Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: document application proxy #3471

Merged
merged 28 commits into from
Aug 2, 2024
Merged
Changes from 23 commits
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
42f81a9
docs: initial commit
lennessyy Jul 19, 2024
5653f5b
docs: progress
lennessyy Jul 19, 2024
30fa926
docs: progress
lennessyy Jul 19, 2024
d8c58c7
docs: incomplete
lennessyy Jul 23, 2024
70137af
Merge branch 'master' into cluster-proxy
lennessyy Jul 23, 2024
f3e194e
docs: draft proxy settings
lennessyy Jul 23, 2024
6798e38
docs: finish draft of cluster proxy settings
lennessyy Jul 25, 2024
a919918
Merge branch 'master' into cluster-proxy
lennessyy Jul 25, 2024
4e726df
docs: copy edits
lennessyy Jul 25, 2024
b959664
Merge branch 'cluster-proxy' of https://github.com/spectrocloud/libra…
lennessyy Jul 25, 2024
2e3e416
docs: add prerequisite sections
lennessyy Jul 26, 2024
b13964c
docs: add prerequisites
lennessyy Jul 26, 2024
18dc13a
docs: fix syntax issue
lennessyy Jul 26, 2024
4d1580c
docs: fix syntax issue
lennessyy Jul 29, 2024
e170188
docs: syntax issue
lennessyy Jul 29, 2024
9441c1f
docs: fix broken links
lennessyy Jul 29, 2024
e688fc9
docs: minor edit
lennessyy Jul 29, 2024
8cd6084
docs: adjust list order
lennessyy Jul 29, 2024
c7f3988
docs: address vale
lennessyy Jul 29, 2024
53e1651
docs: use group ID
lennessyy Jul 29, 2024
51024be
docs: change code highlight
lennessyy Jul 29, 2024
b212247
docs: address review feedback
lennessyy Jul 29, 2024
3e2c4d6
docs: minor edit
lennessyy Jul 29, 2024
30c1bcf
docs: fix typo
lennessyy Jul 29, 2024
935aded
docs: change link
lennessyy Jul 29, 2024
515991c
Merge branch 'master' into cluster-proxy
lennessyy Jul 29, 2024
45d7686
Merge branch 'master' into cluster-proxy
karl-cardenas-coding Aug 1, 2024
eba72ed
Merge branch 'master' into cluster-proxy
lennessyy Aug 2, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
240 changes: 240 additions & 0 deletions docs/docs-content/clusters/cluster-management/cluster-proxy.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,240 @@
---
sidebar_label: "Configure Applications to Use Proxy Server"
title: "Configure Applications to Use Proxy Server"
description: "Guide to configure configurations in a cluster to use a proxy server."
hide_table_of_contents: false
sidebar_position: 201
tags: ["clusters", "cluster management", "proxy"]
---

You can configure applications that operate in your Palette clusters to use a proxy server to access the internet
instead of accessing the internet directly.

Before you are able to configure applications in a cluster to use the proxy server, you must first ensure that the
cluster itself is configured to use the proxy server. This means that the host Operating System (OS) and the Palette
agent inside the cluster will use the proxy server for its outbound communications. The steps to do this vary depending
on your environment.

After the cluster is configured to use the proxy server, you can proceed to configure the applications inside the
cluster to use the proxy server. You can do this by applying the `spectrocloud.com/connection: proxy` label to the
specific job, deployment, or daemon set to instruct an application to use the proxy settings of the cluster.

:::tip

We recommend you review the [gRPC and Proxies](../../architecture/grps-proxy.md) article to be aware of network proxies
karl-cardenas-coding marked this conversation as resolved.
Show resolved Hide resolved
that Palette supports. Palette uses gRPC to communicate with clusters, and depending on the proxy server you use, you
may need to configure the proxy server to support gRPC.

