apiVersion: config.openshift.io/v1
kind: proxy
metadata:
name: cluster
spec:
trustedCA:
name: ""
status:- Documentation
- OpenShift Container Platform
- Networking
- Configuring the cluster-wide proxy history
- About
- Release notes
- Architecture
- Installing
- Mirroring images for a disconnected installation
- Installing on AWS
- Configuring an AWS account
- Manually creating IAM
- Installing a cluster quickly on AWS
- Installing a cluster on AWS with customizations
- Installing a cluster on AWS with network customizations
- Installing a cluster on AWS in a restricted network
- Installing a cluster on AWS into an existing VPC
- Installing a private cluster on AWS
- Installing a cluster on AWS using CloudFormation templates
- Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on AWS
- Installing on Azure
- Configuring an Azure account
- Manually creating IAM
- Installing a cluster quickly on Azure
- Installing a cluster on Azure with customizations
- Installing a cluster on Azure with network customizations
- Installing a cluster on Azure into an existing VNet
- Installing a private cluster on Azure
- Installing a cluster on Azure using ARM templates
- Uninstalling a cluster on Azure
- Installing on GCP
- Configuring a GCP project
- Manually creating IAM
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP in a restricted network
- Installing a cluster on GCP into an existing VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Installing a cluster on GCP using Deployment Manager templates and a shared VPC
- Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on GCP
- Installing on bare metal
- Installing on IBM Z and LinuxONE
- Installing on IBM Power
- Installing on OpenStack
- Installing a cluster on OpenStack with customizations
- Installing a cluster on OpenStack with Kuryr
- Installing a cluster on OpenStack on your own infrastructure
- Installing a cluster on OpenStack with Kuryr on your own infrastructure
- Installing a cluster on OpenStack in a restricted network
- Uninstalling a cluster on OpenStack
- Uninstalling a cluster on OpenStack from your own infrastructure
- Installing on RHV
- Installing on vSphere
- Installing a cluster on vSphere
- Installing a cluster on vSphere with customizations
- Installing a cluster on vSphere with network customizations
- Installing a cluster on vSphere with user-provisioned infrastructure
- Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
- Installing a cluster on vSphere in a restricted network
- Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
- Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
- Installation configuration
- Troubleshooting installation issues
- Support for FIPS cryptography
- Updating clusters
- Post-installation configuration
- Support
- Web console
- Security
- Container security
- Understanding container security
- Understanding host and VM security
- Hardening Red Hat Enterprise Linux CoreOS
- Container image signatures
- Understanding compliance
- Securing container content
- Using container registries securely
- Securing the build process
- Deploying containers
- Securing the container platform
- Securing networks
- Securing attached storage
- Monitoring cluster events and logs
- Configuring certificates
- Certificate types and descriptions
- User-provided certificates for the API server
- proxy certificates
- Service CA certificates
- Node certificates
- Bootstrap certificates
- etcd certificates
- OLM certificates
- User-provided certificates for default ingress
- Ingress certificates
- Monitoring and cluster logging Operator component certificates
- Control plane certificates
- Viewing audit logs
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
- Scanning pods for vulnerabilities
- Container security
- Authentication and authorization
- Understanding authentication
- Configuring the internal OAuth server
- Understanding identity provider configuration
- Configuring identity providers
- Configuring an HTPasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Creating and using config maps
- Networking
- Understanding networking
- Accessing hosts
- Understanding the Cluster Network Operator
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Using SCTP
- Configuring PTP hardware
- Network policy
- Multiple networks
- Understanding multiple networks
- Attaching a Pod to an additional network
- Removing a Pod from an additional network
- Configuring a bridge network
- Configuring a host-device network
- Configuring an ipvlan network
- Configuring a macvlan network with basic customizations
