Skip to content

Commit 9ade713

Browse files
maxwelldbmaxwelldb
authored
Merge pull request #36621 from MaysaMacedo/include-kuryr-proxy-details
 Add restrictions and requirements of Proxy installation with Kuryr
2 parents 446308b + a41cdbf commit 9ade713

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

modules/installation-configure-proxy.adoc

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,12 @@ endif::[]
9797
ifeval::["{context}" == "installing-restricted-networks-vmc"]
9898
:vmc:
9999
endif::[]
100+
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
101+
:kuryr:
102+
endif::[]
103+
ifeval::["{context}" == "installing-openstack-installer-restricted"]
104+
:kuryr:
105+
endif::[]
100106

101107
[id="installation-configure-proxy_{context}"]
102108
= Configuring the cluster-wide proxy during installation
@@ -115,8 +121,27 @@ range that is specified in the `networking.machineNetwork[].cidr` field in the
115121
====
116122
endif::bare-metal[]
117123

124+
ifdef::kuryr[]
125+
[NOTE]
126+
====
127+
Kuryr installations default to HTTP proxies.
128+
====
129+
endif::kuryr[]
130+
118131
.Prerequisites
119132

133+
ifdef::kuryr[]
134+
135+
* For Kuryr installations on restricted networks that use the `Proxy` object, the proxy must be able to reply to the router that the cluster uses. To add a static route for the proxy configuration, from a command line as the root user, enter:
136+
+
137+
[source,terminal]
138+
----
139+
$ ip route add <cluster_network_cidr> via <installer_subnet_gateway>
140+
----
141+
142+
* The restricted subnet must have a gateway that is defined and available to be linked to the `Router` resource that Kuryr creates.
143+
144+
endif::kuryr[]
120145
* You have an existing `install-config.yaml` file.
121146
// TODO: xref (../../installing/install_config/configuring-firewall.adoc#configuring-firewall)
122147
* You reviewed the sites that your cluster requires access to and determined whether any of them need to bypass the proxy. By default, all cluster egress traffic is proxied, including calls to hosting cloud provider APIs. You added sites to the `Proxy` object's `spec.noProxy` field to bypass the proxy if necessary.
@@ -233,3 +258,9 @@ endif::[]
233258
ifeval::["{context}" == "installing-restricted-networks-vmc"]
234259
:!vmc:
235260
endif::[]
261+
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
262+
:!kuryr:
263+
endif::[]
264+
ifeval::["{context}" == "installing-openstack-installer-restricted"]
265+
:!kuryr:
266+
endif::[]

0 commit comments

Comments
 (0)