You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<1> The `additional-trust-bundle-file`, `http-proxy`, and `https-proxy` arguments are all optional.
36
39
<2> If you use the `additional-trust-bundle-file` argument without an `http-proxy` or `https-proxy` argument, the trust bundle is added to the trust store and used to verify cluster system egress traffic. In that scenario, the bundle is not configured to be used with a proxy.
37
40
<3> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The `additionalTrustBundle` parameter is required unless the identity certificate of the proxy is signed by an authority from the {op-system} trust bundle. If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional CAs, you must provide the MITM CA certificate.
38
-
<4> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
39
41
+
40
42
[NOTE]
41
43
====
42
44
You should not attempt to change the proxy or additional trust bundle configuration on the cluster directly. These changes must be applied by using the ROSA CLI (`rosa`) or {cluster-manager-first}. Any changes that are made directly to the cluster will be reverted automatically.
43
45
====
46
+
<4> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
47
+
<5> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
48
+
+
49
+
Preface a domain with `.` to match subdomains only. For example, `.y.com` matches `x.y.com`, but not `y.com`. Use `*` to bypass proxy for all destinations.
50
+
If you scale up workers that are not included in the network defined by the `networking.machineNetwork[].cidr` field from the installation configuration, you must add them to this list to prevent connection issues.
51
+
+
52
+
This field is ignored if neither the `httpProxy` or `httpsProxy` fields are set.
<1> The `additional-trust-bundle-file`, `http-proxy`, and `https-proxy` arguments are all optional.
30
33
<2> If you use the `additional-trust-bundle-file` argument without an `http-proxy` or `https-proxy` argument, the trust bundle is added to the trust store and used to verify cluster system egress traffic. In that scenario, the bundle is not configured to be used with a proxy.
31
34
<3> The `additional-trust-bundle-file` argument is a file path pointing to a bundle of PEM-encoded X.509 certificates, which are all concatenated together. The `additionalTrustBundle` parameter is required unless the identity certificate of the proxy is signed by an authority from the {op-system} trust bundle. If you use an MITM transparent proxy network that does not require additional proxy configuration but requires additional CAs, you must provide the MITM CA certificate.
32
35
<4> The `http-proxy` and `https-proxy` arguments must point to a valid URL.
36
+
<5> A comma-separated list of destination domain names, IP addresses, or network CIDRs to exclude proxying.
37
+
+
38
+
Preface a domain with `.` to match subdomains only. For example, `.y.com` matches `x.y.com`, but not `y.com`. Use `*` to bypass proxy for all destinations.
39
+
If you scale up workers that are not included in the network defined by the `networking.machineNetwork[].cidr` field from the installation configuration, you must add them to this list to prevent connection issues.
40
+
+
41
+
This field is ignored if neither the `httpProxy` or `httpsProxy` fields are set.
0 commit comments