Add support for proxy for Docker, curl, and apt-get

kubermatic · Feb 14, 2019 · c337a6c · c337a6c
1 parent c09ea6c
commit c337a6c
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 0 deletions.
diff --git a/config.yaml.dist b/config.yaml.dist
@@ -67,6 +67,14 @@ backup:
 #machine_controller:
 #  deploy: false
 
+# Proxy is used to configure HTTP_PROXY, HTTPS_PROXY and NO_PROXY
+# for Docker daemon and kubelet, and to be used when provisioning cluster
+# (e.g. for curl, apt-get..).
+# proxy:
+#  http_proxy: 'http://1.2.3.4'
+#  https_proxy: 'https://1.2.3.4'
+#  no_proxy: '1.2.3.4'
+
 # KubeOne can automatically create MachineDeployments to create
 # worker nodes in your cluster. Each element in this "workers"
 # list is a single deployment and must have a unique name.

diff --git a/pkg/config/cluster.go b/pkg/config/cluster.go
@@ -19,6 +19,7 @@ type Cluster struct {
 	Provider          ProviderConfig          `json:"provider"`
 	Versions          VersionConfig           `json:"versions"`
 	Network           NetworkConfig           `json:"network"`
+	Proxy             ProxyConfig             `json:"proxy"`
 	Workers           []WorkerConfig          `json:"workers"`
 	Backup            BackupConfig            `json:"backup"`
 	MachineController MachineControllerConfig `json:"machine_controller"`
@@ -157,6 +158,12 @@ type APIServerConfig struct {
 	Address string `json:"address"`
 }
 
+type ProxyConfig struct {
+	HTTPProxy  string `json:"http_proxy"`
+	HTTPSProxy string `json:"https_proxy"`
+	NoProxy    string `json:"no_proxy"`
+}
+
 // ProviderName represents the name of an provider
 type ProviderName string
 

diff --git a/pkg/installer/installation/prerequisites.go b/pkg/installer/installation/prerequisites.go
@@ -60,6 +60,11 @@ func installPrerequisitesOnNode(ctx *util.Context, node *config.HostConfig, conn
 		return fmt.Errorf("failed to install kubeadm: %v", err)
 	}
 
+	err = configureDockerDaemonProxy(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to configure proxy for docker daemon: %v", err)
+	}
+
 	logger.Infoln("Deploying configuration files…")
 	err = deployConfigurationFiles(ctx)
 	if err != nil {
@@ -104,6 +109,9 @@ func installKubeadmDebian(ctx *util.Context) error {
 	_, _, err := ctx.Runner.Run(kubeadmDebianCommand, util.TemplateVariables{
 		"KUBERNETES_VERSION": ctx.Cluster.Versions.Kubernetes,
 		"DOCKER_VERSION":     dockerVersion,
+		"HTTP_PROXY":         ctx.Cluster.Proxy.HTTPProxy,
+		"HTTPS_PROXY":        ctx.Cluster.Proxy.HTTPSProxy,
+		"NO_PROXY":           ctx.Cluster.Proxy.NoProxy,
 	})
 
 	return err
@@ -118,6 +126,15 @@ source /etc/os-release
 # Short-Circuit the installation if it was arleady executed
 if type docker &>/dev/null && type kubelet &>/dev/null; then exit 0; fi
 
+{{if or .HTTP_PROXY .HTTPS_PROXY .NO_PROXY }}
+cat <<EOF |sudo tee /etc/environment/kubeone-proxy
+{{ if .HTTP_PROXY }}HTTP_PROXY="{{ .HTTP_PROXY }}"{{ end }}
+{{ if .HTTPS_PROXY }}HTTPS_PROXY="{{ .HTTPS_PROXY }}"{{ end }}
+{{ if .NO_PROXY }}NO_PROXY="{{ .NO_PROXY }}"{{ end }}
+EOF
+source /etc/environment/kubeone-proxy
+{{end}}
+
 sudo mkdir -p /etc/docker
 cat <<EOF |sudo tee /etc/docker/daemon.json
 {"storage-driver": "overlay2"}
@@ -166,6 +183,15 @@ sudo sed -i s/SELINUX=enforcing/SELINUX=permissive/g /etc/sysconfig/selinux
 # Short-Circuit the installation if it was arleady executed
 if type docker &>/dev/null && type kubelet &>/dev/null; then exit 0; fi
 
