Add a CA certificate for a MITM proxy¶
Available since 2.18.0 TechPreview
When you enable a man-in-the-middle (MITM) proxy access to a managed cluster,
your proxy requires a trusted CA certificate. This section describes how to
manually add the caCertificate
field to the spec
section
of the Proxy
object.
To add a CA certificate for a MITM proxy:
Encode you proxy CA certificate. For example:
cat ~/.mitmproxy/mitmproxy-ca-cert.cer | base64 -w0
Replace
~/.mitmproxy/mitmproxy-ca-cert.cer
with the path to your CA certificate file.Open the existing
Proxy
object for editing:kubectl --kubeconfig <pathToManagementClusterKubeconfig> -n <projectName> edit proxy <proxyName>
In the system response, find the
spec
section with the current proxy configuration. For example:spec: httpProxy: http://172.19.123.57:8080 httpsProxy: http://172.19.123.57:8080
In the
spec
section, add thespec.caCertificate
field with the base64-encoded proxy CA certificate data. For example:spec: caCertificate: <BASE64_ENCODED_CA_CERTIFICATE> httpProxy: http://172.19.123.57:8080 httpsProxy: http://172.19.123.57:8080
Save the
Proxy
object and proceed with the managed cluster creation.