diff --git a/cluster.yml b/cluster.yml
index f3e42eec2c61e260b9cb5ed4e1783cab9713418c..3ecfc55df6edeaf0e7b9b67593cac5789daea673 100644
--- a/cluster.yml
+++ b/cluster.yml
@@ -32,36 +32,42 @@
tags: rkt
when: "'rkt' in [etcd_deployment_type, kubelet_deployment_type, vault_deployment_type]"
- { role: download, tags: download, skip_downloads: false }
+ environment: "{{proxy_env}}"
- hosts: etcd:k8s-cluster:vault
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults, when: "cert_management == 'vault'" }
- { role: vault, tags: vault, vault_bootstrap: true, when: "cert_management == 'vault'" }
+ environment: "{{proxy_env}}"
- hosts: etcd
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: etcd, tags: etcd, etcd_cluster_setup: true }
+ environment: "{{proxy_env}}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: etcd, tags: etcd, etcd_cluster_setup: false }
+ environment: "{{proxy_env}}"
- hosts: etcd:k8s-cluster:vault
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: vault, tags: vault, when: "cert_management == 'vault'"}
+ environment: "{{proxy_env}}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: kubernetes/node, tags: node }
+ environment: "{{proxy_env}}"
- hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@@ -70,6 +76,7 @@
- { role: kubernetes/master, tags: master }
- { role: kubernetes/client, tags: client }
- { role: kubernetes-apps/cluster_roles, tags: cluster-roles }
+ environment: "{{proxy_env}}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@@ -77,6 +84,7 @@
- { role: kubespray-defaults}
- { role: kubernetes/kubeadm, tags: kubeadm, when: "kubeadm_enabled" }
- { role: network_plugin, tags: network }
+ environment: "{{proxy_env}}"
- hosts: kube-master
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@@ -85,12 +93,14 @@
- { role: kubernetes-apps/rotate_tokens, tags: rotate_tokens, when: "secret_changed|default(false)" }
- { role: kubernetes-apps/network_plugin, tags: network }
- { role: kubernetes-apps/policy_controller, tags: policy-controller }
+ environment: "{{proxy_env}}"
- hosts: calico-rr
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: network_plugin/calico/rr, tags: network }
+ environment: "{{proxy_env}}"
- hosts: k8s-cluster
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
@@ -98,9 +108,11 @@
- { role: kubespray-defaults}
- { role: dnsmasq, when: "dns_mode == 'dnsmasq_kubedns'", tags: dnsmasq }
- { role: kubernetes/preinstall, when: "dns_mode != 'none' and resolvconf_mode == 'host_resolvconf'", tags: resolvconf }
+ environment: "{{proxy_env}}"
- hosts: kube-master[0]
any_errors_fatal: "{{ any_errors_fatal | default(true) }}"
roles:
- { role: kubespray-defaults}
- { role: kubernetes-apps, tags: apps }
+ environment: "{{proxy_env}}"
diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml
index bbb82d2e05a466943cce4dcd7df77e68af039587..d2fdb81257c3f983a6df3e837a3a446c9d6e7bdc 100644
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -40,7 +40,6 @@
until: keyserver_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
with_items: "{{ docker_repo_key_info.repo_keys }}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
@@ -68,7 +67,6 @@
until: docker_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
with_items: "{{ docker_package_info.pkgs }}"
notify: restart docker
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic) and (docker_package_info.pkgs|length > 0)
diff --git a/roles/download/tasks/download_container.yml b/roles/download/tasks/download_container.yml
index df621aadeddb11bdead6a17e83f42ef375075e72..766ffb64106e9040491d74a5bd9b508015f1cce1 100644
--- a/roles/download/tasks/download_container.yml
+++ b/roles/download/tasks/download_container.yml
@@ -16,7 +16,6 @@
until: pull_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
when:
- download.enabled
- download.container
diff --git a/roles/download/tasks/download_file.yml b/roles/download/tasks/download_file.yml
index e0497962a0616049da2adc72d89e0741ad953772..664fa4728580c822b801419a93cc2ea064261124 100644
