You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/aks/http-proxy.md
+13-1Lines changed: 13 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,8 @@ Azure Kubernetes Service (AKS) clusters, whether deployed into a managed or cust
15
15
16
16
This feature adds HTTP proxy support to AKS clusters, exposing a straightforward interface that cluster operators can use to secure AKS-required network traffic in proxy-dependent environments.
17
17
18
+
Both AKS nodes and Pods will be configured to use the HTTP proxy.
19
+
18
20
Some more complex solutions may require creating a chain of trust to establish secure communications across the network. The feature also enables installation of a trusted certificate authority onto the nodes as part of bootstrapping a cluster.
19
21
20
22
## Limitations and other details
@@ -30,6 +32,16 @@ The following scenarios are **not** supported:
30
32
31
33
By default, *httpProxy*, *httpsProxy*, and *trustedCa* have no value.
32
34
35
+
The Pods will be injected with the following environment variables:
36
+
-`HTTP_PROXY`
37
+
-`http_proxy`
38
+
-`HTTPS_PROXY`
39
+
-`https_proxy`
40
+
-`NO_PROXY`
41
+
-`no_proxy`
42
+
43
+
To disable the injection of the proxy environment variables the Pod should be annotated with: `"kubernetes.azure.com/no-http-proxy-vars":"true"`
44
+
33
45
## Prerequisites
34
46
35
47
The latest version of the Azure CLI. Run `az --version` to find the version, and run `az upgrade` to upgrade the version. If you need to install or upgrade, see [Install Azure CLI][install-azure-cli].
@@ -111,7 +123,7 @@ In your template, provide values for *httpProxy*, *httpsProxy*, and *noProxy*. I
111
123
> [!NOTE]
112
124
> If switching to a new proxy, the new proxy must already exist for the update to be successful. Then, after the upgrade is completed the old proxy can be deleted.
113
125
114
-
Values for *httpProxy*, *httpsProxy*, *trustedCa* and *NoProxy* can be changed and applied to the cluster with the [az aks update][az-aks-update] command. An aks update for *httpProxy*, *httpsProxy*, and/or *NoProxy* will automatically inject new environment variables into pods with the new *httpProxy*, *httpsProxy*, or *NoProxy* values. Pods must be rotated for the apps to pick it up. For components under kubernetes, like containerd and the node itself, this won't take effect until a node image upgrade is performed.
126
+
Values for *httpProxy*, *httpsProxy*, *trustedCa* and *NoProxy* can be changed and applied to the cluster with the [az aks update][az-aks-update] command. An aks update for *httpProxy*, *httpsProxy*, and/or *NoProxy* will automatically inject new environment variables into pods with the new *httpProxy*, *httpsProxy*, or *NoProxy* values. Pods must be rotated for the apps to pick it up, because the environment variable values are injected at the Pod creating by a mutating admission webhook. For components under kubernetes, like containerd and the node itself, this won't take effect until a node image upgrade is performed.
115
127
116
128
For example, assuming a new file has been created with the base64 encoded string of the new CA cert called *aks-proxy-config-2.json*, the following action updates the cluster. Or, you need to add new endpoint urls for your applications to No Proxy:
0 commit comments