:::

## Prerequisites

- An active proxy server reachable by your cluster.
lennessyy marked this conversation as resolved.
Show resolved Hide resolved

<Tabs groupId="scenario">

<TabItem value="Palette SaaS Non-Edge">

- A PCG is deployed into an active and healthy Kubernetes cluster. Refer to
lennessyy marked this conversation as resolved.
Show resolved Hide resolved
[Deploy a PCG to an Existing Kubernetes Cluster](../pcg/deploy-pcg-k8s.md) for or
[Deploy a PCG with Palette CLI](../pcg/deploy-pcg/deploy-pcg.md) additional guidance.

- The PCG is configured to use the proxy server that you intend for your applications to use for outbound
communications. For more information, refer to
[Enabled and Manage Proxy Configurations](../pcg/manage-pcg/configure-proxy.md).

- If you deployed a [PCG through the Palette CLI](../pcg/pcg.md#supported-environments), refer to the respective
platform installation guide for instructions on how to configure proxy settings during the installation process
through the CLI.

</TabItem>

<TabItem value="Self-Hosted Palette Non-Edge">

- A self-hosted Palette instance is deployed into an active and healthy Kubernetes cluster. Refer to
[Self-Hosted Palette Installation](../../enterprise-version/install-palette/install-palette.md) for additional
guidance.

- The self-hosted Palette instance is configured to use the proxy server that you intend for your applications to use
for outbound communications.

</TabItem>

<TabItem value="Edge">

- Your Edge host is configured to use the proxy server that you intend for your applications to use for outbound
communications. Refer to [Edge Host Installation](../edge/site-deployment/stage.md) for more information.

</TabItem>

</Tabs>

## Configure Applications to Use Proxy Server

<Tabs groupId="scenario">

<TabItem value="Palette SaaS Non-Edge">

1. If you are using Palette SaaS, you must deploy a Private Cloud Gateway (PCG) and configure it to use a proxy server
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚫 [vale] reported by reviewdog 🐶
[Vale.Terms] Use 'cloud' instead of 'Cloud'.

before you can configure cluster applications to use the proxy server. For more information about PCGs, refer to
[Private Cloud Gateway](../pcg/pcg.md).
karl-cardenas-coding marked this conversation as resolved.
Show resolved Hide resolved

If you are provisioning the PCG using the Palette CLI, you can configure the proxy settings during the PCG
installation through the Palette CLI's interactive prompts. If you are using Helm to provision a PCG or have an
existing PCG that is not yet configured to use proxy, refer to
[Enable and Manage Proxy Configurations for PCG](../pcg/manage-pcg/configure-proxy.md) to learn how to install Reach
on a PCG cluster and use it to configure proxy settings.

2. If you deployed the PCG using the Palette CLI, the cloud account is created automatically. You can skip this step.

Once you have deployed the PCG, you must create a new cloud account associated with the PCG. Refer to the following
resources to learn how to create a cloud account:

- [Add an AWS Account to Palette](../public-cloud/aws/add-aws-accounts.md)
- [Register and Manage Azure Cloud Account](../public-cloud/azure/azure-cloud.md)
karl-cardenas-coding marked this conversation as resolved.
Show resolved Hide resolved
- [Register and Manage GCP Accounts](../public-cloud/gcp/add-gcp-accounts.md)

3. Create a cluster profile that contains your application. Refer to
[Create a Cluster Profile](../../profiles/cluster-profiles/cluster-profiles.md) for additional guidance.

In your cluster profile, apply the `spectrocloud.com/connection: proxy` label to the deployment, job, or daemon set
in the pack that contains your application.

You must apply the label to every specific job, deployment, or daemon set that needs to use the proxy servers. For
example, if you have a Kafka deployment that requires access to the internet through your proxy, you need to apply
the label to the Kafka deployment.

```yaml {10}
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka
spec:
template:
metadata:
labels:
app: kafka
spectrocloud.com/connection: proxy
```

4. Start creating your cluster using the cloud account associated with the PCG. Refer to the following resources on
cluster creation.

