K
Q

Using GKE with an HTTP Proxy

8/11/2019

Is it possible to run a private GKE cluster(private endpoint and nodes) behind an HTTP proxy?

GKE nodes need an internet connection to pull docker images from public repositories. The problem is, we don't want to login each GKE nodes and configure http_proxy environment variables and repeat this after every cluster upgrades.

Is it possible to automate setting http_proxy environment variable for each node or is there a better way to configure http_proxy on a private GKE cluster?

-- Gareth
gke-networking
google-cloud-platform
google-kubernetes-engine
kubernetes

Similar Questions

Service discovery does not discover multiple nodes
How do I access api controller config in lightweight K3s
How do I update my application running in my users' clusters?
check kubernetes node\cluster resource before creating kubernetes resources
Can not get Kubectl context on Gitlab runner

1 Answer

8/12/2019

You can use DaemonSet for deploying ongoing background tasks (automate setting http_proxy) that you need to run on all or certain nodes. Example:

kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: startup-script
  labels:
    app: startup-script
spec:
  template:
    metadata:
      labels:
        app: startup-script
    spec:
      hostPID: true
      containers:
        - name: startup-script
          image: gcr.io/basic-app-with-example/startup-script:v1
          imagePullPolicy: Always
          securityContext:
            privileged: true
          env:
          - name: STARTUP_SCRIPT
            value: |
              #! /bin/bash
              list of the command that you need to execute in node
              export http_proxy='http://<host>:<port>'

And you could use Cloud NAT in GCP to allow your private GKE cluster to reach public repositories.

-- Daniel Emiliano
Source: StackOverflow