airship/charts
Code Issues Proposed changes
charts/doc/source/install/jarvis/proxy.rst
Dustin Specker e9696dca0a feat: support setting up Vagrant behind corporate proxy with TLS 
This is a squashed commit, keeping previous messages intact for history.

- chore(tools/gate/jarvis): remove unused http_proxy

- fix(tools/gate/deploy-k8s): pre-pull Calico images

By pre-pulling Calico images, we can better ensure the timeout for
`kubectl wait` for `k8s-app=kube-dns` is sufficient, since most of the
time spent is on pulling images.

- fix(tools/gate/jarvis): skip loki Helm test when proxy is set

The Loki test attempts to install `curl` and `jq`, which will fail when
a proxy is required since the pod doesn't setup proxy environment
variables.

- feat(tools/deployment/vagrant): support providing a cert for proxy

- feat(ubuntu-base/standard-container): support internal-certs

The Vagrant file mounts an additional synced folder to
/airship_charts/tools/gate/jarvis/ubuntu-base/internal-certs.

This internal-certs dir has been added to this Git repository using a
placeholder `.gitkeep` file to keep the directory non-empty. This
directory has also been added to .gitignore to prevent any changes such
as the mounted internal certs from being committed.

The ubuntu-base image sets the proxy env vars as well as contains the
internal certs. The standard container is then based on the ubuntu-base
image.

The ubuntu-base image is published as library/ubuntu:focal in harbor.

- fix(tools/gate/jarvis): support Harbor behind proxy with cert

Change-Id: I602dfa3b04b798a1a2096242ffb6dfe7f2ba92e4
2021-03-08 08:56:29 -06:00

60 lines
2.5 KiB
ReStructuredText
Raw Blame History

=====================================
Running Jarvis Behind Corporate Proxy
=====================================
Environment Variables
=====================
On the host machine, ensure the following environment variables are set with the appropriate proxy information:
``HTTP_PROXY``, ``HTTPS_PROXY``, and ``NO_PROXY``. You will also need to set the environment variable ``PRIVATE_NS``
to an IP address of a corporate name server that will resolve internal URLs. ``PRIVATE_NS`` can support multiple
corporate name servers by creating a space separated list, such as ``PRIVATE_NS="172.18.0.17 172.19.0.17"``.
Certificate Authority for Corporate Proxy
=========================================
If the proxy requires a certificate to trust then:
#. Run ``mkdir ~/internal-certs/``
#. Download the required ``*.crt`` file
#. Move the ``*.crt`` file into ``~/internal-certs/``
#. Define an environment variable named ``INTERNAL_CERTS_DIR`` with the value of ``~/internal-certs/``
The ``Vagrantfile`` will handle using the internal certificates during the ``vagrant up`` process.
Vagrant Plugin
==============
To easily set up the Vagrant box's proxy setting, install the `vagrant_proxyconf`_ plugin by running:
.. code:: bash
$ vagrant plugin install vagrant-proxyconf
``NO_PROXY`` Configuration
==========================
In the event ``NO_PROXY`` is not specified, the following default value will be used:
.. code::
localhost,127.0.0.1,10.96.0.0/12,192.168.49.0/24,192.168.99.0/24,10.0.2.15,10.244.0.0/16,172.28.0.0/30,.minikube.internal,.svc,.svc.cluster.local,jarvis.local
Please note the following will need to be accounted for to avoid traffic being routed through the proxy:
- Localhost: ``localhost`` and ``127.0.0.1``,
- Host and guest machine IP and name: ``jarvis``, ``jarvis.local``, etc.,
- Minikube specific IP ranges (e.g. ``102.168.49.0/24``). See minikube's `documentation`_ for detail,
- Minikube places ``host.minikube.internal`` and ``control-plane.minikube.internal`` into ``/etc/hosts``,
- Kubernetes services' URLs with ending of ``.svc``, ``.cluster.local`` or ``.svc.cluster.local``,
- Kubernetes service cluster IP ranges: ``10.96.0.0/12`` or what's configured via ``--service-cluster-ip-range``.
- DNSMasq subnet range: ``172.28.0.0/30``
Installation
============
With the appropriate environment variables set, follow instruction :ref:`here <aio-installation>`.
.. _vagrant_proxyconf: http://tmatilai.github.io/vagrant-proxyconf/
.. _documentation: https://minikube.sigs.k8s.io/docs/handbook/vpn_and_proxy/
View Git Blame Copy Permalink