Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not possible to install on windows via proxy #7952

Closed
davidgiga1993 opened this issue Aug 23, 2023 · 4 comments
Closed

Not possible to install on windows via proxy #7952

davidgiga1993 opened this issue Aug 23, 2023 · 4 comments
Labels
area/windows

Comments

@davidgiga1993
Copy link
Contributor

When trying to install calico on a windows node with restricted internet access (internet may only be accessed via http_proxy) the installation fails.

Expected Behavior

The installer should honor any set HTTP_PROXY / HTTPS_PROXY environment variables.

Current Behavior

Uninstalling any existing Calico install before proceeding with installation...
No Calico services found.
Invoke-WebRequest : Unable to connect to the remote server
At C:\C\0b06ba5db7294ba7c76b1567ec8f316b6c1e175ff9c9ae433e83d8f184392880\install-calico-windows.ps1:424 char:5
+     Invoke-WebRequest https://raw.githubusercontent.com/Microsoft/SDN ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc                                                                              eption                                                                                                                                                                                            + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

Possible Solution

Maybe using powershell >=7 (see https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-7.3)

Steps to Reproduce (for bugs)

  1. Restrict internet access to only be accessible via http proxy
  2. Run calico/windows:v3.26.1 host-process-install.ps1

Context

In a corporate environment direct internet access is often restricted. This issue is blocking our windows rollout.

Your Environment

  • Calico version 3.26.1
  • Orchestrator version (e.g. kubernetes, mesos, rkt): k8s on aws eks
  • Operating System and version: Windows Server 2022 Core
@davidgiga1993
Copy link
Contributor Author

As a workaround one could install powershell 7 on the host and use it to run the calico ps1 scripts:

mkdir C:\powershell
curl.exe --connect-timeout 10 --ssl-no-revoke --retry 10 --retry-all-errors -L https://github.com/PowerShell/PowerShell/releases/download/v7.3.6/PowerShell-7.3.6-win-x64.zip -o C:\powershell\powershell.zip
Expand-Archive C:/powershell/powershell.zip C:/powershell | Out-Null;
Remove-Item C:/powershell/powershell.zip | Out-Null;
      initContainers:
        - name: install
          image: cr.siemens.com/cloud-platform-services/calico/calico/windows:v3.26.1
          args:
            - "C:\\powershell\\pwsh.exe .\\host-process-install.ps1"

@coutinhop
Copy link
Contributor

Hi @davidgiga1993, I see from the Invoke-WebRequest cmdlet description that this is indeed a limitation with powershell versions <7.0, thanks for letting us know!

We are currently working on adding GA support to Calico for Windows on HPC (host process containers), the PRs are #7857 and tigera/operator#2732 if you'd like to check them out. This will considerably improve Calico maintainability on Windows, and will not need to use Invoke-WebRequest in any powershell script anymore. This will come on the next Calico release v3.27 and will fix this issue (along with a multitude of others). Stay tuned!

@coutinhop
Copy link
Contributor

coutinhop commented Dec 20, 2023
edited
Loading

@davidgiga1993 I'm happy to announce that Calico v3.27.0 has been released with operator support for Windows!

This leverages Windows host process containers (HPC) so Calico for Windows runs in actual Kubernetes pods (that means install-calico-windows.ps1 is no longer needed and thus no need to download anything with Invoke-WebRequest, so a proxy should not be a problem anymore). Please try it out and let us know!

@davidgiga1993
Copy link
Contributor Author

Sorry for the (very late) reply, but I'm happy to report that it's all working now 👍 Still got some issues with pulling images through a http proxy, but that's outside of calico

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/windows
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coutinhop @davidgiga1993