Configuring and Updating Proxy Settings for OpsRamp Gateway and Kubernetes Nodes

Overview

In enterprise environments where internet access is controlled through a corporate proxy, you must configure proxy settings to allow external communication for both Kubernetes clusters and OpsRamp Gateways. This guide explains how to:

Set proxy variables at the node level (system-wide)
Apply proxy settings at the Kubernetes cluster level
Update proxy settings post-deployment of the OpsRamp Gateway
Perform verification and troubleshooting

Note

This guide applies exclusively to deployments using the OpsRamp-provided ISO/OVA.

Proxy Configuration at Node Level

Proxy settings at the system level ensure that OS-level utilities (such as container runtime, curl, wget) can communicate externally via the proxy server.

Step 1: Add Proxy Environment Variables

Edit the /etc/environment file on each Kubernetes node:

sudo vi /etc/environment

Add the following lines:

HTTP_PROXY="http://your.proxy.server:proxy_port"
HTTPS_PROXY="https://your.proxy.server:proxy_port"
NO_PROXY="localhost,127.0.0.1,10.42.0.1/8,10.43.0.1/8,<NODE_IP_1>,<NODE_IP_2>,..."

Replace your.proxy.server and proxy_port with your proxy details.
Add all node IPs and service IPs to NO_PROXY to prevent internal traffic from routing through the proxy.

Tip

You can also include hostnames like kubernetes.default, *.svc, etc., in NO_PROXY if needed.

Step 2: Apply Changes

Log out and log back in, or source the file:

source /etc/environment

Step 3: Proxy Configuration at K3s Cluster Level

Scenario A: Proxy Set Before K3s Installation

If proxy settings are configured before installing K3s, the installer automatically picks up the proxy environment variables defined in . Now install the K3s using opsramp bootstrap tool.

Reference: Install K3s

After installing K3s, validate that the proxy variables were correctly applied by checking the systemd environment file:

cat /etc/systemd/system/k3s.service.env

Ensure the following entries appear (with your actual proxy values):

HTTP_PROXY=http://your.proxy.server:proxy_port
HTTPS_PROXY=https://your.proxy.server:proxy_port
NO_PROXY="localhost,127.0.0.1,10.42.0.1/8,10.43.0.1/8,<NODE_IP_1>,<NODE_IP_2>,..."

Scenario B: Proxy Set After K3s Installation

If you installed K3s before defining proxy variables at the system level, you need to manually update the K3s configuration.

Step 1: Edit the K3s Environment File

Open the systemd environment file used by the K3s service:

sudo vi /etc/systemd/system/k3s.service.env

Add or modify the following entries:

HTTP_PROXY=http://your.proxy.server:proxy_port
HTTPS_PROXY=https://your.proxy.server:proxy_port
NO_PROXY="localhost,127.0.0.1,10.42.0.1/8,10.43.0.1/8,<NODE_IP_1>,<NODE_IP_2>,..."

Replace <NODE_IP_1> <NODE_IP_2> and other with the actual IP addresses of your cluster nodes or internal service IP ranges that should bypass the proxy.

Step 2: Reload and Restart K3s

Apply the updated environment variables by restarting the K3s service:

sudo systemctl daemon-reexec
sudo systemctl restart k3s

Step 3: Verify Cluster Status

Confirm that the cluster and nodes are running correctly:

kubectl get nodes

Scenario C: Updating Proxy Settings After Gateway Registration

If you didn’t configure the proxy during OpsRamp Gateway setup, or if proxy settings change later, you can update them using Helm. These settings apply to the containers required for the NextGen Gateway.

Step 1: Check the Installed Gateway Helm Chart Version

helm list -n <namespace>

Locate your release (e.g., nextgen-gw) and note the CHART version.

Step 2: Update the Gateway with New Proxy Details

Without Authentication:

helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw \
  --version <VERSION> \
  --set proxy.ConnectionType=proxy \
  --set proxy.ProxyIp=<PROXY_IP> \
  --set proxy.ProxyPort=<PROXY_PORT> \
  -n <NAMESPACE> \
  --reuse-values

With Authentication:

helm upgrade nextgen-gw oci://us-docker.pkg.dev/opsramp-registry/gateway-cluster-charts/nextgen-gw \
  --version <VERSION> \
  --set proxy.ConnectionType=proxy \
  --set proxy.ProxyIp=<PROXY_IP> \
  --set proxy.ProxyPort=<PROXY_PORT> \
  --set proxy.ProxyUsername=<USERNAME> \
  --set proxy.ProxyPassword=<PASSWORD> \
  -n <NAMESPACE> \
  --reuse-values

Replace placeholders (<VERSION>, <NAMESPACE>, <PROXY_IP>, etc.) with actual values.

Step 3: Verify the Secret

Confirm that proxy values are stored in the Secret:

kubectl get secret vprobe-proxy-secret -n <NAMESPACE> -o jsonpath="{.data['config\.properties']}" | base64 --decode

Replace <namespace> with your gateways namespace. If you don’t have a custom namespace, use default.
Look for entries under the proxy section.

Step 4: Restart Gateway Pod

To apply the changes:

kubectl delete pod nextgen-gw-0 -n <NAMESPACE>

Kubernetes will automatically restart the pod with updated settings.

Note

If the Squid proxy is enabled, restart the Squid proxy pod by running:

kubectl delete pod <squid-proxy-pod-name> -n <namespace>

Verification Checklist

Proxy variables are defined in /etc/environment on all nodes
K3s environment file (k3s.service.env) is updated
NO_PROXY includes all internal node/service IPs
K3s service restarted successfully
Gateway pod restarted with updated proxy settings
Internet access is functional through the proxy

Additional Notes

Ensure DNS and routing configurations allow the proxy server to be reachable from all nodes.
If your proxy requires authentication, include it in the URL: http://username:password@your.proxy.server:port
Use caution with NO_PROXY entries to avoid unintended traffic redirection.