diff --git a/latest/ug/nodes/hybrid-nodes-proxy.adoc b/latest/ug/nodes/hybrid-nodes-proxy.adoc index e30f3d55..3432fbcd 100644 --- a/latest/ug/nodes/hybrid-nodes-proxy.adoc +++ b/latest/ug/nodes/hybrid-nodes-proxy.adoc @@ -144,7 +144,16 @@ Acquire::http::Proxy "http://[.replaceable]#proxy-domain:port#"; Acquire::https::Proxy "http://[.replaceable]#proxy-domain:port#"; ---- -*Amazon Linux 2023 and Red Hat Enterprise Linux* +*Amazon Linux 2023* + +. Configure `dnf` to use your proxy. Create a file `/etc/dnf/dnf.conf` with the proxy-domain and port values for your environment. ++ +[source,yaml,subs="verbatim,attributes,quotes"] +---- +proxy=http://[.replaceable]#proxy-domain:port# +---- + +*Red Hat Enterprise Linux* . Configure `yum` to use your proxy. Create a file `/etc/yum.conf` with the proxy-domain and port values for your environment. + @@ -153,6 +162,20 @@ Acquire::https::Proxy "http://[.replaceable]#proxy-domain:port#"; proxy=http://[.replaceable]#proxy-domain:port# ---- +=== IAM Roles Anywhere proxy configuration + +The IAM Roles Anywhere credential provider service is responsible for refreshing credentials when using IAM Roles Anywhere with the `enableCredentialsFile` flag (see <>). If you are using a proxy in your on-premises environment, you must configure the service so it can communicate with IAM Roles Anywhere endpoints. + +Create a file called `http-proxy.conf` in the `/etc/systemd/system/aws_signing_helper_update.service.d/` directory with the following content. Replace `proxy-domain` and `port` with the values for your environment. + +[source,yaml,subs="verbatim,attributes,quotes"] +---- +[Service] +Environment="HTTP_PROXY=http://[.replaceable]#proxy-domain:port#" +Environment="HTTPS_PROXY=http://[.replaceable]#proxy-domain:port#" +Environment="NO_PROXY=localhost" +---- + == Cluster wide configuration The configurations in this section must be applied after you create your Amazon EKS cluster and before running `nodeadm init` on each hybrid node. @@ -189,4 +212,5 @@ containers: fieldRef: apiVersion: v1 fieldPath: spec.nodeName ----- \ No newline at end of file +---- +