openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/configuring-a-proxy-after-installation-ocm.adoc
Olga Tikhomirova 3903bf2d75 OSDOCS-15926 - Removing unused OSD files 
(cherry picked from commit d9774fb40a)
2025-11-26 10:02:19 -08:00

50 lines
2.6 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * networking/ovn_kubernetes_network_provider/configuring-cluster-wide-proxy.adoc
:_mod-docs-content-type: PROCEDURE
[id="configuring-a-proxy-after-installation-ocm_{context}"]
= Configuring a proxy after installation using {cluster-manager}
You can use {cluster-manager-first} to add a cluster-wide proxy configuration to an existing {product-title} cluster in a Virtual Private Cloud (VPC).
ifdef::openshift-dedicated[]
You can enable a proxy only for clusters that use the Customer Cloud Subscription (CCS) model.
endif::openshift-dedicated[]
You can also use {cluster-manager} to update an existing cluster-wide proxy configuration. For example, you might need to update the network address for the proxy or replace the additional trust bundle if any of the certificate authorities for the proxy expire.
[IMPORTANT]
====
The cluster applies the proxy configuration to the control plane and compute nodes. While applying the configuration, each cluster node is temporarily placed in an unschedulable state and drained of its workloads. Each node is restarted as part of the process.
====
.Prerequisites
ifndef::openshift-dedicated[]
* You have an {product-title} cluster.
endif::openshift-dedicated[]
ifdef::openshift-dedicated[]
* You have an {product-title} cluster that uses the Customer Cloud Subscription (CCS) model.
endif::openshift-dedicated[]
* Your cluster is deployed in a VPC.
.Procedure
. Navigate to {cluster-manager-url} and select your cluster.
. Under the *Virtual Private Cloud (VPC)* section on the *Networking* page, click *Edit cluster-wide proxy*.
. On the *Edit cluster-wide proxy* page, provide your proxy configuration details:
.. Enter a value in at least one of the following fields:
*** Specify a valid *HTTP proxy URL*.
*** Specify a valid *HTTPS proxy URL*.
*** In the *Additional trust bundle* field, provide a PEM encoded X.509 certificate bundle.
+
If you are replacing an existing trust bundle file, select *Replace file* to view the field. The bundle is added to the trusted certificate store for the cluster nodes. An additional trust bundle file is required if you use a TLS-inspecting proxy unless the identity certificate for the proxy is signed by an authority from the {op-system-first} trust bundle. This requirement applies regardless of whether the proxy is transparent or requires explicit configuration using the `http-proxy` and `https-proxy` arguments.
.. Click *Confirm*.
.Verification
* Under the *Virtual Private Cloud (VPC)* section on the *Networking* page, verify that the proxy configuration for your cluster is as expected.
View Git Blame Copy Permalink