BugZero | VMware BugID 88184 - Installing the TKG Extensions v1.3.1 on a TKGS Clu...

VMware - Defect ID: 88184

Installing the TKG Extensions v1.3.1 on a TKGS Cluster Configured with a Proxy Server

VMware - Defect ID: 88184

Installing the TKG Extensions v1.3.1 on a TKGS Cluster Configured with a Proxy Server

Last updated on 4/8/2022

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Purpose

This KB article describes how to install the TKG Extensions v1.3.1 on a Tanzu Kubernetes cluster provisioned by the Tanzu Kuberentes Grid Service that is configured with a Proxy Server.

Resolution

There are two ways to configure a Tanzu Kuberetes clsuter to use a proxy server: either on a per-cluster basis in the cluster spec (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-B1034373-8C38-4FE2-9517-345BF7271A1E.html#cluster-with-a-proxy-server-5) or globally on the TKGS instance itself (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-4838C85E-398D-4461-9C4E-561FADD42A07.html#configure-a-global-proxy-server-3).If you have configured a proxy server and you want to install the TKG Extensions v1.3.1 (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-00A2BB49-DBDE-4E2B-B9EE-38C36E261185.html), follow these steps:1) Make sure that the Proxy Server IP address is not within the range of the Pod CIDR or Service CIDR of the cluster.2) In the Proxy Server configuration for the cluster or the service, in addition to the required `noProxy` values from the Workload Network on the Supervisor Cluster (Pod CIDRs, Ingress CIDRs, and Egress CIDRs), add the following entries to the noProxy field:```.local,.svc,.svc.cluster.local```For example, per-cluster configuration:```apiVersion: run.tanzu.vmware.com/v1alpha1 kind: TanzuKubernetesCluster metadata: name: tkgs-cluster-with-proxy namespace: tkgs-cluster-ns spec: distribution: version: v1.20 topology: ... settings: storage: ... network: cni: name: antrea pods: cidrBlocks: - 193.0.2.0/16 services: cidrBlocks: - 195.51.100.0/12 proxy: httpProxy: http://10.186.102.224:3128 httpsProxy: http://10.186.102.224:3128 noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]```For example, global service configuration:```apiVersion: run.tanzu.vmware.com/v1alpha1kind: TkgServiceConfigurationmetadata: name: tkg-service-configuration-examplespec: defaultCNI: <antrea or calico> proxy: httpProxy: http://10.186.102.224:3128 httpsProxy: http://10.186.102.224:3128 noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]```3) In `kapp-controller-config.yaml`, add the HTTP and HTTPS proxy server configuration.4) In `kapp-controller-config.yaml`, enter the following in the the `noProxy` field:```localhost,127.0.0.1,kubernetes.default.svc,.svc,cluster.local,.local,195.51.100.0/12```Where `195.51.100.0/12` is the cluster `spec.settings.network.services.cidrBlocks` entry.5) In `kapp-controller-config.yaml`, comment out the the default certificate if you are not using it.

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

VMware - Defect ID: 88184

Installing the TKG Extensions v1.3.1 on a TKGS Cluster Configured with a Proxy Server

VMware - Defect ID: 88184

Installing the TKG Extensions v1.3.1 on a TKGS Cluster Configured with a Proxy Server

Last updated on 4/8/2022

Vendor details

Vendor details

Description

Purpose

Resolution

Links

Top VMware defects by risk score

Ready to prevent the next vendor outage?