This is a cache of https://docs.openshift.com/acs/4.3/cloud_service/installing_cloud_ocp/configuring-the-proxy-for-secured-cluster-services-in-rhacs-cloud-service.html. It is a snapshot of the page at 2024-11-22T17:54:38.986+0000.
Configuring the proxy for secured cluster services in RHACS Cloud Service - Setting up RHACS Cloud Service with Red Hat OpenShift secured clusters | RHACS Cloud Service | Red Hat Advanced Cluster Security for Kubernetes 4.3
×

You must configure the proxy settings for secured cluster services within the Red Hat Advanced Cluster Security Cloud Service (RHACS Cloud Service) environment to establish a connection between the Secured Cluster and the specified proxy server. This ensures reliable data collection and transmission.

Specifying the environment variables in the SecuredCluster CR

To configure an egress proxy, you can either use the cluster-wide Red Hat OpenShift proxy or specify the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables within the SecuredCluster Custom Resource (CR) configuration file to ensure proper use of the proxy and bypass for internal requests within the specified domain.

The proxy configuration applies to all running services: Sensor, Collector, Admission Controller and Scanner.

Procedure
  • Specify the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables under the customize specification in the SecuredCluster CR configuration file:

    For example:

    # proxy collector
    customize:
      envVars:
        - name: HTTP_PROXY
          value: http://egress-proxy.stackrox.svc:xxxx (1)
        - name: HTTPS_PROXY
          value: http://egress-proxy.stackrox.svc:xxxx (2)
        - name: NO_PROXY
          value: .stackrox.svc (3)
    1 The variable HTTP_PROXY is set to the value http://egress-proxy.stackrox.svc:xxxx. This is the proxy server used for HTTP connections.
    2 The variable HTTPS_PROXY is set to the value http://egress-proxy.stackrox.svc:xxxx. This is the proxy server used for HTTPS connections.
    3 The variable NO _PROXY is set to .stackrox.svc. This variable is used to define the hostname or IP address that should not be accessed through the proxy server.