Azure · jonathan34c · Feb 20, 2025 · Feb 20, 2025
@@ -109,19 +109,6 @@ spec:
                     - CustomProxy
                     type: string
                 type: object
-              proxyConfig:
-                description: ProxyConfig defines the cluster-wide proxy configuration of the OCP managed cluster.
-                properties:
-                  httpProxy:
-                    description: HTTPProxy is the URL of the proxy for HTTP requests.  Empty means unset and will not result in an env var.
-                    type: string
-                  httpsProxy:
-                    description: HTTPSProxy is the URL of the proxy for HTTPS requests.  Empty means unset and will not result in an env var.
-                    type: string
-                  noProxy:
-                    description: NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var. The API Server of Hub cluster should be added here. And If you scale up workers that are not included in the network defined by the networking.machineNetwork[].cidr field from the installation configuration, you must add them to this list to prevent connection issues.
-                    type: string
-                type: object
               searchCollector:
                 description: SearchCollectorConfig defines the configurations of SearchCollector addon agent.
                 properties:
@@ -192,19 +179,6 @@ spec:
                   - type
                   type: object
                 type: array
-              ocpGlobalProxy:
-                description: OCPGlobalProxy is the cluster-wide proxy config of the OCP cluster provisioned by ACM
-                properties:
-                  httpProxy:
-                    description: HTTPProxy is the URL of the proxy for HTTP requests.  Empty means unset and will not result in an env var.
-                    type: string
-                  httpsProxy:
-                    description: HTTPSProxy is the URL of the proxy for HTTPS requests.  Empty means unset and will not result in an env var.
-                    type: string
-                  noProxy:
-                    description: NoProxy is a comma-separated list of hostnames and/or CIDRs for which the proxy should not be used. Empty means unset and will not result in an env var. The API Server of Hub cluster should be added here. And If you scale up workers that are not included in the network defined by the networking.machineNetwork[].cidr field from the installation configuration, you must add them to this list to prevent connection issues.
-                    type: string
-                type: object
             type: object
         type: object
     served: true

@@ -21,13 +21,7 @@
           "version": {
             "id": "nsj"
           },
-          "disableUserWorkloadMonitoring": true,
-          "proxy": {
-            "httpProxy": "sjjbjvkimlvtwdnwjodcajidcoompt",
-            "httpsProxy": "xwjukendejiksp",
-            "noProxy": "mlsbdpjpyzpydpkeqvt",
-            "trustedCa": "uxebp"
-          }
+          "disableUserWorkloadMonitoring": true
         }
       }
     }
@@ -60,12 +54,6 @@
               "url": "dkjmzzhkvyoqx",
               "visibility": "public"
             },
-            "proxy": {
-              "httpProxy": "sjjbjvkimlvtwdnwjodcajidcoompt",
-              "httpsProxy": "xwjukendejiksp",
-              "noProxy": "mlsbdpjpyzpydpkeqvt",
-              "trustedCa": "uxebp"
-            },
             "platform": {
               "managedResourceGroup": "nhyhywrxupo",
               "subnetId": "/subscriptions/FDEA43EA-0230-4A7D-BDEE-F3AFF2183B1D/resourceGroups/resourceGroupName/providers/Microsoft.Network/virtualNetworks/hcp-network-example/subnets/example-subnet",

@@ -87,10 +87,6 @@ model HcpOpenShiftClusterProperties {
   @visibility("create", "update")
   disableUserWorkloadMonitoring?: boolean = false;
 
-  /** Openshift cluster proxy configuration */
-  @visibility("create", "update")
-  proxy?: ProxyProfile;
-
   /** Azure platform configuration */
   @visibility("create", "read")
   platform?: PlatformProfile;
@@ -117,10 +113,6 @@ model HcpOpenShiftClusterPatchProperties {
   /** Disable user workload monitoring */
   @visibility("update")
   disableUserWorkloadMonitoring?: boolean;
-
-  /** Openshift cluster proxy configuration */
-  @visibility("update")
-  proxy?: ProxyProfile;
 }
 
 model ManagedServiceIdentityUpdate
@@ -271,21 +263,6 @@ union Visibility {
   private: "private",
 }
 
-/** OpenShift cluster proxy configuration */
-model ProxyProfile {
-  /** http proxy config */
-  httpProxy?: url;
-
-  /** https proxy config */
-  httpsProxy?: url;
-
-  /** no proxy config */
-  noProxy?: string;
-
-  /** The trusted CA for the proxy */
-  trustedCa?: string;
-}
-
 /** Azure specific configuration */
 model PlatformProfile {
   /** Resource group to put cluster resources */

