add first version for docs of kubermatic proxy whitelisting #166
Conversation
kubermatic-bot
added
the
size/L
|
/assign @thz @alvaroaleman |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: toschneck The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/assign @alvaroaleman |
There was a problem hiding this comment.
Would it maybe make more sense to simply make this a table?
Name | URL | What is this needed for?
cc @thz
| quay.io/coreos/container-linux-update-operator | ||
| ``` | ||
| {{% notice note %}} | ||
| [Kubermatic offline mode](https://docs.kubermatic.io/advanced/offline_mode/#kubermatic-offline-mode): |
There was a problem hiding this comment.
I dont think this note makes sense here, the page is about proxy whitelisting. You could probably add a link in the head "hey, offline mode also exists" but here its not really adding value IMHO
There was a problem hiding this comment.
will change the meaning. The point here is, if you use the offline mode, you maybe don't need to white-list some images
| https://github.com/containernetworking/plugins/releases/ | ||
|
|
||
| # Kubermatic health-monitor | ||
| https://raw.githubusercontent.com/kubermatic/machine-controller/8b5b66e4910a6228dfaecccaa0a3b05ec4902f8e/pkg/userdata/scripts/health-monitor.sh |
There was a problem hiding this comment.
Does it make to reference a specific commit? This could change over time
For quickly copy and paste it from there to e.g. a proxy configuration, I decided to keep it in one file. |
kubermatic-bot
added
the
dco-signoff: yes
|
@alvaroaleman / @thz can you please review the change, so we can merge this one? |
| quay.io/coreos/container-linux-update-operator | ||
| ``` | ||
| {{% notice note %}} | ||
| If you use the [Kubermatic offline mode](https://docs.kubermatic.io/advanced/offline_mode/#kubermatic-offline-mode), images will get pulled from the defined private registry (e.g. `172.20.0.2:5000`) instead of the public registries. This means, that some above mentioned whitelistings are maybe not required. As result the following images will get pulled from the private registry: |
There was a problem hiding this comment.
The comma after the means must go and the maybe in the second sentence is wrong. Also its not entirely clear that the two images are samples and this is done for all images.
I'd personally just remove the whole passage here and mention in the beginning that this is for an env that uses a http proxy and that if the env is airgapped, the docs are elsewhere.
There was a problem hiding this comment.
Also its not entirely clear that the two images are samples and this is done for all images.
I think this should get described here https://docs.kubermatic.io/advanced/offline_mode/. There the description say to me that only this images get pulled from other locations.
Anyway I removed the details and put it to the top.
There was a problem hiding this comment.
The maybe is still there and its still wrong. If you want this to be just a doc about the whitelisting and don't want to do a doc about other proxy/offline env related stuff, please just remove this passage. It doesn't help if we have something that partly explains topic B on a page that is supposed to explain topic A.
| @@ -0,0 +1,141 @@ | |||
| +++ | |||
| title = "Kubermatic Proxy Whitelisting" | |||
There was a problem hiding this comment.
I think it makes more sense to have a page that describes the whole HTTP proxy configuration and not just the whitelisting part of it.
Also I still think putting the images and binaries in a table would make all of this a lot easier and quicker to grasp.
There was a problem hiding this comment.
I agree that we should have a dedicated HTTP proxy description. But I don't think this is my task and part of this issue. This should part of the development cycle.
I'm wonder why we now search for reason to not merge at least this one? In my opinion this doesn't help ether.
So I create a separate issue for the HTTP proxy configuration: #195
…#166' (#196) * add first version for docs of kubermatic proxy whitelisting * add let's encrypt URL to white listing * update proxy-white listing docs, due to review comments * update offline mode note for proxy whitelisting * modify note for offline mode * fix lint warnings * fix typos and adjust PR to new version structure
Based on my research, I added a frist version for proxy whitelisting