Considerations for HTTP Proxy configuration in CloudBees CI (CloudBees Core)

Article ID:360040816612
2 minute readKnowledge base

Issue

  • I want to configure HTTP Proxy in CloudBees Core on Modern Platform controllers

  • After configuring an HTTP Proxy in a Managed controller, the controller is not able to connect to the Operations Center

Explanation

Configuring HTTP Proxy inside kubernetes pods can have serious impact on connectivity within the kubernetes cluster. All communication would go through the HTTP Proxy and that included kubernetes internal endpoints too. The HTTP Proxy maybe be configured in different ways:

  • the Jenkins HTTP Proxy configuration under Manage Jenkins  Manage Plugins  Advanced  HTTP Proxy Configuration

  • Environment Variables HTTP_PROXY / HTTPS_PROXY / NO_PROXY

  • Java system properties http.proxyHost / http.proxyPort / https.proxyHost / https.proxyPort / http.nonProxyHosts (see Java Networking and Proxies)

If the kubernetes internal sub-domain is not added to the list of hosts that should by-pass the proxy, communication between kubernetes deployed applications and also with the API Server is impossible.

Resolution

When configuring an HTTP Proxy for controllers, Agents and Operations Center, make sure to add the kubernetes internal sub domain (either .svc.cluster.local or more general .cluster.local) to the list of No Proxy hosts. For example:

  • When using Jenkins HTTP Proxy configuration: Add *.svc.cluster.local to the list of No Proxy Hosts under Manage Jenkins  Manage Plugins  Advanced  HTTP Proxy Configuration  No Proxy Host

  • When using Java system properties: -Dhttp.nonProxyHosts=*.svc.cluster.local

  • When using Environment variables: NO_PROXY=*.svc.cluster.local

Other considerations

They are other considerations when configuring an HTTP proxy in CloudBees and not related to Kubernetes. Please also have a look at Which URLs would I need to grant access to for my firewall or proxy?.