Skip to content

Proxy configuration

George Kraft edited this page Apr 25, 2019 · 10 revisions

If you are deploying the Canonical Distribution of Kubernetes behind a proxy (i.e., your charms are running in a limited-egress environment and can not reach IP addresses external to their network), you will need to configure your model appropriately before deploying the Kubernetes bundle.

Model configuration

Warning: Setting the http-proxy, https-proxy, and no-proxy model configs has been known to cause problems with the etcd charm. It is recommended to leave these blank and set the juju-http-proxy, juju-https-proxy, and juju-no-proxy model configs instead.

First, configure your model's juju-http-proxy and juju-https-proxy settings with your proxy (here we use http://squid.internal:3128 as an example):

juju model-config juju-http-proxy=http://squid.internal:3128 juju-https-proxy=http://squid.internal:3128

Because services often need to reach machines on their own network, you will also need to update juju-no-proxy to include any internal subnets you're using. The following example includes two subnets:

juju model-config juju-no-proxy=127.0.0.1,localhost,::1,10.5.5.0/24,10.246.64.0/21

Charm configuration

After deploying the bundle, you need to configure the etcd, kubernetes-master, and kubernetes-worker charms to use your proxy:

juju config etcd snap_proxy=http://squid.internal:3128
juju config kubernetes-master snap_proxy=http://squid.internal:3128 http_proxy=http://squid.internal:3128 https_proxy=http://squid.internal:3128
juju config kubernetes-worker snap_proxy=http://squid.internal:3128 http_proxy=http://squid.internal:3128 https_proxy=http://squid.internal:3128
You can’t perform that action at this time.