The official documention describes setting up a single node
Rancher container behind a HTTP proxy, but not an HA
configuration.
I have a three-node HA cluster setup on-prem, but can’t access
any of the library or helm catalogs from our private network
without the proxy settings.
Is this a supported architecture, and if so, where would the
HTTP_PROXY, HTTPS_PROXY and NO_PROXY environment variables
need to be defined?
If you set it up with rke, like I did, you set it up in the cluster.yml configuration like this:
# Necessary for password protected SSH Keys:
ssh_agent_auth: true
# Nodes Definitions
nodes:
- address: 10.0.0.2 # hostname or IP to access nodes
user: docker # root user (usually 'root')
role: [controlplane,etcd,worker] # K8s roles for node
ssh_key_path: ~/.ssh/id_rsa # path to PEM file
...
services:
kube-apiserver:
extra_args:
feature-gates: "PersistentLocalVolumes=true,VolumeScheduling=true"
kubelet:
extra_args:
feature-gates: "PersistentLocalVolumes=true,VolumeScheduling=true"
extra_env:
- "HTTP_PROXY=http://your_proxy"
- "HTTPS_PROXY=http://your_proxy"
- "NO_PROXY=127.0.0.1,localhost"
# Default versions
system_images:
kubernetes: rancher/hyperkube:v1.10.5-rancher1
...
Then recreate your cluster with rke up, as adding these values doesn’t work yet. I filed a bug report in:
So far, I have setup these variables on my CentOS VM, in systemd Environment config for dockerd, and for kubelet, so it shoud theoratically work, but it still does not work as intended in my network.