I have some servers that are mandatorily not allowed to connect to the internet either directly or via a proxy. We have internal GitHub and Docker registry services and I have been able to pull all required images via the containerd registry mirrors.
I now need to enable prometheus and I can see that it tries to pull the repo from github.com…
[root@server1:current/]# microk8s enable prometheus Addon dns is already enabled. Fetching kube-prometheus version v0.8.0. % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (6) Could not resolve host: github.com [root@server1:current/]# pwd /var/snap/microk8s/current [root@server1:current/]#
I can see this is configured in a RO file here:
[root@server1:actions/]# ls -lah /var/lib/snapd/snap/microk8s/2399/actions/enable.prometheus.sh -rwxr-xr-x. 1 root root 3.2K Aug 12 19:55 /var/lib/snapd/snap/microk8s/2399/actions/enable.prometheus.sh [root@server1:actions/]#
I can see in
/var/log/secure the curl command:
[root@server1:actions/]# grep curl /var/log/secure | tail -1 2021-08-24T10:32:58.928693+10:00 server1 sudo: root : TTY=pts/0 ; PWD=/opt/apps/snap/microk8s/2399 ; USER=root ; ENV=LD_LIBRARY_PATH=/snap/microk8s/2399/lib:/snap/microk8s/2399/usr/lib:/snap/microk8s/2399/lib/x86_64-linux-gnu:/snap/microk8s/2399/usr/lib/x86_64-linux-gnu ; COMMAND=/snap/microk8s/2399/usr/bin/curl --cacert /snap/core18/current/etc/ssl/certs/ca-certificates.crt -L https://github.com/prometheus-operator/kube-prometheus/archive/v0.8.0.tar.gz -o /var/snap/microk8s/2399/tmp/kube-prometheus/kube-prometheus.tar.gz [root@server1:actions/]#
I did try to manually put the file into
/var/snap/microk8s/2399/tmp/kube-prometheus/kube-prometheus.tar.gz and then enabling, but that didn’t see to help.
Is there any way to override the URL it pulls from or other way to manually install prometheus in an air-gapped scenario?