Skip to content

Commit f729006

Browse files
Ambient Code Botclaude
andcommitted
fix(control-plane): wire ProxyFromEnvironment into default HTTP transport
installServiceCAIntoDefaultTransport replaced http.DefaultTransport with a bare &http.Transport{TLSClientConfig: ...} that had no Proxy field set. Go's net/http silently ignores HTTPS_PROXY/HTTP_PROXY env vars when the transport's Proxy field is nil, causing all outbound connections to go direct instead of through the cluster egress proxy. This manifested as the OIDC token fetch to sso.redhat.com timing out after ~9 minutes (raw TCP connect timeout) despite the proxy env vars being present on the pod. Fix: set Proxy: http.ProxyFromEnvironment and restore the standard DefaultTransport dialer/timeout fields that the bare struct initializer was silently zeroing out. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
1 parent 7202c50 commit f729006

1 file changed

Lines changed: 9 additions & 0 deletions

File tree

  • components/ambient-control-plane/cmd/ambient-control-plane

components/ambient-control-plane/cmd/ambient-control-plane/main.go

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,12 @@ import (
55
"crypto/tls"
66
"crypto/x509"
77
"fmt"
8+
"net"
89
"net/http"
910
"os"
1011
"os/signal"
1112
"syscall"
13+
"time"
1214

1315
"github.com/ambient-code/platform/components/ambient-control-plane/internal/auth"
1416
"github.com/ambient-code/platform/components/ambient-control-plane/internal/config"
@@ -216,6 +218,13 @@ func loadServiceCAPool() *x509.CertPool {
216218

217219
func installServiceCAIntoDefaultTransport(pool *x509.CertPool) {
218220
http.DefaultTransport = &http.Transport{
221+
Proxy: http.ProxyFromEnvironment,
222+
DialContext: (&net.Dialer{Timeout: 30 * time.Second, KeepAlive: 30 * time.Second}).DialContext,
223+
ForceAttemptHTTP2: true,
224+
MaxIdleConns: 100,
225+
IdleConnTimeout: 90 * time.Second,
226+
TLSHandshakeTimeout: 10 * time.Second,
227+
ExpectContinueTimeout: 1 * time.Second,
219228
TLSClientConfig: &tls.Config{
220229
MinVersion: tls.VersionTLS12,
221230
RootCAs: pool,

0 commit comments

Comments
 (0)