Document how to install Helm on Kubernetes behind a proxy
### Problem to solve Currently GitLab does not support an easy way for users to specify their proxy information. If a Kubernetes cluster is created behind a proxy and user attempts to install Helm, it will result in the following error: ``` Something went wrong while installing Helm Tiller ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.6/main: operation timed out WARNING: Ignoring APKINDEX.84815163.tar.gz: No such file or directory ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.6/community: operation timed out WARNING: Ignoring APKINDEX.24d64ab1.tar.gz: No such file or directory ERROR: unsatisfiable constraints... ``` ### Intended users operators, developers ### Further details Currently, it's possible to work-around this issue by enabling PodPreset on the api server and injecting proxy configuration as described in https://kubernetes.io/docs/concepts/workloads/pods/podpreset, however, this is not intuitive. ### Proposal Following the suggestion in [this comment](https://gitlab.com/gitlab-org/gitlab-ce/issues/46366#note_87028920), this issue will serve as the MVC by providing documentation on how to accomplish this. ### Permissions and Security <!-- What permissions are required to perform the described actions? Are they consistent with the existing permissions as documented for users, groups, and projects as appropriate? Is the proposed behavior consistent between the UI, API, and other access methods (e.g. email replies)? --> ### Documentation <!-- See the Feature Change Documentation Workflow https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html Add all known Documentation Requirements here, per https://docs.gitlab.com/ee/development/documentation/feature-change-workflow.html#documentation-requirements --> ### Testing <!-- What risks does this change pose? How might it affect the quality of the product? What additional test coverage or changes to tests will be needed? Will it require cross-browser testing? See the test engineering process for further guidelines: https://about.gitlab.com/handbook/engineering/quality/guidelines/test-engineering/ --> ### What does success look like, and how can we measure that? <!-- Define both the success metrics and acceptance criteria. Note that success metrics indicate the desired business outcomes, while acceptance criteria indicate when the solution is working correctly. If there is no way to measure success, link to an issue that will implement a way to measure this. --> ### Links / references <details> <summary>original issue content</summary> ### Summary Clicking on "Install" button for Helm Tiller under CI/CD / Clusters generates time out error ### Steps to reproduce * create Kubernetes cluster behind proxy * integrate with GitLab * click install Helm/Tiller ### What is the current *bug* behavior? When you try to install Helm/Tiller, you'll see this ERROR: ``` Something went wrong while installing Helm Tiller ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.6/main: operation timed out WARNING: Ignoring APKINDEX.84815163.tar.gz: No such file or directory ERROR: http://dl-cdn.alpinelinux.org/alpine/v3.6/community: operation timed out WARNING: Ignoring APKINDEX.24d64ab1.tar.gz: No such file or directory ERROR: unsatisfiable constraints... ``` ### What is the expected *correct* behavior? Helm/Tiller installed successfully ### Relevant logs and/or screenshots ![Screenshot_from_2018-05-14_11-44-27](/uploads/aa8b3bf48e8db21479509c004e330074/Screenshot_from_2018-05-14_11-44-27.png) #### Results of GitLab environment info <details> <summary>Expand for output related to GitLab environment info</summary> <pre> System information System: Ubuntu 14.04 Current User: git Using RVM: no Ruby Version: 2.3.6p384 Gem Version: 2.6.13 Bundler Version:1.13.7 Rake Version: 12.3.0 Redis Version: 3.2.11 Git Version: 2.14.3 Sidekiq Version:5.0.5 Go Version: unknown GitLab information Version: 10.7.3 Revision: 2555d6c Directory: /opt/gitlab/embedded/service/gitlab-rails DB Adapter: postgresql URL: https://gitlab.well.kz HTTP Clone URL: https://gitlab.well.kz/some-group/some-project.git SSH Clone URL: git@gitlab.well.kz:some-group/some-project.git Using LDAP: yes Using Omniauth: no GitLab Shell Version: 7.1.2 Repository storage paths: - default: /var/opt/gitlab/git-data/repositories Hooks: /opt/gitlab/embedded/service/gitlab-shell/hooks Git: /opt/gitlab/embedded/bin/git </pre> </details> #### Results of GitLab application Check <details> <summary>Expand for output related to the GitLab application check</summary> <pre> Everything is OK Redis version >= 2.8.0? ... yes Ruby version >= 2.3.5 ? ... yes (2.3.6) Git version >= 2.9.5 ? ... yes (2.14.3) Git user has default SSH configuration? ... yes Active users: ... num Checking GitLab ... Finished </pre> </details> ### Possible fixes As far as i know once you click "install" button in GitLab UI the `Helm/Tiller` installation goes on `k8s` node. According to source code `helm` binary is downloaded inside of alpine container: https://gitlab.com/gitlab-org/gitlab-ce/blob/master/lib/gitlab/kubernetes/helm/base_command.rb But it'll never come to that. Just because running `apk add -U <package>` will fall due to proxy server environment variables missing: ``` $ kubectl run -it --image=alpine alpine -- sh If you don't see a command prompt, try pressing enter. / # apk add -U ca-certificates openssl fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz (takes a long time until time out) ^C/ ``` Setting up environment variable fixes it: ``` / # export http_proxy='http://<proxy_user>:<proxy_pass>@<proxy_host>:<proxy_host_port>/' / # apk add -U ca-certificates openssl fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz (1/4) Installing ca-certificates (20171114-r0) 0% ``` And as a result, UI needs the ability to declare proxy server settings. </details>
issue