Issue
-
I want to configure HTTP Proxy in CloudBees Core on Modern Platform controllers
-
After configuring an HTTP Proxy in a Managed controller, the controller is not able to connect to the Operations Center
Explanation
Configuring HTTP Proxy inside kubernetes pods can have serious impact on connectivity within the kubernetes cluster. All communication would go through the HTTP Proxy and that included kubernetes internal endpoints too. The HTTP Proxy maybe be configured in different ways:
-
the Jenkins HTTP Proxy configuration under
-
Environment Variables
HTTP_PROXY/HTTPS_PROXY/NO_PROXY -
Java system properties
http.proxyHost/http.proxyPort/https.proxyHost/https.proxyPort/http.nonProxyHosts(see Java Networking and Proxies)
If the kubernetes internal sub-domain is not added to the list of hosts that should by-pass the proxy, communication between kubernetes deployed applications and also with the API Server is impossible.
Resolution
When configuring an HTTP Proxy for controllers, Agents and Operations Center, make sure to add the kubernetes internal sub domain (either .svc.cluster.local or more general .cluster.local) to the list of No Proxy hosts. For example:
-
When using Jenkins HTTP Proxy configuration: Add
*.svc.cluster.localto the list of No Proxy Hosts under -
When using Java system properties:
-Dhttp.nonProxyHosts=*.svc.cluster.local -
When using Environment variables:
NO_PROXY=*.svc.cluster.local
Other considerations
They are other considerations when configuring an HTTP proxy in CloudBees and not related to Kubernetes. Please also have a look at Which URLs would I need to grant access to for my firewall or proxy?.