There are two ways to configure a Tanzu Kuberetes clsuter to use a proxy server: either on a per-cluster basis in the cluster spec (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-B1034373-8C38-4FE2-9517-345BF7271A1E.html#cluster-with-a-proxy-server-5) or globally on the TKGS instance itself (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-4838C85E-398D-4461-9C4E-561FADD42A07.html#configure-a-global-proxy-server-3).
If you have configured a proxy server and you want to install the TKG Extensions v1.3.1 (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-00A2BB49-DBDE-4E2B-B9EE-38C36E261185.html), follow these steps:
1) Make sure that the Proxy Server IP address is not within the range of the Pod CIDR or Service CIDR of the cluster.
2) In the Proxy Server configuration for the cluster or the service, in addition to the required `noProxy` values from the Workload Network on the Supervisor Cluster (Pod CIDRs, Ingress CIDRs, and Egress CIDRs), add the following entries to the noProxy field:
```
.local,.svc,.svc.cluster.local
```
For example, per-cluster configuration:
```
apiVersion: run.tanzu.vmware.com/v1alpha1
kind: TanzuKubernetesCluster
metadata:
name: tkgs-cluster-with-proxy
namespace: tkgs-cluster-ns
spec:
distribution:
version: v1.20
topology:
...
settings:
storage:
...
network:
cni:
name: antrea
pods:
cidrBlocks:
- 193.0.2.0/16
services:
cidrBlocks:
- 195.51.100.0/12
proxy:
httpProxy: http://10.186.102.224:3128
httpsProxy: http://10.186.102.224:3128
noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]
```
For example, global service configuration:
```
apiVersion: run.tanzu.vmware.com/v1alpha1
kind: TkgServiceConfiguration
metadata:
name: tkg-service-configuration-example
spec:
defaultCNI: <antrea or calico>
proxy:
httpProxy: http://10.186.102.224:3128
httpsProxy: http://10.186.102.224:3128
noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]
```
3) In `kapp-controller-config.yaml`, add the HTTP and HTTPS proxy server configuration.
4) In `kapp-controller-config.yaml`, enter the following in the the `noProxy` field:
```
localhost,127.0.0.1,kubernetes.default.svc,.svc,cluster.local,.local,195.51.100.0/12
```
Where `195.51.100.0/12` is the cluster `spec.settings.network.services.cidrBlocks` entry.
5) In `kapp-controller-config.yaml`, comment out the the default certificate if you are not using it.