uyuni-project · 0rnela · Mar 2, 2023 · Dec 27, 2022 · Feb 15, 2023 · Feb 15, 2023
diff --git a/.changelog b/.changelog
@@ -4,6 +4,8 @@
 # - Fixed error in Bat section of Upgrade Guide (bsc#1234567)
 # For guidelines: https://en.opensuse.org/openSUSE:Creating_a_changes_file_(RPM)
 
+- Added instructions about contanerized proxy deployment to Installation and 
+  Upgrade Guide
 - Added Uyuni Client Tools channels for Enterprise Linux / SUSE Liberty
   Linux and provide dedicated table for SUSE Manager in Client
   Configuration Guide (bsc#1205719)

diff --git a/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc b/modules/installation-and-upgrade/nav-installation-and-upgrade-guide.adoc
@@ -86,6 +86,7 @@ ifeval::[{uyuni-content} == true]
 endif::[]
 
 **** xref:proxy-container-setup.adoc[Containerized Proxy Setup]
+**** xref:containerized-proxy-deployment.adoc[Containerized Proxy Deployment]
 ** xref:upgrade-intro.adoc[Upgrade]
 
 ifeval::[{suma-content} == true]

diff --git a/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc b/modules/installation-and-upgrade/pages/containerized-proxy-deployment.adoc
@@ -0,0 +1,109 @@
+[[containerized-proxy-deployment]]
+= Containerized proxy deployment using internal registry
+
+It is possible to deploy containerized images in an environment without an internet connection.
+In such case, the images can be copied from {suse} registry to an internal registry, or saved to a [literal]``tar`` file.
+
+
+[[image.from.suse.to.internal.registry]]
+== Image copying from {suse} registry to internal registry 
+
+
+This example illustrates deployment of {salt} proxies only.
+
+.Procedure: Deploying {salt} Proxy from an internal image registry
+[role=procedure]
+
+. Install [literal]``skopeo`` on a machine with access to [literal]``registry.suse.com``:
++
+----
+zypper in skopeo
+----
++
+[NOTE]
+====
+This can be {productname} server.
+====
++
+. Copy images between registries:
++
+----
+for image in httpd salt-broker squid ssh tftpd; do
+    skopeo copy docker://registry.suse.com/suse/manager/4.3/proxy-$image:latest docker://(your_server)/registry.suse.com/suse/manager/4.3/proxy-$image
+done
+skopeo copy docker://k8s.gcr.io/pause:latest docker://(your_server)/k8s.gcr.io/pause:latest
+----
++
+[NOTE]
+====
+For every [literal]`skopeo` command add [literal]`--dest-tls-verify=false` if the registry is not secured.
+====
++
+. If the registry is unsecured, i.e. not configured with SSL, add the regitry domain to the section [literal]``registries.insecure`` on the containerized proxy virtual machine by editing:
++
+----
+/etc/containers/registries.conf
+----
++
+. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry:
-. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry:
+. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry:
-. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry:
+. Before starting the pod, point the Podman where to get the [literal]``pause`` image from on the internal registry:
++
+----
+echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf
+----
++
+. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`.
-. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`.
+. To start using the images from the internal registry adapt the [literal]``NAMESPACE`` value in [path]``/etc/sysconfig/uyuni-proxy-systemd-services.config``.
-. To start using the images from the internal registry please adapt the [literal]`NAMESPACE` value in file `/etc/sysconfig/uyuni-proxy-systemd-services.config`.
+. To start using the images from the internal registry adapt the [literal]``NAMESPACE`` value in [path]``/etc/sysconfig/uyuni-proxy-systemd-services.config``.
++
+[NOTE]
+====
+For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line.
-For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line.
+For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line.
-For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line.
+For the k3s deployment, add [literal]``--set repository=(your_server)`` to the helm install command line.
+====
+
+
+[[air-gapped-solution-for-podman]]
+== Air-gapped solution for Podman
+
+This example illustrates deployment of containerized image on a machine with no access to internet.
+
+
+.Procedure: Deploying air-gapped proxy
+[role=procedure]
+
+. Before starting the pod, point the Podman where to get the [literal]`pause` image from on the internal registry:
++
+----
+echo -e '[engine]\ninfra_image = "(your_server)/pause:latest"'>>/etc/containers/containers.conf
+----
++
+[WARNING]
+====
+
+This command does not work on SLE 15 SP3 and earlier container hosts.
+====
++
+. On a machine with internet access run:
++
+----
+for image in httpd salt-broker squid ssh tftpd; do
+    podman pull registry.suse.com/suse/manager/4.3/proxy-$image
+done
+podman pull k8s.gcr.io/pause
+
+podman save -m -o proxy-images.tar \
+    k8s.gcr.io/pause \
+    registry.suse.com/suse/manager/4.3/proxy-httpd \
+    registry.suse.com/suse/manager/4.3/proxy-salt-broker \
+    registry.suse.com/suse/manager/4.3/proxy-squid registry.suse.com/suse/manager/4.3/proxy-ssh \
+    registry.suse.com/suse/manager/4.3/proxy-tftpd
+----
++
+[NOTE]
+====
+For the k3s deployment, add [literal]`--set repository=(your_server)` to the helm install command line.
+====
++
+. Transfer the [literal]`proxy-images.tar` to the air-gapped proxy.
+. To make images available to be started when needed, run the command:
++
+----
+podman load -i proxy-images.tar
+----