Requirements for a MITM proxy¶
Note
For MOSK, the feature is generally available since MOSK 23.1.
While bootstrapping a Container Cloud management cluster using proxy, you may require Internet access to go through a man-in-the-middle (MITM) proxy. Such configuration requires that you enable streaming and install a CA certificate on a bootstrap node.
Enable streaming for MITM¶
Ensure that the MITM proxy is configured with enabled streaming. For example, if you use mitmproxy, enable the stream_large_bodies=1 option:
./mitmdump --set stream_large_bodies=1
Install a CA certificate for a MITM proxy on a bootstrap node¶
Log in to the bootstrap node.
Install
ca-certificates
:apt install ca-certificates
Copy your CA certificate to the
/usr/local/share/ca-certificates/
directory. For example:sudo cp ~/.mitmproxy/mitmproxy-ca-cert.cer /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
Replace
~/.mitmproxy/mitmproxy-ca-cert.cer
with the path to your CA certificate.Caution
The target CA certificate file must be in the
PEM
format with the.crt
extension.Apply the changes:
sudo update-ca-certificates
Now, proceed with bootstrapping your management cluster.