Skip to content
Snippets Groups Projects
Unverified Commit 180df831 authored by Vyacheslav Vershinin's avatar Vyacheslav Vershinin Committed by GitHub
Browse files

feat: add option to use custome CA for https_proxy (#10215)

parent 2fa64f9f
No related branches found
No related tags found
No related merge requests found
...@@ -7,6 +7,12 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro ...@@ -7,6 +7,12 @@ If you set http and https proxy, all nodes and loadbalancer will be excluded fro
`http_proxy:"http://example.proxy.tld:port"` `http_proxy:"http://example.proxy.tld:port"`
`https_proxy:"http://example.proxy.tld:port"` `https_proxy:"http://example.proxy.tld:port"`
## Set custom CA
CA must be already on each target nodes
`https_proxy_cert_file: /path/to/host/custom/ca.crt`
## Set default no_proxy (this will override default no_proxy generation) ## Set default no_proxy (this will override default no_proxy generation)
`no_proxy: "node1,node1_ip,node2,node2_ip...additional_host"` `no_proxy: "node1,node1_ip,node2,node2_ip...additional_host"`
......
...@@ -52,9 +52,10 @@ loadbalancer_apiserver_healthcheck_port: 8081 ...@@ -52,9 +52,10 @@ loadbalancer_apiserver_healthcheck_port: 8081
## When openstack or vsphere are used make sure to source in the required fields ## When openstack or vsphere are used make sure to source in the required fields
# external_cloud_provider: # external_cloud_provider:
## Set these proxy values in order to update package manager and docker daemon to use proxies ## Set these proxy values in order to update package manager and docker daemon to use proxies and custom CA for https_proxy if needed
# http_proxy: "" # http_proxy: ""
# https_proxy: "" # https_proxy: ""
# https_proxy_cert_file: ""
## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy
# no_proxy: "" # no_proxy: ""
......
...@@ -652,7 +652,7 @@ host_os: >- ...@@ -652,7 +652,7 @@ host_os: >-
# Setting it to 0 allows unlimited requests per second. # Setting it to 0 allows unlimited requests per second.
kubelet_event_record_qps: 5 kubelet_event_record_qps: 5
proxy_env: proxy_env_defaults:
http_proxy: "{{ http_proxy | default ('') }}" http_proxy: "{{ http_proxy | default ('') }}"
HTTP_PROXY: "{{ http_proxy | default ('') }}" HTTP_PROXY: "{{ http_proxy | default ('') }}"
https_proxy: "{{ https_proxy | default ('') }}" https_proxy: "{{ https_proxy | default ('') }}"
...@@ -660,6 +660,10 @@ proxy_env: ...@@ -660,6 +660,10 @@ proxy_env:
no_proxy: "{{ no_proxy | default ('') }}" no_proxy: "{{ no_proxy | default ('') }}"
NO_PROXY: "{{ no_proxy | default ('') }}" NO_PROXY: "{{ no_proxy | default ('') }}"
# If we use SSL_CERT_FILE: {{ omit }} it cause in value __omit_place_holder__ and break environments
# Combine dict is avoiding the problem with omit placeholder. Maybe it can be better solution?
proxy_env: "{{ proxy_env_defaults | combine({ 'SSL_CERT_FILE': https_proxy_cert_file }) if https_proxy_cert_file is defined else proxy_env_defaults }}"
proxy_disable_env: proxy_disable_env:
ALL_PROXY: '' ALL_PROXY: ''
FTP_PROXY: '' FTP_PROXY: ''
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment