Configuring the cluster-wide proxy

    • Review the and determine whether any of them must bypass the proxy. By default, all cluster system egress traffic is proxied, including calls to the cloud provider API for the cloud that hosts your cluster. System-wide proxy affects system components only, not user workloads. Add sites to the Proxy object’s spec.noProxy field to bypass the proxy if necessary.

    The Proxy object is used to manage the cluster-wide egress proxy. When a cluster is installed or upgraded without the proxy configured, a Proxy object is still generated but it will have a nil spec. For example:

    A cluster administrator can configure the proxy for OKD by modifying this cluster Proxy object.

    Prerequisites

    • Cluster administrator permissions

    • OKD oc CLI tool installed

    1. Create a config map that contains any additional CA certificates required for proxying HTTPS connections.

      1. Create a file called user-ca-bundle.yaml with the following contents, and provide the values of your PEM-encoded certificates:

        1. data:
        2.   ca-bundle.crt: | (1)
        3.     <MY_PEM_ENCODED_CERTS> (2)
        4. kind: ConfigMap
        5. metadata:
        6.   name: user-ca-bundle (3)
        7.   namespace: openshift-config (4)

      2. Create the config map from this file:

    2. Use the oc edit command to modify the Proxy object:

      1. Configure the necessary fields for the proxy:

      2. Save the file to apply the changes.

      Prerequisites

      • Cluster administrator permissions

      • OKD oc CLI tool installed

      Procedure

      1. Use the oc edit command to modify the proxy:

        1. $ oc edit proxy/cluster

      2. Remove all fields from the Proxy object. For example:

      3. Save the file to apply the changes.