You can configure a cluster-wide proxy during cluster installation or after the cluster has been installed.
If you use a cluster-wide proxy, you are responsible for the following:
-
Maintaining the availability of the proxy to the cluster.
-
Understanding that if the proxy becomes unavailable, then it may impact the health and supportability of the cluster.
|
Important
|
Cluster-wide proxy is a functionally-complete feature and suitable for production workloads. There are additional considerations that need to be added to documentation, and until then, this feature is considered a Technology Preview. |
|
Important
|
Additional Resources
The use of a proxy server to perform TLS re-encryption is currently not supported if the server is acting as a transparent forward proxy where it is not configured on-cluster via the A transparent forward proxy intercepts the cluster’s traffic, but it is not actually configured on the cluster itself. |
If you supplied an additional trust bundle file, you are responsible for the following:
-
Ensuring that the contents of the additional trust bundle are valid,
-
Ensuring that the certificates, including intermediary certificates, contained in the additional trust bundle have not expired, and
-
Tracking the expiry and performing any necessary renewals for certificates contained in the additional trust bundle, and subsequently updating the cluster’s configuration with the updated additional trust bundle.