You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/cluster-wide-proxy-preqs.adoc
-6Lines changed: 0 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -86,10 +86,4 @@ When using a cluster-wide proxy, you must configure the `s3.<aws_region>.amazona
86
86
|Used by the splunk-forwarder-operator as a log forwarding endpoint to be used by Red Hat SRE for log-based alerting.
87
87
|===
88
88
--
89
-
+
90
-
[IMPORTANT]
91
-
====
92
-
The use of a proxy server to perform TLS re-encryption is currently not supported if the server is acting as a transparent forward proxy where it is not configured on-cluster via the `--http-proxy` or `--https-proxy` arguments.
93
89
94
-
A transparent forward proxy intercepts the cluster traffic, but it is not actually configured on the cluster itself.
<1> The `additional-trust-bundle-file`, `http-proxy`, and `https-proxy` arguments are all optional.
39
-
<2> If you use the `additional-trust-bundle-file` argument without an `http-proxy` or `https-proxy` argument, the trust bundle is added to the trust store and used to verify cluster system egress traffic. In that scenario, the bundle is not configured to be used with a proxy.
40
-
<3> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The `additionalTrustBundle` parameter is required unless the identity certificate of the proxy is signed by an authority from the {op-system} trust bundle. If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional CAs, you must provide the MITM CA certificate.
39
+
<2> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The `additionalTrustBundle` parameter is required unless the identity certificate of the proxy is signed by an authority from the {op-system} trust bundle. If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional CAs, you must provide the MITM CA certificate.
41
40
+
42
41
[NOTE]
43
42
====
44
43
You should not attempt to change the proxy or additional trust bundle configuration on the cluster directly. These changes must be applied by using the ROSA CLI (`rosa`) or {cluster-manager-first}. Any changes that are made directly to the cluster will be reverted automatically.
45
44
====
46
-
<4> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
47
-
<5> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
45
+
<3> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
46
+
<4> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
48
47
+
49
48
Preface a domain with `.` to match subdomains only. For example, `.y.com` matches `x.y.com`, but not `y.com`. Use `*` to bypass proxy for all destinations.
50
49
If you scale up workers that are not included in the network defined by the `networking.machineNetwork[].cidr` field from the installation configuration, you must add them to this list to prevent connection issues.
Copy file name to clipboardExpand all lines: modules/configuring-a-proxy-after-installation-ocm.adoc
-4Lines changed: 0 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -41,10 +41,6 @@ endif::openshift-dedicated[]
41
41
+
42
42
If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional certificate authorities (CAs), you must provide the MITM CA certificate.
43
43
+
44
-
[NOTE]
45
-
====
46
-
If you upload an additional trust bundle file without specifying an HTTP or HTTPS proxy URL, the bundle is set on the cluster but is not configured to be used with the proxy.
<1> The `additional-trust-bundle-file`, `http-proxy`, and `https-proxy` arguments are all optional.
33
-
<2> If you use the `additional-trust-bundle-file` argument without an `http-proxy` or `https-proxy` argument, the trust bundle is added to the trust store and used to verify cluster system egress traffic. In that scenario, the bundle is not configured to be used with a proxy.
34
-
<3> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The `additionalTrustBundle` parameter is required unless the identity certificate of the proxy is signed by an authority from the {op-system} trust bundle. If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional CAs, you must provide the MITM CA certificate.
35
-
<4> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
36
-
<5> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
33
+
<2> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The `additionalTrustBundle` parameter is required unless the identity certificate of the proxy is signed by an authority from the {op-system} trust bundle. If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional CAs, you must provide the MITM CA certificate.
34
+
<3> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
35
+
<4> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
37
36
+
38
37
Preface a domain with `.` to match subdomains only. For example, `.y.com` matches `x.y.com`, but not `y.com`. Use `*` to bypass proxy for all destinations.
39
38
If you scale up workers that are not included in the network defined by the `networking.machineNetwork[].cidr` field from the installation configuration, you must add them to this list to prevent connection issues.
Copy file name to clipboardExpand all lines: modules/osd-create-cluster-ccs.adoc
-5Lines changed: 0 additions & 5 deletions
Original file line number
Diff line number
Diff line change
@@ -311,11 +311,6 @@ endif::osd-on-aws[]
311
311
** In the *Additional trust bundle* field, provide a PEM encoded X.509 certificate bundle. The bundle is added to the trusted certificate store for the cluster nodes. An additional trust bundle file is required unless the identity certificate for the proxy is signed by an authority from the {op-system-first} trust bundle.
312
312
+
313
313
If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional certificate authorities (CAs), you must provide the MITM CA certificate.
314
-
+
315
-
[NOTE]
316
-
====
317
-
If you upload an additional trust bundle file without specifying an HTTP or HTTPS proxy URL, the bundle is set on the cluster but is not configured to be used with the proxy.
0 commit comments