Improve air-gap installation instructions

[EppO]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change
/kind bug
/kind cleanup
/kind design

/kind documentation

/kind failing-test
/kind feature
/kind flake

What this PR does / why we need it:
Give more details regarding offline installation requirements.

Which issue(s) this PR fixes:

Fixes #5973 #6207

Special notes for your reviewer:
I'm wondering if we should extract this section to its own doc page. Thoughts?

Does this PR introduce a user-facing change?:

NONE

[floryut]

Special notes for your reviewer:
I'm wondering if we should extract this section to its own doc page. Thoughts?

I was wondering the same thing.
Your documentation update is really neat, but I think it should have a dedicated md page as a lot of people are seaching and have question about that.

[EppO]

I thought the same thing. I'll move this section to its own docs.

[EppO]

tf-elastx_ubuntu18-calico failing multiple times for the same reason:

Error: Error creating openstack_compute_floatingip_associate_v2: Bad request with: [POST https://ops.elastx.cloud:8774/v2.1/servers/51f78c86-5097-4949-84a1-0df253a74105/action], error message: {"badRequest": {"message": "Unable to associate floating IP 212.237.149.73 to fixed IP 10.0.0.18 for instance 51f78c86-5097-4949-84a1-0df253a74105. Error: External network 600b8501-78cb-4155-9c9f-23dfcba88828 is not reachable from subnet 3701d914-b6a8-4aab-a3a8-667a12646736.  Therefore, cannot associate Port 07dd2b0d-1bbb-4fcd-bcf1-17a141281efc with a Floating IP.\nNeutron server returns request_ids: ['req-3c5ff34a-f359-45be-9f91-f68d20c0eeb6']", "code": 400}}
  on contrib/terraform/openstack/modules/compute/main.tf line 564, in resource "openstack_compute_floatingip_associate_v2" "k8s_master":
 564: resource "openstack_compute_floatingip_associate_v2" "k8s_master" {
Error: Error creating openstack_compute_floatingip_associate_v2: Bad request with: [POST https://ops.elastx.cloud:8774/v2.1/servers/aca560a7-94c4-447d-a258-9419f1418f6e/action], error message: {"badRequest": {"message": "Unable to associate floating IP 212.237.149.164 to fixed IP 10.0.0.4 for instance aca560a7-94c4-447d-a258-9419f1418f6e. Error: External network 600b8501-78cb-4155-9c9f-23dfcba88828 is not reachable from subnet 3701d914-b6a8-4aab-a3a8-667a12646736.  Therefore, cannot associate Port 5ff7ef88-3306-42af-856a-db8b333f8e0d with a Floating IP.\nNeutron server returns request_ids: ['req-35197d3c-fd4a-42d3-b0d3-ac0b9074d341']", "code": 400}}
  on contrib/terraform/openstack/modules/compute/main.tf line 577, in resource "openstack_compute_floatingip_associate_v2" "k8s_node":
 577: resource "openstack_compute_floatingip_associate_v2" "k8s_node" {
Error: Error creating openstack_networking_router_interface_v2: Bad request with: [PUT https://ops.elastx.cloud:9696/v2.0/routers/ab95917c-41fb-4881-b507-3a6dfe9403df/add_router_interface], error message: {"NeutronError": {"message": "Bad router request: Cidr 10.0.0.0/24 of subnet 3701d914-b6a8-4aab-a3a8-667a12646736 overlaps with cidr 10.0.0.0/24 of subnet b109a883-fef3-4bd0-88aa-e2c908181e1e.", "type": "BadRequest", "detail": ""}}
  on contrib/terraform/openstack/modules/network/main.tf line 29, in resource "openstack_networking_router_interface_v2" "k8s":
  29: resource "openstack_networking_router_interface_v2" "k8s" {
Makefile:20: recipe for target 'create-tf' failed
make: *** [create-tf] Error 1

[floryut]

tf-elastx_ubuntu18-calico failing multiple times for the same reason:

