You can create a proxy configuration that enables Tanzu Mission Control to connect with clusters that are protected by a proxy server.

The Kubernetes clusters that you manage using Tanzu Mission Control run cluster agent extensions that make connections to Tanzu Mission Control to allow bilateral communication. This applies to Tanzu Kubernetes clusters that you register with Tanzu Mission Control and their workload clusters, as well as clusters that were created elsewhere and subsequently attached.

If you have a proxy server that manages outbound traffic for your clusters, the cluster agent extensions must identify the proxy server and get authorization to communicate with Tanzu Mission Control. By creating a proxy configuration object, you can consistently reuse the proxy settings for multiple clusters.

Proxy Requirements for Managing Clusters with Tanzu Mission Control

Make sure that your proxy meets the following requirements.
  • The proxy must support HTTP 2.0 traffic because the Tanzu Mission Control cluster agent extensions communicate using gRPC protocol over HTTP 2.0.
  • If your proxy uses SSL inspection, make sure you enable the streaming of large objects in your proxy's settings.