diff --git a/doc/source/configuration/docker_proxy_config.rst b/doc/source/configuration/docker_proxy_config.rst index 3f9ee31f0..10d1a894e 100644 --- a/doc/source/configuration/docker_proxy_config.rst +++ b/doc/source/configuration/docker_proxy_config.rst @@ -20,12 +20,57 @@ Proxy overview The figure below shows how proxies are used in StarlingX. -.. figure:: starlingx_proxy.png - :scale: 75% +.. figure:: figures/stx_proxy_overview.png + :scale: 60% :alt: StarlingX proxy usage *Figure 1: StarlingX proxy usage* +The items labeled *a* and *b* in the figure indicate two configuration files: + +* Configuration file *a* lists sysadmin shell proxy environment variables. + This file is not required for StarlingX bootstrap or any StarlingX + operations. You **must** manually add this file if you are accessing the + public network via a proxy. You **must** add the following StarlingX + specific IP addresses to the no_proxy list: + + * registry.local + * {controller OAM gateway IP/floating IP/host IP} + * {controller management floating IP/host IP} + * {controller cluster gateway IP} + * 10.96.0.1 + * 10.96.0.10 + * `*.cluster.local` + +* Configuration file *b* lists container runtime proxy variables + (docker_proxy). Configure these variables in the ``localhost.yml`` file + before Ansible bootstrap. This file is **required** if you are accessing + the public network via a proxy. StarlingX specific IP addresses will be + automatically added to the no_proxy list. + +The numbered items in the figure indicate the process flow: + +#. In the ``localhost.yml`` file, fill in the Docker proxy section for + configuration file *b*. + +#. The bootstrap process is responsible for pulling Docker images from either: + + * the public registry using the proxy setting in (1) or + + * the private registry within the company/organization network. + + The bootstrap process will push to the registry.local afterwards. + +#. After the Kubernetes API server is running, the bootstrap process will + communicate with it for further StarlingX configuration. You **must** ensure + the cluster network gateway is set for no_proxy in configuration file *a*. + +#. After StarlingX provisioning is complete, any operations that pull Docker + images will use configuration file *b*. All other operations, including + kubectl and system operations, will use the sysadmin shell and + configuration file *a*. + + ---------------------- Set proxy at bootstrap ---------------------- @@ -56,17 +101,17 @@ To specify the HTTPS proxy URL, use the commands: system service-parameter-apply platform ------------------------- -Set no-proxy address list +Set no_proxy address list ------------------------- -A no-proxy address list can be provided for registries not on the other side -of the proxies. This list will be added to the default no-proxy list derived +A no_proxy address list can be provided for registries not on the other side +of the proxies. This list will be added to the default no_proxy list derived from localhost, loopback, management, and OAM floating addresses at runtime. -Due to a Docker restriction, each address in the no-proxy list must not be in +Due to a Docker restriction, each address in the no_proxy list must not be in subnet format and it cannot contain a wildcard. For example: -To specify a no-proxy list, use the commands: +To specify a no_proxy list, use the commands: :: diff --git a/doc/source/configuration/figures/stx_proxy_overview.png b/doc/source/configuration/figures/stx_proxy_overview.png new file mode 100644 index 000000000..04211e0b5 Binary files /dev/null and b/doc/source/configuration/figures/stx_proxy_overview.png differ diff --git a/doc/source/configuration/starlingx_proxy.png b/doc/source/configuration/starlingx_proxy.png deleted file mode 100644 index ba74763c3..000000000 Binary files a/doc/source/configuration/starlingx_proxy.png and /dev/null differ diff --git a/doc/source/deploy_install_guides/r3_release/bare_metal/ironic.rst b/doc/source/deploy_install_guides/r3_release/bare_metal/ironic.rst index 8af46c59b..be2078f95 100644 --- a/doc/source/deploy_install_guides/r3_release/bare_metal/ironic.rst +++ b/doc/source/deploy_install_guides/r3_release/bare_metal/ironic.rst @@ -14,8 +14,14 @@ End user applications can be deployed on bare metal servers (instead of virtual machines) by configuring OpenStack Ironic and deploying a pool of 1 or more bare metal servers. +.. note:: + + If you are behind a corporate firewall or proxy, you need to set proxy + settings. Refer to :doc:`/../../configuration/docker_proxy_config` for + details. + .. figure:: ../figures/starlingx-deployment-options-ironic.png - :scale: 90% + :scale: 50% :alt: Standard with Ironic deployment configuration *Figure 1: Standard with Ironic deployment configuration* diff --git a/doc/source/deploy_install_guides/r3_release/desc_aio_duplex.txt b/doc/source/deploy_install_guides/r3_release/desc_aio_duplex.txt index 079d2af47..ec00437cf 100644 --- a/doc/source/deploy_install_guides/r3_release/desc_aio_duplex.txt +++ b/doc/source/deploy_install_guides/r3_release/desc_aio_duplex.txt @@ -16,6 +16,12 @@ An AIO-DX configuration provides the following benefits: * All controller HA services go active on the remaining healthy server * All virtual machines are recovered on the remaining healthy server +.. note:: + + If you are behind a corporate firewall or proxy, you need to set proxy + settings. Refer to :doc:`/../../configuration/docker_proxy_config` for + details. + .. figure:: ../figures/starlingx-deployment-options-duplex.png :scale: 50% :alt: All-in-one Duplex deployment configuration diff --git a/doc/source/deploy_install_guides/r3_release/desc_aio_simplex.txt b/doc/source/deploy_install_guides/r3_release/desc_aio_simplex.txt index 5f10318b2..56b22e94b 100644 --- a/doc/source/deploy_install_guides/r3_release/desc_aio_simplex.txt +++ b/doc/source/deploy_install_guides/r3_release/desc_aio_simplex.txt @@ -7,6 +7,12 @@ following benefits: single pair of physical servers * A storage backend solution using a single-node CEPH deployment +.. note:: + + If you are behind a corporate firewall or proxy, you need to set proxy + settings. Refer to :doc:`/../../configuration/docker_proxy_config` for + details. + .. figure:: ../figures/starlingx-deployment-options-simplex.png :scale: 50% :alt: All-in-one Simplex deployment configuration diff --git a/doc/source/deploy_install_guides/r3_release/desc_controller_storage.txt b/doc/source/deploy_install_guides/r3_release/desc_controller_storage.txt index 8a952326e..3d606d532 100644 --- a/doc/source/deploy_install_guides/r3_release/desc_controller_storage.txt +++ b/doc/source/deploy_install_guides/r3_release/desc_controller_storage.txt @@ -15,6 +15,12 @@ A Standard with Controller Storage configuration provides the following benefits * On overall worker node failure, virtual machines and containers are recovered on the remaining healthy worker nodes +.. note:: + + If you are behind a corporate firewall or proxy, you need to set proxy + settings. Refer to :doc:`/../../configuration/docker_proxy_config` for + details. + .. figure:: ../figures/starlingx-deployment-options-controller-storage.png :scale: 50% :alt: Standard with Controller Storage deployment configuration diff --git a/doc/source/deploy_install_guides/r3_release/desc_dedicated_storage.txt b/doc/source/deploy_install_guides/r3_release/desc_dedicated_storage.txt index c352663af..371940210 100644 --- a/doc/source/deploy_install_guides/r3_release/desc_dedicated_storage.txt +++ b/doc/source/deploy_install_guides/r3_release/desc_dedicated_storage.txt @@ -10,6 +10,12 @@ A Standard with Dedicated Storage configuration provides the following benefits: that supports a replication factor of two or three * Up to four groups of 2x storage nodes, or up to three groups of 3x storage nodes +.. note:: + + If you are behind a corporate firewall or proxy, you need to set proxy + settings. Refer to :doc:`/../../configuration/docker_proxy_config` for + details. + .. figure:: ../figures/starlingx-deployment-options-dedicated-storage.png :scale: 50% :alt: Standard with Dedicated Storage deployment configuration diff --git a/doc/source/deploy_install_guides/r3_release/figures/starlingx-deployment-options-duplex.png b/doc/source/deploy_install_guides/r3_release/figures/starlingx-deployment-options-duplex.png index 1d7db9e7f..4f8ab3f24 100644 Binary files a/doc/source/deploy_install_guides/r3_release/figures/starlingx-deployment-options-duplex.png and b/doc/source/deploy_install_guides/r3_release/figures/starlingx-deployment-options-duplex.png differ