Merge pull request #3172 from Atoms/additional-proxy

Add additional no proxy parameter for more customization

docs/proxy.md

@@ -0,0 +1,16 @@
+# Setting up Environment Proxy
+
+If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/defaults/main.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy.
+
+## Set proxy for http and https
+
+ `http_proxy:"http://example.proxy.tld:port"`
+ `https_proxy:"http://example.proxy.tld:port"`
+
+## Set default no_proxy (this will override default no_proxy generation)
+
+`no_proxy: "node1,node1_ip,node2,node2_ip...additional_host"`
+
+## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer)
+
+`additional_no_proxy: "aditional_host,"`

inventory/sample/group_vars/all/all.yml

@@ -61,6 +61,9 @@ bin_dir: /usr/local/bin
 ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy
 #no_proxy: ""
 
+## If you need exclude all cluster nodes from proxy and other resources, add other resources here.
+#additional_no_proxy: ""
+
 ## Certificate Management
 ## This setting determines whether certs are generated via scripts or whether a
 ## cluster of Hashicorp's Vault is started to issue certificates (using etcd

roles/kubespray-defaults/defaults/main.yaml

@@ -333,6 +333,9 @@ no_proxy: >-
   {%-   endif -%}
   {{ item }},{{ item }}.{{ dns_domain }},
   {%- endfor -%}
+  {%- if additional_no_proxy is defined -%}
+  {{ additional_no_proxy }},
+  {%- endif -%}
   127.0.0.1,localhost
   {%- endif %}