apiVersion: v1
kind: Secret
metadata:
name: PROXY_SECRET
type: Opaque
immutable: true
stringData:
# You can include additional key value pairs as you do with Opaque Secrets
httpProxy: HTTP_PROXY
httpsProxy: HTTPS_PROXY
noProxy: NO_PROXY_LIST
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-09-03。"],[],[],null,["# Changing Cluster Proxy Settings\n\nVersion 1.8 of GKE on AWS adds the ability to modify a cluster's proxy\nsettings without recreating a cluster.\n\nChanging the proxy for your management service\n----------------------------------------------\n\nTo modify proxy settings for your GKE on AWS management service,\nperform the following steps:\n\n1. Update the contents of the management service's proxy.json file, as described in\n [Creating the Proxy Config JSON File](/kubernetes-engine/multi-cloud/docs/aws/previous-generation/how-to/using-a-proxy#creating_the_proxy_configuration_json_file).\n\n2. Re-run `anthos-gke aws management init` and `anthos-gke aws management apply`\n to apply your changes to the management service.\n\nChanging the proxy for your user cluster\n----------------------------------------\n\n| **Note:** If you have several clusters and create a specific proxy for one of them, you must create a proxy for each of them. All user clusters can specify the same proxy.\n\nWhen you create a user cluster, it uses the management service's proxy settings.\nTo change the proxy settings for a user cluster without changing those\nof the management service, you must create a Kubernetes Secret\ncontaining the proxy information, then use `kubectl` to apply the changes.\n\n### Create a Kubernetes Secret\n\n1. First, create a YAML file with the following contents to describe the Secret.\n The Secret must be defined as opaque and immutable. This example uses the file\n name `proxy-secret.yaml`.\n\n \u003cbr /\u003e\n\n ```\n apiVersion: v1\n kind: Secret\n metadata:\n name: PROXY_SECRET\n type: Opaque\n immutable: true\n stringData:\n # You can include additional key value pairs as you do with Opaque Secrets\n httpProxy: HTTP_PROXY\n httpsProxy: HTTPS_PROXY\n noProxy: NO_PROXY_LIST\n \n ```\n\n \u003cbr /\u003e\n\n Replace:\n - \u003cvar translate=\"no\"\u003eHTTP_PROXY\u003c/var\u003e with the proxy server address to route HTTP requests through\n - \u003cvar translate=\"no\"\u003eHTTPS_PROXY\u003c/var\u003e with an optional proxy server address to route HTTPS requests through\n - \u003cvar translate=\"no\"\u003eNO_PROXY_LIST\u003c/var\u003e with an optional list of IPs, CIDR ranges, and domains within your VPN for which a proxy should not be used\n - \u003cvar translate=\"no\"\u003ePROXY_SECRET\u003c/var\u003e with the name you choose for the Secret\n2. Apply your changes to create the Secret:\n\n env HTTPS_PROXY=http://localhost:8118 \\\n kubectl apply -f ./proxy-secret.yaml\n\n### Update the user cluster and node pool configs\n\nNext, update the AWSCluster and AWSNodePool\nconfiguration to refer to the Secret name under `spec.proxySecretName` and\n`spec.controlPlane.proxySecretName` respectively.\n\nFinally, issue the following command to update your user cluster. \n\n env HTTPS_PROXY=http://localhost:8118 \\\n kubectl apply -f \u003cvar translate=\"no\"\u003eCLUSTER_YAML_FILE\u003c/var\u003e\n\nReplace \u003cvar translate=\"no\"\u003eCLUSTER_YAML_FILE\u003c/var\u003e with the name of the yaml file that defines\nyour cluster.\n\n### User cluster status changes\n\nAfter you run the `kubectl apply` command to apply the new proxy settings,\nthe user cluster status will change from `Provisioned` to `Updating`, then\nreturn to `Provisioned` when done.\n\nSetting proxies for more than one user cluster\n----------------------------------------------\n\nIf you have several user clusters and want to configure different proxies\nfor each of them, follow the [Changing the proxy for your user cluster](#changing-user-cluster-proxy)\ninstructions for each of your clusters. You must create a different Kubernetes\nSecret for each proxy, and must update each user cluster config separately to\nrefer to the name of the Secret for that user cluster.\n\nRotating proxies for a user cluster\n-----------------------------------\n\nTo change the proxy settings for a cluster that already has\nindividual proxy settings, create and apply a new Secret with the new proxy\nsettings and a different Secret name. If you reuse the current Secret name, the\ncluster's proxy settings will not be changed.\n\nTroubleshooting\n---------------\n\nIf the Secret is not well-formed or is missing required keys, the command\nfails and the change isn't applied. To check if your Secret was\ncorrectly validated, look at the Kubernetes Event log for AWSClusters\nand AWSNodePools with the following command: \n\n env HTTPS_PROXY=http://localhost:8118 \\\n kubectl get events\n\nIf there was an error in your Secret configuration, delete the\nSecret with the following command:\n\n\u003cbr /\u003e\n\n```\n env HTTPS_PROXY=http://localhost:8118 \\\n kubectl delete secret SECRET_NAME\n \n```\n\n\u003cbr /\u003e\n\nReplace \u003cvar translate=\"no\"\u003eSECRET_NAME\u003c/var\u003e with the name of your Secret.\n\nThen re-create the Secret with a correctly-formatted proxy Secret YAML file\nand re-apply the change. You can use the same Secret name as was used in the\nfirst attempt.\n\nFor more information\n--------------------\n\nTo configure proxy settings for the first time, see [Using a proxy](/kubernetes-engine/multi-cloud/docs/aws/previous-generation/how-to/using-a-proxy).\n\nTo create a dedicated AWS VPC, see [Installing the management service](/kubernetes-engine/multi-cloud/docs/aws/previous-generation/how-to/installing-management)."]]
