From 76a176e670905ac719d1053805ecbf5e3bb70f33 Mon Sep 17 00:00:00 2001 From: Martin Rohrmeier Date: Tue, 22 Oct 2024 15:14:56 +0200 Subject: [PATCH 1/4] docs: describe cntlm setup --- charts/localdev/README.md | 92 +++++++++++++++++++++++++++++---------- 1 file changed, 68 insertions(+), 24 deletions(-) diff --git a/charts/localdev/README.md b/charts/localdev/README.md index 1d9b3a1d..ff320b63 100644 --- a/charts/localdev/README.md +++ b/charts/localdev/README.md @@ -10,30 +10,34 @@ This chart also sets up an additional [postgresql](https://artifacthub.io/packag For detailed information about the default configuration values, please have a look at the [Values table](#values) and/or [Values file](./values.yaml). -- [Usage](#usage) -- [Cluster setup](#cluster-setup) - - [Linux and Mac](#cluster-setup-linux-and-mac) - - [Cluster Setup Windows](#cluster-setup-windows) - - [Minikube](#minikube) - - [Docker Desktop integrated Kubernetes](#docker-desktop-integrated-kubernetes) -- [Network Setup](#network-setup) - - [Minikube Addons](#minikube-addons) - - [Docker Desktop integrated Kubernetes Ingress Controller](#docker-desktop-integrated-kubernetes-ingress-controller) - - [Linux and Mac](#network-setup-on-linux-and-mac) - - [Additional Network Setup for Mac](#additional-network-setup-for-mac) - - [Windows/wsl2 with NTLM-proxy](#network-setup-on-windowswsl2-with-ntlm-proxy) - - [px-proxy](#px-proxy) - - [DNS-resolution in Windows](#dns-resolution-in-windows) - - [DNS-resolution in wsl2](#dns-resolution-in-wsl2) - - [Proxy-setup in wsl2](#proxy-setup-in-wsl2) -- [Install](#install) - - [Use released chart](#use-released-chart) - - [Use local repository](#use-local-repository) -- [Perform first login](#perform-first-login) -- [Database Access](#database-access) -- [Keycloak Admin Console](#keycloak-admin-console) -- [Uninstall](#uninstall) -- [Prepare self-signed TLS setup (Optional)](#prepare-self-signed-tls-setup-optional) +- [Setup of CX Portal \& IAM for local development](#setup-of-cx-portal--iam-for-local-development) + - [Usage](#usage) + - [Cluster Setup](#cluster-setup) + - [Cluster Setup Linux and Mac](#cluster-setup-linux-and-mac) + - [Cluster Setup Windows](#cluster-setup-windows) + - [Minikube](#minikube) + - [Docker Desktop integrated Kubernetes](#docker-desktop-integrated-kubernetes) + - [Network Setup](#network-setup) + - [Minikube Addons](#minikube-addons) + - [Docker Desktop integrated Kubernetes Ingress Controller](#docker-desktop-integrated-kubernetes-ingress-controller) + - [Network Setup on Linux and Mac](#network-setup-on-linux-and-mac) + - [Additional Network Setup for Mac](#additional-network-setup-for-mac) + - [Setup cntlm proxy](#setup-cntlm-proxy) + - [Network Setup on Windows/wsl2 with NTLM-proxy](#network-setup-on-windowswsl2-with-ntlm-proxy) + - [px-proxy](#px-proxy) + - [DNS-resolution in Windows](#dns-resolution-in-windows) + - [DNS-resolution in wsl2](#dns-resolution-in-wsl2) + - [Proxy-setup in wsl2](#proxy-setup-in-wsl2) + - [Install](#install) + - [Use released chart](#use-released-chart) + - [Use local repository](#use-local-repository) + - [Perform first login](#perform-first-login) + - [Database Access](#database-access) + - [Keycloak Admin Console](#keycloak-admin-console) + - [Uninstall](#uninstall) + - [Prepare self-signed TLS setup (Optional)](#prepare-self-signed-tls-setup-optional) + - [Requirements](#requirements) + - [Values](#values) ## Usage @@ -170,6 +174,46 @@ If you're having issues with getting 'Docker Mac Net Connect' to work, we recomm The tool is necessary due to [#7332](https://github.com/kubernetes/minikube/issues/7332). +#### Setup cntlm proxy + +Follow these steps if you are behind a firewall and have only access to the internet from behind an authenticating corporate NTLM http proxy. + +```bash +$ brew install cntlm +``` + +Locate and edit the config file to set your proxy and authentication credentials ( `vi ~/.brew/etc/cntlm.conf` ) +``` +Username your_userid +Domain your_domain +Password your_ntlm_proxy_password +Proxy your.corporate.proxy.host:8080 +# include domain .tx.test and minikube ip address +NoProxy localhost, 127.0.0.1, 192.168.49.2, *.tx.test, *.other.domains +Listen 3128 +``` + +(Re-)start cntlm +``` +$ pkill -x 'cntlm' +$ cntlm +``` + +Locate and edit the settings file for your shell to set env vars ( `vi ~/.zshrc` ) +``` +export http_proxy=http://localhost:3128 +export https_proxy=http://localhost:3128 +# include domain .tx.test and minikube ip address +export no_proxy=localhost,127.0.0.1,192.168.49.2,.tx.test,.other.domains +``` + +Save and apply your settings and test internet access +``` +$ source ~/.zshrc +$ curl https://github.com/ -Is | grep server +server: GitHub.com +``` + ### Network Setup on Windows/wsl2 with NTLM-proxy Configure wsl networking, assign additional fixed IP addresses to both wsl2 and windows, the wsl2-ip-address will then be used as cluster-ip-address. Do **not** use 127.0.0.1 as Cluster IP, as this causes issues when services try to access other services via the ingress from within the cluster. From 871ed5fc5ba75ee628d8bb48f13c0ef118c7eb6d Mon Sep 17 00:00:00 2001 From: Martin Rohrmeier Date: Wed, 13 Nov 2024 12:17:13 +0100 Subject: [PATCH 2/4] docs: updated cntlm setup for linux and mac --- charts/localdev/README.md | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/charts/localdev/README.md b/charts/localdev/README.md index ff320b63..75f5eeb7 100644 --- a/charts/localdev/README.md +++ b/charts/localdev/README.md @@ -179,10 +179,21 @@ The tool is necessary due to [#7332](https://github.com/kubernetes/minikube/issu Follow these steps if you are behind a firewall and have only access to the internet from behind an authenticating corporate NTLM http proxy. ```bash +# Linux +$ sudo apt install cntlm +# Mac $ brew install cntlm ``` -Locate and edit the config file to set your proxy and authentication credentials ( `vi ~/.brew/etc/cntlm.conf` ) +Locate and edit the config file to set your proxy and authentication credentials + +```bash +# Linux +$ sudo vi /etc/cntlm.conf +# Mac +$ vi ~/.brew/etc/cntlm.conf +``` + ``` Username your_userid Domain your_domain @@ -199,7 +210,11 @@ $ pkill -x 'cntlm' $ cntlm ``` -Locate and edit the settings file for your shell to set env vars ( `vi ~/.zshrc` ) +Locate and edit the settings file for your shell to set env vars +```bash +$ vi ~/.(ba|z)shrc +``` + ``` export http_proxy=http://localhost:3128 export https_proxy=http://localhost:3128 @@ -209,7 +224,7 @@ export no_proxy=localhost,127.0.0.1,192.168.49.2,.tx.test,.other.domains Save and apply your settings and test internet access ``` -$ source ~/.zshrc +$ source ~/.(ba|z)shrc $ curl https://github.com/ -Is | grep server server: GitHub.com ``` From 18efa54bfb42441f9312886b07e301974be50823 Mon Sep 17 00:00:00 2001 From: Martin Rohrmeier Date: Wed, 13 Nov 2024 12:24:25 +0100 Subject: [PATCH 3/4] docs: change regex to wildcard to support more shell interpreters --- charts/localdev/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/localdev/README.md b/charts/localdev/README.md index 75f5eeb7..a97cc8a8 100644 --- a/charts/localdev/README.md +++ b/charts/localdev/README.md @@ -212,7 +212,7 @@ $ cntlm Locate and edit the settings file for your shell to set env vars ```bash -$ vi ~/.(ba|z)shrc +$ vi ~/.*shrc ``` ``` @@ -224,7 +224,7 @@ export no_proxy=localhost,127.0.0.1,192.168.49.2,.tx.test,.other.domains Save and apply your settings and test internet access ``` -$ source ~/.(ba|z)shrc +$ source ~/.*shrc $ curl https://github.com/ -Is | grep server server: GitHub.com ``` From f0b2e1a8f4be41b0b3a8d17fe04facbe24ce26d6 Mon Sep 17 00:00:00 2001 From: Martin Rohrmeier Date: Wed, 13 Nov 2024 13:06:29 +0100 Subject: [PATCH 4/4] docs: use linux service instead of direct cntlm start --- charts/localdev/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/charts/localdev/README.md b/charts/localdev/README.md index a97cc8a8..b9e3d41f 100644 --- a/charts/localdev/README.md +++ b/charts/localdev/README.md @@ -205,7 +205,10 @@ Listen 3128 ``` (Re-)start cntlm -``` +```bash +# Linux (ubuntu) +$ sudo service cntlm reload +# Mac $ pkill -x 'cntlm' $ cntlm ```