@@ -21,13 +21,7 @@
           "version": {
             "id": "nsj"
           },
-          "disableUserWorkloadMonitoring": true,
-          "proxy": {
-            "httpProxy": "sjjbjvkimlvtwdnwjodcajidcoompt",
-            "httpsProxy": "xwjukendejiksp",
-            "noProxy": "mlsbdpjpyzpydpkeqvt",
-            "trustedCa": "uxebp"
-          }
+          "disableUserWorkloadMonitoring": true
         }
       }
     }
@@ -60,12 +54,6 @@
               "url": "dkjmzzhkvyoqx",
               "visibility": "public"
             },
-            "proxy": {
-              "httpProxy": "sjjbjvkimlvtwdnwjodcajidcoompt",
-              "httpsProxy": "xwjukendejiksp",
-              "noProxy": "mlsbdpjpyzpydpkeqvt",
-              "trustedCa": "uxebp"
-            },
             "platform": {
               "managedResourceGroup": "nhyhywrxupo",
               "subnetId": "/subscriptions/FDEA43EA-0230-4A7D-BDEE-F3AFF2183B1D/resourceGroups/resourceGroupName/providers/Microsoft.Network/virtualNetworks/hcp-network-example/subnets/example-subnet",

@@ -1333,13 +1333,6 @@
           "x-ms-mutability": [
             "update"
           ]
-        },
-        "proxy": {
-          "$ref": "#/definitions/ProxyProfile",
-          "description": "Openshift cluster proxy configuration",
-          "x-ms-mutability": [
-            "update"
-          ]
         }
       }
     },
@@ -1400,14 +1393,6 @@
             "create"
           ]
         },
-        "proxy": {
-          "$ref": "#/definitions/ProxyProfile",
-          "description": "Openshift cluster proxy configuration",
-          "x-ms-mutability": [
-            "update",
-            "create"
-          ]
-        },
         "platform": {
           "$ref": "#/definitions/PlatformProfile",
           "description": "Azure platform configuration",
@@ -1982,30 +1967,6 @@
       },
       "readOnly": true
     },
-    "ProxyProfile": {
-      "type": "object",
-      "description": "OpenShift cluster proxy configuration",
-      "properties": {
-        "httpProxy": {
-          "type": "string",
-          "format": "uri",
-          "description": "http proxy config"
-        },
-        "httpsProxy": {
-          "type": "string",
-          "format": "uri",
-          "description": "https proxy config"
-        },
-        "noProxy": {
-          "type": "string",
-          "description": "no proxy config"
-        },
-        "trustedCa": {
-          "type": "string",
-          "description": "The trusted CA for the proxy"
-        }
-      }
-    },
     "SubnetResourceId": {
       "type": "string",
       "format": "arm-id",

@@ -6,12 +6,3 @@ metadata:
   namespace: {{ .Release.Namespace }}
 data:
   config.yaml: |
-    # Hosts that should be added to noProxy for all clusters
-    noProxy: []
-    # Hosts that should be added to noProxy for AWS clusters
-    noProxy_aws: []
-    # Hosts that should be added to noProxy for GCP clusters
-    noProxy_gcp: []
-    # Readiness endpoints that verify proxy connectivity
-    readinessEndpoints:
-      - "https://api.openshift.com"
@@ -105,12 +105,6 @@ func ConvertCStoHCPOpenShiftCluster(resourceID *azcorearm.ResourceID, cluster *a
 			},
 			EtcdEncryption:                cluster.EtcdEncryption(),
 			DisableUserWorkloadMonitoring: cluster.DisableUserWorkloadMonitoring(),
-			Proxy: api.ProxyProfile{
-				HTTPProxy:  cluster.Proxy().HTTPProxy(),
-				HTTPSProxy: cluster.Proxy().HTTPSProxy(),
-				NoProxy:    cluster.Proxy().NoProxy(),
-				TrustedCA:  cluster.AdditionalTrustBundle(),
-			},
 			Platform: api.PlatformProfile{
 				ManagedResourceGroup:   cluster.Azure().ManagedResourceGroupName(),
 				SubnetID:               cluster.Azure().SubnetResourceID(),
@@ -269,27 +263,8 @@ func (f *Frontend) BuildCSCluster(resourceID *azcorearm.ResourceID, requestHeade
 		}
 	}
 
