Requirements for a MITM proxy¶
Available since 2.18.0 as TechPreview Available since 2.20.0 as GA for non-MOSK clusters
Since Container Cloud 2.20.0, the feature is generally available for the AWS, vSphere, Equinix Metal with private networking, OpenStack, and non-MOSK-based bare metal providers
For MOSK-based deployments, the feature support will become available in one of the following Container Cloud releases.
Since Container Cloud 2.18.0, the feature is available as Technology Preview for the OpenStack and non-MOSK-based bare metal deployments only
For Azure and Equinix Metal with public networking deployments, the feature is not supported
While bootstrapping a Container Cloud management or regional cluster using proxy, you may require Internet access to go through a man-in-the-middle (MITM) proxy. Such configuration requires that you enable streaming and install a CA certificate on a bootstrap node.
Enable streaming for MITM¶
./mitmdump --set stream_large_bodies=1
Install a CA certificate for a MITM proxy on a bootstrap node¶
Log in to the bootstrap node.
apt install ca-certificates
Copy your CA certificate to the
/usr/local/share/ca-certificates/directory. For example:
sudo cp ~/.mitmproxy/mitmproxy-ca-cert.cer /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
~/.mitmproxy/mitmproxy-ca-cert.cerwith the path to your CA certificate.
The target CA certificate file must be in the
PEMformat with the
Apply the changes:
Now, proceed with bootstrapping your management or regional cluster.