Skip to content

operator: bypass ansible-operator proxy for Helm deployments#633

Merged
fmuyassarov merged 1 commit intocontainers:mainfrom
Nordix:fixes/operator-proxy
Feb 20, 2026
Merged

operator: bypass ansible-operator proxy for Helm deployments#633
fmuyassarov merged 1 commit intocontainers:mainfrom
Nordix:fixes/operator-proxy

Conversation

@fmuyassarov
Copy link
Collaborator

@fmuyassarov fmuyassarov commented Feb 18, 2026
edited
Loading

Fixes the broken operator and allow it to install template plugin as well.

@fmuyassarov fmuyassarov force-pushed the fixes/operator-proxy branch 4 times, most recently from 2baea23 to c770c5f Compare February 19, 2026 12:52
@fmuyassarov fmuyassarov marked this pull request as ready for review February 19, 2026 12:53
@fmuyassarov
Copy link
Collaborator Author

fmuyassarov commented Feb 19, 2026

For a quick test:

make -C deployment/operator docker-build docker-push IMAGE="ttl.sh/nri-plugins-operator:unstable"
make -C deployment/operator deploy IMAGE="ttl.sh/nri-plugins-operator:unstable"

Install a plugin

apiVersion: config.nri/v1alpha1
kind: NriPluginDeployment
metadata:
  name: nriplugindeployment-sample
  namespace: nri-plugins-operator-system
spec:
  pluginName: balloons
  pluginVersion: "v0.12.0"
  state: present
  values:
    nri:
      plugin:
        index: 90                       # optional
      runtime:
        config:                         # optional
          pluginRegistrationTimeout: 5s
          pluginRequestTimeout: 2s
    tolerations:
      - key: "node-role.kubernetes.io/control-plane"
        operator: "Exists"
        effect: "NoSchedule"

askervin
askervin approved these changes Feb 20, 2026
View reviewed changes
Copy link
Collaborator

@askervin askervin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@klihub klihub mentioned this pull request Feb 20, 2026
Closed
@fmuyassarov
fix(operator): clear kubeconfig env vars to bypass ansible-operator p…
6311e4b 
…roxy

Clear KUBECONFIG and K8S_AUTH_KUBECONFIG environment variables in helm
tasks to prevent routing through the ansible-operator proxy.

The proxy at localhost:8888 intercepts Kubernetes API calls and attempts
to deserialize request bodies as JSON. Helm's release metadata is stored
as gzip-compressed binary data, causing deserialization to fail and the
proxy to reject requests with "server rejected our request for an unknown
reason".

Clearing these variables forces the helm module to use in-cluster
authentication with the pod's ServiceAccount token, bypassing the proxy
entirely.

Signed-off-by: Feruzjon Muyassarov <feruzjon.muyassarov@est.tech>
@fmuyassarov
Copy link
Collaborator Author

fmuyassarov commented Feb 20, 2026

Let me try to merge, to check if I can reproduce the issue.

@fmuyassarov fmuyassarov merged commit 5e40f31 into containers:main Feb 20, 2026
9 checks passed
@fmuyassarov fmuyassarov deleted the fixes/operator-proxy branch February 20, 2026 19:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@askervin askervin askervin approved these changes

@klihub klihub klihub approved these changes

@kad kad Awaiting requested review from kad

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fmuyassarov @askervin @klihub