Proxy config for workers/workload
New replacements provide ability to use proxy configuration for worker nodes and workload deployment. To use proxy the following env vars should be exported for the session when running phases: HTTP_PROXY, HTTPS_PROXY and NO_PROXY Make sure to define all of them, especially NO_PROXY. For example, without adding cluster IP addresses the deployment will fail. Change-Id: Id08126f77e0a9da31318f1a239c51a6c78a7c88e
This commit is contained in:
parent
cd1ca0b787
commit
88d676a567
@ -45,6 +45,13 @@ spec:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 64Mi
|
||||
env:
|
||||
- name: http_proxy
|
||||
value: REPLACEMENT_HTTP_PROXY
|
||||
- name: https_proxy
|
||||
value: REPLACEMENT_HTTPS_PROXY
|
||||
- name: no_proxy
|
||||
value: REPLACEMENT_NO_PROXY
|
||||
serviceAccountName: helm-operator
|
||||
# See https://github.com/fluxcd/flux/pull/2116
|
||||
dnsPolicy: None
|
||||
|
@ -0,0 +1,34 @@
|
||||
# These rules inject env vars into the helm-operator function.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: helm-operator-env-vars-replacements
|
||||
replacements:
|
||||
# Replace the proxy vars
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTP_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: helm-operator
|
||||
fieldrefs: ["spec.template.spec.containers[name=helm-operator].env[name=http_proxy].value%REPLACEMENT_HTTP_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTPS_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: helm-operator
|
||||
fieldrefs: ["spec.template.spec.containers[name=helm-operator].env[name=https_proxy].value%REPLACEMENT_HTTPS_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.NO_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: Deployment
|
||||
name: helm-operator
|
||||
fieldrefs: ["spec.template.spec.containers[name=helm-operator].env[name=no_proxy].value%REPLACEMENT_NO_PROXY%"]
|
@ -2,3 +2,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- versions.yaml
|
||||
- helm-operator-env-vars.yaml
|
||||
|
@ -27,6 +27,20 @@ spec:
|
||||
net.bridge.bridge-nf-call-iptables = 1
|
||||
EOF
|
||||
- sysctl --system
|
||||
- |
|
||||
mkdir -p /etc/systemd/system/docker.service.d/
|
||||
cat <<EOF | tee /etc/systemd/system/docker.service.d/http-proxy.conf
|
||||
[Service]
|
||||
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
|
||||
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
|
||||
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
|
||||
EOF
|
||||
- export HTTP_PROXY=REPLACEMENT_HTTP_PROXY
|
||||
- export HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY
|
||||
- export http_proxy=${HTTP_PROXY}
|
||||
- export https_proxy=${HTTPS_PROXY}
|
||||
- export NO_PROXY=REPLACEMENT_NO_PROXY
|
||||
- export no_proxy=${NO_PROXY}
|
||||
- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
|
||||
- curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
|
||||
- add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
|
||||
@ -41,6 +55,7 @@ spec:
|
||||
- apt-mark hold kubelet kubeadm
|
||||
- systemctl mask ntp
|
||||
- systemctl enable --now systemd-timesyncd
|
||||
- unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY no_proxy NO_PROXY
|
||||
users:
|
||||
- name: deployer
|
||||
sshAuthorizedKeys:
|
||||
|
@ -5,3 +5,7 @@ resources:
|
||||
- kubeadmconfigtemplate.yaml
|
||||
- metal3machinetemplate.yaml
|
||||
- machinedeployment.yaml
|
||||
- ../../../../function/airshipctl-base-catalogues
|
||||
|
||||
transformers:
|
||||
- replacements
|
||||
|
@ -0,0 +1,4 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- workers-env-vars.yaml
|
@ -0,0 +1,34 @@
|
||||
# These rules inject env vars into the workers.
|
||||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: workers-env-vars-replacements
|
||||
replacements:
|
||||
# Replace the proxy vars
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTP_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: worker-1
|
||||
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTP_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.HTTPS_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: worker-1
|
||||
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_HTTPS_PROXY%"]
|
||||
- source:
|
||||
objref:
|
||||
name: env-vars-catalogue
|
||||
fieldref: env.NO_PROXY
|
||||
target:
|
||||
objref:
|
||||
kind: KubeadmConfigTemplate
|
||||
name: worker-1
|
||||
fieldrefs: ["spec.template.spec.preKubeadmCommands%REPLACEMENT_NO_PROXY%"]
|
Loading…
x
Reference in New Issue
Block a user