Installing the TKG Extensions v1.3.1 on a TKGS Cluster Configured with a Proxy Server
search cancel

Installing the TKG Extensions v1.3.1 on a TKGS Cluster Configured with a Proxy Server

book

Article ID: 323443

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This KB article describes how to install the TKG Extensions v1.3.1 on a Tanzu Kubernetes cluster provisioned by the Tanzu Kuberentes Grid Service that is configured with a Proxy Server.

Environment

VMware vCenter Server 7.0.x

Resolution

There are two ways to configure a Tanzu Kuberetes clsuter to use a proxy server: either on a per-cluster basis in the cluster spec (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-B1034373-8C38-4FE2-9517-345BF7271A1E.html#cluster-with-a-proxy-server-5) or globally on the TKGS instance itself (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-4838C85E-398D-4461-9C4E-561FADD42A07.html#configure-a-global-proxy-server-3).

If you have configured a proxy server and you want to install the TKG Extensions v1.3.1 (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-00A2BB49-DBDE-4E2B-B9EE-38C36E261185.html), follow these steps:
1) Make sure that the Proxy Server IP address is not within the range of the Pod CIDR or Service CIDR of the cluster.
2) In the Proxy Server configuration for the cluster or the service, in addition to the required `noProxy` values from the Workload Network on the Supervisor Cluster (Pod CIDRs, Ingress CIDRs, and Egress CIDRs), add the following entries to the noProxy field:
```
.local,.svc,.svc.cluster.local
```
For example, per-cluster configuration:
```
apiVersion: run.tanzu.vmware.com/v1alpha1    
kind: TanzuKubernetesCluster                 
metadata:
  name: tkgs-cluster-with-proxy                                
  namespace: tkgs-cluster-ns                     
spec:
  distribution:
    version: v1.20                              
  topology:
    ...       
  settings:
    storage:
      ...                     
    network:
      cni:
        name: antrea 
      pods:
        cidrBlocks:
        - 193.0.2.0/16
      services:
        cidrBlocks:
        - 195.51.100.0/12           
      proxy:
        httpProxy: http://10.186.102.224:3128
        httpsProxy: http://10.186.102.224:3128
        noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]
```
For example, global service configuration:
```
apiVersion: run.tanzu.vmware.com/v1alpha1
kind: TkgServiceConfiguration
metadata:
  name: tkg-service-configuration-example
spec:
  defaultCNI: <antrea or calico>
  proxy:
    httpProxy: http://10.186.102.224:3128
    httpsProxy: http://10.186.102.224:3128
    noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]
```
3) In `kapp-controller-config.yaml`, add the HTTP and HTTPS proxy server configuration.
4) In `kapp-controller-config.yaml`, enter the following in the the `noProxy` field:
```
localhost,127.0.0.1,kubernetes.default.svc,.svc,cluster.local,.local,195.51.100.0/12
```
Where `195.51.100.0/12` is the cluster `spec.settings.network.services.cidrBlocks` entry.
5) In `kapp-controller-config.yaml`, comment out the the default certificate if you are not using it.


Powered by Wolken Software