How to install KOSI Proxy
4 minute read
How to install KOSI Proxy
This guide shows you how to install the KOSI Proxy.
Architecture
The diagram shows the architecture of the KOSI Proxy.
Packages and container images can be fetched via the KOSI Proxy.
Uploading packages and container images to the internet is blocked.
Access can be limited to a HUB.
Prerequisites
To install the KOSI Proxy you need a dedicated VM with RHEL8 OS and root access.
Minimum requirements for the VM are:
- 4 CPU
- 8 GB RAM
- 50 GB Disk
The following software must be installed on this VM:
- docker
- docker compose
- kosi
# docker
subscription-manager register
subscription-manager refresh
subscription-manager attach --auto
dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
dnf repolist -v
dnf install docker-ce
systemctl enable docker --now
systemctl status docker
# docker compose
curl -L "https://github.com/docker/compose/releases/download/v2.24.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# kosi
dnf install -y kosi*.rpm
#### Set KOSI config hub in __/var/kubeops/kosi/config.yaml__
```yaml
apiversion: kubernative/sina/config/v2
spec:
hub: https://dispatcher.preprod.kubeops.net/v4/dispatcher/ # <- set hub
plugins: /var/kubeops/plugins/
workspace: /tmp/kosi/process/
logging: info
housekeeping: false
proxy: false # <- mandatory if kosi version >= 2.10.*
Install KOSI Proxy
If all prerequisites are met, the KOSI Proxy can be installed.
A values.yaml file is required for KOSI Proxy installation.
Below is an example values.yaml configuration for the environment:
# Proxy host IP address
proxyIP: 10.2.10.99
# Preprod config values
proxyPassthrough: preprod
proxyRegistry: registry.preprod.kubeops.net
aspnetcoreEnvironment: Development
# Prod config values
#proxyPassthrough: prod
#proxyRegistry: registry.kubeops.net
#aspnetcoreEnvironment: Production
After the values.yaml file has been created, the KOSI Proxy can be installed via a kosi package.
The KOSI Proxy is installed in ~/kosi-proxy.
kosi install --hub public kubeops/kubeops/kosi-proxy:2.13.0.1_Alpha7 -f values.yaml
Start KOSI Proxy:
cd ~/kosi-proxy
docker-compose up -d
Configure KOSI Proxy (Advanced)
The KOSI Proxy is already configured during installation; however, additional parameters can be adjusted.
1. Hub Whitelist
The hub whitelist can be configured in the app settings file ~/kosi-proxy/data/download-v4/appsettings.json.
By default the hubs kosi, kubeops and kosi-enterprise are set.
{
"Logging": {
"LogLevel": {
"Microsoft": "Warning",
"System": "Warning",
"Microsoft.Hosting.Lifetime": "Information",
"Kubeops": "Debug"
},
"Console": {
"FormatterName": "simple",
"FormatterOptions": {
"SingleLine": false,
"TimestampFormat": "HH:mm:ss ",
"ColorBehavior": "Enabled",
"UseUtcTimestamp": false
}
}
},
"AllowedHosts": "*",
"Config": {
"RepositoryPath": "/service/repository",
"PermissionServiceUrl": "http://permission-v4/",
"ProxyPassthroughUrl": "https://dispatcher.preprod.kubeops.net/v4/download/",
"GuestQuota": 1000000,
"HubWhitelist": "kosi, kubeops, kosi-enterprise"
}
}
Install Harbor
Harbor is used as the registry endpoint in this setup.
1. Download installer
Download the Harbor offline installer:
# harbor
cd ~
curl -L https://github.com/goharbor/harbor/releases/download/v2.9.2/harbor-offline-installer-v2.9.2.tgz | tar -xvzf -
cd ~/harbor
cp harbor.yml.tmpl harbor.yml
2. Configure harbor.yml values
Edit the harbor.yml
Change:
hostname: 10.2.10.99 # line 5
insecure: true # line 101
Comment out:
# port: 443 # line 15
# certificate: /your/certificate/path # line 17
# private_key: /your/private/key/path # line 18
3. Run install script:
cd ~/harbor
./install.sh
Configure Harbor
1. Port Forward
To log in to Harbor, port 80 of the proxy host must be forwarded.
Example of port forwarding with ssh. Please adjust the values accordingly.
ssh -i "C:\Users\<user>\.ssh\id_rsa" -J <user>@10.9.112.19 -L 8080:10.2.10.99:80 root@10.2.10.99
You can then log in to Harbor -> http://localhost:8080
Default credentials:
- User: admin
- Initial Password: Harbor12345
2. Add Registry Endpoint
In Harbor, navigate to Administration → Registries → New Endpoint.
| Key | Value |
|---|---|
| Provider | Harbor |
| Name | Preprod |
| Description | [optional] |
| Endpoint URL | https://registry.preprod.kubeops.net |
| Access ID | kubeops |
| Access Secret | [enter kubeops password] |
| Verify Remote Cert | true |
3. Add Project
In Harbor, navigate to Project → New Project.
| Key | Value |
|---|---|
| Project Name | kubeops |
| Access Level | false |
| Project quota limits | -1 |
| Proxy Cache | true |
| Endpoint | https://registry.preprod.kubeops.net |
Manage applications with docker compose
1. KOSI Proxy
KOSI Proxy is installed in the folder ~/kosi-proxy.
cd ~/kosi-proxy
# show kosi proxy containers
docker compose ps
# show kosi proxy logs
docker compose logs -f
# stop kosi proxy
docker compose down
# start kosi proxy
docker compose up -d
2. Harbor
Harbor is installed in the folder ~/harbor.
cd ~/harbor
# show harbor containers
docker compose ps
# show harbor logs
docker compose logs -f
# stop harbor
docker compose down
# start harbor
docker compose up -d