- Configuring a macvlan network
- Editing an additional network
- Removing an additional network
- Hardware networks
- OpenShift SDN default CNI network provider
- About the OpenShift SDN default CNI network provider
- Configuring egress IPs for a project
- Configuring an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Deploying an egress router pod in HTTP proxy mode
- Deploying an egress router pod in DNS proxy mode
- Configuring an egress router pod destination list from a config map
- Enabling multicast for a project
- Disabling multicast for a project
- Configuring multitenant isolation
- Configuring kube-proxy
- OVN-Kubernetes default CNI network provider
- Configuring Routes
- Configuring ingress cluster traffic
- Configuring the cluster-wide proxy
- Configuring a custom PKI
- Load balancing on OpenStack
- Storage
- Understanding ephemeral storage
- Understanding persistent storage
- Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent storage using hostPath
- Persistent Storage using iSCSI
- Persistent storage using local volumes
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Container Storage
- Persistent storage using VMware vSphere
- Using Container Storage Interface (CSI)
- Expanding persistent volumes
- Dynamic provisioning
- Registry
- Operators
- Understanding Operators
- User tasks
- Administrator tasks
- Developing Operators
- Getting started with the Operator SDK
- Creating Ansible-based Operators
- Creating Helm-based Operators
- Generating a cluster service version (CSV)
- Working with bundle images
- Validating Operators using the scorecard
- Configuring built-in monitoring with Prometheus
- Configuring leader election
- Operator SDK CLI reference
- Appendices
- Red Hat Operators reference
- Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Pipelines
- Images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Understanding containers, images, and imagestreams
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using templates
- Using Ruby on Rails
- Using images
- Applications
- Machine management
- Nodes
- Working with pods
- About Pods
- Viewing Pods
- Configuring a cluster for Pods
- Automatically scaling pods with the horizontal pod autoscaler
- Automatically adjust pod resource levels with the vertical pod autoscaler
- Providing sensitive data to Pods
- Using Device Manager to make devices available to nodes
- Including pod priority in Pod scheduling decisions
- Placing pods on specific nodes using node selectors
- Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Configuring the default scheduler to control pod placement
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Running a custom scheduler
- Evicting pods using the descheduler
- Using Jobs and DaemonSets
- Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing Nodes
- Managing the maximum number of Pods per Node
- Using the Node Tuning Operator
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Allocating specific CPUs for nodes in a cluster
- Machine Config Daemon metrics
- Working with containers
- Using containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Working with clusters
- Working with pods
- Logging
- About cluster logging
- Installing cluster logging
- Configuring your cluster logging deployment
- About the Cluster Logging Custom Resource
- Configuring the logging collector
- Configuring the log store
- Configuring the log visualizer
- Configuring cluster logging storage
- Configuring CPU and memory limits for cluster logging components
- Using tolerations to control cluster logging pod placement
- Moving the cluster logging resources with node selectors
- Configuring systemd-journald for cluster logging
- Configuring the log curator
- Maintenance and support
- Viewing logs for a specific resource
- Viewing cluster logs in Kibana
- Forwarding logs to third party systems
- Collecting and storing Kubernetes events
- Updating cluster logging
- Troubleshooting cluster logging
- Uninstalling cluster logging
- Exported fields
- Monitoring
- Metering
- Scalability and performance
- Recommended installation practices
- Recommended host practices
- Recommended cluster scaling practices
- Using the Node Tuning Operator
- Using Cluster Loader
- Using CPU Manager
- Using Topology Manager
- Scaling the Cluster Monitoring Operator
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- Optimizing networking
- What huge pages do and how they are consumed by apps
- Backup and restore
- Migrating from OpenShift Container Platform 3 to 4
