Routing Buoyant Cloud requests through an internet proxy
Some components of the Buoyant Cloud agent make external requests to
api.buoyant.cloud, to retrieve configuration data and to send the metrics and
cluster information that’s displayed in Buoyant Cloud.
If your cluster requires the use of an internet proxy when sending external
requests, then you’ll need to update your agent install to specify the proxy
URL. This requires adding extra fields in the values.yaml file that you use
when installing the agent via
Helm.
For example, if your proxy URL is http://squid.default:3128, then you’d need
to update your values.yaml file with these values to route all HTTPS requests
to Buoyant Cloud through the proxy:
agent:
additionalEnvMap:
https_proxy:
value: "http://squid.default:3128"
initContainer:
additionalEnvMap:
https_proxy:
value: "http://squid.default:3128"
metrics:
proxyURL: "http://squid.default:3128"
controlPlaneOperator:
additionalEnvMap:
https_proxy:
value: "http://squid.default:3128"
dataPlaneOperator:
additionalEnvMap:
https_proxy:
value: "http://squid.default:3128"
For more information about installing the agent via Helm, see the guide to programmatically installing the Buoyant Cloud agent.
Example: Using a Squid proxy
For a working example that uses Squid, follow
the steps below. These steps assume that you have a working Kubernetes cluster
and have configured the kubectl CLI to access your cluster.
Step 1: Deploy the Squid proxy
Start by running a single Squid proxy container in the default namespace,
using the following command:
kubectl run squid --image=ubuntu/squid:5.2-22.04_beta --port 3128 --expose
That will create a squid pod and a corresponding squid service that we can
use to route traffic to the proxy.
Step 2: Configure the agent install
Next we’ll create the values.yaml file that can be used to install the agent
via Helm. Start by downloading the values.yaml file that’s provided on your
Buoyant Cloud Settings page.
It will look something like this:
api:
clientID: ...
clientSecret: ...
We’re going to update that file with the ability for all components to route HTTP and HTTPS through the Squid proxy, using the approach outlined above. The combined config will be:
api:
clientID: ...
clientSecret: ...
agent:
additionalEnvMap:
http_proxy:
value: "http://squid.default:3128"
https_proxy:
value: "http://squid.default:3128"
initContainer:
additionalEnvMap:
http_proxy:
value: "http://squid.default:3128"
https_proxy:
value: "http://squid.default:3128"
metrics:
proxyURL: "http://squid.default:3128"
controlPlaneOperator:
additionalEnvMap:
http_proxy:
value: "http://squid.default:3128"
https_proxy:
value: "http://squid.default:3128"
dataPlaneOperator:
additionalEnvMap:
http_proxy:
value: "http://squid.default:3128"
https_proxy:
value: "http://squid.default:3128"
Step 3: Install the agent
Using the values.yaml file from the previous step, install the agent via Helm,
with:
CLUSTER_NAME=my-cluster
helm repo add linkerd-buoyant https://helm.buoyant.cloud
helm repo update
helm install --create-namespace \
--namespace linkerd-buoyant \
--values values.yaml \
--set metadata.agentName=$CLUSTER_NAME \
linkerd-buoyant linkerd-buoyant/linkerd-buoyant
Be sure to set CLUSTER_NAME to whatever value you want to use to identify this
cluster in Buoyant Cloud.
After running the install command, verify that all pods in the linkerd-buoyant
namespace have successfully started, by running:
kubectl -n linkerd-buoyant get po
Step 4: Verify that traffic is passing through the proxy
To verify that traffic from the agent is actually being successfully through the
Squid proxy, we can tail the log of the squid container:
kubectl logs squid
In the log you should see lines similar to:
1719611213.751 1064 10.244.0.14 TCP_TUNNEL/200 4213 CONNECT api.buoyant.cloud:443 - HIER_DIRECT/52.234.160.19 -
1719611213.751 1117 10.244.0.14 TCP_TUNNEL/200 4019 CONNECT 10.96.0.1:443 - HIER_DIRECT/10.96.0.1 -
1719611219.594 2 10.244.0.14 TCP_MISS/200 6008 GET http://10.244.0.7:4191/env.json - HIER_DIRECT/10.244.0.7 application/json
1719611219.987 2 10.244.0.14 TCP_REFRESH_MODIFIED/200 6007 GET http://10.244.0.7:4191/env.json - HIER_DIRECT/10.244.0.7 application/json
Congrats! You’re now successfully running the Buoyant Cloud agent with an internet proxy in place.