Configuring Proxy Settings for a HostedCluster Deployment

To deploy a HostedCluster with proxy settings, follow these steps to gather the required configuration and define the necessary Kubernetes resources.

1. Retrieve Proxy Configuration.
   Run the following command to extract the proxy configuration from the Proxy custom resource (CR) of the cluster:

   oc get proxy <proxy-name> -o yaml

   HostedCluster spec section:

   spec:
     configuration:
       proxy:
         httpProxy: '<http-proxy>'
         httpsProxy: '<https-proxy>'
         noProxy: '<proxy-exceptions>'
         trustedCA:
           name: ''

   Replace variables such as <http-proxy>, <https-proxy>, <proxy-exceptions> with your actual values.
2. Define noProxy values.
   In addition to values from the Proxy CR, you must include the following entries in spec.configuration.noProxy:

   Entry	Description / Example
   localhost	127.0.0.1
   Cluster subdomain	mydomain.com
   NO_PROXY	`.cluster.local`, `.svc`
   serviceNetwork and clusterNetwork	The serviceNetwork and clusterNetwork of the base cluster
   serviceNetwork and clusterNetwork	serviceNetwork and clusterNetwork of the Hosted Control Plane cluster
   IP address	First IP of the serviceNetwork from Bare Metal deployment subnet

   Steps to retrieve the following values:

   1. Run the following command to retrieve Base cluster network:

      oc get network <network> -o yaml

   2. Run the following command to retrieve the Hosted Control Plane cluster network:

      oc get hc <hosted-cluster> -n clusters -o yaml

   3. Run the following command to retrieve Bare Metal node subnet IPs:

      oc get nodes -o yaml

3. Deploy the HostedCluster with Proxy Configuration.
   Use the following YAML to create the HostedCluster:

   Ensure that you do the following steps:

   • Populate spec.configuration.proxy
   • Add imageContentSources as required
   • Reference valid pull secrets and SSH keys

   Click to expand YAML manifest. Example YAML:

   apiVersion: project.openshift.io/v1
   kind: Project
   metadata:
     name: clusters
   ---
   apiVersion: hypershift.openshift.io/v1beta1
   kind: HostedCluster
   metadata:
     name: proxy-hcp
     namespace: clusters
   spec:
     imageContentSources: {}
     configuration:
       proxy:
         httpProxy: '<http-proxy>'
         httpsProxy: '<https-proxy>'
         noProxy: '<no-proxy-values>'
         trustedCA:
           name: '<trusted-ca-secret>'
     etcd:
       managed:
         storage:
           persistentVolume:
             size: 8Gi
           type: PersistentVolume
       managementType: Managed
     release:
       image: quay.io/openshift-release-dev/ocp-release:4.18.12-x86_64
     pullSecret:
       name: pullsecret-cluster-proxy-hcp
     sshKey:
       name: sshkey-cluster-proxy-hcp
     networking:
       clusterNetwork:
         - cidr: 10.132.0.0/14
       serviceNetwork:
         - cidr: 172.31.0.0/16
       networkType: OVNKubernetes
     controllerAvailabilityPolicy: HighlyAvailable
     infrastructureAvailabilityPolicy: HighlyAvailable
     platform:
       type: KubeVirt
       kubevirt:
         baseDomainPassthrough: true
     infraID: proxy-hcp
     services:
       - service: OAuthServer
         servicePublishingStrategy:
           type: Route
       - service: OIDC
         servicePublishingStrategy:
           type: Route
       - service: Konnectivity
         servicePublishingStrategy:
           type: Route
       - service: Ignition
         servicePublishingStrategy:
           type: Route
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: pullsecret-cluster-proxy-hcp
     namespace: clusters
   stringData:
     '.dockerconfigjson': <your-pull-secret>
   type: kubernetes.io/dockerconfigjson
   ---
   apiVersion: v1
   kind: Secret
   metadata:
     name: sshkey-cluster-proxy-hcp
     namespace: clusters
   stringData:
     'id_rsa.pub': <your-public-ssh-key>
   ---
   apiVersion: hypershift.openshift.io/v1beta1
   kind: NodePool
   metadata:
     name: nodepool
     namespace: clusters
   spec:
     arch: amd64
     clusterName: proxy-hcp
     replicas: 3
     management:
       autoRepair: false
       upgradeType: Replace
     platform:
       type: KubeVirt
       kubevirt:
         compute:
           cores: 4
           memory: 16Gi
         rootVolume:
           type: Persistent
           persistent:
             size: 32Gi
         defaultPodNetwork: true
     release:
       image: quay.io/openshift-release-dev/ocp-release:4.18.12-x86_64
   ---
   apiVersion: cluster.open-cluster-management.io/v1
   kind: ManagedCluster
   metadata:
     annotations:
       import.open-cluster-management.io/hosting-cluster-name: local-cluster
       import.open-cluster-management.io/klusterlet-deploy-mode: Hosted
       open-cluster-management/created-via: hypershift
     labels:
       cloud: BareMetal
       vendor: OpenShift
       name: proxy-hcp
     name: proxy-hcp
   spec:
     hubAcceptsClient: true
   ---
   apiVersion: agent.open-cluster-management.io/v1
   kind: KlusterletAddonConfig
   metadata:
     name: proxy-hcp
     namespace: proxy-hcp
   spec:
     clusterName: proxy-hcp
     clusterNamespace: proxy-hcp
     clusterLabels:
       cloud: BareMetal
       vendor: OpenShift
     applicationManager:
       enabled: true
     policyController:
       enabled: true
     searchCollector:
       enabled: true
     certPolicyController:
       enabled: true