- Migration Toolkit for Containers
- CLI tools
- OpenShift CLI (oc)
- Developer CLI (odo)
- Understanding odo
- odo architecture
- Installing odo
- Using odo in a restricted environment
- Creating a single-component application with odo
- Creating a multicomponent application with odo
- Creating an application with a database
- Using devfiles in odo
- Using sample applications
- Creating instances of services managed by Operators
- Debugging applications in odo
- Managing environment variables in odo
- Configuring the odo CLI
- odo CLI reference
- odo release notes
- Helm CLI
- Knative CLI (kn) for use with OpenShift Serverless
- Pipelines CLI (tkn)
- API reference
- API list
- Common object reference
- Authorization APIs
- About Authorization APIs
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- TokenReview [authentication.k8s.io/v1]
- LocalSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectRulesReview [authorization.k8s.io/v1]
- SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
- Config APIs
- About Config APIs
- APIServer [config.openshift.io/v1]
- Authentication [config.openshift.io/v1]
- Build [config.openshift.io/v1]
- ClusterOperator [config.openshift.io/v1]
- ClusterVersion [config.openshift.io/v1]
- Console [config.openshift.io/v1]
- DNS [config.openshift.io/v1]
- FeatureGate [config.openshift.io/v1]
- Image [config.openshift.io/v1]
- Infrastructure [config.openshift.io/v1]
- Ingress [config.openshift.io/v1]
- Network [config.openshift.io/v1]
- OAuth [config.openshift.io/v1]
- OperatorHub [config.openshift.io/v1]
- Project [config.openshift.io/v1]
- proxy [config.openshift.io/v1]
- Scheduler [config.openshift.io/v1]
- Console APIs
- Extension APIs
- Image APIs
- About Image APIs
- Image [image.openshift.io/v1]
- ImageSignature [image.openshift.io/v1]
- ImageStreamImage [image.openshift.io/v1]
- ImageStreamImport [image.openshift.io/v1]
- ImageStreamMapping [image.openshift.io/v1]
- ImageStream [image.openshift.io/v1]
- ImageStreamTag [image.openshift.io/v1]
- ImageTag [image.openshift.io/v1]
- Machine APIs
- About Machine APIs
- ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
- ControllerConfig [machineconfiguration.openshift.io/v1]
- KubeletConfig [machineconfiguration.openshift.io/v1]
- MachineConfigPool [machineconfiguration.openshift.io/v1]
- MachineConfig [machineconfiguration.openshift.io/v1]
- MachineHealthCheck [machine.openshift.io/v1beta1]
- Machine [machine.openshift.io/v1beta1]
- MachineSet [machine.openshift.io/v1beta1]
- Metadata APIs
- Monitoring APIs
- Network APIs
- About Network APIs
- ClusterNetwork [network.openshift.io/v1]
- Endpoints [core/v1]
- EndpointSlice [discovery.k8s.io/v1beta1]
- EgressNetworkPolicy [network.openshift.io/v1]
- HostSubnet [network.openshift.io/v1]
- Ingress [networking.k8s.io/v1beta1]
- IngressClass [networking.k8s.io/v1beta1]
- NetNamespace [network.openshift.io/v1]
- NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- NetworkPolicy [networking.k8s.io/v1]
- Route [route.openshift.io/v1]
- Service [core/v1]
- Node APIs
- OAuth APIs
- Operator APIs
- About Operator APIs
- Authentication [operator.openshift.io/v1]
- Console [operator.openshift.io/v1]
- Config [operator.openshift.io/v1]
- Config [imageregistry.operator.openshift.io/v1]
- Config [samples.operator.openshift.io/v1]
- CSISnapshotController [operator.openshift.io/v1]
- DNS [operator.openshift.io/v1]
- DNSRecord [ingress.operator.openshift.io/v1]
- Etcd [operator.openshift.io/v1]
- ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- ImagePruner [imageregistry.operator.openshift.io/v1]
- IngressController [operator.openshift.io/v1]
- KubeAPIServer [operator.openshift.io/v1]
- KubeControllerManager [operator.openshift.io/v1]
- KubeScheduler [operator.openshift.io/v1]
- KubeStorageVersionMigrator [operator.openshift.io/v1]
- Network [operator.openshift.io/v1]
- OpenShiftAPIServer [operator.openshift.io/v1]
- OpenShiftControllerManager [operator.openshift.io/v1]
- ServiceCA [operator.openshift.io/v1]
- OperatorHub APIs
- About OperatorHub APIs
- CatalogSource [operators.coreos.com/v1alpha1]
- ClusterServiceVersion [operators.coreos.com/v1alpha1]
- InstallPlan [operators.coreos.com/v1alpha1]
- OperatorGroup [operators.coreos.com/v1]
- OperatorSource [operators.coreos.com/v1]
- PackageManifest [packages.operators.coreos.com/v1]
- Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
- Project APIs
- RBAC APIs
- Role APIs
- Schedule and quota APIs
- Security APIs
- About Security APIs
