Skip to main content
Version: 24.12.01

Proxy server support for target clusters in PDS

PDS offers the capability to direct outbound communication traffic from target clusters through a proxy server. The inclusion of proxy server support for target clusters provides enhanced security, performance optimization, and greater control over network communication.

Prerequisites

  • An operational target cluster.
  • Administrative privileges within PDS.
  • Ensure that the target clusters have network access to the proxy server.
  • Ensure that the network configuration of the target clusters is compatible with proxy server usage.
  • If the proxy server requires authentication, ensure that you have the necessary credentials.
  • Ensure that DNS resolution is configured correctly within the target clusters to resolve domain names through the proxy server if necessary.

The components within PDS target clusters, such as the PDS Agent, Teleport Agent, External DNS, and Prometheus, often need to communicate with services external to the cluster. This outbound communication from target clusters is facilitated through two types of proxy servers:

  • HTTP CONNECT proxy
  • MITM (Man-in-the-Middle) proxy
note

Ensure that MITM proxy supports:

  • HTTP/2 protocol
  • Long-streaming connections (this is required for teleport to work properly)

Set up HTTP and MITM Proxies

To configure HTTP and MITM proxies in the Portworx platform, follow these steps:

  1. In the Portworx platform UI, generate a custom manifest by providing the necessary information, such as the HTTP URL (with port), HTTPS URL (with port), and any additional required details.

    Refer to the step-by-step guide for instructions on generating a custom manifest.

    note

    If you are using a MITM proxy, make sure to specify the CA_CERT in the custom manifest.

  2. Apply the custom manifest using the following command:

    kubectl apply -f manifest.yaml

Applying the custom manifest will configure the Portworx platform to route outgoing traffic through the specified proxy server, enabling proxy support.