|
| 1 | +:_content-type: PROCEDURE |
| 2 | +:description: Configuring proxy |
| 3 | +:keywords: administration guide, proxy, networking |
| 4 | +:navtitle: Configuring proxy |
| 5 | +:page-aliases: |
| 6 | + |
| 7 | +[id="configuring-proxy"] |
| 8 | += Configuring proxy |
| 9 | + |
| 10 | +Learn how to configure a proxy for {prod}. The steps include creating a {kubernetes} Secret for proxy credentials and configuring the necessary proxy settings in the CheCluster custom resource. The proxy settings are propagated to the operands and workspaces through environment variables. |
| 11 | + |
| 12 | +On OpenShift cluster, you do not need to configure proxy settings. {prod-short} Operator automatically uses OpenShift cluster-wide proxy configuration. However, you can override the proxy settings by specifying them in the CheCluster custom resource. |
| 13 | + |
| 14 | +.Procedure |
| 15 | + |
| 16 | +. (OPTIONAL) Create a Secret in the {prod-namespace} {namespace} that contains a user and password for a proxy server. The secret must have the `app.kubernetes.io/part-of=che.eclipse.org` label. Skip this step if the proxy server does not require authentication. |
| 17 | ++ |
| 18 | +[source,subs="+quotes,+attributes,+macros"] |
| 19 | +---- |
| 20 | +{orch-cli} apply -f - <<EOF |
| 21 | +kind: Secret |
| 22 | +apiVersion: v1 |
| 23 | +metadata: |
| 24 | + name: {prod-id-short}-proxy-credentials |
| 25 | + namespace: {prod-namespace} |
| 26 | + labels: |
| 27 | + app.kubernetes.io/part-of: che.eclipse.org |
| 28 | +type: Opaque |
| 29 | +stringData: |
| 30 | + user: __<user>__ <1> |
| 31 | + password: __<password>__ <2> |
| 32 | +EOF |
| 33 | +---- |
| 34 | +<1> The username for the proxy server. |
| 35 | +<2> The password for the proxy server. |
| 36 | + |
| 37 | +. Configure the proxy or override the cluster-wide proxy configuration for an OpenShift cluster by setting the following properties in the CheCluster custom resource: |
| 38 | ++ |
| 39 | +[source,subs="+quotes,attributes,macros"] |
| 40 | +---- |
| 41 | +{orch-cli} patch checluster/{prod-checluster} \ |
| 42 | + --namespace {prod-namespace} \ |
| 43 | + --type='merge' -p \ |
| 44 | +'{"spec": |
| 45 | + {"components": |
| 46 | + {"cheServer": |
| 47 | + {"proxy": |
| 48 | + {"credentialsSecretName" : "__<secretName>__", <1> |
| 49 | + "nonProxyHosts" : ["__<host_1>__"], <2> |
| 50 | + "port" : "__<port>__", <3> |
| 51 | + "url" : "__<protocol>__://__<domain>__"}}}}}' <4> |
| 52 | +---- |
| 53 | +<1> The credentials secret name created in the previous step. |
| 54 | +<2> The list of hosts that can be reached directly, without using the proxy. Use the following form `.<DOMAIN>` to specify a wildcard domain. {prod-short} Operator automatically adds .svc and Kubernetes service host to the list of non-proxy hosts. In OpenShift, {prod-short} Operator combines the non-proxy host list from the cluster-wide proxy configuration with the custom resource. |
| 55 | ++ |
| 56 | +[IMPORTANT] |
| 57 | +==== |
| 58 | +In some proxy configurations, `localhost` may not translate to `127.0.0.1`. Both `localhost` and `127.0.0.1` should be specified in this situation. |
| 59 | +==== |
| 60 | +<3> The port of the proxy server. |
| 61 | +<4> Protocol and domain of the proxy server. |
| 62 | + |
| 63 | + |
| 64 | +.Verification steps |
| 65 | + |
| 66 | +. Start a workspace |
| 67 | + |
| 68 | +. Verify that the workspace pod contains `HTTP_PROXY`, `HTTPS_PROXY`, `http_proxy` and `https_proxy` environment variables, each set to `__<protocol>__://<user>:<password@<domain>:<port>`. |
| 69 | + |
| 70 | +. Verify that the workspace pod contains `NO_PROXY` and `no_proxy` environment variables, each set to comma-separated list of non-proxy hosts. |
| 71 | + |
| 72 | +.Additional resources |
| 73 | + |
| 74 | +* link:https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html[Configuring the cluster-wide proxy on OpenShift] |
0 commit comments