Overview
In some environments internet access is only available via a proxy. Direktiv and other components k3s or Knative need extra configuration to use it.
k3s
If Direktiv is installed on-premise or on plain cloud VMs it is recommended to use k3s as Kubernetes distribution.
Air-gapped environments
This section is not important if a default gateway is configured on the host machine. In air-gapped environments it is possible that no default route is set but it is required for Kubernetes to work.
A dummy route can solve that issue but it requires additional configuration changes. The first step is to create such a dummy route and set it as default gateway.
The following commands add the route only temporary. Depending on your operating system this has to be configured permanently.
sudo ip -c address add 192.168.123.123/24 dev enp0s3 sudo ip route add default via 192.168.123.1
During installation
Setting the proxy for k3s is simple. During installation the values of HTTP_PROXY, HTTPS_PROXY and NO_PROXY are used and configured in the startup script automatically:
# Example Proxy Settings export HTTPS_PROXY=http://192.168.56.1:3128 export HTTP_PROXY=http://192.168.56.1:3128 export NO_PROXY=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,192.168.56.0/24,172.16.0.0/12,.svc,.default,.local,.cluster.local,localhost,.direktiv-services-direktiv
After the installation command the file /etc/systemd/system/k3s.service.env or /etc/systemd/system/k3s-agent.service.env should have the proxy set and the basic pods (coredns, local-path and metric-server) should be up and running.
On Centos/RedHat firewalld is running and certain ports need to be open. Please look at https://docs.direktiv.io/installation/kubernetes/#multi-node-setup to find the required ports.
Knative
Knative requires proxy access for the controller to access the images and do the tag resolution. Other Knative components don't require this setting. An example configuration would look like the following: https://raw.githubusercontent.com/direktiv/direktiv/main/kubernetes/install/knative/basic-proxy.yaml
Direktiv
Direktiv requires two settings to enable a proxy. The first setting is for the Direktiv pods like the API or the flow engine. This is configured on the first level of the values.yaml for the Helm charts.
http_proxy: "http://192.168.56.1:3128" https_proxy: "http://192.168.56.1:3128" no_proxy: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,192.168.56.0/24,172.16.0.0/12,.svc,.default,.local,.cluster.local,.svc.cluster.local,localhost,.direktiv-services-direktiv"
The second setting is to add a proxy to the function pods during flow execution:
functions: http_proxy: "http://192.168.56.1:3128" https_proxy: "http://192.168.56.1:3128" no_proxy: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,192.168.56.0/24,172.16.0.0/12,.svc,.default,.local,.cluster.local,.svc.cluster.local,localhost,.direktiv-services-direktiv"
Other Components
Linkerd and Postgres will work without special proxy configuration and settings.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article