microk8s behind authenticated proxy

Most likely you came here becuase you want to learn Kubernetes and trying to install microk8s on a system behind authenticated proxy server.

Recently I needed to setup microk8s on local Linux machine. Major hurdle in the process was that it was required to set up behind a proxy server with authentication. This article explains how to set up microk8s behind a proxy when authentication is also involved. This article can be referred in case authentication is not involved, just refer the proxy configuration “http://localhost:8080”. Instructions can be useful for Debian based as well as Centos distributions. It has been tested with Linux mint 19.10 and CentOS 7.

About proxy setup on Linux

In most of the cases proxy is configured using distribution specific GUI or by manually adding below environment variables in ~/.bashrc or /etc/environment

export http_proxy=http://<ProxyAddress:ProxyPort>
export https_proxy=http://<ProxyAddress:ProxyPort>

In case where authentication is required the variables are exported as:

export http_proxy=http://<UserName:Password@ProxyAddress:ProxyPort>
export https_proxy=http://<UserName:Password@ProxyAddress:ProxyPort>

Problem solved? No! There are still many programs which need proxy setting in their own way. For example, package managers yum, dnf, apt need their own proxy configuration. Additionally, some programs are not built to handle proxy with authentication. snapd is one such package at the time this article was written. We will need snapd to install microk8s on our system.

Solution: Proxy login automator

This program sets up a local proxy server at operating system level and automatically sends username and password to actual proxy server. One thing important to note here that we are not trying to bypass the proxy. We are trying to automate the proxy login. There are other complicated options. I chose this one because of its simplicity. I assume that you find out a way to configure git to work with proxy.

$ git clone https://github.com/sjitech/proxy-login-automator
$ node proxy-login-automator/proxy-login-automator.js \
      -local_port 8081 \
      -remote_host <ProxyAddress> \
      -remote_port <ProxyPort> \
      -usr <UserName> -pwd <Password>

Let’s keep it running in a separate terminal. Here onward let’s consider our local proxy server is http://localhost:8081 and continue with microk8s setup.

Install snapd

On Debian based platforms such as Ubuntu, Linux mint:

$ sudo apt install snapd

CentOS specific instructions:

$ sudo yum install snapd
$ sudo systemctl enable --now snapd.socket
$ sudo ln -s /var/lib/snapd/snap /snap

You need to log out and log in or restart the system for the changes to take effect.

Configure proxy settings of snap

$ sudo snap set system proxy.http=”http://localhost:8081"
$ sudo snap set system proxy.https=”http://localhost:8081"

Install microk8s and configure

These microk8s steps are from microk8s docs:

Install microk8s using snap:

$ sudo snap install microk8s — classic

Add user to microk8s group:

$ sudo usermod -a -G microk8s $USER

Open a new terminal or using below command to re-enter session.

$ su — $USER

Check status:

$ microk8s.status --wait-ready

Enable DNS and storage

$ microk8s.enable dns storage

For ease of use add below line to your .bashrc:

alias kubectl=’microk8s.kubectl’

Configure proxy for containerd

$ sudo vi /var/snap/microks8/current/args/containerd-env

and add below lines to it.

HTTP_PROXY=http://localhost:8081
HTTPS_PROXY=http://localhost:8081

Restart containerd service for the changes to take effect:

$ sudo systemctl restart snap.microk8s.daemon-containerd.service

Configure proxy for kubelet service

sudo vi /etc/systemd/system/snap.microk8s.daemon-kubelet.service

and add below line at the end of the [Service] section. Note that it is a single line.

Environment=”HTTPS_PROXY=http://localhost:8081" “HTTP_PROXY=http://localhost:8081"

Restart kubelet service for the changes to take effect:

$ sudo systemctl restart snap.microk8s.daemon-kubelet.service

Let’s try to create a deployment

$ kubectl create deployment kubernetes-bootcamp — image=gcr.io/google-samples/kubernetes-bootcamp:v1

Pod should be in running state after giving reasonable to time for creating containers. See that status with following command.

$ kubectl get pods

If you see the status as ContainerCreating for long time, following command can give you more information about the status.

$ kubectl describe pods

Although this is a temporary solution but it helps you continue learning about kubernetes when proxy is an issue.