Searching for results...

No results

Your search did not match anything from Mirantis documentation.
Check your spelling or try different keywords.

An error occurred

An error occurred while using the search.
Try your search again or contact us to let us know about it.

Newer documentation is now live.You are currently reading an older version.

Switch to latest✕

Requirements for a MITM proxy

Note

For MOSK clusters, the feature is generally available since MOSK 23.1.

While bootstrapping a MOSK management cluster using proxy, you may require Internet access to go through a man-in-the-middle (MITM) proxy. Such configuration requires that you enable streaming and install a CA certificate on a bootstrap node.

Enable streaming for MITM

Ensure that the MITM proxy is configured with enabled streaming. For example, if you use mitmproxy, enable the stream_large_bodies=1 option:

./mitmdump --set stream_large_bodies=1

Install a CA certificate for a MITM proxy on a bootstrap node

1. Log in to the bootstrap node.

2. Install ca-certificates:

   apt install ca-certificates
   

3. Copy your CA certificate to the /usr/local/share/ca-certificates/ directory. For example:

   sudo cp ~/.mitmproxy/mitmproxy-ca-cert.cer /usr/local/share/ca-certificates/mitmproxy-ca-cert.crt
   

   Replace ~/.mitmproxy/mitmproxy-ca-cert.cer with the path to your CA certificate.

   Caution

   The target CA certificate file must be in the PEM format with the .crt extension.

4. Apply the changes:

   sudo update-ca-certificates
   

Now, proceed with bootstrapping your management cluster.

Contents

• Requirements for a MITM proxy
  • Enable streaming for MITM
  • Install a CA certificate for a MITM proxy on a bootstrap node