--- a/roles/download/tasks/download_file.yml
+++ b/roles/download/tasks/download_file.yml
@@ -25,7 +25,6 @@
until: "'OK' in get_url_result.msg or 'file already exists' in get_url_result.msg"
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
when:
- download.enabled
- download.file
diff --git a/roles/kubernetes-apps/helm/templates/helm-container.j2 b/roles/kubernetes-apps/helm/templates/helm-container.j2
index 68210ea30ac85b03f34d9672451c611960695b0b..1fe260566e0cbba4bca06ef1049ddd1ed4a43865 100644
--- a/roles/kubernetes-apps/helm/templates/helm-container.j2
+++ b/roles/kubernetes-apps/helm/templates/helm-container.j2
@@ -6,6 +6,11 @@
-v {{ helm_home_dir }}:{{ helm_home_dir }}:rw \
{% for dir in ssl_ca_dirs -%}
-v {{ dir }}:{{ dir }}:ro \
- {% endfor -%}
+ {% endfor -%}
+ {% if http_proxy is defined or https_proxy is defined -%}
+ -e http_proxy="{{proxy_env.http_proxy}}" \
+ -e https_proxy="{{proxy_env.https_proxy}}" \
+ -e no_proxy="{{proxy_env.no_proxy}}" \
+ {% endif -%}
{{ helm_image_repo }}:{{ helm_image_tag}} \
"$@"
diff --git a/roles/kubernetes/preinstall/tasks/main.yml b/roles/kubernetes/preinstall/tasks/main.yml
index cd0f3b2bcc3e072c0a9db52c7cedc70fbdbc46ed..9b3f47084bd9c72995f25032ff7947d853e47102 100644
--- a/roles/kubernetes/preinstall/tasks/main.yml
+++ b/roles/kubernetes/preinstall/tasks/main.yml
@@ -113,7 +113,6 @@
until: yum_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
when:
- ansible_pkg_mgr == 'yum'
- not is_atomic
@@ -126,7 +125,6 @@
state: latest
update_cache: yes
cache_valid_time: 3600
- environment: "{{ proxy_env }}"
when: ansible_os_family == "Debian"
tags:
- bootstrap-os
@@ -137,7 +135,6 @@
until: dnf_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
when:
- ansible_distribution == "Fedora"
- ansible_distribution_major_version > 21
@@ -152,7 +149,6 @@
until: epel_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
changed_when: False
when:
- ansible_distribution in ["CentOS","RedHat"]
@@ -172,7 +168,6 @@
until: pkgs_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
with_items: "{{required_pkgs | default([]) | union(common_required_pkgs|default([]))}}"
when: not (ansible_os_family in ["CoreOS", "Container Linux by CoreOS"] or is_atomic)
tags:
diff --git a/roles/rkt/tasks/install.yml b/roles/rkt/tasks/install.yml
index cba44329d6ba0cd9612441355a61e3efb175cb1e..599f9e50e2b1d5e3c3cd22c7b73b29560a2c924b 100644
--- a/roles/rkt/tasks/install.yml
+++ b/roles/rkt/tasks/install.yml
@@ -23,7 +23,6 @@
until: rkt_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
when: ansible_os_family == "Debian"
- name: install rkt pkg on centos
@@ -34,5 +33,4 @@
until: rkt_task_result|succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
- environment: "{{ proxy_env }}"
when: ansible_os_family == "RedHat"
diff --git a/roles/vault/tasks/cluster/systemd.yml b/roles/vault/tasks/cluster/systemd.yml
index 4d2a1da58f0da7f7d9d10e13aee8c7e4a35122e9..8df52f98255ed0863c1d226ff79eb7b8e463b904 100644
--- a/roles/vault/tasks/cluster/systemd.yml
+++ b/roles/vault/tasks/cluster/systemd.yml
@@ -28,6 +28,18 @@
backup: yes
register: vault_systemd_placement
+- name: Create vault service systemd directory
+ file:
+ path: /etc/systemd/system/vault.service.d
+ state: directory
+
+- name: cluster/systemd | Add vault proxy env vars
+ template:
+ src: "http-proxy.conf.j2"
+ dest: /etc/systemd/system/vault.service.d/http-proxy.conf
+ backup: yes
+ when: http_proxy is defined or https_proxy is defined
+
- name: cluster/systemd | Enable vault.service
systemd:
daemon_reload: true
diff --git a/roles/vault/templates/http-proxy.conf.j2 b/roles/vault/templates/http-proxy.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..0e24a9d773b45d8c821da61a63c585ed4f68005c
--- /dev/null
+++ b/roles/vault/templates/http-proxy.conf.j2
@@ -0,0 +1,2 @@
+[Service]
+Environment={% if http_proxy %}"HTTP_PROXY={{ http_proxy }}"{% endif %} {% if https_proxy %}"HTTPS_PROXY={{ https_proxy }}"{% endif %} {% if no_proxy %}"NO_PROXY={{ no_proxy }}"{% endif %}
\ No newline at end of file