we do have deployed a Kubernetes Cluster behind a proxy and successfully configured docker daemon to use our proxy for puling images as described at the following page: https://docs.docker.com/config/daemon/systemd/#httphttps-proxy
We do have configured the Docker client to set the environemnt paramaters "https_proxy", "http_proxy" and "no_proxy" as defined at the following page: https://docs.docker.com/network/proxy/#configure-the-docker-client
The Kubernetes cluster setup is as follows:
aadigital1:~ # kubectl get node
NAME STATUS ROLES AGE VERSION
aadigital1 Ready master,node 9d v1.10.4
aadigital2 Ready node 9d v1.10.4
aadigital3 Ready node 9d v1.10.4
aadigital4 Ready node 9d v1.10.4
aadigital5 Ready node 9d v1.10.4
Docker container run manually - ENV Parameters set correctly
The environment parameters for docker containers which are manually deployed are set as defined:
aadigital1:~ # docker run -i -t odise/busybox-curl ash
/ # printenv
HTTPS_PROXY=http://ssnproxy.ssn.xxx.com:80/
no_proxy=localhost,127.0.0.0,127.0.1.1,127.0.1.1,local.home,80.250.142.64,80.250.142.65,80.250.142.66,80.250.142.69,80.250.142.70,80.250.142.71,aadigital1.aan.xxx.com,aadigita2.ssn.xxx.com,aadigital3.ssn.xxx.com,aadigital4.ssn.xxx.com,aadigita5.ssn.xxx.com,aadigital6.ssn.xxx.com
HOSTNAME=0360a9dcd20b
SHLVL=1
HOME=/root
NO_PROXY=localhost,127.0.0.0,127.0.1.1,127.0.1.1,local.home,80.250.142.64,80.250.142.65,80.250.142.66,80.250.142.69,80.250.142.70,80.250.142.71,aadigital1.aan.xxx.com,aadigita2.ssn.xxx.com,aadigital3.ssn.xxx.com,aadigital4.ssn.xxx.com,aadigita5.ssn.xxx.com,aadigital6.ssn.xxx.com
https_proxy=http://ssnproxy.ssn.xxx.com:80/
http_proxy=http://ssnproxy.ssn.xxx.com:80/
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
HTTP_PROXY=http://ssnproxy.ssn.xxx.com:80/
Kubernetes PODs - ENV Parameters not set
The same docker image used above as a Kubernetes POD does not have the proxy environment paramaters (same machine aadigital1):
aadigital1:~ # kubectl get pod -o wide
NAME READY STATUS RESTARTS AGE IP NODE
busybox-6d4df8f8b7-m62m2 1/1 Running 3 2d 10.0.0.16 aadigital3
busybox-curl 1/1 Running 0 16m 10.0.1.59 aadigital1
busybox-dns 1/1 Running 9 6h 10.0.1.53 aadigital1
aadigital1:~ # kubectl exec -it busybox-curl -- ash
/ # printenv
KUBERNETES_PORT=tcp://10.0.128.1:443
NGINX_NODEPORT_PORT=tcp://10.0.204.167:80
KUBERNETES_SERVICE_PORT=443
NGINX_NODEPORT_SERVICE_PORT=80
HOSTNAME=busybox-curl
SHLVL=1
HOME=/root
NGINX_NODEPORT_PORT_80_TCP_ADDR=10.0.204.167
NGINX_NODEPORT_PORT_80_TCP_PORT=80
NGINX_NODEPORT_PORT_80_TCP_PROTO=tcp
TERM=xterm
NGINX_NODEPORT_PORT_80_TCP=tcp://10.0.204.167:80
KUBERNETES_PORT_443_TCP_ADDR=10.0.128.1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_PORT_443_TCP=tcp://10.0.128.1:443
KUBERNETES_SERVICE_PORT_HTTPS=443
PWD=/
KUBERNETES_SERVICE_HOST=10.0.128.1
NGINX_NODEPORT_SERVICE_HOST=10.0.204.167
How could we configure Kubernetes / Docker that the proxy environment parameters are set correctly for the PODs?
Thank you very much!
The reason of that state is that environment variables with proxy are feature of docker client. Docker is divided into 2 parts: API exposed on socket by docker daemon and docker client CLI using which you can run container docker run.... so that command will hit docker daemon API making 'something'. Sadly Kubernetes is another API client what means that Kubernetes doesn't use docker client to schedule container (Kubernetes access API directly using SDK) so that's why you don't see expected environment variables.
To work around that problem I would suggest to create ConfigMap with that proxy values e.g.
apiVersion: v1
kind: ConfigMap
metadata:
name: your-config-map-name
labels:
app: your-best-app
data:
HTTPS_PROXY: http://ssnproxy.ssn.xxx.com:80/
HTTP_PROXY: http://ssnproxy.ssn.xxx.com:80/
and mount them to deployment as environment variables using
envFrom:
- configMapRef:
name: your-config-map-name