Skip to main content

Configure Applications to Use Proxy Server

You can configure applications that operate in your Palette clusters to use a proxy server to access the internet instead of accessing the internet directly.

Before you are able to configure applications in a cluster to use the proxy server, you must first ensure that the cluster itself is configured to use the proxy server. This means that the host Operating System (OS) and the Palette agent inside the cluster will use the proxy server for its outbound communications. The steps to do this vary depending on your environment.

After the cluster is configured to use the proxy server, you can proceed to configure the applications inside the cluster to use the proxy server. You can do this by applying the spectrocloud.com/connection: proxy label to the specific job, deployment, or daemon set to instruct an application to use the proxy settings of the cluster.

tip

We recommend you review the gRPC and Proxies article to be aware of network proxies that Palette supports. Palette uses gRPC to communicate with clusters, and depending on the proxy server you use, you may need to configure the proxy server to support gRPC.

Prerequisites

  • An active proxy server reachable by your cluster.

Configure Applications to Use Proxy Server

  1. If you are using Palette SaaS, you must deploy a Private Cloud Gateway (PCG) and configure it to use a proxy server before you can configure cluster applications to use the proxy server. For more information about PCGs, refer to Private Cloud Gateway.

    If you are provisioning the PCG using the Palette CLI, you can configure the proxy settings during the PCG installation through the Palette CLI's interactive prompts. If you are using Helm to provision a PCG or have an existing PCG that is not yet configured to use proxy, refer to Enable and Manage Proxy Configurations for PCG to learn how to install Reach on a PCG cluster and use it to configure proxy settings.

  2. If you deployed the PCG using the Palette CLI, the cloud account is created automatically. You can skip this step.

    Once you have deployed the PCG, you must create a new cloud account associated with the PCG. Refer to the following resources to learn how to create a cloud account:

  3. Create a cluster profile that contains your application. Refer to Create a Cluster Profile for additional guidance.

    In your cluster profile, apply the spectrocloud.com/connection: proxy label to the deployment, job, or daemon set in the pack that contains your application.

    You must apply the label to every specific job, deployment, or daemon set that needs to use the proxy servers. For example, if you have a Kafka deployment that requires access to the internet through your proxy, you need to apply the label to the Kafka deployment.

    apiVersion: apps/v1
    kind: Deployment
    metadata:
    name: kafka
    spec:
    template:
    metadata:
    labels:
    app: kafka
    spectrocloud.com/connection: proxy
  4. Start creating your cluster using the cloud account associated with the PCG. Refer to the following resources on cluster creation.

Validate

  1. Access your cluster with kubectl. For more information, refer to Access Cluster with kubectl.

  2. Issue the following command. Replace pod-name with the name of the pod for your application and replace your-namespace with the namespace where the pod resides.

    kubectl get pod pod-name --output jsonpath='{.spec.containers[*].env}' --namespace your-namespace | jq .

    The command will yield output similar to the following. If the output includes the proxy settings you configured, you can validate that the application is configured to use the proxy server.

    [
    {
    "name": "http_proxy",
    "value": "http://10.10.180.0:3128"
    },
    {
    "name": "https_proxy",
    "value": "http://10.10.180.0:3128"
    },
    {
    "name": "NO_PROXY",
    "value": ""
    },
    {
    "name": "USER_NO_PROXY",
    "value": ""
    }
    ]