The commands to configure and apply the service parameters related to Docker proxy feature were outdated. Partial-Bug: 2062079 Change-Id: Ib8d8deb19528120b7813d406ad9d5e6b952a760f Signed-off-by: Joao Victor Portal <Joao.VictorPortal@windriver.com>
4.3 KiB
Docker Proxy Configuration
uses publicly available container runtime registries. If you are behind a corporate firewall or proxy, you need to set proxy settings.
For example, if the interface or network is behind an http/https proxy, relative to the Docker registries used by or applications running on , then Docker within must be configured to use these http/https proxies.
Proxy overview
The figure below shows how proxies are used in .
The items labeled a and b in the figure indicate two configuration files:
- Configuration file a lists sysadmin shell proxy environment
variables. This file is not required for bootstrap or any operations.
You must manually add this file if you are accessing
the public network via a proxy. You must add the
following specific IP addresses to the no_proxy list:
- registry.local
- {controller gateway IP/floating IP/host IP}
- {controller management floating IP/host IP}
- {controller cluster gateway IP}
- 10.96.0.1 {apiserver cluster IP for Kubernetes}
- 10.96.0.10 {coredns cluster IP for Kubernetes}
- *.cluster.local
- Configuration file b lists container runtime proxy
variables (docker_proxy). Configure these variables in the
localhost.yml
file before Ansible bootstrap. This file is required if you are accessing the public network via a proxy. specific IP addresses will be automatically added to the no_proxy list.
The numbered items in the figure indicate the process flow:
In the
localhost.yml
file, fill in the Docker proxy section for configuration file b.The bootstrap process is responsible for pulling Docker images from either:
- the public registry using the proxy setting in (1) or
- the private registry within the company/organization network.
The bootstrap process will push to the registry.local afterwards.
After the Kubernetes API server is running, the bootstrap process will communicate with it for further configuration. You must ensure the cluster network gateway is set for no_proxy in configuration file a.
After provisioning is complete, any operations that pull Docker images will use configuration file b. All other operations, including kubectl and system operations, will use the sysadmin shell and configuration file a.
Set HTTP proxy URL
To specify the HTTP proxy URL, use the commands:
system service-parameter-add docker proxy http_proxy=http://my.proxy.com:1080
system service-parameter-apply docker
If the service parameter "http_proxy" already exists, use service-parameter-modify instead of service-parameter-add.
Set HTTPS proxy URL
To specify the HTTPS proxy URL, use the commands:
system service-parameter-add docker proxy https_proxy=https://my.proxy.com:1443
system service-parameter-apply docker
If the service parameter "https_proxy" already exists, use service-parameter-modify instead of service-parameter-add.
Set no_proxy address list
A no_proxy address list can be provided for registries not on the other side of the proxies. This list will be added to the default no_proxy list derived from localhost, loopback, management, and floating addresses at runtime.
Due to a Docker restriction, each address in the no_proxy list must not be in subnet format and it cannot contain a wildcard. For example:
To specify a no_proxy list, use the commands:
system service-parameter-add docker proxy no_proxy="1.2.3.4,5.6.7.8"
system service-parameter-apply docker
If the service parameter "no_proxy" already exists, use service-parameter-modify instead of service-parameter-add.