openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
eb7953df7f2265c293783ef096ad96e7fc5d90ff
openshift-docs/modules/configuring-a-proxy-during-installation-cli.adoc
Olga Tikhomirova 3903bf2d75 OSDOCS-15926 - Removing unused OSD files 
(cherry picked from commit d9774fb40a)
2025-11-26 10:02:19 -08:00

45 lines
2.6 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * networking/ovn_kubernetes_network_provider/configuring-cluster-wide-proxy.adoc
:_mod-docs-content-type: PROCEDURE
[id="configuring-a-proxy-during-installation-cli_{context}"]
= Configuring a proxy during installation using the CLI
If you are installing a {product-title} cluster into an existing Virtual Private Cloud (VPC), you can use the ROSA CLI (`rosa`) to enable a cluster-wide HTTP or HTTPS proxy during installation.
The following procedure provides details about the ROSA CLI (`rosa`) arguments that are used to configure a cluster-wide proxy during installation.
ifdef::openshift-rosa[]
For general installation steps using the ROSA CLI, see _Creating a cluster with customizations using the CLI_.
endif::openshift-rosa[]
.Prerequisites
* You have verified that the proxy is accessible from the VPC that the cluster is being installed into. The proxy must also be accessible from the private subnets of the VPC.
.Procedure
* Specify a proxy configuration when you create your cluster:
+
[source,terminal]
----
$ rosa create cluster \
<other_arguments_here> \
--additional-trust-bundle-file <path_to_ca_bundle_file> \ <1> <2> <3>
--http-proxy http://<username>:<password>@<ip>:<port> \ <1> <3>
--https-proxy https://<username>:<password>@<ip>:<port> \ <1> <3>
--no-proxy example.com <4>
----
+
--
<1> The `additional-trust-bundle-file`, `http-proxy`, and `https-proxy` arguments are all optional.
<2> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The additional-trust-bundle-file argument is required for users who use a TLS-inspecting proxy unless the identity certificate for the proxy is signed by an authority from the {op-system-first} trust bundle. This applies regardless of whether the proxy is transparent or requires explicit configuration using the http-proxy and https-proxy arguments.
<3> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
<4> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
+
Preface a domain with `.` to match subdomains only. For example, `.y.com` matches `x.y.com`, but not `y.com`. Use `*` to bypass proxy for all destinations.
If you scale up workers that are not included in the network defined by the `networking.machineNetwork[].cidr` field from the installation configuration, you must add them to this list to prevent connection issues.
+
This field is ignored if neither the `httpProxy` or `httpsProxy` fields are set.
--
View Git Blame Copy Permalink