sudo /opt/anypoint/runtimefabric/rtfctl apply monitoring-proxy "socks5://<user>:<pass>@<10.0.0.2>:<8080>"
Managing Proxies on Runtime Fabric
Runtime Fabric uses two types of proxies when running and hosting applications:
-
System proxies: include proxies that enable connectivity among Kubernetes cluster services, including the Docker daemon and other internal components. When using Runtime Fabric you are responsible for configuring and managing system proxies.
-
Application proxies: include proxies that enable connectivity to applications running on Runtime Fabric.
You can configure the proxy settings used by Runtime Fabric outbound connections to the internet. This includes both HTTP proxies for connecting to the Anypoint Platform control plane and SOCKS5 proxies for sending metrics and logs to Anypoint Monitoring. You can also configure proxies for applications.
Install rtfctl
The rtfctl
command line tool is required to manage proxy settings on Runtime Fabric. Follow the steps to Install rtfctl before configuring proxy settings.
You can apply proxy settings during installation of Runtime Fabric if you install using Helm. For more information, refer to the Installing Runtime Fabric Using Helm documentation. |
Configure an Anypoint Monitoring Proxy
Because the monitoring agent requires a SOCKS5 proxy, you need two proxy types if you use Anypoint Monitoring.
The SOCKS5 proxy must connect to Anypoint Monitoring over TCP at the following endpoints:
-
US control plane:
dias-ingestor-router.us-east-1.prod.cloudhub.io
-
EU control plane:
dias-ingestor-router.eu-central-1.prod-eu.msap.io
-
Log in to a node where
rtfctl
is installed. -
Run the following command, replacing the placeholder values with the following:
-
-
<user>: the username needed to authenticate to the SOCKS5 proxy.
-
<pass>: the password needed to authenticate to the SOCKS5 proxy.
The password must be URL encoded. -
<10.0.0.2>: The IP address or hostname used to access the SOCKS5 proxy.
-
<8080>: The host port on the host where the SOCKS5 proxy is listening for requests.
-
To verify the change was successful, run the following command to output the current value of the monitoring proxy:
sudo /opt/anypoint/runtimefabric/rtfctl get monitoring-proxy
The output should match the value expected.
-
Configure an HTTP Proxy for Services in Runtime Fabric
You can configure HTTP and HTTPS proxies so that outbound components can communicate with the control plane.
Updating an HTTP proxy causes each machine in the cluster to restart all pods running on it. Although no downtime occurs if you are running multiple replicas, you should perform HTTP proxy updates during a maintenance window.
-
Apply the proxy values to the services running within Runtime Fabric.
-
If you are using Runtime Fabric installer 1.0.x, run the script on each node of your Runtime Fabric to update the cluster.
-
Log in to a node where
rtfctl
has been installed. -
Run the following command, replacing the placeholder values with the following:
sudo /opt/anypoint/runtimefabric/rtfctl apply http-proxy "http://<user>:<pass>@<10.0.0.1>:<8080>" --no-proxy "<1.1.1.1:8888,2.2.2.2:9999>"
-
-
<user>: the username needed to authenticate to the HTTP proxy.
-
<pass>: the password needed to authenticate to the HTTP proxy.
The password must be URL encoded. -
<10.0.0.1>: Specifies the IP address or hostname to access the HTTP proxy.
-
<8080>: Specifies the port on the host where the HTTP proxy is listening for requests.
-
<1.1.1.1:8888,2.2.2.2:9999>: Specifies the
RTF_NO_PROXY
hosts and ports, delimited by commas. -
(Optional)
--confirm
: Skips manual acknowledgement of the change. If not specified, thertfctl apply proxy
command prompts you to confirm the change before continuing.-
To verify the change was successful, run the following command to output the current value of the HTTP proxy:
sudo /opt/anypoint/runtimefabric/rtfctl get http-proxy
The output should match the value expected.
-
To remove the proxy values, run:
sudo /opt/anypoint/runtimefabric/rtfctl apply http-proxy '' --no-proxy ''
-
About the HTTP_PROXY Environment Variable
After applying a proxy for services in Runtime Fabric, you could see a warning similar to:
Warning: Proxy configurations in the environment "HTTP_PROXY: " does not match configurations in Runtime Fabric "YOUR_PROXY"
Runtime Fabric generates this warning to let you know that you have not set the HTTP_PROXY
environment variable or that the variable does not match the value used for Runtime Fabric services. The settings do not have to match, but Runtime Fabric generates the warning so you’re aware services could be impacted.
Many Linux tools use the HTTP_PROXY
environment variable to provide their proxy settings. If your environment requires a proxy for Internet access, you likely need to set the HTTP_PROXY
environment variable for commands that require Internet access.
This could affect other tools that also use HTTP or HTTPS operations but do not require Internet access, such as kubectl
. You can use the NO_PROXY
environment variable to establish connections that should not be proxied.
Refer to the documentation for your Linux tools for more information on which environment variables affect its proxy behavior.
Configure a Proxy for the API Manager Agent
You can use a proxy to establish communication for Mule applications that you manage with API Manager. This proxy configuration must be set on each Mule application, even if you are using the same configuration for all applications. Note this setting is independent from the application-level proxy that applications use to communicate with other external endpoints.
To configure a proxy for the API Manager Agent, add the following properties to the application:
anypoint.platform.proxy_host=hostname anypoint.platform.proxy_port=port anypoint.platform.proxy_username=username anypoint.platform.proxy_password=password
Configure a Proxy for a Mule Application
Applications deployed in Runtime Fabric inherit proxy settings from the Runtime Fabric cluster. You can also configure a proxy for each application.
You can set up a proxy on each connector (such as an HTTP requestor) or set up a proxy with application properties as shown in the following example. Setting up a proxy with application properties is less work if you have a large number of connectors in an application.
http.nonProxyHosts=localhost|*.svc.cluster.local|*.monitoring.svc.cluster.local http.proxyHost=172.19.0.23 http.proxyPort=3128 https.proxyHost=172.19.0.23 https.proxyPort=3128 java.net.useSystemProxies=false com.ning.http.client.AsyncHttpClientConfig.useProxySelector=false com.ning.http.client.AsyncHttpClientConfig.useProxyProperties=true