From f70e7cb58cfb69d9d22e936488ca6c4d1be99aac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Sat, 14 Oct 2023 06:28:01 -0700 Subject: [PATCH 1/3] Fix traefik ingress rules for java debugging ports The traefik rules haven't been changed when changing the endpoint ports. Now tomcat ports is routed to the 8003 and 8002 port is redirected to the search server port. --- .../server-helm/templates/k3s-ingress-routes.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/containers/server-helm/templates/k3s-ingress-routes.yaml b/containers/server-helm/templates/k3s-ingress-routes.yaml index 73077c2c850f..87c3cb969897 100644 --- a/containers/server-helm/templates/k3s-ingress-routes.yaml +++ b/containers/server-helm/templates/k3s-ingress-routes.yaml @@ -118,6 +118,20 @@ metadata: spec: entryPoints: - tomcat-debug + routes: + - match: HostSNI(`*`) + services: + - name: uyuni-tcp + port: 8003 +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRouteTCP +metadata: + name: search-debug-router + namespace: "{{ .Release.Namespace }}" +spec: + entryPoints: + - search-debug routes: - match: HostSNI(`*`) services: From 8c5f84c74d529bd058a2082d388ebadb9d0627bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Sat, 14 Oct 2023 06:30:06 -0700 Subject: [PATCH 2/3] Fix server container readme after merge in master --- containers/doc/server-kubernetes/README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/containers/doc/server-kubernetes/README.md b/containers/doc/server-kubernetes/README.md index 7e11ea31ca60..a1d2c7271394 100644 --- a/containers/doc/server-kubernetes/README.md +++ b/containers/doc/server-kubernetes/README.md @@ -39,9 +39,9 @@ for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl ce podman save --output $image.tar quay.io/jetstack/$image:latest done -podman pull registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +podman pull registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest -podman save --output server.tar registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +podman save --output server.tar registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` or @@ -52,7 +52,7 @@ for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl ce skopeo copy docker://quay.io/jetstack/$image:latest docker-archive:$image.tar:quay.io/jetstack/$image:latest done -skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest docker-archive:server.tar:registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest docker-archive:server.tar:registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` Copy the `cert-manager` and `uyuni/server` helm charts locally: @@ -123,19 +123,19 @@ helm pull --destination . oci://registry.opensuse.org/uyuni/server ## For Podman -With K3s it is possible to preload the container images and avoid it to be fetched from a registry. +With Podman it is possible to preload the container images and avoid it to be fetched from a registry. For this, on a machine with internet access, pull the image using `podman`, `docker` or `skopeo` and save it as a `tar` archive. For example: ``` -podman pull registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest -podman save --output server-image.tar registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +podman pull registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest +podman save --output server-image.tar registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` or ``` -skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest docker-archive:server-image.tar:registry.opensuse.org/systemsmanagement/uyuni/master/servercontainer/containers/uyuni/server:latest +skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest docker-archive:server-image.tar:registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest ``` Transfer the resulting `server-image.tar` to the server and load it using the following command: From d6930257dad35c4670161d34f28cb7c13a7d07e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Sun, 15 Oct 2023 19:29:52 -0700 Subject: [PATCH 3/3] Fix the offline installation instructions for K3S --- containers/doc/server-kubernetes/README.md | 43 +++++++++++++--------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/containers/doc/server-kubernetes/README.md b/containers/doc/server-kubernetes/README.md index a1d2c7271394..4ab5c5cd1c6f 100644 --- a/containers/doc/server-kubernetes/README.md +++ b/containers/doc/server-kubernetes/README.md @@ -25,31 +25,37 @@ The installation will work perfectly fine without changing anything, but tuning # Offline installation - ## For K3s +In the following instructions the cert-manager images and charts need to be pulled and used only if third party SSL server certificate will not be provided. + With K3s it is possible to preload the container images and avoid it to be fetched from a registry. For this, on a machine with internet access, pull the image using `podman`, `docker` or `skopeo` and save it as a `tar` archive. For example: -⚠️ **TODO**: Verify instructions ``` +cert_manager_version=$(helm show chart --repo https://charts.jetstack.io/ cert-manager | grep '^version:' | cut -f 2 -d ' ') for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl cert-manager-webhook; do - podman pull quay.io/jetstack/$image - podman save --output $image.tar quay.io/jetstack/$image:latest + podman pull quay.io/jetstack/$image:$cert_manager_version + podman save --output $image.tar quay.io/jetstack/$image:$cert_manager_version done podman pull registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest podman save --output server.tar registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest + +helper_pod_image=$(grep helper-pod -A1 /var/lib/rancher/k3s/server/manifests/local-storage.yaml | grep image | sed 's/^ \+image: //') +podman pull $helper_pod_image +podman save --output helper_pod.tar $helper_pod_image ``` + or -⚠️ **TODO**: Verify instructions ``` +cert_manager_version=$(helm show chart --repo https://charts.jetstack.io/ cert-manager | grep '^version:' | cut -f 2 -d ' ') for image in cert-manager-cainjector cert-manager-controller cert-manager-ctl cert-manager-webhook; do - skopeo copy docker://quay.io/jetstack/$image:latest docker-archive:$image.tar:quay.io/jetstack/$image:latest + skopeo copy docker://quay.io/jetstack/$image:$cert_manager_version docker-archive:$image.tar:quay.io/jetstack/$image:$cert_manager_version done skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest docker-archive:server.tar:registry.opensuse.org/systemsmanagement/uyuni/master/containers/uyuni/server:latest @@ -57,11 +63,9 @@ skopeo copy docker://registry.opensuse.org/systemsmanagement/uyuni/master/contai Copy the `cert-manager` and `uyuni/server` helm charts locally: -⚠️ **TODO**: verify instructions - ``` helm pull --repo https://charts.jetstack.io --destination . cert-manager -helm pull --destination . oci://registry.opensuse.org/uyuni/server +helm pull --destination . oci://registry.opensuse.org/systemsmanagement/uyuni/master/charts/uyuni/server ``` Transfer the resulting `*.tar` images to the K3s node and load them using the following command: @@ -88,31 +92,36 @@ image: pullPolicy: Never ``` -⚠️ **TODO**: verify the file names -To use the downloaded helm charts instead of the default ones, pass `--helm-uyuni-chart=server.tgz` and `--helm-certmanager-chart=cert-manager.tgz` or add the following to the `uyuniadm` configuration file: +To use the downloaded helm charts instead of the default ones, pass `--helm-uyuni-chart=server-2023.9.0.tgz` and `--helm-certmanager-chart=cert-manager-v1.13.1.tgz` or add the following to the `uyuniadm` configuration file. Of course the versions in the file name need to be adjusted to what you downloaded: ``` helm: uyuni: - chart: server.tgz + chart: server-2023.9.0.tgz values: uyuni-values.yaml certmanager: - chart: cert-manager.tgz - values: cert.values.yaml + chart: cert-manager-v1.13.1.tgz + values: cert-values.yaml +``` + +Set the helper-pod `imagePullPolicy` to `Never` in `/var/lib/rancher/k3s/server/manifests/local-storage.yaml` using the following command: + +``` +sed 's/imagePullPolicy: IfNotPresent/imagePullPolicy: Never/' -i /var/lib/rancher/k3s/server/manifests/local-storage.yaml ``` ## For RKE2 +Just like for K3S, cert-manager images and chart do not need to be copied if a third party SSL server certificate is to be used. + RKE2 doesn't allow to preload images on the nodes. Instead, use `skopeo` to import the images in a local registry and use this one to install. Copy the `cert-manager` and `uyuni/server` helm charts locally: -⚠️ **TODO**: verify instructions - ``` helm pull --repo https://charts.jetstack.io --destination . cert-manager -helm pull --destination . oci://registry.opensuse.org/uyuni/server +helm pull --destination . oci://registry.opensuse.org/systemsmanagement/uyuni/master/charts/uyuni/server ``` ⚠️ **TODO** Prepare instructions