- [Create and Manage AWS Cluster](../public-cloud/aws/create-cluster.md)
- [Create and Manage Azure IaaS Cluster](../public-cloud/azure/create-azure-cluster.md)
- [Create and Manage GCP IaaS Cluster](../public-cloud/gcp/create-gcp-iaas-cluster.md)

</TabItem>

<TabItem value="Self-Hosted Palette Non-Edge">

1. If you are using a self-hosted Palette instance, you have the opportunity to configure proxy settings during
installation. If you are using the Palette CLI for installation, refer to
[Self Hosted Palette - Installation](../../enterprise-version/install-palette/install-on-kubernetes/install.md) to
learn how to specify proxy settings during installation. If you used Helm charts for installation, refer to
[Enable and Manage Proxy Configurations](../pcg/manage-pcg/configure-proxy.md) to learn how to install reach and use
it to configure proxy settings. The process to install Reach on an existing self-hosted Palette instance is the same
as the process to install Reach on an existing PCG cluster.

2. Create a cluster profile that contains your application. Refer to
[Create a Cluster Profile](../../profiles/cluster-profiles/cluster-profiles.md) for additional guidance.

In your cluster profile, apply the `spectrocloud.com/connection: proxy` label to the deployment, job, or daemon set
in the pack that contains your application.

You must apply the label to every specific job, deployment, or daemon set that needs to use the proxy servers. For
example, if you have a Kafka deployment that requires access to the internet through your proxy, you need to apply
the label to the Kafka deployment.

```yaml {10}
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka
spec:
template:
metadata:
labels:
app: kafka
spectrocloud.com/connection: proxy
```

3. Start creating your cluster using the cluster profile. Refer to the following resources on cluster creation.

- [Create and Manage AWS Cluster](../public-cloud/aws/create-cluster.md)
- [Create and Manage Azure IaaS Cluster](../public-cloud/azure/create-azure-cluster.md)
- [Create and Manage GCP IaaS Cluster](../public-cloud/gcp/create-gcp-iaas-cluster.md)

</TabItem>

<TabItem value="Edge">

1. For Edge clusters, you specify the proxy settings for your Edge host during installation in your Edge installer
**user-data**. For more information, refer to [Installation](../edge/site-deployment/stage.md). If your Edge host is
deployed in airgap mode, you may also specify the proxy settings in Local UI. For more information, refer to
[Configure HTTP-Proxy in Local UI](../edge/local-ui/host-management/configure-proxy.md).

2. Create a cluster profile that contains your application. Refer to
[Create a Cluster Profile](../../profiles/cluster-profiles/cluster-profiles.md) for additional guidance.

In your cluster profile, apply the `spectrocloud.com/connection: proxy` label to the deployment, job, or daemon set
in the pack that contains your application.

You must apply the label to every specific job, deployment, or daemon set that needs to use the proxy servers. For
example, if you have a Kafka deployment that requires access to the internet through your proxy, you need to apply
the label to the Kafka deployment.

```yaml {10}
apiVersion: apps/v1
kind: Deployment
metadata:
name: kafka
spec:
template:
metadata:
labels:
app: kafka
spectrocloud.com/connection: proxy
```

3. Create a cluster using the cluster profile. For more information, refer to
[Create Cluster Definition](../edge/site-deployment/cluster-deployment.md).

</TabItem>

</Tabs>

## Validate

1. Access your cluster with kubectl. For more information, refer to [Access Cluster with kubectl](./palette-webctl.md).

2. Issue the following command. Replace `pod-name` with the name of the pod for your application and replace
`your-namespace` with the namespace where the pod resides.

```
kubectl get pod pod-name --output jsonpath='{.spec.containers[*].env}' --namespace your-namespace | jq .
```

The command will yield output similar to the following. If the output includes the proxy settings you configured, you
can validate that the application is configured to use the proxy server.

```json
[
{
"name": "http_proxy",
"value": "http://10.10.180.0:3128"
},
{
"name": "https_proxy",
"value": "http://10.10.180.0:3128"
},
{
"name": "NO_PROXY",
"value": ""
},
{
"name": "USER_NO_PROXY",
"value": ""
}
]
```
Loading