Jump to main content

Installing behind a proxy

Configuring the proxy environment variables

MicroK8s packages a number of utilities (eg curl, helm) that may need to fetch resources from the internet. Having our environment (/etc/environment) properly configured allows such utilities to function properly. We need to configure HTTPS_PROXY, HTTP_PROXY, https_proxy and http_proxy variables with the proxy endpoint as well as NO_PROXY and no_proxy with the IP ranges the pods and services occupy. For instance assuming our proxy is at http://squid.internal:3128, /etc/environment should set the following environment variables:

HTTPS_PROXY=http://squid.internal:3128
HTTP_PROXY=http://squid.internal:3128
NO_PROXY=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost
https_proxy=http://squid.internal:3128
http_proxy=http://squid.internal:3128
no_proxy=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost

Host configuration and clustering behind a proxy

Any nodes where MicroK8s is installed need to be included in the no_proxy environment variable of the host. Usually this can be be done by editing /etc/environment.

DNS configuration

By default the DNS addon (available with microk8s enable dns) points to Google’s 8.8.8.8 and 8.8.4.4 servers for resolving addresses outside the cluster. If these forward DNS endpoints are not reachable you may want to reconfigure CoreDNS as described in the addon’s documentation page.

Configuring containerd only

Containerd uses the proxy configuration set in /etc/environment, therefore no extra configuration is typically required. However, we have the option to set the proxy settings only for containerd. To do so we need to enter the proxy details in

${SNAP_DATA}/args/containerd-env (normally /var/snap/microk8s/current/args/containerd-env). The containerd-env file holds the environment variables containerd runs with. Setting the HTTPS_PROXY to our proxy endpoint enables containerd to fetch conatiner images from the web. We may also want to set the NO_PROXY environment variable with the cluster-cidr and the services-cidr as specified in the respective configuration files /var/snap/microk8s/current/args/kube-proxy and /var/snap/microk8s/current/args/kube-apiserver.

Here is an example where HTTPS_PROXY environment variable is set to http://squid.internal:3128 and NO_PROXY to 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8,172.16.0.0/16,.svc,localhost:

HTTPS_PROXY=http://squid.internal:3128
NO_PROXY=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost
#
# Some additional environment variables
#
ulimit -n 65536 || true
ulimit -l 16384 || true

For the changes to take effect we need to restart MicroK8s:

sudo snap restart microk8s

Last updated 5 months ago. Help improve this document in the forum.