# Issues Retrieving Pod/Container Log Information via Kubectl on Hosts Having Proxy Configured ## Problem There are issues retrieving pod/container log information via Kubectl on hosts which have proxy configured to reach the management plane. {% tabs %} {% tab title="None" %} ```none $ kubectl logs speaker-fghuy -n metallb-system Error from server: Get https://10.89.436.54:10250/containerLogs/metallb-system/speaker-fghuy/speaker: net/http: TLS handshake timeout ``` {% endtab %} {% endtabs %} ## Environment * Platform9 Managed Kubernetes - All Versions ## Cause * In scenarios where hosts are configured to connect to the Platform9 Cloud (Management Plane) via a proxy server (HTTP/S), then the PMK stack reads this HTTP information from the host's environment variables like *HTTP\_PROXY, HTTPS\_PROXY, NO\_PROXY, http\_proxy, https\_proxy, no\_proxy* and as well as from the pf9-comms's service configuration. {% tabs %} {% tab title="None" %} ```none pf9@worker25:/etc/pf9/kube.d$ cat master.yaml | grep proxy value: http://proxyname.platform9cloud.net:3128 value: http://proxyname.platform9cloud.net:3128 - name: http_proxyvalue: http://proxyname.platform9cloud.net:3128 - name: https_proxyvalue: http://proxyname.platform9cloud.net:3128 - name: no_proxy - --requestheader-allowed-names=aggregator,kubelet,admin,kube-proxy - --proxy-client-cert-file=/srv/kubernetes/certs/aggregator/request.crt - --proxy-client-key-file=/srv/kubernetes/certs/aggregator/request.key value: http://proxyname.platform9cloud.net:3128 value: http://proxyname.platform9cloud.net:3128 - name: http_proxyvalue: http://proxyname.platform9cloud.net:3128 - name: https_proxyvalue: http://proxyname.platform9cloud.net:3128 - name: no_proxy ``` {% endtab %} {% endtabs %} * Further, the PMK stack adds local IPs, localhost, VIP, Container & Service CIDR to *no\_proxy* variables automatically as seen above. * This results in the proxy configuration taking effect for the PMK stack without the *no\_proxy* environment variable being set for IPs of the nodes in the cluster. As the Proxy settings does not exclude hosts, when *kubectl logs \[pod]* gets executed, the *kube-apiserver* initiates a TLS connection with kubelet on the worker node running the pod in question which then passes through to the HTTP proxy server which blackholes the request causing a TLS request time out. ## Resolution * Set *NO\_PROXY*, *no\_proxy* environment variables on all the Master Nodes within the cluster to include the CIDR for all of the hosts in the cluster. * To set it ephemerally run the below-mentioned commands. Note: This would not be persisted. {% tabs %} {% tab title="None" %} ```none export NO_PROXY=a.b.c.d/mask export no_proxy=a.b.c.d/mask ``` {% endtab %} {% endtabs %} * To persist the values across host reboots, create a file at path */etc/profile.d/* and set the values in it as shown below. {% tabs %} {% tab title="None" %} ```none $ sudo touch /etc/profile.d/http_proxy.sh $ sudo chmod u+x /etc/profile.d/http_proxy.sh ``` {% endtab %} {% endtabs %} {% tabs %} {% tab title="None" %} ```none $ cat /etc/profile.d/http_proxy.sh export NO_PROXY=a.b.c.d/mask export no_proxy=a.b.c.d/mask ``` {% endtab %} {% endtabs %} ## Additional Information [Proxy Configuration to Access Hosts](https://support.platform9.com/hc/en-us/articles/360022481233) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://platform9.com/kb/pmk/solutions/issues-retrieving-pod-container-log-information-via-kubectl-on.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.