diff --git a/docs/proxy.md b/docs/proxy.md new file mode 100644 index 000000000..b5bc62a7c --- /dev/null +++ b/docs/proxy.md @@ -0,0 +1,16 @@ +# Setting up Environment Proxy + +If you set http and https proxy, all nodes and loadbalancer will be excluded from proxy with generating no_proxy variable in `roles/kubespray-defaults/defaults/main.yml`, if you have additional resources for exclude add them to `additional_no_proxy` variable. If you want fully override your `no_proxy` setting, then fill in just `no_proxy` and no nodes or loadbalancer addresses will be added to no_proxy. + +## Set proxy for http and https + + `http_proxy:"http://example.proxy.tld:port"` + `https_proxy:"http://example.proxy.tld:port"` + +## Set default no_proxy (this will override default no_proxy generation) + +`no_proxy: "node1,node1_ip,node2,node2_ip...additional_host"` + +## Set additional addresses to default no_proxy (all cluster nodes and loadbalancer) + +`additional_no_proxy: "aditional_host,"` \ No newline at end of file diff --git a/inventory/sample/group_vars/all/all.yml b/inventory/sample/group_vars/all/all.yml index faf65eb1a..762a1b98a 100644 --- a/inventory/sample/group_vars/all/all.yml +++ b/inventory/sample/group_vars/all/all.yml @@ -66,6 +66,9 @@ bin_dir: /usr/local/bin ## Refer to roles/kubespray-defaults/defaults/main.yml before modifying no_proxy #no_proxy: "" +## If you need exclude all cluster nodes from proxy and other resources, add other resources here. +#additional_no_proxy: "" + ## Certificate Management ## This setting determines whether certs are generated via scripts or whether a ## cluster of Hashicorp's Vault is started to issue certificates (using etcd diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml index f2ad05463..fc5f3a53e 100644 --- a/roles/kubespray-defaults/defaults/main.yaml +++ b/roles/kubespray-defaults/defaults/main.yaml @@ -274,6 +274,9 @@ no_proxy: >- {%- endif -%} {{ item }},{{ item }}.{{ dns_domain }}, {%- endfor -%} + {%- if additional_no_proxy is defined -%} + {{ additional_no_proxy }}, + {%- endif -%} 127.0.0.1,localhost {%- endif %}