-
Epic
-
Resolution: Done
-
Critical
-
None
-
Support proxy connection between hub and managed cluster
-
False
-
None
-
False
-
Green
-
To Do
-
0% To Do, 0% In Progress, 100% Done
Epic Goal
Support the ability for a proxy connection between the hub and managed clusters
Why is this important?
- Customers have scenarios where firewalls may be in place between where the ACM hub is located and where the managed cluster is located.
- Open Cluster Management's networking model leverages an mTLS connection from the spoke to the hub api server.
Scenarios
- Customer has ACM hub in the public cloud and wants to manage clusters in private cloud environments behind firewalls.
- The customer does not want to relax firewall rules to allow for ACM spoke-to-hub communications
- The customer's enterprise requirements mandate that all communications out of the private cloud go through the proxy endpoint.
Acceptance Criteria
- Klusterlet and addons can traverse a proxy
- Leverages the global proxy setting when present on the ManagedCluster
- Can be overridden.
Dependencies (internal and external)
- ...
Previous Work (Optional):
- ...
Open questions:
- ...
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue> - DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- depends on
-
ACM-7644 Observability - metrics data would not be forwarded by HTTPS+caBundle in proxy environment
-
- Closed
-
- is cloned by
-
ACM-8664 Expanded proxy scenarios between hub and managed cluster
-
- In Progress
-
- is related to
-
-
- Closed
-
