From 8c9588ab59e9ba029a92cfb837600d33690c627b Mon Sep 17 00:00:00 2001
From: Atoms <atoms@tups.lv>
Date: Fri, 24 Aug 2018 10:28:29 +0300
Subject: [PATCH] Add additional no proxy parameter for more customization

---
 docs/proxy.md                               | 16 ++++++++++++++++
 inventory/sample/group_vars/all/all.yml     |  3 +++
 roles/kubespray-defaults/defaults/main.yaml |  3 +++
 3 files changed, 22 insertions(+)
 create mode 100644 docs/proxy.md

diff --git a/docs/proxy.md b/docs/proxy.md
new file mode 100644
index 000000000..b5bc62a7c
--- /dev/null
+++ b/docs/proxy.md
@@ -0,0 +1,16 @@
+# Setting up Environment Proxy
+
+If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/defaults/main.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy.
+
+## Set proxy for http and https
+
+ `http_proxy:"http://example.proxy.tld:port"`
+ `https_proxy:"http://example.proxy.tld:port"`
+
+## Set default no_proxy (this will override default no_proxy generation)
+
+`no_proxy: "node1,node1_ip,node2,node2_ip...additional_host"`
+
+## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
+
+`additional_no_proxy: "aditional_host,"`
\ No newline at end of file
diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml
index faf65eb1a..762a1b98a 100644
--- a/inventory/sample/group_vars/all/all.yml
+++ b/inventory/sample/group_vars/all/all.yml
@@ -66,6 +66,9 @@ bin_dir: /usr/local/bin
 ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy
 #no_proxy: ""
 
+## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
+#additional_no_proxy: ""
+
 ## Certificate Management
 ## This setting determines whether certs are generated via scripts or whether a
 ## cluster of Hashicorp's Vault is started to issue certificates (using etcd
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index f2ad05463..fc5f3a53e 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -274,6 +274,9 @@ no_proxy: >-
   {%-   endif -%}
   {{ item }},{{ item }}.{{ dns_domain }},
   {%- endfor -%}
+  {%- if additional_no_proxy is defined -%}
+  {{ additional_no_proxy }},
+  {%- endif -%}
   127.0.0.1,localhost
   {%- endif %}
 
-- 
GitLab