Update docu for 2.10.0 release

README.md

@@ -22,13 +22,13 @@ Please remember to provide a good summary, description as well as steps to repro
 To run Gatekeeper, you can build it using this command:
 
 ```bash
-docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:2.9.6 .
+docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:2.10.0 .
 ```
 
 or you can use aleady existing Docker image by running:
 
 ```bash
-docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.9.6 \
+docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.10.0 \
       --listen 127.0.0.1:8080 \
       --upstream-url http://127.0.0.1:80 \
       --discovery-url https://keycloak.example.com/realms/<REALM_NAME> \
@@ -44,16 +44,16 @@ Beside links to archives of binaries we provide also checksum file containing ch
 for archives. You can download file gatekeeper-checksum.txt, it contains sha512 checksums e.g.:
 
 ```
-324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0  gatekeeper_2.9.6_windows_amd64.zip
-38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.6_linux_amd64.tar.gz
-f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0  gatekeeper_2.9.6_macOS_amd64.tar.gz
+324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0  gatekeeper_2.10.0_windows_amd64.zip
+38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.10.0_linux_amd64.tar.gz
+f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0  gatekeeper_2.10.0_macOS_amd64.tar.gz
 ```
 
 After you download archive of binary you can calculate it's checksum by using e.g. sha512sum Linux utility:
 
 ```
-sha512sum /my/path/gatekeeper_2.9.6_linux_amd64.tar.gz
-38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.9.6_linux_amd64.tar.g
+sha512sum /my/path/gatekeeper_2.10.0_linux_amd64.tar.gz
+38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6  gatekeeper_2.10.0_linux_amd64.tar.g
 ```
 
 As you can see output of command is checksum, you can compare it with the one in gatekeeper-checksum.txt.

docs/content/configuration/_index.md

@@ -22,6 +22,8 @@ weight: 2
 |    --openid-provider-timeout value         | timeout for openid configuration on .well-known/openid-configuration | 30s | PROXY_OPENID_PROVIDER_TIMEOUT
 |    --openid-provider-retry-count value     | number of retries for retrieving openid configuration | 3 | PROXY_OPENID_PROVIDER_RETRY_COUNT
 |    --openid-provider-headers value         | http headers sent to idp provider | |
+|    --upstream-proxy                        | proxy for communication with upstream | | PROXY_UPSTREAM_PROXY
+|    --upstream-no-proxy                     | list of upstream destinations which should be not proxied | | PROXY_UPSTREAM_NO_PROXY
 |    --base-uri value                        | common prefix for all URIs | | PROXY_BASE_URI
 |    --oauth-uri value                       | the uri for proxy oauth endpoints | /oauth | PROXY_OAUTH_URI
 |    --scopes value                          | list of scopes requested when authenticating the user | |

docs/content/userguide/_index.md

@@ -232,7 +232,7 @@ the token, it isn't checked for some claims or roles, groups etc...(this is by d
 `--enable-default-deny-strict` (recommended) - option blocks all requests (including valid token) unless
 specific path with requirements specified in resources (this option is by default false)
 
-## OpenID Provider Communication
+## Upstream Host Proxy and OpenID Provider Proxy
 
 By default the communication with the OpenID provider is direct. If you
 wish, you can specify a forwarding proxy server in your configuration
@@ -242,6 +242,18 @@ file:
 openid-provider-proxy: http://proxy.example.com:8080
 ```
 
+or you can use standard env variables: `HTTP_PROXY, HTTPS_PROXY, NO_PROXY`
+
+By default also communication with upstream is direct, if you would like
+to use proxy server to forward traffic upstream you can use configuration file:
+
+```yaml
+upstream-proxy: http://proxy.example.com:8080
+upstream-no-proxy: http://donotproxy.example.com:8080
+```
+
+or corresponding env variables: `PROXY_UPSTREAM_PROXY, PROXY_UPSTREAM_NO_PROXY`
+
 ## HTTP routing
 
 By default, all requests will be proxied on to the upstream, if you wish
@@ -405,7 +417,7 @@ in Keycloak, providing granular role controls over issue tokens.
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:2.9.6
+  image: quay.io/gogatekeeper/gatekeeper:2.10.0
   args:
   - --enable-forwarding=true
   - --forwarding-username=projecta
@@ -432,7 +444,7 @@ Example setup client credentials grant:
 
 ``` yaml
 - name: gatekeeper
-  image: quay.io/gogatekeeper/gatekeeper:2.9.6
+  image: quay.io/gogatekeeper/gatekeeper:2.10.0
   args:
   - --enable-forwarding=true
   - --forwarding-domains=projecta.svc.cluster.local

e2e/k8s/manifest_test_forwardauth.yml

@@ -2626,7 +2626,7 @@ spec:
             - -c
             - "while true;do sleep 10;done"
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:2.9.6
+          image: quay.io/gogatekeeper/gatekeeper:2.10.0
           imagePullPolicy: Never
           args:
             - --client-id=test-client

kube/reverse.yml

@@ -21,7 +21,7 @@ spec:
           secretName: tls
       containers:
         - name: proxy
-          image: quay.io/gogatekeeper/gatekeeper:2.9.6
+          image: quay.io/gogatekeeper/gatekeeper:2.10.0
           imagePullPolicy: Always
           args:
             - --client-id=broker