+{{if or .HTTP_PROXY .HTTPS_PROXY .NO_PROXY }}
+cat <<EOF |sudo tee /etc/environment/kubeone-proxy
+{{ if .HTTP_PROXY }}HTTP_PROXY="{{ .HTTP_PROXY }}"{{ end }}
+{{ if .HTTPS_PROXY }}HTTPS_PROXY="{{ .HTTPS_PROXY }}"{{ end }}
+{{ if .NO_PROXY }}NO_PROXY="{{ .NO_PROXY }}"{{ end }}
+EOF
+source /etc/environment/kubeone-proxy
+{{end}}
+
 cat <<EOF |sudo tee  /etc/sysctl.d/k8s.conf
 net.bridge.bridge-nf-call-ip6tables = 1
 net.bridge.bridge-nf-call-iptables = 1
@@ -193,6 +219,9 @@ sudo systemctl enable --now docker
 func installKubeadmCentOS(ctx *util.Context) error {
 	_, _, err := ctx.Runner.Run(kubeadmCentOSCommand, util.TemplateVariables{
 		"KUBERNETES_VERSION": ctx.Cluster.Versions.Kubernetes,
+		"HTTP_PROXY":         ctx.Cluster.Proxy.HTTPProxy,
+		"HTTPS_PROXY":        ctx.Cluster.Proxy.HTTPSProxy,
+		"NO_PROXY":           ctx.Cluster.Proxy.NoProxy,
 	})
 	return err
 }
@@ -201,12 +230,24 @@ func installKubeadmCoreOS(ctx *util.Context) error {
 	_, _, err := ctx.Runner.Run(kubeadmCoreOSCommand, util.TemplateVariables{
 		"KUBERNETES_VERSION": ctx.Cluster.Versions.Kubernetes,
 		"CNI_VERSION":        "v0.7.1",
+		"HTTP_PROXY":         ctx.Cluster.Proxy.HTTPProxy,
+		"HTTPS_PROXY":        ctx.Cluster.Proxy.HTTPSProxy,
+		"NO_PROXY":           ctx.Cluster.Proxy.NoProxy,
 	})
 
 	return err
 }
 
 const kubeadmCoreOSCommand = `
+{{if or .HTTP_PROXY .HTTPS_PROXY .NO_PROXY }}
+cat <<EOF |sudo tee /etc/environment/kubeone-proxy
+{{ if .HTTP_PROXY }}HTTP_PROXY="{{ .HTTP_PROXY }}"{{ end }}
+{{ if .HTTPS_PROXY }}HTTPS_PROXY="{{ .HTTPS_PROXY }}"{{ end }}
+{{ if .NO_PROXY }}NO_PROXY="{{ .NO_PROXY }}"{{ end }}
+EOF
+source /etc/environment/kubeone-proxy
+{{end}}
+
 sudo mkdir -p /opt/cni/bin /etc/kubernetes/pki /etc/kubernetes/manifests
 curl -L "https://github.com/containernetworking/plugins/releases/download/{{ .CNI_VERSION }}/cni-plugins-amd64-{{ .CNI_VERSION }}.tgz" | \
      sudo tar -C /opt/cni/bin -xz
@@ -251,3 +292,25 @@ sudo chmod 600 /etc/kubernetes/cloud-config
 
 	return err
 }
+
+func configureDockerDaemonProxy(ctx *util.Context) error {
+	if ctx.Cluster.Proxy.HTTPProxy == "" && ctx.Cluster.Proxy.HTTPSProxy == "" && ctx.Cluster.Proxy.NoProxy == "" {
+		return nil
+	}
+
+	ctx.Logger.Infoln("Configuring docker proxy…")
+	_, _, err := ctx.Runner.Run(dockerDaemonProxy, util.TemplateVariables{})
+
+	return err
+}
+
+const dockerDaemonProxy = `
+# Configure HTTP/HTTPS proxy for Docker
+sudo mkdir -p /etc/systemd/system/docker.service.d
+cat <<EOF |sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf
+[Service]
+EnvironmentFile=/etc/environment/kubeone-proxy
+EOF
+sudo systemctl daemon-reload
+if sudo systemctl status docker  &>/dev/null; then sudo systemctl restart docker; fi
+`