corev1.EnvVar{
-					Name:  "HTTP_PROXY",
-					Value: clusterProxy.HTTPProxy,
-				},
-				corev1.EnvVar{
-					Name:  "HTTPS_PROXY",
-					Value: clusterProxy.HTTPSProxy,
-				},
-				corev1.EnvVar{
-					Name:  "NO_PROXY",
-					Value: clusterProxy.NoProxy,
-				})
-		}
-	}
-	return podSpec
-}
-
-func resetProxyVar(podSpec corev1.PodSpec, name string) corev1.PodSpec {
-	for i, container := range podSpec.Containers {
-		found, index := getEnvVar(name, container.Env)
-		if found {
-			podSpec.Containers[i].Env = append(podSpec.Containers[i].Env[:index], podSpec.Containers[i].Env[index+1:]...)
-		}
-	}
-	return podSpec
-}
-
-// getEnvVar matches the given name with the envvar name
-func getEnvVar(name string, envVars []corev1.EnvVar) (bool, int) {
-	for i, env := range envVars {
-		if env.Name == name || env.Name == strings.ToLower(name) {
-			return true, i
-		}
-	}
-	return false, 0
-}