Requirements for a MITM proxy

Note

For MOSK, the feature is generally available since MOSK 23.1.

While bootstrapping a Container Cloud management cluster using proxy, you may require Internet access to go through a man-in-the-middle (MITM) proxy. Such configuration requires that you enable streaming and install a CA certificate on a bootstrap node.

Enable streaming for MITM

Ensure that the MITM proxy is configured with enabled streaming. For example, if you use mitmproxy, enable the stream_large_bodies=1 option:

./mitmdump --set stream_large_bodies=1

Install a CA certificate for a MITM proxy on a bootstrap node

1. Log in to the bootstrap node.

2. Install ca-certificates:

   apt install ca-certificates
   

3. Copy your CA certificate to the /usr/local/share/ca-certificates/ directory. For example:

   sudo cp ~/.mitmproxy/mitmproxy-ca-cert.cer /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
   

   Replace ~/.mitmproxy/mitmproxy-ca-cert.cer with the path to your CA certificate.

   Caution

   The target CA certificate file must be in the PEM format with the .crt extension.

4. Apply the changes:

   sudo update-ca-certificates
   

Now, proceed with bootstrapping your management cluster.