Skip to content

Commit a41cdbf

Browse files
MaysaMacedomaxwelldb
MaysaMacedo
and
maxwelldb
committed
Add restrictions and requirements of Proxy installation with Kuryr
Kuryr installation requires for a route entry to be added to the Proxy host, and Kuryr defaults to always using http Proxy. Co-authored-by: Max Bridges <[email protected]>
1 parent 693ec0e commit a41cdbf

File tree

1 file changed

+31
-0
lines changed

1 file changed

+31
-0
lines changed

modules/installation-configure-proxy.adoc

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,12 @@ endif::[]
9797
ifeval::["{context}" == "installing-restricted-networks-vmc"]
9898
:vmc:
9999
endif::[]
100+
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
101+
:kuryr:
102+
endif::[]
103+
ifeval::["{context}" == "installing-openstack-installer-restricted"]
104+
:kuryr:
105+
endif::[]
100106

101107
[id="installation-configure-proxy_{context}"]
102108
= Configuring the cluster-wide proxy during installation
@@ -115,8 +121,27 @@ range that is specified in the `networking.machineNetwork[].cidr` field in the
115121
====
116122
endif::bare-metal[]
117123

124+
ifdef::kuryr[]
125+
[NOTE]
126+
====
127+
Kuryr installations default to HTTP proxies.
128+
====
129+
endif::kuryr[]
130+
118131
.Prerequisites
119132

133+
ifdef::kuryr[]
134+
135+
* For Kuryr installations on restricted networks that use the `Proxy` object, the proxy must be able to reply to the router that the cluster uses. To add a static route for the proxy configuration, from a command line as the root user, enter:
136+
+
137+
[source,terminal]
138+
----
139+
$ ip route add <cluster_network_cidr> via <installer_subnet_gateway>
140+
----
141+
142+
* The restricted subnet must have a gateway that is defined and available to be linked to the `Router` resource that Kuryr creates.
143+
144+
endif::kuryr[]
120145
* You have an existing `install-config.yaml` file.
121146
// TODO: xref (../../installing/install_config/configuring-firewall.adoc#configuring-firewall)
122147
* You reviewed the sites that your cluster requires access to and determined whether any of them need to bypass the proxy. By default, all cluster egress traffic is proxied, including calls to hosting cloud provider APIs. You added sites to the `Proxy` object's `spec.noProxy` field to bypass the proxy if necessary.
@@ -233,3 +258,9 @@ endif::[]
233258
ifeval::["{context}" == "installing-restricted-networks-vmc"]
234259
:!vmc:
235260
endif::[]
261+
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
262+
:!kuryr:
263+
endif::[]
264+
ifeval::["{context}" == "installing-openstack-installer-restricted"]
265+
:!kuryr:
266+
endif::[]

0 commit comments

Comments
 (0)