111 lines
3.3 KiB
ReStructuredText
111 lines
3.3 KiB
ReStructuredText
=============
|
|
Proxy Setting
|
|
=============
|
|
|
|
This guide is to help enterprise users who wish to deploy OpenStack-Helm
|
|
behind a corporate firewall and require a corporate proxy to reach the
|
|
internet.
|
|
|
|
Proxy Environment Variables
|
|
===========================
|
|
|
|
Ensure the following proxy environment variables are defined either through
|
|
an rc file or through modifying ``/etc/environment``.
|
|
|
|
.. code-block:: shell
|
|
|
|
export http_proxy="http://username:password@host:port"
|
|
export HTTP_PROXY="http://username:password@host:port"
|
|
export https_proxy="https://username:password@host:port"
|
|
export HTTPS_PROXY="https://username:password@host:port"
|
|
export no_proxy="127.0.0.1,localhost,.svc.cluster.local"
|
|
export NO_PROXY="127.0.0.1,localhost,.svc.cluster.local"
|
|
|
|
Note the ``.svc.cluster.local`` is needed to allow the OpenStack client
|
|
to connect without routing the connection to the proxy. Please update to the
|
|
appropriate domain name if you have a different configuration.
|
|
|
|
External DNS
|
|
============
|
|
|
|
In ``tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml``, under
|
|
``external_dns_nameservers``, add the internal DNS IP addresses.
|
|
These entries will overwrite the ``/etc/resolv.conf`` on the system.
|
|
If your network cannot connect to the Google DNS servers,
|
|
``8.8.8.8`` or ``8.8.4.4``, the updates will fail as they cannot resolve
|
|
the URLs.
|
|
|
|
Ansible Playbook
|
|
================
|
|
|
|
Either globally or in the tasks with ``pip`` or ``apt``, ensure you add
|
|
the following to the task:
|
|
|
|
.. code-block:: yaml
|
|
|
|
environment:
|
|
http_proxy: http://username:password@host:port
|
|
https_proxy: https://username:password@host:port
|
|
no_proxy: 127.0.0.1,localhost
|
|
|
|
|
|
Docker
|
|
======
|
|
|
|
Docker needs to be configured to use the proxy to pull down external images.
|
|
For systemd, use a systemd drop-in directory outlined in
|
|
https://docs.docker.com/engine/admin/systemd/#httphttps-proxy.
|
|
|
|
1. Create a systemd drop-in directory for the docker service:
|
|
|
|
.. code-block:: shell
|
|
|
|
$ sudo mkdir -p /etc/systemd/system/docker.service.d
|
|
|
|
2. Create a file called ``http-proxy.conf`` in the director created and add
|
|
in the needed environment variable:
|
|
|
|
.. code-block:: ini
|
|
|
|
[Service]
|
|
Environment="HTTP_PROXY=http://username:password@host:port"
|
|
Environment="HTTPS_PROXY=https://username:password@host:port"
|
|
Environment="NO_PROXY=127.0.0.1,localhost,docker-registry.somecorporation.com"
|
|
|
|
3. Once that's completed, flush the change:
|
|
|
|
.. code-block:: shell
|
|
|
|
$ systemctl daemon-reload
|
|
|
|
4. Restart Docker:
|
|
|
|
.. code-block:: shell
|
|
|
|
$ systemctl restart docker
|
|
|
|
5. Verify the configuration has been loaded:
|
|
|
|
.. code-block:: shell
|
|
|
|
$ systemctl show --property=Environment docker
|
|
Environment=HTTP_PROXY=http://proxy.example.com:80/
|
|
|
|
Kubeadm-AIO Dockerfile
|
|
======================
|
|
|
|
In ``tools/images/kubeadm-aio/Dockerfile``, add the following to the
|
|
Dockerfile before ``RUN`` instructions.
|
|
|
|
.. code-block:: dockerfile
|
|
|
|
ENV HTTP_PROXY http://username:password@host:port
|
|
ENV HTTPS_PROXY http://username:password@host:port
|
|
ENV http_proxy http://username:password@host:port
|
|
ENV https_proxy http://username:password@host:port
|
|
ENV no_proxy 127.0.0.1,localhost,172.17.0.1
|
|
ENV NO_PROXY 127.0.0.1,localhost,172.17.0.1
|
|
|
|
Note the IP address ``172.17.0.1`` is the advertised IP for the kubernetes
|
|
API server. Replace it with the appropriate IP if it is different.
|