Create a Cluster with HTTP/HTTPS Proxy
During cluster creation, you may need to configure the control plane and worker nodes to use an HTTP proxy. This can occur during installation of the Konvoy component of DKP, or when creating a managed cluster.
If you require HTTP proxy configurations, you can apply them during the create
operation by adding the appropriate flags to the create cluster
command example below:
Proxy configuration | Flag |
---|---|
HTTP proxy for control plane machines |
|
HTTPS proxy for control plane machines |
|
No Proxy list for control plane machines |
|
HTTP proxy for worker machines |
|
HTTPS proxy for worker machines |
|
No Proxy list for worker machines |
|
You must apply the same configuration to any custom machine images built with the Konvoy Image Builder (KIB) by using an HTTP override file. For more information, refer to Use Override Files with Konvoy Image Builder section of the documentation.
Configure the Control plane and Worker Nodes to Use HTTP/S proxy
This method for configuring the HTTP proxy values uses environment variables. (You are not required to use this method.)
Review this sample code for configuring environment variables for the control plane and worker nodes, taking into account the list of considerations that follows the sample.
export CONTROL_PLANE_HTTP_PROXY=http://example.org:8080
export CONTROL_PLANE_HTTPS_PROXY=http://example.org:8080
export CONTROL_PLANE_NO_PROXY="example.org,example.com,example.net,localhost,127.0.0.1,10.96.0.0/12,192.168.0.0/16,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,.svc,.svc.cluster,.svc.cluster.local,169.254.169.254,.elb.amazonaws.com"
export WORKER_HTTP_PROXY=http://example.org:8080
export WORKER_HTTPS_PROXY=http://example.org:8080
export WORKER_NO_PROXY="example.org,example.com,example.net,localhost,127.0.0.1,10.96.0.0/12,192.168.0.0/16,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,.svc,.svc.cluster,.svc.cluster.local,169.254.169.254,.elb.amazonaws.com"
HTTP proxy configuration considerations to ensure the core components work correctly
Replace
example.org,example.com,example.net
with your internal addresseslocalhost
and127.0.0.1
addresses should not use the proxy10.96.0.0/12
is the default Kubernetes service subnet192.168.0.0/16
is the default Kubernetes pod subnetkubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local
is the internal Kubernetes kube-apiserver serviceThe entries
.svc,.svc.cluster,.svc.cluster.local
are the internal Kubernetes servicesAuto-IP addresses
169.254.169.254
for any cloud provider
Create a Cluster Using the Configured HTTP Proxy Variables
The following is an example of a dkp create cluster...
command that uses the values set in the environment variables from the code sample above. Use the appropriate infrastructure provider name in line 1 from the choices listed:
dkp create cluster [aws, azure, gcp, preprovisoned, vsphere] \
--cluster-name ${CLUSTER_NAME} \
--control-plane-http-proxy="${CONTROL_PLANE_HTTP_PROXY}" \
--control-plane-https-proxy="${CONTROL_PLANE_HTTPS_PROXY}" \
--control-plane-no-proxy="${CONTROL_PLANE_NO_PROXY}" \
--worker-http-proxy="${WORKER_HTTP_PROXY}" \
--worker-https-proxy="${WORKER_HTTPS_PROXY}" \
--worker-no-proxy="${WORKER_NO_PROXY}"