Configuring proxy

Learn how to configure a proxy for Eclipse Che. The steps include creating a Kubernetes Secret for proxy credentials and configuring the necessary proxy settings in the CheCluster custom resource. The proxy settings are propagated to the operands and workspaces through environment variables.

On OpenShift cluster, you do not need to configure proxy settings. Che Operator automatically uses OpenShift cluster-wide proxy configuration. However, you can override the proxy settings by specifying them in the CheCluster custom resource.

Procedure

  1. (OPTIONAL) Create a Secret in the eclipse-che namespace that contains a user and password for a proxy server. The secret must have the app.kubernetes.io/part-of=che.eclipse.org label. Skip this step if the proxy server does not require authentication.

    kubectl apply -f - <<EOF
kind: Secret
apiVersion: v1
metadata:
  name: che-proxy-credentials
  namespace: eclipse-che
  labels:
    app.kubernetes.io/part-of: che.eclipse.org
type: Opaque
stringData:
  user: <user>          (1)
  password: <password>  (2)
EOF
    1 The username for the proxy server.
    2 The password for the proxy server.

  2. Configure the proxy or override the cluster-wide proxy configuration for an OpenShift cluster by setting the following properties in the CheCluster custom resource:

    kubectl patch checluster/eclipse-che \
    --namespace eclipse-che \
    --type='merge' -p \
'{"spec":
    {"components":
        {"cheServer":
            {"proxy":
                {"credentialsSecretName" : "<secretName>",                      (1)
                 "nonProxyHosts"         : ["<host_1>"],                        (2)
                 "port"                  : "<port>",                            (3)
                 "url"                   : "<protocol>://<domain>"}}}}}'    (4)
    1 The credentials secret name created in the previous step.
    2 The list of hosts that can be reached directly, without using the proxy. Use the following form .<DOMAIN> to specify a wildcard domain. Che Operator automatically adds .svc and Kubernetes service host to the list of non-proxy hosts. In OpenShift, Che Operator combines the non-proxy host list from the cluster-wide proxy configuration with the custom resource.

    In some proxy configurations, localhost may not translate to 127.0.0.1. Both localhost and 127.0.0.1 should be specified in this situation.
    3 The port of the proxy server.
    4 Protocol and domain of the proxy server.
Verification steps

  1. Start a workspace

  2. Verify that the workspace pod contains HTTP_PROXY, HTTPS_PROXY, http_proxy and https_proxy environment variables, each set to <protocol>://<user>:<password@<domain>:<port>.

  3. Verify that the workspace pod contains NO_PROXY and no_proxy environment variables, each set to comma-separated list of non-proxy hosts.

Additional resources