Configuring proxy authentication
You can configure the Kubernetes k3s environment and Edge Gateway instance to use a proxy server when your
network requires a proxy to connect to sites such as quay.io
and data sources. You
need to know your proxy server settings, such as DNS name, IP address and account name if
authentication is required.
Your proxy server must support both the HTTP and the STOMP protocols.
- Kubernetes k3s environment.
- Each instance of Edge Gateway.
- Each data source that requires a connection to a proxy server.
You must use sudo
to complete this task. Log in as the appadmin
user and complete the following steps to configure the Kubernetes k3s environment:
- At the system hosting the Edge Gateway, edit
the file /etc/systemd/system/k3s.service.env and set the following environment
variables:
HTTP_PROXY=<proxy> HTTPS_PROXY=<proxy info> NO_PROXY=<localhost and other IPs that do not need proxy>
The
<proxy info>
format is http://<user>:<password>@<domain or IP address>:<port> where<user>
and<password>
are URL encoded strings.For example:HTTP_PROXY=http://proxy.corp.com:8080 HTTPS_PROXY=http://proxy.corp.com:8080 NO_PROXY=localhost,127.0.0.1,localaddress,corp.com,10.0.0.0/8
The following example shows proxy authentication assuming the user name isuser1
and password isp@ssword
:HTTP_PROXY=http://user1:p%40ssword@proxy.corp.com:8080 && HTTPS_PROXY=http://user1:p%40ssword@proxy.corp.com:8080 && NO_PROXY=localhost,127.0.0.1,localaddress,corp.com,10.0.0.0/8
Note: The HTTP_PROXY and HTTPS_PROXY are redirects so you can have the HTTPS_PROXY redirect HTTPS traffic to an HTTP URL. - Update the system's cacerts to trust the CA certificate from the proxy itself by adding the
certificate in PEM encoding to
/etc/pki/ca-trust/source/anchors
, and then run:sudo update-ca-trust
- Restart the Kubernetes K3s:
sudo systemctl restart k3s
- When the restart is done, enter the following command to list all of the system containers.
Verify that their status is
Running
orCompleted
.sudo kubectl get pods -n kube-system
--https-proxy-url
option. You can use --https-from-http
with --http-proxy-url
if the
HTTP and HTTPS proxy are the same. The --http-proxy-url
by itself is not supported. If you use the --no-proxy
option between the Edge Gateway and the platform, specify the fully qualified domain name (FQDN)
or the IP address that is specified as the host in the app.config file.
Wildcard and IP address ranges are not supported only between the Edge Gateway and the platform.
- If you installed the Edge Gateway, you
can configure the Edge Gateway to connect through
the proxy using the following command.
manageAppHost proxy --http-proxy-url <http://URL:port# of proxy>
If proxy authentication is required, enter the following command instead. You are prompted for the proxy password.manageAppHost proxy --http-proxy-url <http://URL:port# of proxy> --proxy-user <user>
If there are multiple paired Edge Gateway on the system, you are prompted to select the Edge Gateway to configure.
- If you have not installed the Edge Gateway, you can enter the proxy setting as
follows:
manageAppHost install --http-proxy-url <http://URL:port# of proxy>
If proxy authentication is required, enter the following command instead: you are prompted for the proxy password:manageAppHost install --http-proxy-url <http://URL:port# of proxy> --proxy-user <user>
manageAppHost proxy --clear