Chapter 1. Post Installation Proxy Set-up

After installing the Core, configure it to use a proxy.

1.1. Configuring OpenShift

For steps to configure OpenShift see OpenShift documentation To determine the <docker-registry-ip> run the following commands:

oc project default
oc rsh <docker-registry-pod>
printenv DOCKER_REGISTRY_SERVICE_HOST

See the section "Working with HTTP Proxies" for information about configuring your OpenShift installation to use a proxy.

1.2. Configuring RHMAP

Configure the node-proxy ConfigMap:
```
oc edit configmap node-proxy
```
This opens the node-proxy config map in your default editor.
Edit the following values in the relevant data keys, only including the username and password if the proxy requires authentication:
```
http-proxy: "http://<username>:<password>@<proxy-host>:<proxy-port>"
https-proxy: "http://<username>:<password>@<proxy-host>:<proxy-port>"
```
Note
The https-proxy setting refers to internal traffic, use the http protocol, for example http://user:pass@myproxy.com:80.
Configure the millicore-proxy ConfigMap:
```
oc edit configmap millicore-proxy
```
This opens the millicore-proxy config map in your default editor. Edit the following values in the relevant data keys, only including the millicore-proxy-user and millicore-proxy-pass if your proxy requires authentication:
```
  millicore-proxy: <proxy-host>
  millicore-proxy-password: <proxy-password>
  millicore-proxy-port: '<proxy-port>'
  millicore-proxy-user: <proxy-user>
```

Configure the ups-proxy ConfigMap:

oc edit configmap ups-proxy

This opens the ups-proxy config map in your default editor. Edit the following values in the relevant data keys, only including the http-proxy-user and http-proxy-pass if your proxy requires authentication:

  http-proxy-host: <proxy-host>
  http-proxy-pass: <proxy-password>
  http-proxy-port: '<proxy-port>'
  http-proxy-user: <proxy-user>
  https-proxy-host: <proxy-host>
  https-proxy-port: '<proxy-port>'
  socks-proxy-host: '<socks-proxy-host>'
  socks-proxy-port: '<socks-proxy-port>'

Redeploy all the relevant pods to pick up the new configuration. The services that require a pod redeploy are listed below. If you are running OpenShift 3.2 or 3.3, use the following command for each of the services:
```
for i in fh-aaa fh-metrics fh-messaging fh-ngui fh-scm fh-supercore ups fh-appstore gitlab-shell millicore; do oc deploy ${i} --latest; done
```
If you are running OpenShift 3.4, use the following command for each of the services:
```
for i in fh-aaa fh-metrics fh-messaging fh-ngui fh-scm fh-supercore ups fh-appstore gitlab-shell millicore; do oc rollout latest ${i}; done
```

1.2.1. Update BuildConfig Proxy Defaults

In order for RHMAP to pull the github repo from an external URL without having to manually add the proxy details to the buildconfig, edit the /etc/origin/master/master-config.yaml file and configure the default proxy values.

At the top of this file is a section named admissionConfig. Note that this should be a root element, not a similarly named element under the kubernetesMasterConfig element. Add the following configuration:

Note: Exclude entries for <username> and <password> if proxy authentication is not required.

  pluginConfig:
    BuildDefaults:
      configuration:
        apiVersion: v1
        kind: BuildDefaultsConfig
        gitHTTPProxy: http://<username>:<password>@<proxy-host>:<proxy-port>
        gitHTTPSProxy: http://<username>:<password>@<proxy-host>:<proxy-port>
        gitNoProxy: <nodes-ip-range>,<infra-ip-range>,<containers-ip-range>,docker-registry.default.svc.cluster.local
        env:
        - name: HTTP_PROXY
          value: http://<username>:<password>@<proxy-host>:<proxy-port>
        - name: HTTPS_PROXY
          value: http://<username>:<password>@<proxy-host>:<proxy-port>
        - name: NO_PROXY
          value: "<nodes-ip-range>,<infra-ip-range>,<containers-ip-range>,docker-registry.default.svc.cluster.local"

Once this is complete, restart openshift master to make the changes take effect:

systemctl restart atomic-openshift-master.service

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Chapter 1. Post Installation Proxy Set-up

1.1. Configuring OpenShift

1.2. Configuring RHMAP

1.2.1. Update BuildConfig Proxy Defaults

Where did the comment section go?