Installing behind a proxy

If the machines you are using for bootstrap and cluster nodes use a proxy server to access the internet, you must:

  • Configure proxying for the package manager on cluster nodes
  • Configure proxy details in the cluster configuration file.

Prerequisites

Your proxy server must allow connections to these addresses:

  • *.gcr.io
  • accounts.google.com
  • cloud.google.com
  • www.googleapis.com
  • compute.googleapis.com
  • storage.googleapis.com
  • gkehub.googleapis.com
  • oauth2.googleapis.com
  • cloudresourcemanager.googleapis.com
  • gkeconnect.googleapis.com
  • logging.googleapis.com
  • monitoring.googleapis.com
  • securetoken.googleapis.com
  • sts.googleapis.com
  • stackdriver.googleapis.com
  • iam.googleapis.com
  • iamcredentials.googleapis.com
  • download.docker.com
  • dl.fedoraproject.org

In addition to these URLs, the proxy server must also allow any package mirrors your operating system's package manager requires.

Configuring proxying for the package manager on cluster nodes

Google Distributed Cloud uses the APT package manager on Ubuntu and the DNF package manager on CentOS and Red Hat Linux. You must ensure that the OS package manager has the correct proxy configuration.

Refer to your OS distribution's documentation for details about configuring the proxy. The following examples show one way to configure proxy settings:

APT

These commands demonstrate how to configure the proxy for APT:

sudo touch /etc/apt/apt.conf.d/proxy.conf
echo 'Acquire::http::Proxy "http://[username:password@]domain";' >> /etc/apt/apt.conf.d/proxy.conf
echo 'Acquire::https::Proxy "http://[username:password@]domain";' >> /etc/apt/apt.conf.d/proxy.conf

Replace [username:password@]domain with details specific to your configuration.

DNF

This command demonstrates how to configure the proxy for DNF:

echo "proxy=http://[username:password@]domain" >> /etc/dnf/dnf.conf

Replace [username:password@]domain with details specific to your configuration.

Configuring proxy details in the cluster configuration file

In the cluster configuration file, set the following values to configure the cluster to use the proxy:

proxy.url

A string that specifies the proxy URL. The bootstrap and node machines use this proxy to access the internet.

proxy.noProxy

A list of IP addresses, host names, and domain names that should not go through the proxy server.

Example

The following is an example of the proxy settings in a cluster configuration file:

  proxy:
     url: http://[username:password@]domain
     noProxy:
     - example1.com
     - example2.com

Overriding the proxy configuration

If you intend for your bootstrap machine to be behind a different proxy than the node machines, override the proxy settings in the cluster configuration file by setting the following environment variables on the bootstrap machine:

export HTTPS_PROXY=http://[username:password@]domain

Replace [username:password@]domain with details specific to your configuration.

export NO_PROXY=example1.com,example2.com

Replace example1.com,example2.com with IP addresses, host names, and domain names that should not go through the proxy server.

Side effects

When run as root, bmctl updates the Docker proxy configuration on the bootstrap machine. If you do not run bmctl as root, configure the Docker proxy manually.