Change-Id: I83930bbb48cc15a5d0690f627c178706676b4db0
3.3 KiB
Proxy Setting
This guide is to help enterprise users who wish to deploy OpenStack-Helm behind a corporate firewall and require a corporate proxy to reach the internet.
Proxy Environment Variables
Ensure the following proxy environment variables are defined either
through an rc file or through modifying
/etc/environment
.
export http_proxy="http://username:password@host:port"
export HTTP_PROXY="http://username:password@host:port"
export https_proxy="https://username:password@host:port"
export HTTPS_PROXY="https://username:password@host:port"
export no_proxy="127.0.0.1,localhost,.svc.cluster.local"
export NO_PROXY="127.0.0.1,localhost,.svc.cluster.local"
Note the .svc.cluster.local
is needed to allow the
OpenStack client to connect without routing the connection to the proxy.
Please update to the appropriate domain name if you have a different
configuration.
External DNS
In
tools/images/kubeadm-aio/assets/opt/playbooks/vars.yaml
,
under external_dns_nameservers
, add the internal DNS IP
addresses. These entries will overwrite the
/etc/resolv.conf
on the system. If your network cannot
connect to the Google DNS servers, 8.8.8.8
or
8.8.4.4
, the updates will fail as they cannot resolve the
URLs.
Ansible Playbook
Either globally or in the tasks with pip
or
apt
, ensure you add the following to the task:
environment:
http_proxy: http://username:password@host:port
https_proxy: https://username:password@host:port
no_proxy: 127.0.0.1,localhost
Docker
Docker needs to be configured to use the proxy to pull down external images. For systemd, use a systemd drop-in directory outlined in https://docs.docker.com/engine/admin/systemd/#httphttps-proxy.
- Create a systemd drop-in directory for the docker service:
$ sudo mkdir -p /etc/systemd/system/docker.service.d
- Create a file called
http-proxy.conf
in the director created and add in the needed environment variable:
[Service]
Environment="HTTP_PROXY=http://username:password@host:port"
Environment="HTTPS_PROXY=https://username:password@host:port"
Environment="NO_PROXY=127.0.0.1,localhost,docker-registry.somecorporation.com"
- Once that's completed, flush the change:
$ systemctl daemon-reload
- Restart Docker:
$ systemctl restart docker
- Verify the configuration has been loaded:
$ systemctl show --property=Environment docker
Environment=HTTP_PROXY=http://proxy.example.com:80/
Kubeadm-AIO Dockerfile
In tools/images/kubeadm-aio/Dockerfile
, add the
following to the Dockerfile before RUN
instructions.
ENV HTTP_PROXY http://username:password@host:port
ENV HTTPS_PROXY http://username:password@host:port
ENV http_proxy http://username:password@host:port
ENV https_proxy http://username:password@host:port
ENV no_proxy 127.0.0.1,localhost,172.17.0.1
ENV NO_PROXY 127.0.0.1,localhost,172.17.0.1
Note the IP address 172.17.0.1
is the advertised IP for
the kubernetes API server. Replace it with the appropriate IP if it is
different.