headlamp
headlamp copied to clipboard
kubernetes-sigs
Proxy Support
Hey very nice project,
It is possible to add proxy settings to use the software inside a corporate proxy network ?
Greetings,
Hey @lupaulus May I know how do you setup proxy for other tools(like kubectl) that interact with the cluster? I was wondering if this can be solved by using the proxy-url config that is supported by kubeconfig .
Refer
With K9s, I setup two entry variable at the startup like in linux : http_proxy=<http_proxy> https_proxy=<https_proxy>
proxy support would require at least http_proxy, https_proxy and no_proxy env vars to be configurable. However please be aware that there is no format syntax definition for the values of those environment variables. Also you might want to add those options to the headlamp settings because you might want different proxy settings for headlamp instead using global environment variables (not a big deal on Linux, but on other platforms it is).
➕ 1️⃣ For this feature, i'm expecting that headlamp aware of proxy-url which supported by kubeconfig
Currently i'm using this workaround, starting headlamp from CLI
$ export HTTPS_PROXY=socks5://localhost:8080
$ /Applications/Headlamp.app/Contents/MacOS/Headlamp
@joaquimrocha Should we add an option in the UI to configure the proxy for each cluster? We wont be able to fetch the value from the CLI when running in app mode.
There's also OS specific proxy settings. Not sure the current best way to get them, but there's an older article here with a few pointers and explanation: https://evandontje.com/2020/04/02/automatic-system-proxy-configuration-for-electron-applications/
@joaquimrocha Should we add an option in the UI to configure the proxy for each cluster? We wont be able to fetch the value from the CLI when running in app mode.
that would be really great, because I access my clusters via socks5 proxy
I would start simple and just support HTTP proxy environment variables (e.g., http_proxy, https_proxy, no_proxy). No UI, just pull from the environment. Next you could add a UI and other bells and whistles like per cluster configs.
I’m currently behind a corporate proxy and the only issue I have is installing plugins. My clusters are accessible without going through the proxy.
Hello,
If I start headlamp ui in cli by setting the proxy as an environment variable, it works fine. However, installing plugins doesn't work.
Error fetching plugin info: TypeError: fetch failed
at node:internal/deps/undici/undici:12502:13
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async fetchPluginInfo (/Applications/Headlamp.app/Contents/Resources/app/electron/plugin-management.js:738:22)
at async PluginManagerEventListeners.handleInstall (/Applications/Headlamp.app/Contents/Resources/app/electron/main.js:218:20) {
[cause]: Error: getaddrinfo ENOTFOUND artifacthub.io
at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:120:26) {
errno: -3008,
code: 'ENOTFOUND',
syscall: 'getaddrinfo',
hostname: 'artifacthub.io'
}
}
Headlamp Desktop is an Electron-based web app that uses the Headlamp daemon CLI under the hood. In an enterprise setting, these two components should have their own proxy configuration because they follow two distinct security models: the former should respect desktop proxy configuration (desktop security model), and the latter should use a proxy server to access the Kubernetes API (Kubernetes security model), typically set via proxy-url in kubeconfig.
When we set https_proxy (or HTTPS_PROXY) env variable both components will use one proxy server without separation of concerns. For instance, in my case I would only need one proxy to access Kubernetes API.
