Rework proxy support

[champtar]

What type of PR is this?
/kind feature

What this PR does / why we need it:
no_proxy is a pain to get right, and having proxy variables present can have side effect
It's better to only configure what require proxy:

• the runtime (containerd/docker/crio)
• the package manager
• the download tasks

Which issue(s) this PR fixes:
Fixes #7100

Special notes for your reviewer:
Only tested on CentOS 8 for now (cluster and upgrade)

Does this PR introduce a user-facing change?:

Rework proxy support

[k8s-ci-robot]

Hi @champtar. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[floryut]

Given all the proxy issues we had, maybe hold this one and merge after 2.15 ?
/ok-to-test

[champtar]

Right now your cluster breaks on upgrade (#7100), so not sure we want to hold, but need some testing on Ubuntu/Debian for sure.
@floryut if you know some proxy user can you ping them ?

[champtar]

To be clear I don't want to delay 2.15, but I'll want to backport this once it's tested by someone else.
Setting proxy env variables everywhere is the wrong approach IMO as we have some tricky behavior changes, and in the end we don't use the proxy in that much places.

[champtar]

I can split the first 2 commits in an other PR

[floryut]

Right now your cluster breaks on upgrade (#7100), so not sure we want to hold, but need some testing on Ubuntu/Debian for sure.
@floryut if you know some proxy user can you ping them ?

Ok indeed if there is some issue then we don't need to think too much.
I can try but not sure to find anybody with proxy setup and time to test

[floryut]

/approve
Looks fine to me, WDYT @EppO @oomichi @LuckySB ?

[LuckySB]

/approve

I don't have a proxy, but it looks ok

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: champtar, floryut, LuckySB

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [LuckySB,floryut]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[champtar]

There is a small risk of breakage in the contrib as I have not tested them, but the fix would be to add environment: "{{ proxy_env }}" or even better to use kubespray download_file.yml. I did grep for get_url/uri. In any cases it would be clean breakage pretty easy to troubleshoot and fix.

[EppO]

/lgtm