Epic Goal

Support the ability for a proxy connection between the hub and managed clusters

Why is this important?

• Customers have scenarios where firewalls may be in place between where the ACM hub is located and where the managed cluster is located.
• Open Cluster Management's networking model leverages an mTLS connection from the spoke to the hub api server.  

Scenarios

• Support Use Case 1 and Use Case 2:
  • Case 1: The managed cluster connects to a virtual IP/load balancer of the hub kube-apiserver instead of the OpenShift default external load balancer.
    Case 2: The hub kube-apiserver is exposed with a reverse proxy (like NGINX and HAProxy) or API gateway.
  • https://docs.google.com/document/d/1QKK-sQ_KNuYdFily2G_cIuoyVdy6hUODmuRuA6vBArE/edit#heading=h.2395n33tp3ev 

Acceptance Criteria

• Klusterlet and addons can traverse a proxy
• Leverages the global proxy setting when present on the ManagedCluster
• Can be overridden.

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. ...

Open questions:

1. ...

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
  Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub
  Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>

Slack Channel

#acm-8664-proxy-scenarios