If you choose to switch from LDAP authentication to OIDC, or if Pinniped needs to connect externally through a proxy for authentication, follow the guide below to configure the necessary proxy settings.

When you update your settings to use OIDC, you may notice that pinniped is not using the proxy and is trying to reach out directly to your OIDC provider. 

"error":"Get \"error":"Get \https://oidc-provider.com/oidc/1/: dial tcp 33.193.113.7:443: connect: network is unreachable"}

Proxy is not configured in Pinniped. 

According to the TMC Self-Managed (TMCSM) documentation, you can leverage the pinnipedExtraEnvVars parameter to provide Pinniped's proxy configuration in the values.yaml file used for deploying the TMCSM instance.

Edit your values.yaml file with the following configuration: 

pinnipedExtraEnvVars:
  - name: HTTPS_PROXY
    value: http://${PROXY_IP}:${PROXY_PORT}
  - name: HTTP_PROXY
    value: http://${PROXY_IP}:${PROXY_PORT}
  - name: NO_PROXY 
    value: localhost,127.0.0.1,.svc,.svc.cluster.local,etc

You can fill in the above snippet with proxy configuration specific to your infrastructure. Once complete you this step, you can update the configuration for your TMCSM instance: 

tanzu package installed update tanzu-mission-control -p tmc.tanzu.vmware.com --version "version" --values-file values.yaml --namespace tmc-local