{"id":7083,"date":"2019-10-16T07:58:55","date_gmt":"2019-10-16T07:58:55","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=7083"},"modified":"2021-11-16T05:52:57","modified_gmt":"2021-11-16T05:52:57","slug":"how-to-setup-kubernetes-clustors-in-http-proxy-corporate-environment","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/how-to-setup-kubernetes-clustors-in-http-proxy-corporate-environment\/","title":{"rendered":"How to setup Kubernetes clustors in HTTP Proxy corporate environment"},"content":{"rendered":"\n<p>HTTP Proxy corporate environment for kubernetes can be fixed by including all my cluster node IPs in NO_PROXY and using the same NO_PROXY on all the minions when joining the cluster. In short\u2026<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">\n$ <span class=\"hljs-keyword\">export<\/span> NO_PROXY=<span class=\"hljs-string\">'ip,ip,ip,ip,.example.com'<\/span>\n&#91;master]$ kubeadm init\n&#91;minion]$ kubeadm join --token={token} a.b.c.d:<span class=\"hljs-number\">6443<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>kubeadm gets and checks environment from your currently running session. You can see what do you have if you execute $ env | grep -i _proxy= | sort. E.g. inside our company firewall I have something like this:<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"833\" height=\"265\" src=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2019\/10\/kubernetes-http-proxy-no-proxy-setup-init-join.jpg\" alt=\"\" class=\"wp-image-7085\" srcset=\"https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2019\/10\/kubernetes-http-proxy-no-proxy-setup-init-join.jpg 833w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2019\/10\/kubernetes-http-proxy-no-proxy-setup-init-join-300x95.jpg 300w, https:\/\/www.devopsschool.com\/blog\/wp-content\/uploads\/2019\/10\/kubernetes-http-proxy-no-proxy-setup-init-join-768x244.jpg 768w\" sizes=\"auto, (max-width: 833px) 100vw, 833px\" \/><\/figure>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">$ env | grep -i _proxy= | sort\nALL_PROXY=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nFTP_PROXY=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nHTTPS_PROXY=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nHTTP_PROXY=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nNO_PROXY=.example.com\nall_proxy=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nftp_proxy=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nhttp_proxy=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nhttps_proxy=http:<span class=\"hljs-comment\">\/\/proxy-ir.example.com:911<\/span>\nno_proxy=.example.com<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>In order to setup Kubernetes clustors in HTTP Proxy corporate environment, we need to have http_proxy and https_proxy (lower and uppercase environment variables) pointing to the proxy server, and no_proxy set to IPs that should not go through the proxy server. <\/p>\n\n\n\n<p>For this system, no_proxy had the host IP, 127.0.0.1, and then the IPs for the IPv4 pool and IPs for the service IPs. The defaults use large subnets, so Ankur reduced these to help make the no-proxy setting more manageable.<\/p>\n\n\n\n<p>For the IPv4 pool, if using 192.168.0.0\/24 (reduced size from default), and for the kubernetes service IP subnet, if using 10.96.0.0\/24. these lines in .bashrc to create the no_proxy setting (gedit .bashrc):<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-keyword\">export<\/span> http_proxy=http:<span class=\"hljs-comment\">\/\/proxy-host:proxy-port\/<\/span>\n<span class=\"hljs-keyword\">export<\/span> HTTP_PROXY=$http_proxy\n<span class=\"hljs-keyword\">export<\/span> https_proxy=$http_proxy\n<span class=\"hljs-keyword\">export<\/span> HTTPS_PROXY=$http_proxy\nprintf -v lan <span class=\"hljs-string\">'%s,'<\/span> localip_of_machine\nprintf -v pool <span class=\"hljs-string\">'%s,'<\/span> <span class=\"hljs-number\">192.168<\/span><span class=\"hljs-number\">.0<\/span>.{<span class=\"hljs-number\">1.<\/span><span class=\"hljs-number\">.253<\/span>}\nprintf -v service <span class=\"hljs-string\">'%s,'<\/span> <span class=\"hljs-number\">10.96<\/span><span class=\"hljs-number\">.0<\/span>.{<span class=\"hljs-number\">1.<\/span><span class=\"hljs-number\">.253<\/span>}\n<span class=\"hljs-keyword\">export<\/span> no_proxy=<span class=\"hljs-string\">\"${lan%,},${service%,},${pool%,},127.0.0.1\"<\/span>;\n<span class=\"hljs-keyword\">export<\/span> NO_PROXY=$no_proxy\n\nkubeadm init --apiserver-advertise-address=localip_of_machine --service-cidr=<span class=\"hljs-number\">10.96<\/span><span class=\"hljs-number\">.0<\/span><span class=\"hljs-number\">.0<\/span>\/<span class=\"hljs-number\">16<\/span><\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n<div class=\"epyt-gallery\" data-currpage=\"1\" id=\"epyt_gallery_32228\"><iframe loading=\"lazy\"  id=\"_ytid_20015\"  width=\"760\" height=\"427\"  data-origwidth=\"760\" data-origheight=\"427\" src=\"https:\/\/www.youtube.com\/embed\/?enablejsapi=1&#038;autoplay=0&#038;cc_load_policy=0&#038;cc_lang_pref=&#038;iv_load_policy=1&#038;loop=0&#038;rel=1&#038;fs=1&#038;playsinline=0&#038;autohide=2&#038;theme=dark&#038;color=red&#038;controls=1&#038;disablekb=0&#038;\" class=\"__youtube_prefs__  no-lazyload\" title=\"YouTube player\"  data-epytgalleryid=\"epyt_gallery_32228\"  allow=\"fullscreen; accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen data-no-lazy=\"1\" data-skipgform_ajax_framebjll=\"\"><\/iframe><div class=\"epyt-gallery-list\"><div>Sorry, there was a YouTube error.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>HTTP Proxy corporate environment for kubernetes can be fixed by including all my cluster node IPs in NO_PROXY and using the same NO_PROXY on all the minions when joining the&#8230; <\/p>\n","protected":false},"author":1,"featured_media":7801,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[4859],"tags":[],"class_list":["post-7083","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/7083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=7083"}],"version-history":[{"count":4,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/7083\/revisions"}],"predecessor-version":[{"id":25380,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/7083\/revisions\/25380"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media\/7801"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=7083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=7083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=7083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}