making a host port accessible from within a container in Kubernetes

proxy kubernetes

We have set up a Kubernetes cluster on a set of (virtual) Linux hosts. Each host runs an internal HTTP proxy on host's 127.0.0.1:3128. To access external HTTP/HTTPS resources from this network, the proxy must be used.

We would like to make an external network accessible from within containers in the cluster. Containers running on a given host should use an HTTP(s) proxy instance from that host.

How can we make these proxy services available from within containers?


Solution 1:

The Node's IP is always available to the containers via fieldRef:, and one may refer to other env: members using $() syntax (notice it's not shell syntax, it's the kubernetes interpolation syntax)

spec:
  containers:
  - name: use-proxy
    env:
    - name: NODE_IP
      valueFrom:
        fieldRef:
          fieldPath: status.hostIP
    - name: HTTP_PROXY
      value: $(NODE_IP):3128
    - name: HTTPS_PROXY
      value: $(NODE_IP):3128

and don't forget you'll likely need to inject the CA for the HTTPS proxy if it does MITM behavior

Also be aware that if it is literally bound to 127.0.0.1 on the Node, you will not be able to access it from inside the kubernetes cluster since those interfaces are not considered "localhost". You will need to make the proxy available to the CNI interface

Related

Dual Intel Xeon E5-2670 (current) vs AMD Ryzen 9 3900 (new box), for combined web/database server
Centos 8 in AWS - PHP install error
MySQL remote connection slow
Downloaded P 12 file from Google to my computer and dont remember password
What does "Output has been suspended by pressing Ctrl+S" mean?
how can i get plugins for gedit for zooming the text file?
Root user and Super User
usage of mount -o remount rw /
ssh to Ubuntu Server hangs after 30 seconds of inactivity
How to send files to the trash can without the confirmation dialog
How do I convert videos to H.265/HEVC format in Ubuntu?
ls on home directory very slow [duplicate]