If the machines you are using for bootstrap and cluster nodes use a proxy server to access the internet, you must:
- Configure proxying for the package manager on cluster nodes
- Configure proxy details in the cluster configuration file.
Prerequisites
Your proxy server must allow connections to these addresses:
- *.gcr.io
- accounts.google.com
- cloud.google.com
- www.googleapis.com
- compute.googleapis.com
- storage.googleapis.com
- gkehub.googleapis.com
- oauth2.googleapis.com
- cloudresourcemanager.googleapis.com
- gkeconnect.googleapis.com
- logging.googleapis.com
- monitoring.googleapis.com
- securetoken.googleapis.com
- sts.googleapis.com
- stackdriver.googleapis.com
- iam.googleapis.com
- iamcredentials.googleapis.com
- download.docker.com
- dl.fedoraproject.org
In addition to these URLs, the proxy server must also allow any package mirrors your operating system's package manager requires.
Configuring proxying for the package manager on cluster nodes
Google Distributed Cloud uses the APT package manager on Ubuntu and the DNF package manager on CentOS and Red Hat Linux. You must ensure that the OS package manager has the correct proxy configuration.
Refer to your OS distribution's documentation for details about configuring the proxy. The following examples show one way to configure proxy settings:
APT
These commands demonstrate how to configure the proxy for APT:
sudo touch /etc/apt/apt.conf.d/proxy.conf
echo 'Acquire::http::Proxy "http://[username:password@]domain";' >> /etc/apt/apt.conf.d/proxy.conf
echo 'Acquire::https::Proxy "http://[username:password@]domain";' >> /etc/apt/apt.conf.d/proxy.conf
Replace [username:password@]domain with details specific to your configuration.
DNF
This command demonstrates how to configure the proxy for DNF:
echo "proxy=http://[username:password@]domain" >> /etc/dnf/dnf.conf
Replace [username:password@]domain with details specific to your configuration.
Configuring proxy details in the cluster configuration file
In the cluster configuration file, set the following values to configure the cluster to use the proxy:
proxy.url
A string that specifies the proxy URL. The bootstrap and node machines use this proxy to access the internet.
proxy.noProxy
A list of IP addresses, host names, and domain names that should not go through the proxy server.
Example
The following is an example of the proxy settings in a cluster configuration file:
proxy:
url: http://[username:password@]domain
noProxy:
- example1.com
- example2.com
Overriding the proxy configuration
If you intend for your bootstrap machine to be behind a different proxy than the node machines, override the proxy settings in the cluster configuration file by setting the following environment variables on the bootstrap machine:
export HTTPS_PROXY=http://[username:password@]domain
Replace [username:password@]domain with details specific to your configuration.
export NO_PROXY=example1.com,example2.com
Replace example1.com,example2.com with IP addresses, host names, and domain names that should not go through the proxy server.
Side effects
When run as root, bmctl
updates the Docker proxy configuration on the
bootstrap machine. If you do not run bmctl
as root, configure the Docker proxy
manually.