Configure HTTP Proxy

Configure HTTP proxy for the Konvoy cluster

For some production environments, direct access to the Internet could be blocked. Those environments typically only allow Internet access through HTTP or HTTPS proxies.

Konvoy can be configured to use HTTP/HTTPS proxy for Internet access. This applies to all Kubernetes components, as well as workloads running on top of Kubernetes, assuming the workloads understand standard HTTP/HTTPS proxy environment variables:

  • HTTP_PROXY: the HTTP proxy server address.
  • HTTPS_PROXY: the HTTPS proxy server address. (Ansible only supports http:)
  • NO_PROXY: a list of IPs and domain names that are not subject to proxy settings.

Before you start

Make sure the proxy server is running and functional. You can verify this using the curl command from a node in the cluster. Assume is the HTTP proxy server address.

http_proxy= curl --head

If the proxy is working properly, you receive a 200 OK HTTP response.

Install Konvoy with HTTP/HTTPS proxies

Edit the cluster configuration file cluster.yaml to specify HTTP/HTTPS proxies for the cluster.

kind: ClusterConfiguration
      httpProxy: ""
      httpsProxy: ""
      noProxy: []

This example configures the Kubernetes cluster installed by Konvoy to use proxy server for all HTTP traffic and proxy server for all HTTPS traffic, except for those HTTP/HTTPS requests to localhost,, and mycluster.icp:8500.

This configuration only applies to the core Kubernetes components. In this case, you must next configure the HTTP_PROXY settings for all other workloads that require access to the Internet.

kind: ClusterConfiguration
    - name: kommander
      enabled: true
      values: |
              HTTP_PROXY: ""
              NO_PROXY: ""
              HTTPS_PROXY: ",localhost,,,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.default.svc.cluster.local,.svc,.svc.cluster,.svc.cluster.local"

All the proxy-related fields are optional.

Konvoy applies the proxy configuration automatically after you run the following command:

konvoy up

IMPORTANT: if the machine from which the konvoy binary is being run requires the HTTP/HTTPS proxy for Internet access, you must set the same HTTP_PROXY, HTTPS_PROXY, and NO_PROXY as environment variables before running konvoy.

These proxy settings will be used by the binary itself (not Kubernetes cluster machines) to download addon configurations over the Internet.