Most of the customers who are having the mandate to use a proxy as an additional layer of security have to route all the egress traffic through the proxy. There are multiple use cases where the platform traffic needs to go out via the internet. Some of these are:
Pulling platform images from registry.redhat.io
We do pull some images from this registry and if the customer has the mandate to use the proxy (which is not transparent), even if they whitelist the URL, the image pull will fail.
Application image pull from external registries
If we are using the external centralized registry to pull the images which are outside Azure, the communication will happen over the internet. Again, the image pulls will happen on the nodes and they will fail if the proxy is not configured.
Pipelines will break if they are configured for multiple clusters across hyperscalers
DevOps tools may break as well
If I am using Submariner to establish communication between multiple clusters, it will break
Autoscaling will fail if the coreOS images can't be pulled.
If the egress IP is configured, that may fail as well.
Most of the customers who are having the mandate to use a proxy as an additional layer of security have to route all the egress traffic through the proxy. There are multiple use cases where the platform traffic needs to go out via the internet. Some of these are:
Pulling platform images from registry.redhat.io We do pull some images from this registry and if the customer has the mandate to use the proxy (which is not transparent), even if they whitelist the URL, the image pull will fail.
Application image pull from external registries If we are using the external centralized registry to pull the images which are outside Azure, the communication will happen over the internet. Again, the image pulls will happen on the nodes and they will fail if the proxy is not configured.
Pipelines will break if they are configured for multiple clusters across hyperscalers
DevOps tools may break as well
If I am using Submariner to establish communication between multiple clusters, it will break
Autoscaling will fail if the coreOS images can't be pulled.
If the egress IP is configured, that may fail as well.