Issue
- I want to configure HTTP Proxy in CloudBees Core on Modern Platform controllers
- After configuring an HTTP Proxy in a Managed controller, the controller is not able to connect to the Operations Center
Environment
- CloudBees CI (CloudBees Core) on Modern Cloud Platforms
- CloudBees CI (CloudBees Core) on modern Cloud Platforms - Managed controller
- CloudBees CI (CloudBees Core) on modern Cloud Platforms - Operations Center
Explanation
Configuring HTTP Proxy inside kubernetes pods can have serious impact on connectivity within the kubernetes cluster. All communication would go through the HTTP Proxy and that included kubernetes internal endpoints too. The HTTP Proxy maybe be configured in different ways:
- the Jenkins HTTP Proxy configuration under Manage Jenkins > Manage Plugins > Advanced > HTTP Proxy Configuration
- Environment Variables
HTTP_PROXY
/HTTPS_PROXY
/NO_PROXY
- Java system properties
http.proxy
/http.proxyPort
/http.nonProxyHosts
(see Java Networking and Proxies)
If the kubernetes internal sub-domain is not added to the list of hosts that should by-pass the proxy, communication between kubernetes deployed applications and also with the API Server is impossible.
Resolution
When configuring an HTTP Proxy for controllers, Agents and Operations Center, make sure to add the kubernetes internal sub domain (either *.svc.cluster.local
or more general *.cluster.local
) to the list of No Proxy hosts. For example:
- When using Jenkins HTTP Proxy configuration: Add
*.svc.cluster.local
to the list of No Proxy Hosts under Manage Jenkins > Manage Plugins > Advanced > HTTP Proxy Configuration > No Proxy Host - When using Java system properties:
-Dhttp.nonProxyHosts=*.svc.cluster.local
- When using Environment variables:
NO_PROXY=*.svc.cluster.local
Other considerations
They are other considerations when configuring an HTTP proxy in CloudBees and not related to Kubernetes. Please also have a look at Which URLs would I need to grant access to for my firewall or proxy?.
0 Comments