Skip to content

feat: add coding-agent egress proxy sidecar support#306

Open
archf wants to merge 1 commit into
mainfrom
feature/add-coding-agent-sidecar-proxy
Open

feat: add coding-agent egress proxy sidecar support#306
archf wants to merge 1 commit into
mainfrom
feature/add-coding-agent-sidecar-proxy

Conversation

@archf

@archf archf commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

Tophatting

Opslevel-Runner logs

[...]
17:32:46  coding-agent | 5:32PM INF job started job_id=coding-agent-proxy-test-1783114365 runner=faktory
17:32:46  coding-agent | 5:32PM DBG job input received commands=["sleep 41"] files=0 image=nicolaka/netshoot:latest job_id=coding-agent-proxy-test-1783114365 namespace=default runner=faktory variables=2
17:32:46  coding-agent | 5:32PM TRC Starting log streamer ... runner=faktory
17:32:46  coding-agent | 5:32PM DBG creating resource data_keys=[] immutable=true job_id=coding-agent-proxy-test-1783114365 kind=ConfigMap name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:32:46  coding-agent | 5:32PM DBG created resource job_id=coding-agent-proxy-test-1783114365 kind=ConfigMap name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:32:46  coding-agent | 5:32PM DBG creating resource job_id=coding-agent-proxy-test-1783114365 kind=PodDisruptionBudget max_unavailable=0 name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory selector=app.kubernetes.io/instance=opslevel-job-coding-agent-proxy-test-1783114365-1783114366,app.kubernetes.io/managed-by=runner-faktory
17:32:46  coding-agent | 5:32PM DBG created resource job_id=coding-agent-proxy-test-1783114365 kind=PodDisruptionBudget name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:32:46  coding-agent | 5:32PM DBG creating resource containers=1 cpu_limit=1 cpu_request=50m env_count=5 image=nicolaka/netshoot:latest init_container_names=["helper","squid"] init_containers=2 job_id=coding-agent-proxy-test-1783114365 kind=Pod mem_limit=1Gi mem_request=32Mi name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default privileged=true restart_policy=Never runner=faktory volume_count=4
17:32:46  coding-agent | 5:32PM DBG created resource job_id=coding-agent-proxy-test-1783114365 kind=Pod name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:32:46  coding-agent | 5:32PM DBG waiting for pod job_id=coding-agent-proxy-test-1783114365 kind=Pod name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory timeout_seconds=900
17:32:51  coding-agent | 5:32PM DBG pod ready duration_ms=5005 job_id=coding-agent-proxy-test-1783114365 kind=Pod name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:32:51  coding-agent | 5:32PM DBG execing pod container=job job_id=coding-agent-proxy-test-1783114365 kind=Pod name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:32:51  coding-agent | 5:32PM TRC exec request job_id=coding-agent-proxy-test-1783114365 namespace=default runner=faktory url=https://127.0.0.1:51687/api/v1/namespaces/default/pods/opslevel-job-coding-agent-proxy-test-1783114365-1783114366/exec?command=%2Fbin%2Fsh&command=-e&command=-c&command=mkdir+-p+%2Fjobs%2Fcoding-agent-proxy-test-1783114365%3B%0Acd+%2Fjobs%2Fcoding-agent-proxy-test-1783114365%3B%0Aset+-xv%3B%0Asleep+41&container=job&container=job&stderr=true&stdout=true&timeout=1m0s
17:32:51  coding-agent | 5:32PM TRC Shipping logs because its the first line ... runner=faktory
17:33:32  coding-agent | 5:33PM DBG pod exec complete duration_ms=41057 job_id=coding-agent-proxy-test-1783114365 kind=Pod name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:33:32  coding-agent | 5:33PM DBG deleting resource job_id=coding-agent-proxy-test-1783114365 kind=PodDisruptionBudget name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:33:32  coding-agent | 5:33PM DBG deleted resource job_id=coding-agent-proxy-test-1783114365 kind=PodDisruptionBudget name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:33:32  coding-agent | 5:33PM DBG deleting resource job_id=coding-agent-proxy-test-1783114365 kind=ConfigMap name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:33:32  coding-agent | 5:33PM DBG deleted resource job_id=coding-agent-proxy-test-1783114365 kind=ConfigMap name=opslevel-job-coding-agent-proxy-test-1783114365-1783114366 namespace=default runner=faktory
17:33:32  coding-agent | 5:33PM TRC Starting log streamer flush ... runner=faktory
17:33:32  coding-agent | 5:33PM TRC Finished log streamer flush ... runner=faktory
17:33:32  coding-agent | 5:33PM TRC Shutting down log streamer ... runner=faktory
17:33:32  coding-agent | 5:33PM TRC Flushing log processors ... runner=faktory

Test

> tests/enqueue-coding-agent-job.sh
Applying squid-config ConfigMap...
configmap/squid-config unchanged
Deleting dangling coding-agent pods...
pod "opslevel-job-coding-agent-proxy-test-1783115806-1783115807" deleted from default namespace
Enqueuing coding-agent proxy test job (ID: coding-agent-proxy-test-1783115895) ...
5:58PM DBG Submitting Faktory job payload={"args":[{"commands":["sleep 41"],"files":[],"image":"nicolaka/netshoot:latest","variables":[{"key":"PROXY_ALLOWED_DOMAINS","sensitive":false,"value":"httpbin.org,www.amazon.ca"}]}],"created_at":"2026-07-03T21:58:15.663381Z","custom":{"opslevel-runner-job-id":"coding-agent-proxy-test-1783115895"},"jid":"wIxStxn9QZrDBBab","jobtype":"legacy","queue":"coding-agent","retry":25}

Job enqueued (ID: coding-agent-proxy-test-1783115895) on queue 'coding-agent'

Pod created: opslevel-job-coding-agent-proxy-test-1783115895-1783115895
Waiting for the coding-agent job pod to become Ready...
pod/opslevel-job-coding-agent-proxy-test-1783115895-1783115895 condition met

Testing egress proxy inside pod opslevel-job-coding-agent-proxy-test-1783115895-1783115895 ...

===================================================================
PROBE: httpbin.org  url=https://httpbin.org/get  expected=allow
===================================================================
HTTP 200
RESULT: PASS  httpbin.org -> allow (expected allow)

===================================================================
PROBE: www.amazon.ca  url=https://www.amazon.ca/  expected=allow
===================================================================
HTTP 200
RESULT: PASS  www.amazon.ca -> allow (expected allow)

===================================================================
PROBE: github.com  url=https://github.com/  expected=allow
===================================================================
HTTP 200
RESULT: PASS  github.com -> allow (expected allow)

===================================================================
PROBE: bitbucket.org  url=https://bitbucket.org/  expected=allow
===================================================================
HTTP 200
RESULT: PASS  bitbucket.org -> allow (expected allow)

===================================================================
PROBE: xkcd.com  url=https://xkcd.com/2347/  expected=deny
===================================================================
curl: (7) CONNECT tunnel failed, response 403
HTTP 000
RESULT: PASS  xkcd.com -> deny (expected deny)


Probes complete.

Pod remains alive for interactive follow-up:
  kubectl exec -it -n default -c job opslevel-job-coding-agent-proxy-test-1783115895-1783115895 -- bash

Squid access log (proxy-level ALLOW/DENY audit):
  kubectl logs -n default -c squid opslevel-job-coding-agent-proxy-test-1783115895-1783115895

Faktory: http://localhost:7420

@archf archf force-pushed the feature/add-coding-agent-sidecar-proxy branch from 8b7f04e to 7d5bc95 Compare July 3, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant