Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: describe cntlm setup #466

Merged
merged 4 commits into from
Nov 18, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 86 additions & 24 deletions charts/localdev/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,30 +10,34 @@ This chart also sets up an additional [postgresql](https://artifacthub.io/packag

For detailed information about the default configuration values, please have a look at the [Values table](#values) and/or [Values file](./values.yaml).

- [Usage](#usage)
- [Cluster setup](#cluster-setup)
- [Linux and Mac](#cluster-setup-linux-and-mac)
- [Cluster Setup Windows](#cluster-setup-windows)
- [Minikube](#minikube)
- [Docker Desktop integrated Kubernetes](#docker-desktop-integrated-kubernetes)
- [Network Setup](#network-setup)
- [Minikube Addons](#minikube-addons)
- [Docker Desktop integrated Kubernetes Ingress Controller](#docker-desktop-integrated-kubernetes-ingress-controller)
- [Linux and Mac](#network-setup-on-linux-and-mac)
- [Additional Network Setup for Mac](#additional-network-setup-for-mac)
- [Windows/wsl2 with NTLM-proxy](#network-setup-on-windowswsl2-with-ntlm-proxy)
- [px-proxy](#px-proxy)
- [DNS-resolution in Windows](#dns-resolution-in-windows)
- [DNS-resolution in wsl2](#dns-resolution-in-wsl2)
- [Proxy-setup in wsl2](#proxy-setup-in-wsl2)
- [Install](#install)
- [Use released chart](#use-released-chart)
- [Use local repository](#use-local-repository)
- [Perform first login](#perform-first-login)
- [Database Access](#database-access)
- [Keycloak Admin Console](#keycloak-admin-console)
- [Uninstall](#uninstall)
- [Prepare self-signed TLS setup (Optional)](#prepare-self-signed-tls-setup-optional)
- [Setup of CX Portal \& IAM for local development](#setup-of-cx-portal--iam-for-local-development)
- [Usage](#usage)
- [Cluster Setup](#cluster-setup)
- [Cluster Setup Linux and Mac](#cluster-setup-linux-and-mac)
- [Cluster Setup Windows](#cluster-setup-windows)
- [Minikube](#minikube)
- [Docker Desktop integrated Kubernetes](#docker-desktop-integrated-kubernetes)
- [Network Setup](#network-setup)
- [Minikube Addons](#minikube-addons)
- [Docker Desktop integrated Kubernetes Ingress Controller](#docker-desktop-integrated-kubernetes-ingress-controller)
- [Network Setup on Linux and Mac](#network-setup-on-linux-and-mac)
- [Additional Network Setup for Mac](#additional-network-setup-for-mac)
- [Setup cntlm proxy](#setup-cntlm-proxy)
oyo marked this conversation as resolved.
Show resolved Hide resolved
- [Network Setup on Windows/wsl2 with NTLM-proxy](#network-setup-on-windowswsl2-with-ntlm-proxy)
- [px-proxy](#px-proxy)
- [DNS-resolution in Windows](#dns-resolution-in-windows)
- [DNS-resolution in wsl2](#dns-resolution-in-wsl2)
- [Proxy-setup in wsl2](#proxy-setup-in-wsl2)
- [Install](#install)
- [Use released chart](#use-released-chart)
- [Use local repository](#use-local-repository)
- [Perform first login](#perform-first-login)
- [Database Access](#database-access)
- [Keycloak Admin Console](#keycloak-admin-console)
- [Uninstall](#uninstall)
- [Prepare self-signed TLS setup (Optional)](#prepare-self-signed-tls-setup-optional)
- [Requirements](#requirements)
- [Values](#values)

## Usage

Expand Down Expand Up @@ -170,6 +174,64 @@ If you're having issues with getting 'Docker Mac Net Connect' to work, we recomm

The tool is necessary due to [#7332](https://github.com/kubernetes/minikube/issues/7332).

#### Setup cntlm proxy
oyo marked this conversation as resolved.
Show resolved Hide resolved

Follow these steps if you are behind a firewall and have only access to the internet from behind an authenticating corporate NTLM http proxy.

```bash
# Linux
$ sudo apt install cntlm
# Mac
$ brew install cntlm
```

Locate and edit the config file to set your proxy and authentication credentials

```bash
# Linux
$ sudo vi /etc/cntlm.conf
# Mac
$ vi ~/.brew/etc/cntlm.conf
```

```
Username your_userid
Domain your_domain
Password your_ntlm_proxy_password
Proxy your.corporate.proxy.host:8080
# include domain .tx.test and minikube ip address
NoProxy localhost, 127.0.0.1, 192.168.49.2, *.tx.test, *.other.domains
Listen 3128
```

(Re-)start cntlm
```bash
# Linux (ubuntu)
$ sudo service cntlm reload
# Mac
$ pkill -x 'cntlm'
$ cntlm
```

Locate and edit the settings file for your shell to set env vars
```bash
$ vi ~/.*shrc
```

```
export http_proxy=http://localhost:3128
export https_proxy=http://localhost:3128
# include domain .tx.test and minikube ip address
export no_proxy=localhost,127.0.0.1,192.168.49.2,.tx.test,.other.domains
```

Save and apply your settings and test internet access
```
$ source ~/.*shrc
$ curl https://github.com/ -Is | grep server
server: GitHub.com
```

### Network Setup on Windows/wsl2 with NTLM-proxy

Configure wsl networking, assign additional fixed IP addresses to both wsl2 and windows, the wsl2-ip-address will then be used as cluster-ip-address. Do **not** use 127.0.0.1 as Cluster IP, as this causes issues when services try to access other services via the ingress from within the cluster.
Expand Down