Configure Comply for a custom NGINX ingress (offline environment)
Configure Puppet Comply in an air-gapped or offline environment where the Comply host server does not have direct access to the internet.
- Locate the email that you received with the Comply licensing information. The email should include a password and a custom URL from which to download the bundle. If you no longer have the email, open a ticket with Puppet support so that you can obtain a custom URL and reset your password.
- Navigate to the download portal (for example, https://get.replicated.com/airgap/#/kots/comply/) and log in with the password.
- Select Embedded cluster.
- Click Download airgap bundle.
In Puppet Application Manager (PAM), upload your Comply license and follow the prompts.
You’ll be guided through the process of setting up SSL certificates, uploading a license, and checking to make sure your infrastructure meets Comply system requirements.Note: The license file is issued by Puppet. If you do not have a license file, contact your Puppet representative. You must also agree to our license agreement. If your license terms update, for example the expiry date or number of licensed nodes, upload your updated license file to Puppet Application Manager.
When prompted, upload the
.airgapbundle for the most recent version of Comply.
To configure your installation, click Config.
In the Hostname field, enter the fully qualified
domain name (FQDN) that you want to use to access Comply.
For example, this could be the name of the node you have installed Comply on. If you choose to use an FQDN that is different from the name of this node, you must configure your domain name system (DNS) to resolve the FQDN to the IP address of the Comply node.
In the Configure access section, add the
following annotations to configure the Ingress if you use
kubernetes.io/ingress.class: nginx cert-manager.io/cluster-issuer: letsencrypt-prod
- Configure any other settings on the page relevant to your installation. For example, you can determine how often the Comply inventory retrieves node and fact information from Puppet Enterprise. The default refresh interval for the Comply inventory is 24 hours, but you can specify a different value in the Inventory Refresh Interval section.
- When you have finished making any necessary changes to the configuration, click Continue.
- In the Hostname field, enter the fully qualified domain name (FQDN) that you want to use to access Comply.
Monitor the new version's preflight checks. The Running
Checks indicator is shown on the screen while Comply checks your system to make sure your
cluster meets minimum system requirements. When the preflight check is
- If the status is Checks Failed, click
View preflights. Correct the issues and click
Re-run. Repeat this step as needed.Important: Do not move on until all preflight checks pass.
- If the status is Ready to Deploy, move on to the next step.
- If the status is Checks Failed, click View preflights. Correct the issues and click Re-run. Repeat this step as needed.