You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/azure-arc/resource-bridge/network-requirements.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,32 +17,32 @@ This article describes the networking requirements for deploying Azure Arc resou
17
17
18
18
## Additional network requirements
19
19
20
-
In addition, resource bridge (preview) requires connectivity to the [Arc-enabled Kubernetes endpoints](../network-requirements-consolidated.md?tabs=azure-cloud).
20
+
In addition, Arc resource bridge (preview) requires connectivity to the [Arc-enabled Kubernetes endpoints](../network-requirements-consolidated.md?tabs=azure-cloud).
21
21
22
22
> [!NOTE]
23
23
> The URLs listed here are required for Arc resource bridge only. Other Arc products (such as Arc-enabled VMware vSphere) may have additional required URLs. For details, see [Azure Arc network requirements](../network-requirements-consolidated.md).
24
24
25
25
## SSL proxy configuration
26
26
27
-
If using a proxy, Arc resource bridge must be configured for proxy so that it can connect to the Azure services.
27
+
If using a proxy, Arc resource bridge must be configured for proxy so that it can connect to the Azure services.
28
28
29
-
- To configure the Arc resource bridge with proxy, provide the proxy certificate file path during creation of the configuration files.
29
+
- To configure the Arc resource bridge with proxy, provide the proxy certificate file path during creation of the configuration files.
30
30
31
-
- The format of the certificate file is *Base-64 encoded X.509 (.CER)*.
31
+
- The format of the certificate file is *Base-64 encoded X.509 (.CER)*.
32
32
33
-
- Only pass the single proxy certificate. If a certificate bundle is passed then the deployment will fail.
33
+
- Only pass the single proxy certificate. If a certificate bundle is passed, the deployment will fail.
34
34
35
-
- The proxy server endpoint can't be a .local domain.
35
+
- The proxy server endpoint can't be a `.local` domain.
36
36
37
-
- The proxy server has to be reachable from all IPs within the IP address prefix, including the control plane and appliance VM IPs.
37
+
- The proxy server has to be reachable from all IPs within the IP address prefix, including the control plane and appliance VM IPs.
38
38
39
-
There are only two certificates that should be relevant when deploying the Arc resource bridge behind an SSL proxy:
39
+
There are only two certificates that should be relevant when deploying the Arc resource bridge behind an SSL proxy:
40
40
41
41
- SSL certificate for your SSL proxy (so that the management machine and appliance VM trust your proxy FQDN and can establish an SSL connection to it)
42
42
43
43
- SSL certificate of the Microsoft download servers. This certificate must be trusted by your proxy server itself, as the proxy is the one establishing the final connection and needs to trust the endpoint. Non-Windows machines may not trust this second certificate by default, so you may need to ensure that it's trusted.
44
44
45
-
In order to deploy Arc resource bridge, images need to be downloaded to the management machine and then uploaded to the on-premises private cloud gallery. If your proxy server throttles download speed, this may impact your ability to download the required images (~3.5 GB) within the allotted time (90 min).
45
+
In order to deploy Arc resource bridge, images need to be downloaded to the management machine and then uploaded to the on-premises private cloud gallery. If your proxy server throttles download speed, you may not be able to download the required images (~3.5 GB) within the allotted time (90 min).
46
46
47
47
## Exclusion list for no proxy
48
48
@@ -51,7 +51,7 @@ If a proxy server is being used, the following table contains the list of addres
| .svc | Internal Kubernetes service traffic (.svc) where _.svc_ represents a wildcard name. This is similar to saying \*.svc, but none is used in this schema. |
54
+
| .svc | Internal Kubernetes service traffic (.svc) where *.svc* represents a wildcard name. This is similar to saying \*.svc, but none is used in this schema. |
55
55
| 10.0.0.0/8 | private network address space |
56
56
| 172.16.0.0/12 |Private network address space - Kubernetes Service CIDR |
57
57
| 192.168.0.0/16 | Private network address space - Kubernetes Pod CIDR |
@@ -60,7 +60,7 @@ If a proxy server is being used, the following table contains the list of addres
60
60
The default value for `noProxy` is `localhost,127.0.0.1,.svc,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16`. While these default values will work for many networks, you may need to add more subnet ranges and/or names to the exemption list. For example, you may want to exempt your enterprise namespace (.contoso.com) from being directed through the proxy. You can achieve that by specifying the values in the `noProxy` list.
61
61
62
62
> [!IMPORTANT]
63
-
> When listing multiple addresses for the noproxy settings, do not add a space after the commas to separate the addresses. The addresses must immediately follow the comma.
63
+
> When listing multiple addresses for the `noProxy` settings, don't add a space after each comma to separate the addresses. The addresses must immediately follow the commas.
0 commit comments