-
Notifications
You must be signed in to change notification settings - Fork 167
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Configuring proxy article (#2827)
* feat: Configuring proxy article Signed-off-by: Anatolii Bazko <[email protected]> * Fixup Signed-off-by: Anatolii Bazko <[email protected]> * Fixup Signed-off-by: Anatolii Bazko <[email protected]> * Fixup Signed-off-by: Anatolii Bazko <[email protected]> * Update modules/administration-guide/pages/configuring-proxy.adoc Co-authored-by: Jana Vrbkova <[email protected]> * Update modules/administration-guide/pages/configuring-proxy.adoc Co-authored-by: Jana Vrbkova <[email protected]> * Update modules/administration-guide/pages/configuring-proxy.adoc Co-authored-by: Jana Vrbkova <[email protected]> * Update modules/administration-guide/pages/configuring-proxy.adoc Co-authored-by: Jana Vrbkova <[email protected]> * Update modules/administration-guide/pages/configuring-proxy.adoc Co-authored-by: Jana Vrbkova <[email protected]> --------- Signed-off-by: Anatolii Bazko <[email protected]> Co-authored-by: Jana Vrbkova <[email protected]>
- Loading branch information
1 parent
5a7725d
commit 4fe3754
Showing
3 changed files
with
77 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| :_content-type: PROCEDURE | ||
| :description: Configuring proxy | ||
| :keywords: administration guide, proxy, networking | ||
| :navtitle: Configuring proxy | ||
| :page-aliases: | ||
|
|
||
| [id="configuring-proxy"] | ||
| = Configuring proxy | ||
|
|
||
| Learn how to configure a proxy for {prod}. The steps include creating a {kubernetes} Secret for proxy credentials and configuring the necessary proxy settings in the CheCluster custom resource. The proxy settings are propagated to the operands and workspaces through environment variables. | ||
|
|
||
| On OpenShift cluster, you do not need to configure proxy settings. {prod-short} Operator automatically uses OpenShift cluster-wide proxy configuration. However, you can override the proxy settings by specifying them in the CheCluster custom resource. | ||
|
|
||
| .Procedure | ||
|
|
||
| . (OPTIONAL) Create a Secret in the {prod-namespace} {namespace} that contains a user and password for a proxy server. The secret must have the `app.kubernetes.io/part-of=che.eclipse.org` label. Skip this step if the proxy server does not require authentication. | ||
| + | ||
| [source,subs="+quotes,+attributes,+macros"] | ||
| ---- | ||
| {orch-cli} apply -f - <<EOF | ||
| kind: Secret | ||
| apiVersion: v1 | ||
| metadata: | ||
| name: {prod-id-short}-proxy-credentials | ||
| namespace: {prod-namespace} | ||
| labels: | ||
| app.kubernetes.io/part-of: che.eclipse.org | ||
| type: Opaque | ||
| stringData: | ||
| user: __<user>__ <1> | ||
| password: __<password>__ <2> | ||
| EOF | ||
| ---- | ||
| <1> The username for the proxy server. | ||
| <2> The password for the proxy server. | ||
|
|
||
| . Configure the proxy or override the cluster-wide proxy configuration for an OpenShift cluster by setting the following properties in the CheCluster custom resource: | ||
| + | ||
| [source,subs="+quotes,attributes,macros"] | ||
| ---- | ||
| {orch-cli} patch checluster/{prod-checluster} \ | ||
| --namespace {prod-namespace} \ | ||
| --type='merge' -p \ | ||
| '{"spec": | ||
| {"components": | ||
| {"cheServer": | ||
| {"proxy": | ||
| {"credentialsSecretName" : "__<secretName>__", <1> | ||
| "nonProxyHosts" : ["__<host_1>__"], <2> | ||
| "port" : "__<port>__", <3> | ||
| "url" : "__<protocol>__://__<domain>__"}}}}}' <4> | ||
| ---- | ||
| <1> The credentials secret name created in the previous step. | ||
| <2> The list of hosts that can be reached directly, without using the proxy. Use the following form `.<DOMAIN>` to specify a wildcard domain. {prod-short} Operator automatically adds .svc and Kubernetes service host to the list of non-proxy hosts. In OpenShift, {prod-short} Operator combines the non-proxy host list from the cluster-wide proxy configuration with the custom resource. | ||
| + | ||
| [IMPORTANT] | ||
| ==== | ||
| In some proxy configurations, `localhost` may not translate to `127.0.0.1`. Both `localhost` and `127.0.0.1` should be specified in this situation. | ||
| ==== | ||
| <3> The port of the proxy server. | ||
| <4> Protocol and domain of the proxy server. | ||
|
|
||
|
|
||
| .Verification steps | ||
|
|
||
| . Start a workspace | ||
|
|
||
| . Verify that the workspace pod contains `HTTP_PROXY`, `HTTPS_PROXY`, `http_proxy` and `https_proxy` environment variables, each set to `__<protocol>__://<user>:<password@<domain>:<port>`. | ||
|
|
||
| . Verify that the workspace pod contains `NO_PROXY` and `no_proxy` environment variables, each set to comma-separated list of non-proxy hosts. | ||
|
|
||
| .Additional resources | ||
|
|
||
| * link:https://docs.openshift.com/container-platform/latest/networking/enable-cluster-wide-proxy.html[Configuring the cluster-wide proxy on OpenShift] |