Install Containerized SUSE Manager Proxy on k3s

1. Installing k3s

On the container host machine, install k3s without the load balancer and traefik router (replace <K3S_HOST_FQDN> with the FQDN of your k3s host):

curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="--disable=traefik --disable=servicelb --tls-san=<K3S_HOST_FQDN>" sh -

2. Configuring cluster access

helm needs a configuration file to connect to the target kubernetes cluster.

On the cluster server machine run the following command to create the kubeconfig-k3s.yaml configuration file. The kubeconfig-k3s.yaml file can be optionally transferred to a work machine:

kubectl config view --flatten=true | sed 's/127.0.0.1/<K3S_HOST_FQDN>/' >kubeconfig-k3s.yaml

Before calling helm, run:

export KUBECONFIG=/path/to/kubeconfig-k3s.yaml

3. Installing helm

The Containers Module is required to install helm.

To install it run:

zypper in helm

4. Installing metalLB

MetalLB is the load balancer that will expose the SUSE Manager proxy pod services to the outside world. To install it, run:

helm repo add metallb https://metallb.github.io/metallb
helm install --create-namespace -n metallb metallb metallb/metallb

MetalLB still requires a configuration to know the virtual IP address range to be used. In this example, the virtual IP addresses will be from 192.168.122.240 to 192.168.122.250, but that range could be lowered to a single address if the host only exposes the SUSE Manager proxy. These addresses need to be a subset of the server network.

Create a metallb-config.yaml configuration file with the following settings and an IP address range that aligns with the deployed network:

apiVersion: metallb.io/v1beta1
kind: IPAddressPool
metadata:
  name: l2-pool
  namespace: metallb
spec:
  addresses:
  - 192.168.122.240-192.168.122.250
---
apiVersion: metallb.io/v1beta1
kind: L2Advertisement
metadata:
  name: l2
  namespace: metallb
spec:
  ipAddressPools:
  - l2-pool

Apply this configuration by running:

kubectl apply -f metallb-config.yaml

5. Deploying the SUSE Manager proxy helm chart

Create a configuration file forcing the IP address that MetalLB will use for the SUSE Manager Proxy services. This IP address needs to be the one to which the proxy FQDN entered when creating the proxy configuration. It also needs to be resolvable from both the SUSE Manager Server and the client systems to connect to the proxy.

This example will use 192.168.122.241.

Create a custom-values.yaml file with the following content. If the MetalLB IP address range only contains a single address, the last line can be removed.

services:
  annotations:
    metallb.universe.tf/allow-shared-ip: key-to-share-ip
    metallb.universe.tf/loadBalancerIPs: 192.168.122.241

The parameter metallb.universe.tf/allow-shared-ip does not need changing. You need to adjust the parameter metallb.universe.tf/loadBalancerIPs to your network setup.

To configure the storage of the volumes to be used by the SUSE Manager Proxy pod, define persistent volumes for the following claims. For more informationm see https://kubernetes.io/docs/concepts/storage/persistent-volumes/ (kubernetes) or https://rancher.com/docs/k3s/latest/en/storage/ (k3s) documentation. The persistent volume claims are named:

  • squid-cache-pv-claim

  • /package-cache-pv-claim

  • /tftp-boot-pv-claim

Create the configuration for the SUSE Manager Proxy as documented in Containerized SUSE Manager Proxy Setup. Copy and extract the configuration tar.gz file and then deploy the helm chart:

tar xf /path/to/config.tar.gz
helm install uyuni-proxy oci://registry.suse.com/suse/manager/4.3/proxy -f config.yaml -f httpd.yaml -f ssh.yaml -f custom-values.yaml