alex-dabija
commented
1 year ago We have a test environment (goat) which has this implemented by creating a CAPA public cluster with squid proxy on top of it. It's not a production ready setup. In this case goat is a private MC with access to the Internet only through the proxy.
Customers which require the use of a proxy server also have the proper egress routing configured. Our product expects the customer to provide the proxy server and the proper routing configuration via a prefix list for the clusters to access the Internet.
I'm closing this one because there's nothing else which would need to be done.
Please, feel free to reopen the issue in case I'm missing something.
Instead of using NAT Gateways for each AZ a VPC is in we have customers that only allow outgoing traffic via their own transit gateway and proxy.