Considerations for HTTP Proxy configuration in CloudBees CI (CloudBees Core)

Issue

  • I want to configure HTTP Proxy in CloudBees Core on Modern Platform Masters
  • After configuring an HTTP Proxy in a Managed Master, the master is not able to connect to the Operations Center

Environment

Explanation

Configuring HTTP Proxy inside kubernetes pods can have serious impact on connectivity within the kubernetes cluster. All communication would go through the HTTP Proxy and that included kubernetes internal endpoints too. The HTTP Proxy maybe be configured in different ways:

  • the Jenkins HTTP Proxy configuration under Manage Jenkins > Manage Plugins > Advanced > HTTP Proxy Configuration
  • Environment Variables HTTP_PROXY / HTTPS_PROXY / NO_PROXY
  • Java system properties http.proxy / http.proxyPort / http.nonProxyHosts (see Java Networking and Proxies)

If the kubernetes internal sub-domain is not added to the list of hosts that should by-pass the proxy, communication between kubernetes deployed applications and also with the API Server is impossible.

Resolution

When configuring an HTTP Proxy for Masters, Agents and Operations Center, make sure to add the kubernetes internal sub domain (either *.svc.cluster.local or more general *.cluster.local) to the list of No Proxy hosts. For example:

  • When using Jenkins HTTP Proxy configuration: Add *.svc.cluster.local to the list of No Proxy Hosts under Manage Jenkins > Manage Plugins > Advanced > HTTP Proxy Configuration > No Proxy Host
  • When using Java system properties: -Dhttp.nonProxyHosts=*.svc.cluster.local
  • When using Environment variables: NO_PROXY=*.svc.cluster.local

Other considerations

They are other considerations when configuring an HTTP proxy in CloudBees and not related to Kubernetes. Please also have a look at Which URLs would I need to grant access to for my firewall or proxy?.

Have more questions?

0 Comments

Please sign in to leave a comment.