OPERATIONAL DEFECT DATABASE
...
...
This KB article describes how to install the TKG Extensions v1.3.1 on a Tanzu Kubernetes cluster provisioned by the Tanzu Kuberentes Grid Service that is configured with a Proxy Server.
There are two ways to configure a Tanzu Kuberetes clsuter to use a proxy server: either on a per-cluster basis in the cluster spec (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-B1034373-8C38-4FE2-9517-345BF7271A1E.html#cluster-with-a-proxy-server-5) or globally on the TKGS instance itself (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-4838C85E-398D-4461-9C4E-561FADD42A07.html#configure-a-global-proxy-server-3).If you have configured a proxy server and you want to install the TKG Extensions v1.3.1 (as documented here https://docs.vmware.com/en/VMware-vSphere/7.0/vmware-vsphere-with-tanzu/GUID-00A2BB49-DBDE-4E2B-B9EE-38C36E261185.html), follow these steps:1) Make sure that the Proxy Server IP address is not within the range of the Pod CIDR or Service CIDR of the cluster.2) In the Proxy Server configuration for the cluster or the service, in addition to the required `noProxy` values from the Workload Network on the Supervisor Cluster (Pod CIDRs, Ingress CIDRs, and Egress CIDRs), add the following entries to the noProxy field:```.local,.svc,.svc.cluster.local```For example, per-cluster configuration:```apiVersion: run.tanzu.vmware.com/v1alpha1 kind: TanzuKubernetesCluster metadata: name: tkgs-cluster-with-proxy namespace: tkgs-cluster-ns spec: distribution: version: v1.20 topology: ... settings: storage: ... network: cni: name: antrea pods: cidrBlocks: - 193.0.2.0/16 services: cidrBlocks: - 195.51.100.0/12 proxy: httpProxy: http://10.186.102.224:3128 httpsProxy: http://10.186.102.224:3128 noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]```For example, global service configuration:```apiVersion: run.tanzu.vmware.com/v1alpha1kind: TkgServiceConfigurationmetadata: name: tkg-service-configuration-examplespec: defaultCNI: <antrea or calico> proxy: httpProxy: http://10.186.102.224:3128 httpsProxy: http://10.186.102.224:3128 noProxy: [10.246.0.0/16,192.168.144.0/20,192.168.128.0/20,.local,.svc,.svc.cluster.local]```3) In `kapp-controller-config.yaml`, add the HTTP and HTTPS proxy server configuration.4) In `kapp-controller-config.yaml`, enter the following in the the `noProxy` field:```localhost,127.0.0.1,kubernetes.default.svc,.svc,cluster.local,.local,195.51.100.0/12```Where `195.51.100.0/12` is the cluster `spec.settings.network.services.cidrBlocks` entry.5) In `kapp-controller-config.yaml`, comment out the the default certificate if you are not using it.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
