mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
57 lines
2.7 KiB
Plaintext
57 lines
2.7 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/networking-operators/aws_load_balancer_operator/configuring-aws-load-balancer-operator/configuring-aws-load-balancer-operator.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-configuring-cluster-wide-proxy_{context}"]
|
|
= Trusting the certificate authority of the cluster-wide proxy
|
|
|
|
[role="_abstract"]
|
|
You can configure the cluster-wide proxy in the AWS Load Balancer Operator. After configuring the cluster-wide proxy, Operator Lifecycle Manager (OLM) automatically updates all the deployments of the Operators with the environment variables.
|
|
|
|
Environment variables include `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`. These variables are populated to the managed controller by the AWS Load Balancer Operator.
|
|
|
|
.Procedure
|
|
|
|
. Create the config map to contain the certificate authority (CA) bundle in the `aws-load-balancer-operator` namespace by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc -n aws-load-balancer-operator create configmap trusted-ca
|
|
----
|
|
|
|
. To inject the trusted CA bundle into the config map, add the `config.openshift.io/inject-trusted-cabundle=true` label to the config map by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc -n aws-load-balancer-operator label cm trusted-ca config.openshift.io/inject-trusted-cabundle=true
|
|
----
|
|
|
|
. Update the AWS Load Balancer Operator subscription to access the config map in the AWS Load Balancer Operator deployment by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc -n aws-load-balancer-operator patch subscription aws-load-balancer-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"TRUSTED_CA_CONFIGMAP_NAME","value":"trusted-ca"}],"volumes":[{"name":"trusted-ca","configMap":{"name":"trusted-ca"}}],"volumeMounts":[{"name":"trusted-ca","mountPath":"/etc/pki/tls/certs/albo-tls-ca-bundle.crt","subPath":"ca-bundle.crt"}]}}}'
|
|
----
|
|
|
|
. After the AWS Load Balancer Operator is deployed, verify that the CA bundle is added to the `aws-load-balancer-operator-controller-manager` deployment by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc -n aws-load-balancer-operator exec deploy/aws-load-balancer-operator-controller-manager -c manager -- bash -c "ls -l /etc/pki/tls/certs/albo-tls-ca-bundle.crt; printenv TRUSTED_CA_CONFIGMAP_NAME"
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
-rw-r--r--. 1 root 1000690000 5875 Jan 11 12:25 /etc/pki/tls/certs/albo-tls-ca-bundle.crt
|
|
trusted-ca
|
|
----
|
|
|
|
. Optional: Restart deployment of the AWS Load Balancer Operator every time the config map changes by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc -n aws-load-balancer-operator rollout restart deployment/aws-load-balancer-operator-controller-manager
|
|
----
|