-
Notifications
You must be signed in to change notification settings - Fork 53
Proxy configuration
If you are deploying Charmed Kubernetes behind a proxy (i.e., your charms are running in a limited-egress environment and can not reach IP addresses external to their network), you will need to configure your model appropriately before deploying the Kubernetes bundle.
Warning: Setting the http-proxy, https-proxy, and no-proxy model configs has been known to cause problems with the etcd charm. It is recommended to leave these blank and set the juju-http-proxy, juju-https-proxy, and juju-no-proxy model configs instead.
First, configure your model's juju-http-proxy and juju-https-proxy settings with your proxy (here we use http://squid.internal:3128 as an example):
juju model-config juju-http-proxy=http://squid.internal:3128 juju-https-proxy=http://squid.internal:3128Because services often need to reach machines on their own network, you will also need to update juju-no-proxy to include any internal subnets you're using. The following example includes two subnets:
juju model-config juju-no-proxy=127.0.0.1,localhost,::1,10.5.5.0/24,10.246.64.0/21After deploying the bundle, you need to configure the etcd, kubernetes-master, and kubernetes-worker charms to use your proxy to install snaps:
juju config etcd snap_proxy=http://squid.internal:3128
juju config kubernetes-master snap_proxy=http://squid.internal:3128
juju config kubernetes-worker snap_proxy=http://squid.internal:3128By default, the containerd and docker charms will automatically use the juju-http-proxy, juju-https-proxy, and juju-no-proxy model configs when configuring the containerd and docker services. However, if you need to override the proxy configuration for those services for any reason, you can do that by setting the http_proxy, https_proxy, and no_proxy charm configs. For example:
juju config containerd http_proxy=http://squid.internal:3128 https_proxy=http://squid.internal:3128 no_proxy=127.0.0.1,localhost,::1Note: The no_proxy charm configs on containerd and docker do not support CIDR notation.