Configure proxy authentication
You can configure the Kubernetes k3s environment, Edge Gateway instance and apps to use a proxy server when
required to reach external sites, such as quay.io. You need to know your proxy
server settings, such as DNS name, IP address and account name if authentication is required.
- Kubernetes k3s environment.
- Each instance of Edge Gateway.
- Each app that requires a connection to a proxy server.
Log in as the appadmin user and complete the following steps to configure the
Kubernetes k3s environment:
- At the system hosting the Edge Gateway, edit
the file /etc/systemd/system/k3s.service.env and set the following environment
variables:
HTTP_PROXY=<proxy> HTTPS_PROXY=<proxy info> NO_PROXY=<localhost and other IPs that do not need proxy>The
<proxy info>format is http://<user>:<password>@<domain or IP address>:<port> where<user>and<password>are URL encoded strings.For example:HTTP_PROXY=http://proxy.corp.com:8080 HTTPS_PROXY=http://proxy.corp.com:8080 NO_PROXY=localhost,127.0.0.1,0.0.0.0,localaddress,corp.com,10.0.0.0/8The following example shows proxy authentication assuming the user name isuser1and password isp@ssword:HTTP_PROXY=http://user1:p%40ssword@proxy.corp.com:8080 && HTTPS_PROXY=http://user1:p%40ssword@proxy.corp.com:8080 && NO_PROXY=localhost,127.0.0.1,0.0.0.0,localaddress,corp.com,10.0.0.0/8Note: The HTTP_PROXY and HTTPS_PROXY are redirects so you can have the HTTPS_PROXY redirect HTTPS traffic to an HTTP URL. - Update the system's cacerts to trust the CA certificate from the proxy itself by adding the
certificate in PEM encoding to
/etc/pki/ca-trust/source/anchors, and then run:sudo update-ca-trust - Restart the Kubernetes K3s:
sudo systemctl restart k3s - When the restart is done, enter the following command to list all of the system containers.
Verify that their status is
RunningorCompleted.sudo kubectl get pods -n kube-system
Edge Gateway
--https-proxy-url
option. You can use --https-from-http with --http-proxy-url if the
HTTP and HTTPS proxy are the same. The --http-proxy-url by itself is not supported. If you use the --no-proxy option between the Edge Gateway and Orchestration & Automation, specify the fully qualified domain name (FQDN)
or the IP address that is specified as the host in the app.config file.
Wildcard and IP address ranges are not supported only between the Edge Gateway and Orchestration & Automation.
manageAppHost install command instead of the manageAppHost proxy command.- If all the Edge Gateway is using the same
proxy server as their host system, you can pull the proxy information from the system's
environment with the following command.
manageAppHost proxy --environment - Configure the Edge Gateway to connect through
the proxy using an HTTPS or HTTP connection, or
both.
manageAppHost proxy --https-proxy-url <http://URL:port# of proxy>manageAppHost proxy --http-proxy-url <http://URL:port# of proxy>manageAppHost proxy --https-proxy-url <http://URL:port# of proxy> --http-proxy-url <http://URL:port# of proxy>To configure the proxy connection with a user account for authentication, add--http-proxy-user <user>or--https-proxy-user <user>. You are prompted for the proxy password. The following command is an example of enabling authentication.manageAppHost proxy --https-proxy-url <http://URL:port# of proxy> --https-proxy-user <user>If you have multiple paired Edge Gateways on the system, you are prompted to select the Edge Gateway to configure.
manageAppHost proxy --clearApps
[integrations]
# To override, add any parameter to your specific integration section
http_proxy=<PROXY URL>
https_proxy=<PROXY URL>
timeout=120