我的书签
添加书签
移除书签Introduction
In a lot of enterprise environments, servers or VMs running on premises do not have direct Internet access. Instead, the connection to external services is done through a HTTP(S) proxy for security reasons. This tutorial shows you how to set up an Elemental deployment in such an environment.
important note
This guide will not cover the Rancher installation behind a proxy. It’s a different use case and you can find the detailed documentation here.
info
For this documentation, we assume you are using a SUSE family system (like Elemental Teal), so proxy settings have to be written in /etc/sysconfig/proxy.
Proxy settings must be configured in the following locations:
- Machine Registration Endpoint
- SeedImage resource
- Elemental cluster configuration
The elemental-system-agent needs proxy settings to reach the Rancher Manager. To achieve that, you need to fill the cloud-init section of the Machine Registration Endpoint.
You can do it either with UI or CLI.
- CLI
- UI
registration.yaml
apiVersion: elemental.cattle.io/v1beta1kind: MachineRegistrationmetadata:name: my-nodesnamespace: fleet-defaultspec:config:cloud-config:write_files:- path: /etc/sysconfig/proxyappend: truecontent: |PROXY_ENABLED="yes"HTTP_PROXY=http://<MY_PROXY>:<MY_PORT>HTTPS_PROXY=https://<MY_PROXY>:<MY_PORT>NO_PROXY="localhost, 127.0.0.1"users:- name: rootpasswd: rootelemental:install:reboot: truedevice: /dev/sdadebug: trueregistration:emulate-tpm: true
Elemental-register
Elemental-register is the first communication endpoint between the new host and Rancher Manager, this is the first place where proxy settings need to be set.
warning
At the time of writing, it’s only possible to configure proxy settings for the ISO with the CLI. The proxy settings aren’t implemented in the UI.
The process happens when you boot your Elemental ISO for the first time, in order to configure the proxy settings you have to include a cloud-init definition in the ISO. To do that, you have to create a SeedImage definition.
seedimage.yaml
apiVersion: elemental.cattle.io/v1beta1kind: SeedImagemetadata:name: ...namespace: ...spec:baseImage: registry.suse.com/suse/sle-micro-iso/5.5:2.0.2cloud-config:write_files:- path: /etc/sysconfig/proxyappend: truecontent: |PROXY_ENABLED="yes"HTTP_PROXY=http://<MY_PROXY>:<MY_PORT>HTTPS_PROXY=https://<MY_PROXY>:<MY_PORT>NO_PROXY="localhost, 127.0.0.1"registrationRef:apiVersion: elemental.cattle.io/v1beta1kind: MachineRegistrationname: ...namespace: ...
Apply the YAML with kubectl and then, print your SeedImage definition to get the URL to download it:
kubectl apply -f <my_seedimage_yaml_file>kubectl get seedimage <seed_image_name> -n <namespace> -o yaml
Boot the ISO and you should see your new system appears in Machine inventory.
Create Elemental cluster
For this step, you can use either the UI or CLI.
- CLI
- UI
cluster.yaml
kind: ClusterapiVersion: provisioning.cattle.io/v1metadata:name: my-clusternamespace: fleet-defaultspec:agentEnvVars:- name: HTTP_PROXYvalue: http://<MY_PROXY>:<MY_PORT>- name: HTTPS_PROXYvalue: https://<MY_PROXY>:<MY_PORT>- name: NO_PROXYvalue: localhost,127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.localrkeConfig:machineGlobalConfig:etcd-expose-metrics: falseprofile: nullmachinePools:- controlPlaneRole: trueetcdRole: truemachineConfigRef:apiVersion: elemental.cattle.io/v1beta1kind: MachineInventorySelectorTemplatename: my-machine-selectorname: pool1quantity: 1unhealthyNodeTimeout: 0sworkerRole: truemachineSelectorConfig:- config:protect-kernel-defaults: falseregistries: {}kubernetesVersion: v1.24.8+k3s1
You can see that proxy settings are added below agentEnvVars.
