Configuring the proxy environment variables
MicroK8s packages a number of utilities (eg curl, helm) that may need to fetch resources from the internet. Having our environment (/etc/environment
) properly configured allows such utilities to function properly. We need to configure HTTPS_PROXY
, HTTP_PROXY
, https_proxy
and http_proxy
variables with the proxy endpoint as well as NO_PROXY
and no_proxy
with the IP ranges the pods and services occupy. For instance assuming our proxy is at http://squid.internal:3128
, /etc/environment
should set the following environment variables:
HTTPS_PROXY=http://squid.internal:3128
HTTP_PROXY=http://squid.internal:3128
NO_PROXY=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost
https_proxy=http://squid.internal:3128
http_proxy=http://squid.internal:3128
no_proxy=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost
Host configuration and clustering behind a proxy
Any nodes where MicroK8s is installed need to be included in the no_proxy
environment variable of the host. Usually this can be be done by editing /etc/environment
.
DNS configuration
By default the DNS addon (available with microk8s enable dns
) points to Google’s 8.8.8.8 and 8.8.4.4 servers for resolving addresses outside the cluster. If these forward DNS endpoints are not reachable you may want to reconfigure CoreDNS as described in the addon’s documentation page.
Configuring containerd only
Containerd uses the proxy configuration set in /etc/environment
, therefore no extra configuration is typically required. However, we have the option to set the proxy settings only for containerd. To do so we need to enter the proxy details in
${SNAP_DATA}/args/containerd-env
(normally /var/snap/microk8s/current/args/containerd-env
). The containerd-env
file holds the environment variables containerd runs with. Setting the HTTPS_PROXY
to our proxy endpoint enables containerd to fetch conatiner images from the web. We may also want to set the NO_PROXY
environment variable with the cluster-cidr and the services-cidr as specified in the respective configuration files /var/snap/microk8s/current/args/kube-proxy
and /var/snap/microk8s/current/args/kube-apiserver
.
Here is an example where HTTPS_PROXY
environment variable is set to http://squid.internal:3128
and NO_PROXY
to 10.0.0.0/8,192.168.0.0/16,127.0.0.0/8,172.16.0.0/16,.svc,localhost
:
HTTPS_PROXY=http://squid.internal:3128
NO_PROXY=10.0.0.0/8,192.168.0.0/16,127.0.0.1,172.16.0.0/16,.svc,localhost
#
# Some additional environment variables
#
ulimit -n 65536 || true
ulimit -l 16384 || true
For the changes to take effect we need to restart MicroK8s:
sudo snap restart microk8s