Specifying proxy for Kubernetes

I am attempting to deploy a container image to a (linux) Kubernetes cluster. Unfortunately, the only way for the cluster to obtain the image is by using a proxy (otherwise the pod results in an ErrImagePull failure state as it’s unable to resolve the image location).

After a little research, it looks like Kubernetes will ultimately try to use the HTTP_PROXY environment variable when pulling images, but I don’t know if setting that for the user the worker runs under would interfere with other operations. Ideally this would be something we could set that would be set when running kubectl command.

Is there any guidance for how we can set this up? This is also only impacting a single cluster we deploy to (other clusters that receive the same package are able to reach the image repository directly), so I feel this may be better accomplished by configuring the cluster/worker nodes, and not the actual deployment process, but I’m open to any solution that would allows us to deploy correctly.

Hi James,

If you set that proxy environment variable on each of the nodes for that cluster, then that should do the trick. I believe this would be the best way.

Thanks,
Mark Reeder

I believe the one catch with setting the environment variable globally is that the provided proxy should only be used for external/public internet connections - it is not something that can be used to reach any internal network resource (which will be required for applications deployed to the cluster) - we’re currently in the process of migrating to Kubernetes, and most resources are still deployed to discrete/non-Kubernetes servers, which would be unreachable if using the proxy. This restriction comes from our hosting provider so is largely out of our control.

Is there any way to accomplish this without setting the environment variable globally? I’m not well-versed in Kubernetes, but if it must be done this way I believe we can work with the provider to come up with solution.

Hi James,

Yeah, I’m not sure either. Using no_proxy option might work. You might find this article helpful: Configuring Pods to use HTTP Proxies if you haven’t come across it already. I’ll work on configuring my setup to better test this out, but will take me a bit.

Thanks,
Mark Reeder