- CertificateSigningRequest [certificates.k8s.io/v1beta1]
- CredentialsRequest [cloudcredential.openshift.io/v1]
- PodSecurityPolicyReview [security.openshift.io/v1]
- PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- PodSecurityPolicySubjectReview [security.openshift.io/v1]
- RangeAllocation [security.openshift.io/v1]
- Secret [core/v1]
- SecurityContextConstraints [security.openshift.io/v1]
- ServiceAccount [core/v1]
- Storage APIs
- About Storage APIs
- CSIDriver [storage.k8s.io/v1]
- CSINode [storage.k8s.io/v1]
- PersistentVolumeClaim [core/v1]
- StorageClass [storage.k8s.io/v1]
- VolumeAttachment [storage.k8s.io/v1]
- VolumeSnapshot [snapshot.storage.k8s.io/v1beta1]
- VolumeSnapshotClass [snapshot.storage.k8s.io/v1beta1]
- VolumeSnapshotContent [snapshot.storage.k8s.io/v1beta1]
- Template APIs
- User and group APIs
- Workloads APIs
- About Workloads APIs
- BuildConfig [build.openshift.io/v1]
- Build [build.openshift.io/v1]
- CronJob [batch/v1beta1]
- DaemonSet [apps/v1]
- Deployment [apps/v1]
- DeploymentConfig [apps.openshift.io/v1]
- Job [batch/v1]
- Pod [core/v1]
- ReplicationController [core/v1]
- PersistentVolume [core/v1]
- ReplicaSet [apps/v1]
- StatefulSet [apps/v1]
- Service Mesh
- Service Mesh 1.x
- Service Mesh 1.x release notes
- Service Mesh architecture
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing Service Mesh
- Customizing the installation
- Deploying applications on Service Mesh
- Data visualization and observability
- Security
- Traffic management
- Using the 3scale Istio adapter
- Removing Service Mesh
- Service Mesh 1.x
- Jaeger
- OpenShift Virtualization
- About OpenShift Virtualization
- OpenShift Virtualization release notes
- OpenShift Virtualization installation
- Preparing your OpenShift cluster for OpenShift Virtualization
- Installing OpenShift Virtualization using the web console
- Installing OpenShift Virtualization using the CLI
- Installing the virtctl client
- Uninstalling OpenShift Virtualization using the web console
- Uninstalling OpenShift Virtualization using the CLI
- Upgrading OpenShift Virtualization
- Additional security privileges granted for kubevirt-controller and virt-launcher
- Using the CLI tools
- Virtual machines
- Creating virtual machines
- Editing virtual machines
- Editing boot order
- Deleting virtual machines
- Managing virtual machine instances
- Controlling virtual machines states
- Accessing virtual machine consoles
- Managing ConfigMaps, secrets, and service accounts in virtual machines
- Installing VirtIO driver on an existing Windows virtual machine
- Installing VirtIO driver on a new Windows virtual machine
- Advanced virtual machine management
- Importing virtual machines
- Cloning virtual machines
- Virtual machine networking
- Using the default Pod network with OpenShift Virtualization
- Attaching a virtual machine to multiple networks
- Configuring an SR-IOV network device for virtual machines
- Defining an SR-IOV network
- Attaching a virtual machine to an SR-IOV network
- Installing the QEMU guest agent on virtual machines
- Viewing the IP address of NICs on a virtual machine
- Using a MAC address pool for virtual machines
- Virtual machine disks
- Features for storage
- Configuring local storage for virtual machines
- Configuring CDI to work with namespaces that have a compute resource quota
- Uploading local disk images by using the virtctl tool
- Uploading a local disk image to a block storage DataVolume
- Moving a local virtual machine disk to a different node
- Expanding virtual storage by adding blank disk images
- Storage defaults for DataVolumes
- Using container disks with virtual machines
- Preparing CDI scratch space
- Re-using statically provisioned persistent volumes
- Deleting DataVolumes
- Virtual machine templates
- Live migration
- Node maintenance
- Node networking
- Logging, events, and monitoring
- Viewing logs
- Viewing events
- Diagnosing DataVolumes using events and conditions
- Viewing information about virtual machine workloads
- Monitoring virtual machine health
- Viewing cluster information
- OpenShift cluster monitoring, logging, and Telemetry
- Collecting OpenShift Virtualization data for Red Hat Support
- Serverless
×
Configuring the cluster-wide proxy
Production environments can deny direct access to the Internet and instead have an HTTP or HTTPS proxy available. You can configure OpenShift Container Platform to use a proxy by modifying the proxy object for existing clusters or by configuring the proxy settings in the install-config.yaml file for new clusters.
