Additional conditionalization and corrections. Patchset 1 review updates. Added Installation appendixes Adjusted tox.ini for contitionalized openstack blocks Patchset 2 review comments. Patchset 3 review comments and tried to make changes more globally in edited files. Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Icca40bc8c8c46ca1f3f38f5e4a63f5bb466b19bc Signed-off-by: Ron Stone <ronald.stone@windriver.com>
4.0 KiB
Docker Proxy Configuration
uses publicly available container runtime registries. If you are behind a corporate firewall or proxy, you need to set proxy settings.
For example, if the interface or network is behind an http/https proxy, relative to the Docker registries used by or applications running on , then Docker within must be configured to use these http/https proxies.
Proxy overview
The figure below shows how proxies are used in .
The items labeled a and b in the figure indicate two configuration files:
- Configuration file a lists sysadmin shell proxy environment
variables. This file is not required for bootstrap or any operations.
You must manually add this file if you are accessing
the public network via a proxy. You must add the
following specific IP addresses to the no_proxy list:
- registry.local
- {controller gateway IP/floating IP/host IP}
- {controller management floating IP/host IP}
- {controller cluster gateway IP}
- 10.96.0.1 {apiserver cluster IP for Kubernetes}
- 10.96.0.10 {coredns cluster IP for Kubernetes}
- *.cluster.local
- Configuration file b lists container runtime proxy
variables (docker_proxy). Configure these variables in the
localhost.yml
file before Ansible bootstrap. This file is required if you are accessing the public network via a proxy. specific IP addresses will be automatically added to the no_proxy list.
The numbered items in the figure indicate the process flow:
In the
localhost.yml
file, fill in the Docker proxy section for configuration file b.The bootstrap process is responsible for pulling Docker images from either:
- the public registry using the proxy setting in (1) or
- the private registry within the company/organization network.
The bootstrap process will push to the registry.local afterwards.
After the Kubernetes API server is running, the bootstrap process will communicate with it for further configuration. You must ensure the cluster network gateway is set for no_proxy in configuration file a.
After provisioning is complete, any operations that pull Docker images will use configuration file b. All other operations, including kubectl and system operations, will use the sysadmin shell and configuration file a.
Set HTTP proxy URL
To specify the HTTP proxy URL, use the commands:
system service-parameter-modify platform docker http_proxy http://my.proxy.com:1080
system service-parameter-apply platform
Set HTTPS proxy URL
To specify the HTTPS proxy URL, use the commands:
system service-parameter-modify platform docker https_proxy https://my.proxy.com:1443
system service-parameter-apply platform
Set no_proxy address list
A no_proxy address list can be provided for registries not on the other side of the proxies. This list will be added to the default no_proxy list derived from localhost, loopback, management, and floating addresses at runtime.
Due to a Docker restriction, each address in the no_proxy list must not be in subnet format and it cannot contain a wildcard. For example:
To specify a no_proxy list, use the commands:
system service-parameter-modify platform docker no_proxy: 1.2.3.4, 5.6.7.8
system service-parameter-apply platform