Error: Error creating openstack_compute_floatingip_associate_v2: Bad request with: [POST https://ops.elastx.cloud:8774/v2.1/servers/51f78c86-5097-4949-84a1-0df253a74105/action], error message: {"badRequest": {"message": "Unable to associate floating IP 212.237.149.73 to fixed IP 10.0.0.18 for instance 51f78c86-5097-4949-84a1-0df253a74105. Error: External network 600b8501-78cb-4155-9c9f-23dfcba88828 is not reachable from subnet 3701d914-b6a8-4aab-a3a8-667a12646736.  Therefore, cannot associate Port 07dd2b0d-1bbb-4fcd-bcf1-17a141281efc with a Floating IP.\nNeutron server returns request_ids: ['req-3c5ff34a-f359-45be-9f91-f68d20c0eeb6']", "code": 400}}
  on contrib/terraform/openstack/modules/compute/main.tf line 564, in resource "openstack_compute_floatingip_associate_v2" "k8s_master":
 564: resource "openstack_compute_floatingip_associate_v2" "k8s_master" {
Error: Error creating openstack_compute_floatingip_associate_v2: Bad request with: [POST https://ops.elastx.cloud:8774/v2.1/servers/aca560a7-94c4-447d-a258-9419f1418f6e/action], error message: {"badRequest": {"message": "Unable to associate floating IP 212.237.149.164 to fixed IP 10.0.0.4 for instance aca560a7-94c4-447d-a258-9419f1418f6e. Error: External network 600b8501-78cb-4155-9c9f-23dfcba88828 is not reachable from subnet 3701d914-b6a8-4aab-a3a8-667a12646736.  Therefore, cannot associate Port 5ff7ef88-3306-42af-856a-db8b333f8e0d with a Floating IP.\nNeutron server returns request_ids: ['req-35197d3c-fd4a-42d3-b0d3-ac0b9074d341']", "code": 400}}
  on contrib/terraform/openstack/modules/compute/main.tf line 577, in resource "openstack_compute_floatingip_associate_v2" "k8s_node":
 577: resource "openstack_compute_floatingip_associate_v2" "k8s_node" {
Error: Error creating openstack_networking_router_interface_v2: Bad request with: [PUT https://ops.elastx.cloud:9696/v2.0/routers/ab95917c-41fb-4881-b507-3a6dfe9403df/add_router_interface], error message: {"NeutronError": {"message": "Bad router request: Cidr 10.0.0.0/24 of subnet 3701d914-b6a8-4aab-a3a8-667a12646736 overlaps with cidr 10.0.0.0/24 of subnet b109a883-fef3-4bd0-88aa-e2c908181e1e.", "type": "BadRequest", "detail": ""}}
  on contrib/terraform/openstack/modules/network/main.tf line 29, in resource "openstack_networking_router_interface_v2" "k8s":
  29: resource "openstack_networking_router_interface_v2" "k8s" {
Makefile:20: recipe for target 'create-tf' failed
make: *** [create-tf] Error 1

This is fix by #6232

[LuckySB]

/approve
/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: EppO, LuckySB

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [LuckySB]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[elgamal2020]

I would suggest to give examples on setting up those requirments

a HTTP reverse proxy/cache/mirror to serve some static files (zips and binaries)
an internal Yum/Deb repository for OS packages
an internal container image registry that need to be populated with all container images used by Kubespray. Exhaustive list depends on your setup
[Optional] an internal PyPi server for kubespray python packages (only required if your OS doesn't provide all python packages/versions listed in requirements.txt)
[Optional] an internal Helm registry (only required if helm_enabled=true)

[elgamal2020]

TASK [download : download_file | Download item] *************************************************************************************
fatal: [node2 -> 172.18.234.204]: FAILED! => {"attempts": 4, "changed": false, "dest": "/tmp/releases/kubeadm-v1.18.6-amd64", "elapse d": 0, "msg": "Request failed: <urlopen error [Errno -3] Temporary failure in name resolution>", "url": "https://storage.googleapis.c om/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubeadm"}
FAILED - RETRYING: download_file | Download item (3 retries left).
FAILED - RETRYING: download_file | Download item (3 retries left).
FAILED - RETRYING: download_file | Download item (2 retries left).
FAILED - RETRYING: download_file | Download item (1 retries left).
fatal: [node1 -> 172.18.234.203]: FAILED! => {"attempts": 4, "changed": false, "dest": "/tmp/releases/kubeadm-v1.18.6-amd64", "elapse d": 0, "msg": "Request failed: <urlopen error [Errno -3] Temporary failure in name resolution>", "url": "https://storage.googleapis.c om/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubeadm"}
FAILED - RETRYING: download_file | Download item (2 retries left).
FAILED - RETRYING: download_file | Download item (1 retries left).
fatal: [node3 -> 172.18.234.205]: FAILED! => {"attempts": 4, "changed": false, "dest": "/tmp/releases/kubeadm-v1.18.6-amd64", "elapse d": 20, "msg": "Request failed: <urlopen error [Errno -3] Temporary failure in name resolution>", "url": "https://storage.googleapis. com/kubernetes-release/release/v1.18.6/bin/linux/amd64/kubeadm"}

I recieve the following error , would you please indicate how can I do the file repo

[floryut]

Well if you can't access storage.googleapis.com did you follow what this PR is about ?

ie: settings up kubelet/kubectl/kubeadm variables to resolve local/internal files instead of google servers

kubeadm_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubeadm"
kubectl_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubectl"
kubelet_download_url: "{{ files_repo }}/kubernetes/{{ kube_version }}/kubelet"

[elgamal2020]

Thanks should I put them on the jumpserver (where kubespray is running ) or on the target K8s node ?
what are all the files that should I download ?

[floryut]

Thanks should I put them on the jumpserver (where kubespray is running ) or on the target K8s node ?
what are all the files that should I download ?

https://github.com/kubernetes-sigs/kubespray/blob/master/docs/offline-environment.md#configure-inventory
You have to put those variables in your inventory as stated here (so on the ansible runner)

[elgamal2020]

How can I deal if I download files to the Kubespray installer machine
I tried a conf like
kubelet_download_url: "/home/ubuntu/kubespray/downloads/kubelet"
but it failed to access

[floryut]

By setting up a simple httpd (or httpd-like) server to serve the files ?