diff --git a/containers/doc/server-kubernetes/README.md b/containers/doc/server-kubernetes/README.md index 7e11ea31ca60..4ab5c5cd1c6f 100644 --- a/containers/doc/server-kubernetes/README.md +++ b/containers/doc/server-kubernetes/README.md @@ -25,43 +25,47 @@ The installation will work perfectly fine without changing anything, but tuning # Offline installation - ## For K3s +In the following instructions the cert-manager images and charts need to be pulled and used only if third party SSL server certificate will not be provided. + With K3s it is possible to preload the container images and avoid it to be fetched from a registry. For this, on a machine with internet access, pull the image using `podman`, `docker` or `skopeo` and save it as a `tar` archive. For example: -⚠️ **TODO**: Verify instructions ``` +cert_manager_version=$(helm show chart --repo https://charts.jetstack.io/ cert-manager | grep '^version:' | cut -f 2 -d ' ') for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl cert-manager-webhook; do - podman pull quay.io/jetstack/$image - podman save --output $image.tar quay.io/jetstack/$image:latest + podman pull quay.io/jetstack/$image:$cert_manager_version + podman save --output $image.tar quay.io/jetstack/$image:$cert_manager_version done -podman pull registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +podman pull registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest + +podman save --output server.tar registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest -podman save --output server.tar registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +helper_pod_image=$(grep helper-pod -A1 /var/lib/rancher/k3s/server/manifests/local-storage.yaml | grep image | sed 's/^ \+image: //') +podman pull $helper_pod_image +podman save --output helper_pod.tar $helper_pod_image ``` + or -⚠️ **TODO**: Verify instructions ``` +cert_manager_version=$(helm show chart --repo https://charts.jetstack.io/ cert-manager | grep '^version:' | cut -f 2 -d ' ') for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl cert-manager-webhook; do - skopeo copy docker://quay.io/jetstack/$image:latest docker-archive:$image.tar:quay.io/jetstack/$image:latest + skopeo copy docker://quay.io/jetstack/$image:$cert_manager_version docker-archive:$image.tar:quay.io/jetstack/$image:$cert_manager_version done -skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest docker-archive:server.tar:registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest docker-archive:server.tar:registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` Copy the `cert-manager` and `uyuni/server` helm charts locally: -⚠️ **TODO**: verify instructions - ``` helm pull --repo https://charts.jetstack.io --destination . cert-manager -helm pull --destination . oci://registry.opensuse.org/uyuni/server +helm pull --destination . oci://registry.opensuse.org/systemsmanagement/uyuni/master/charts/uyuni/server ``` Transfer the resulting `*.tar` images to the K3s node and load them using the following command: @@ -88,31 +92,36 @@ image: pullPolicy: Never ``` -⚠️ **TODO**: verify the file names -To use the downloaded helm charts instead of the default ones, pass `--helm-uyuni-chart=server.tgz` and `--helm-certmanager-chart=cert-manager.tgz` or add the following to the `uyuniadm` configuration file: +To use the downloaded helm charts instead of the default ones, pass `--helm-uyuni-chart=server-2023.9.0.tgz` and `--helm-certmanager-chart=cert-manager-v1.13.1.tgz` or add the following to the `uyuniadm` configuration file. Of course the versions in the file name need to be adjusted to what you downloaded: ``` helm: uyuni: - chart: server.tgz + chart: server-2023.9.0.tgz values: uyuni-values.yaml certmanager: - chart: cert-manager.tgz - values: cert.values.yaml + chart: cert-manager-v1.13.1.tgz + values: cert-values.yaml +``` + +Set the helper-pod `imagePullPolicy` to `Never` in `/var/lib/rancher/k3s/server/manifests/local-storage.yaml` using the following command: + +``` +sed 's/imagePullPolicy: IfNotPresent/imagePullPolicy: Never/' -i /var/lib/rancher/k3s/server/manifests/local-storage.yaml ``` ## For RKE2 +Just like for K3S, cert-manager images and chart do not need to be copied if a third party SSL server certificate is to be used. + RKE2 doesn't allow to preload images on the nodes. Instead, use `skopeo` to import the images in a local registry and use this one to install. Copy the `cert-manager` and `uyuni/server` helm charts locally: -⚠️ **TODO**: verify instructions - ``` helm pull --repo https://charts.jetstack.io --destination . cert-manager -helm pull --destination . oci://registry.opensuse.org/uyuni/server +helm pull --destination . oci://registry.opensuse.org/systemsmanagement/uyuni/master/charts/uyuni/server ``` ⚠️ **TODO** Prepare instructions @@ -123,19 +132,19 @@ helm pull --destination . oci://registry.opensuse.org/uyuni/server ## For Podman -With K3s it is possible to preload the container images and avoid it to be fetched from a registry. +With Podman it is possible to preload the container images and avoid it to be fetched from a registry. For this, on a machine with internet access, pull the image using `podman`, `docker` or `skopeo` and save it as a `tar` archive. For example: ``` -podman pull registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest -podman save --output server-image.tar registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +podman pull registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest +podman save --output server-image.tar registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` or ``` -skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest docker-archive:server-image.tar:registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest docker-archive:server-image.tar:registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` Transfer the resulting `server-image.tar` to the server and load it using the following command: diff --git a/containers/server-helm/templates/k3s-ingress-routes.yaml b/containers/server-helm/templates/k3s-ingress-routes.yaml index 73077c2c850f..87c3cb969897 100644 --- a/containers/server-helm/templates/k3s-ingress-routes.yaml +++ b/containers/server-helm/templates/k3s-ingress-routes.yaml @@ -118,6 +118,20 @@ metadata: spec: entryPoints: - tomcat-debug + routes: + - match: HostSNI(`*`) + services: + - name: uyuni-tcp + port: 8003 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: search-debug-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - search-debug routes: - match: HostSNI(`*`) services: