Create a proxy configuration in VMware Tanzu Mission Control that allows outbound traffic through the proxy that protects your managed clusters.
A proxy configuration identifies the proxy server for one or more clusters and the credentials required to authorize outbound traffic through it. When you create a proxy configuration object, you can use it when registering an Azure AKS, AWS EKS, or a Tanzu Kubernetes Grid management cluster, provisioning a workload cluster, or attaching a cluster.
For information about using this feature with Tanzu Kubernetes Grid Service clusters, see Create a Proxy Configuration Object for a Tanzu Kubernetes Grid Service Cluster Running in vSphere with Tanzu.
For information about proxy configuration for Azure AKS clusters, see Create a Proxy Configuration Object for AKS Clusters in Tanzu Mission Control.
For information about proxy configuration for AWS EKS clusters, see Create a Proxy Configuration Object for EKS Clusters in Tanzu Mission Control.
system-vmware-tmc
namespace, you must manually set up for using the transparent proxy.
Prerequisites
Log in to the Tanzu Mission Control console, as described in Log In to the Tanzu Mission Control Console.
- To create a proxy configuration, you must be associated with the organization.credential.admin role.
kubectl get kubeadmconfig -n tkg-system
Procedure
- In the left navigation pane of the Tanzu Mission Control console, click Administration.
- On the Administration page, click the Proxy Configuration tab.
- Click Create Proxy Configuration.
- On the Create proxy page, enter a name for the proxy configuration.
- You can optionally provide a description.
- Select the proxy type, either Explicit or Transparent.
Option Actions Explicit - Specify the URL or IP address of the proxy server, and the port on which outbound traffic is allowed.
- Enter the credentials (username and password) that permit outbound traffic through the proxy server.
- You can optionally enter an alternative server/port and username/password for HTTPS traffic.
- If your explicit proxy uses a root certificate or CA certificate (for example, if your proxy uses SSL inspection), enter the certificate into the provided box.
Note: Custom CA certificates are not supported for the following operations:
- Registering a Supervisor in TMC for vSphere with Tanzu versions prior to vSphere 7.0.3.
- Lifecycle management of Tanzu Kubernetes Grid Service clusters running in vSphere with Tanzu versions prior to vSphere 8.
Transparent Provide the custom root or CA certificate in CRT format. Transparent proxy is not supported for lifecycle management of Tanzu Kubernetes clusters.
- In the No proxy list, you can optionally specify a comma-separated list of outbound destinations that must bypass the proxy server.
- Click Create.
What to do next
After you create a proxy configuration object, you can use it when registering a Tanzu Kubernetes Grid management cluster, provisioning a workload cluster, or attaching a conformant Kubernetes cluster.