Enable Onramp to work with proxy, if needed (#83)

gab-arrobo · web-flow · commit 2f54632240ec · 2026-04-14T14:41:30.000-07:00
* Enable Onramp to work with proxy, if needed

Signed-off-by: Arrobo, Gabriel &lt;gabriel.arrobo@intel.com&gt;

* Address Copilot's comments

Signed-off-by: Arrobo, Gabriel &lt;gabriel.arrobo@intel.com&gt;

---------

Signed-off-by: Arrobo, Gabriel &lt;gabriel.arrobo@intel.com&gt;
diff --git a/onramp/ref.rst b/onramp/ref.rst
@@ -115,6 +115,21 @@ the list is not comprehensive.
      - `false`
      - Loads Helm Charts from public repo; set to `true` to utilize
        local charts, with `*.helm.charts_ref` set to local path name.
+   * - `proxy.enabled`
+     - `false`
+     - Enable HTTP proxy support for all deployment steps; set to `true`
+       when deploying behind a corporate or institutional proxy.
+   * - `proxy.http_proxy`
+     - `""`
+     - HTTP proxy URL (e.g., ``http://proxy.example.com:3128``).
+   * - `proxy.https_proxy`
+     - `""`
+     - HTTPS proxy URL (e.g., ``http://proxy.example.com:3128``).
+   * - `proxy.no_proxy`
+     - See ``vars/main.yml``
+     - Comma-separated list of hosts and CIDRs that bypass the proxy;
+       the default includes localhost, private subnets, and Kubernetes
+       internal domains as defined in ``vars/main.yml``.
 
 In addition to the variables listed in the preceding table, the vars
 file also references other configuration files required by each
diff --git a/onramp/start.rst b/onramp/start.rst
@@ -247,6 +247,31 @@ The output should show that Ansible is able to securely connect to all
 the nodes in your deployment, which is currently just the one that
 Ansible knows as ``node1``.
 
+Configure Proxy (Optional)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If your server accesses the Internet through an HTTP proxy, enable
+proxy support by editing the ``proxy`` section in
+``vars/main.yml``:
+
+.. code-block:: yaml
+
+   proxy:
+     enabled: true
+     http_proxy: "http://proxy.example.com:3128"
+     https_proxy: "http://proxy.example.com:3128"
+     no_proxy: "localhost,127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,10.42.0.0/16,10.43.0.0/16,.svc,.svc.cluster.local,.cluster.local"
+
+When ``proxy.enabled`` is ``true``, OnRamp automatically propagates
+proxy settings to all deployment steps. This includes Ansible tasks
+that download software (e.g., ``apt``, ``pip``, ``helm``), the Docker
+daemon on nodes running Docker-based components, and RKE2's embedded
+containerd runtime on Kubernetes nodes. Adjust ``no_proxy`` to include
+any additional internal hosts or domains that should bypass the proxy.
+
+When ``proxy.enabled`` is ``false`` (the default), the proxy section
+has no effect and can be left as-is.
+
 Install Kubernetes
 ~~~~~~~~~~~~~~~~~~~
 
