From b6af33c88d7b3aa0331da6e5a32b5b29f4cf9fba Mon Sep 17 00:00:00 2001
From: p53 <pavol.ipoth@protonmail.com>
Date: Mon, 15 Apr 2024 23:14:36 +0200
Subject: [PATCH] Update docu for 2.10.0 release (#447)

Update docu for 2.10.0 release
---
 README.md                             | 14 +++++++-------
 docs/content/configuration/_index.md  |  2 ++
 docs/content/userguide/_index.md      | 18 +++++++++++++++---
 e2e/k8s/manifest_test_forwardauth.yml |  2 +-
 kube/reverse.yml                      |  2 +-
 5 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/README.md b/README.md
index b033c858..b57caa7b 100644
--- a/README.md
+++ b/README.md
@@ -22,13 +22,13 @@ Please remember to provide a good summary, description as well as steps to repro
 To run Gatekeeper, you can build it using this command:
 
 ```bash
-docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:2.9.6 .
+docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:2.10.0 .
 ```
 
 or you can use aleady existing Docker image by running:
 
 ```bash
-docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.9.6 \
+docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.10.0 \
       --listen 127.0.0.1:8080 \
       --upstream-url http://127.0.0.1:80 \
       --discovery-url https://keycloak.example.com/realms/<REALM_NAME> \
@@ -44,16 +44,16 @@ Beside links to archives of binaries we provide also checksum file containing ch
 for archives. You can download file gatekeeper-checksum.txt, it contains sha512 checksums e.g.:
 
 ```
-324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0  gatekeeper_2.9.6_windows_amd64.zip
-38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.6_linux_amd64.tar.gz
-f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0  gatekeeper_2.9.6_macOS_amd64.tar.gz
+324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0  gatekeeper_2.10.0_windows_amd64.zip
+38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.10.0_linux_amd64.tar.gz
+f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0  gatekeeper_2.10.0_macOS_amd64.tar.gz
 ```
 
 After you download archive of binary you can calculate it's checksum by using e.g. sha512sum Linux utility:
 
 ```
-sha512sum /my/path/gatekeeper_2.9.6_linux_amd64.tar.gz
-38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.6_linux_amd64.tar.g
+sha512sum /my/path/gatekeeper_2.10.0_linux_amd64.tar.gz
+38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.10.0_linux_amd64.tar.g
 ```
 
 As you can see output of command is checksum, you can compare it with the one in gatekeeper-checksum.txt.
diff --git a/docs/content/configuration/_index.md b/docs/content/configuration/_index.md
index 860c9727..7c45872d 100644
--- a/docs/content/configuration/_index.md
+++ b/docs/content/configuration/_index.md
@@ -22,6 +22,8 @@ weight: 2
 |    --openid-provider-timeout value         | timeout for openid configuration on .well-known/openid-configuration | 30s | PROXY_OPENID_PROVIDER_TIMEOUT
 |    --openid-provider-retry-count value     | number of retries for retrieving openid configuration | 3 | PROXY_OPENID_PROVIDER_RETRY_COUNT
 |    --openid-provider-headers value         | http headers sent to idp provider | |
+|    --upstream-proxy                        | proxy for communication with upstream | | PROXY_UPSTREAM_PROXY
+|    --upstream-no-proxy                     | list of upstream destinations which should be not proxied | | PROXY_UPSTREAM_NO_PROXY
 |    --base-uri value                        | common prefix for all URIs | | PROXY_BASE_URI
 |    --oauth-uri value                       | the uri for proxy oauth endpoints | /oauth | PROXY_OAUTH_URI
 |    --scopes value                          | list of scopes requested when authenticating the user | |
diff --git a/docs/content/userguide/_index.md b/docs/content/userguide/_index.md
index 2a33b4f0..f996c357 100644
--- a/docs/content/userguide/_index.md
+++ b/docs/content/userguide/_index.md
@@ -232,7 +232,7 @@ the token, it isn't checked for some claims or roles, groups etc...(this is by d
 `--enable-default-deny-strict` (recommended) - option blocks all requests (including valid token) unless
 specific path with requirements specified in resources (this option is by default false)
 
-## OpenID Provider Communication
+## Upstream Host Proxy and OpenID Provider Proxy
 
 By default the communication with the OpenID provider is direct. If you
 wish, you can specify a forwarding proxy server in your configuration
@@ -242,6 +242,18 @@ file:
 openid-provider-proxy: http://proxy.example.com:8080
 ```
 
+or you can use standard env variables: `HTTP_PROXY, HTTPS_PROXY, NO_PROXY`
+
+By default also communication with upstream is direct, if you would like
+to use proxy server to forward traffic upstream you can use configuration file:
+
+```yaml
+upstream-proxy: http://proxy.example.com:8080
+upstream-no-proxy: http://donotproxy.example.com:8080
+```
+
+or corresponding env variables: `PROXY_UPSTREAM_PROXY, PROXY_UPSTREAM_NO_PROXY`
+
 ## HTTP routing
 
 By default, all requests will be proxied on to the upstream, if you wish
@@ -405,7 +417,7 @@ in Keycloak, providing granular role controls over issue tokens.
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:2.9.6
+  image: quay.io/gogatekeeper/gatekeeper:2.10.0
   args:
   - --enable-forwarding=true
   - --forwarding-username=projecta
@@ -432,7 +444,7 @@ Example setup client credentials grant:
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:2.9.6
+  image: quay.io/gogatekeeper/gatekeeper:2.10.0
   args:
   - --enable-forwarding=true
   - --forwarding-domains=projecta.svc.cluster.local
diff --git a/e2e/k8s/manifest_test_forwardauth.yml b/e2e/k8s/manifest_test_forwardauth.yml
index 28da5427..f7dd1131 100644
--- a/e2e/k8s/manifest_test_forwardauth.yml
+++ b/e2e/k8s/manifest_test_forwardauth.yml
@@ -2626,7 +2626,7 @@ spec:
             - -c
             - "while true;do sleep 10;done"
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:2.9.6
+          image: quay.io/gogatekeeper/gatekeeper:2.10.0
           imagePullPolicy: Never
           args:
             - --client-id=test-client
diff --git a/kube/reverse.yml b/kube/reverse.yml
index 7a9a5063..000eca9b 100644
--- a/kube/reverse.yml
+++ b/kube/reverse.yml
@@ -21,7 +21,7 @@ spec:
           secretName: tls
       containers:
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:2.9.6
+          image: quay.io/gogatekeeper/gatekeeper:2.10.0
           imagePullPolicy: Always
           args:
             - --client-id=broker