7158f15e6c
This review is a follow-on to: 714538, 720252, 726468 Copied updates from R3 install guides into R4 guides. Changed tabs to spaces in some guides. Change-Id: I28191b0cd69c0a86d134a2fe9453928d02ce9042 Signed-off-by: MCamp859 <maryx.camp@intel.com>
120 lines
4.1 KiB
ReStructuredText
120 lines
4.1 KiB
ReStructuredText
==========================
|
|
Docker Proxy Configuration
|
|
==========================
|
|
|
|
StarlingX uses publicly available container runtime registries. If you are
|
|
behind a corporate firewall or proxy, you need to set proxy settings.
|
|
|
|
For example, if the StarlingX OAM interface or network is behind an http/https
|
|
proxy, relative to the Docker registries used by StarlingX or applications
|
|
running on StarlingX, then Docker within StarlingX must be configured to use
|
|
these http/https proxies.
|
|
|
|
.. contents::
|
|
:local:
|
|
:depth: 1
|
|
|
|
--------------
|
|
Proxy overview
|
|
--------------
|
|
|
|
The figure below shows how proxies are used in StarlingX.
|
|
|
|
.. figure:: figures/stx_proxy_overview.png
|
|
:scale: 60%
|
|
:alt: StarlingX proxy usage
|
|
|
|
*Figure 1: StarlingX proxy usage*
|
|
|
|
The items labeled *a* and *b* in the figure indicate two configuration files:
|
|
|
|
* Configuration file *a* lists sysadmin shell proxy environment variables.
|
|
This file is not required for StarlingX bootstrap or any StarlingX
|
|
operations. You **must** manually add this file if you are accessing the
|
|
public network via a proxy. You **must** add the following StarlingX
|
|
specific IP addresses to the no_proxy list:
|
|
|
|
* registry.local
|
|
* {controller OAM gateway IP/floating IP/host IP}
|
|
* {controller management floating IP/host IP}
|
|
* {controller cluster gateway IP}
|
|
* 10.96.0.1 {apiserver cluster IP for Kubernetes}
|
|
* 10.96.0.10 {coredns cluster IP for Kubernetes}
|
|
* `*.cluster.local`
|
|
|
|
* Configuration file *b* lists container runtime proxy variables
|
|
(docker_proxy). Configure these variables in the ``localhost.yml`` file
|
|
before Ansible bootstrap. This file is **required** if you are accessing
|
|
the public network via a proxy. StarlingX specific IP addresses will be
|
|
automatically added to the no_proxy list.
|
|
|
|
The numbered items in the figure indicate the process flow:
|
|
|
|
#. In the ``localhost.yml`` file, fill in the Docker proxy section for
|
|
configuration file *b*.
|
|
|
|
#. The bootstrap process is responsible for pulling Docker images from either:
|
|
|
|
* the public registry using the proxy setting in (1) or
|
|
|
|
* the private registry within the company/organization network.
|
|
|
|
The bootstrap process will push to the registry.local afterwards.
|
|
|
|
#. After the Kubernetes API server is running, the bootstrap process will
|
|
communicate with it for further StarlingX configuration. You **must** ensure
|
|
the cluster network gateway is set for no_proxy in configuration file *a*.
|
|
|
|
#. After StarlingX provisioning is complete, any operations that pull Docker
|
|
images will use configuration file *b*. All other operations, including
|
|
kubectl and system operations, will use the sysadmin shell and
|
|
configuration file *a*.
|
|
|
|
|
|
----------------------
|
|
Set proxy at bootstrap
|
|
----------------------
|
|
|
|
To set the Docker proxy at bootstrap time, refer to
|
|
:doc:`Ansible Bootstrap Configurations <../deploy_install_guides/r3_release/ansible_bootstrap_configs>`.
|
|
|
|
------------------
|
|
Set HTTP proxy URL
|
|
------------------
|
|
|
|
To specify the HTTP proxy URL, use the commands:
|
|
|
|
::
|
|
|
|
system service-parameter-modify platform docker http_proxy http://my.proxy.com:1080
|
|
system service-parameter-apply platform
|
|
|
|
-------------------
|
|
Set HTTPS proxy URL
|
|
-------------------
|
|
|
|
To specify the HTTPS proxy URL, use the commands:
|
|
|
|
::
|
|
|
|
system service-parameter-modify platform docker https_proxy https://my.proxy.com:1443
|
|
system service-parameter-apply platform
|
|
|
|
-------------------------
|
|
Set no_proxy address list
|
|
-------------------------
|
|
|
|
A no_proxy address list can be provided for registries not on the other side
|
|
of the proxies. This list will be added to the default no_proxy list derived
|
|
from localhost, loopback, management, and OAM floating addresses at runtime.
|
|
|
|
Due to a Docker restriction, each address in the no_proxy list must not be in
|
|
subnet format and it cannot contain a wildcard. For example:
|
|
|
|
To specify a no_proxy list, use the commands:
|
|
|
|
::
|
|
|
|
system service-parameter-modify platform docker no_proxy: 1.2.3.4, 5.6.7.8
|
|
system service-parameter-apply platform
|