Tanzu Mission Control supports creating new AKS (Azure Kubernetes Service) clusters with a proxy configuration of type explicit as part of create API/manifests and being applied to the complete cluster. If proxy configuration of type transparent is used, then it is used for the Tanzu Mission Control agent and extensions only.

Tanzu Mission Control managed AKS clusters can be configured with transparent mode proxy configuration. In such cases, the Tanzu Mission Control agent and its extensions and components are able to connect via traffic proxy in transparent mode. For nodes or pods outside the system-vmware-tmc namespace, you need to manually setup for using the transparent proxy.

Procedure

  1. To configure an explicit or transparent proxy for an AKS cluster, see Create a Proxy Configuration Object.
  2. To configure a transparent proxy in AKS for other namespaces, you must manually configure them to accept the transparent proxy’s custom certificate if you need them to connect via proxy to the internet over HTTPS. For more information, see: https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority#custom-ca-installation-on-aks-node-pools.