|
The cluster-wide proxy is only supported if you used a user-provisioned infrastructure installation or provide your own networking, such as a virtual private cloud or virual network, for a supported provider. |
Prerequisites
-
Review the sites that your cluster requires access to and determine whether any of them must bypass the proxy. By default, all cluster system egress traffic is proxied, including calls to the cloud provider API for the cloud that hosts your cluster. System-wide proxy affects system components only, not user workloads. Add sites to the proxy object’s
spec.noproxyfield to bypass the proxy if necessary.The proxy object
status.noproxyfield is populated with the values of thenetworking.machineNetwork[].cidr,networking.clusterNetwork[].cidr, andnetworking.serviceNetwork[]fields from your installation configuration.For installations on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and Red Hat OpenStack Platform (RHOSP), the
proxyobjectstatus.noproxyfield is also populated with the instance metadata endpoint (169.254.169.254).
Enabling the cluster-wide proxy
The proxy object is used to manage the cluster-wide egress proxy. When a cluster is
installed or upgraded without the proxy configured, a proxy object is still
generated but it will have a nil spec. For example:
A cluster administrator can configure the proxy for OpenShift Container Platform by modifying
this cluster proxy object.
|
Only the proxy object named |
Prerequisites
-
Cluster administrator permissions
-
OpenShift Container Platform
ocCLI tool installed
Procedure
-
Create a ConfigMap that contains any additional CA certificates required for proxying HTTPS connections.
You can skip this step if the proxy’s identity certificate is signed by an authority from the RHCOS trust bundle.
-
Create a file called
user-ca-bundle.yamlwith the following contents, and provide the values of your PEM-encoded certificates:apiVersion: v1 data: ca-bundle.crt: | (1) <MY_PEM_ENCODED_CERTS> (2) kind: ConfigMap metadata: name: user-ca-bundle (3) namespace: openshift-config (4)1 This data key must be named ca-bundle.crt.2 One or more PEM-encoded X.509 certificates used to sign the proxy’s identity certificate. 3 The ConfigMap name that will be referenced from the proxy object. 4 The ConfigMap must be in the openshift-confignamespace. -
Create the ConfigMap from this file:
$ oc create -f user-ca-bundle.yaml
-
-
Use the
oc editcommand to modify the proxy object:$ oc edit proxy/cluster -
Configure the necessary fields for the proxy:
apiVersion: config.openshift.io/v1 kind: proxy metadata: name: cluster spec: httpproxy: http://<username>:<pswd>@<ip>:<port> (1) httpsproxy: http://<username>:<pswd>@<ip>:<port> (2) noproxy: example.com (3) readinessEndpoints: - http://www.google.com (4) - https://www.google.com trustedCA: name: user-ca-bundle (5)1 A proxy URL to use for creating HTTP connections outside the cluster. The URL scheme must be http.2 A proxy URL to use for creating HTTPS connections outside the cluster. If this is not specified, then httpproxyis used for both HTTP and HTTPS connections.3 A comma-separated list of destination domain names, domains, IP addresses or other network CIDRs to exclude proxying. Preface a domain with
.to match subdomains only. For example,.y.commatchesx.y.com, but noty.com. Use*to bypass proxy for all destinations. If you scale up workers that are not included in the network defined by thenetworking.machineNetwork[].cidrfield from the installation configuration, you must add them to this list to prevent connection issues.This field is ignored if neither the
httpproxyorhttpsproxyfields are set.4 One or more URLs external to the cluster to use to perform a readiness check before writing the httpproxyandhttpsproxyvalues to status.5 A reference to the ConfigMap in the openshift-confignamespace that contains additional CA certificates required for proxying HTTPS connections. Note that the ConfigMap must already exist before referencing it here. This field is required unless the proxy’s identity certificate is signed by an authority from the RHCOS trust bundle. -
Save the file to apply the changes.
|
The URL scheme must be |
Removing the cluster-wide proxy
The cluster proxy object cannot be deleted. To remove the proxy from a cluster,
remove all spec fields from the proxy object.
Prerequisites
-
Cluster administrator permissions
-
OpenShift Container Platform
ocCLI tool installed
Procedure
-
Use the
oc editcommand to modify the proxy:$ oc edit proxy/cluster -
Remove all
specfields from the proxy object. For example:apiVersion: config.openshift.io/v1 kind: proxy metadata: name: cluster spec: {} status: {} -
Save the file to apply the changes.