-	proxyBuilder := arohcpv1alpha1.NewProxy()
-	// Cluster Service allows an empty HTTPProxy on PATCH but not PUT.
-	if updating || hcpCluster.Properties.Proxy.HTTPProxy != "" {
-		proxyBuilder = proxyBuilder.
-			HTTPProxy(hcpCluster.Properties.Proxy.HTTPProxy)
-	}
-	// Cluster Service allows an empty HTTPSProxy on PATCH but not PUT.
-	if updating || hcpCluster.Properties.Proxy.HTTPSProxy != "" {
-		proxyBuilder = proxyBuilder.
-			HTTPSProxy(hcpCluster.Properties.Proxy.HTTPSProxy)
-	}
-	// Cluster Service allows an empty HTTPSProxy on PATCH but not PUT.
-	if updating || hcpCluster.Properties.Proxy.NoProxy != "" {
-		proxyBuilder = proxyBuilder.
-			NoProxy(hcpCluster.Properties.Proxy.NoProxy)
-	}
-
 	clusterBuilder = clusterBuilder.
-		DisableUserWorkloadMonitoring(hcpCluster.Properties.DisableUserWorkloadMonitoring).
-		Proxy(proxyBuilder).
-		AdditionalTrustBundle(hcpCluster.Properties.Proxy.TrustedCA)
+		DisableUserWorkloadMonitoring(hcpCluster.Properties.DisableUserWorkloadMonitoring)
 
 	clusterBuilder = f.clusterServiceClient.AddProperties(clusterBuilder)
 

@@ -64,7 +64,6 @@ func CreateJSONFile() error {
 			},
 			EtcdEncryption:                false,
 			DisableUserWorkloadMonitoring: false,
-			Proxy:                         api.ProxyProfile{},
 			Platform: api.PlatformProfile{
 				ManagedResourceGroup:   "dev-test-mrg",
 				NetworkSecurityGroupID: "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/dev-test-rg/providers/Microsoft.Network/networkSecurityGroups/xyz",

@@ -934,7 +934,6 @@ github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
 github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
 github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
 github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
 github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
 github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
 github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs=
@@ -1729,7 +1728,6 @@ github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE
 github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
 github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ=
 github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
 github.com/spf13/cobra v0.0.6/go.mod h1:/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho=
@@ -2170,6 +2168,7 @@ golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE=
 golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
 golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -2282,6 +2281,7 @@ golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2 h1:IRJeR9r1pYWsHKTRe/IInb7lYvbBVIqOgsX/u0mbOWY=
 golang.org/x/telemetry v0.0.0-20240228155512-f48c80bd79b2/go.mod h1:TeRTkGYfJXctD9OcfyVLyj2J3IxLnKwHJR8f4D8a3YE=
 golang.org/x/telemetry v0.0.0-20240521205824-bda55230c457 h1:zf5N6UOrA487eEFacMePxjXAJctxKmyjKUsjA11Uzuk=
@@ -2317,6 +2317,7 @@ golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
 golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -2628,7 +2629,6 @@ honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
 k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw=
-k8s.io/apiextensions-apiserver v0.32.1/go.mod h1:sxWIGuGiYov7Io1fAS2X06NjMIk5CbRHc2StSmbaQto=
 k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/apiserver v0.31.1 h1:Sars5ejQDCRBY5f7R3QFHdqN3s61nhkpaX8/k1iEw1c=
 k8s.io/apiserver v0.31.1/go.mod h1:lzDhpeToamVZJmmFlaLwdYZwd7zB+WYRYIboqA1kGxM=
@@ -2680,7 +2680,6 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsA
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0 h1:CPT0ExVicCzcpeN4baWEV2ko2Z/AsiZgEdwgcfwLgMo=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.0/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
-sigs.k8s.io/controller-runtime v0.20.1/go.mod h1:BrP3w158MwvB3ZbNpaAcIKkHQ7YGpYnzpoSTZ8E14WU=
 sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/kustomize/api v0.17.2 h1:E7/Fjk7V5fboiuijoZHgs4aHuexi5Y2loXlVOAVAG5g=
 sigs.k8s.io/kustomize/api v0.17.2/go.mod h1:UWTz9Ct+MvoeQsHcJ5e+vziRRkwimm3HytpZgIYqye0=

@@ -26,7 +26,6 @@ type HCPOpenShiftClusterProperties struct {
 	API                           APIProfile                `json:"api,omitempty"                           visibility:"read create"`
 	EtcdEncryption                bool                      `json:"etcdEncryption,omitempty"                visibility:"read create"`
 	DisableUserWorkloadMonitoring bool                      `json:"disableUserWorkloadMonitoring,omitempty" visibility:"read create update"`
-	Proxy                         ProxyProfile              `json:"proxy,omitempty"                         visibility:"read create update"`
 	Platform                      PlatformProfile           `json:"platform,omitempty"                      visibility:"read create"`
 	IssuerURL                     string                    `json:"issuerUrl,omitempty"                     visibility:"read"`
 	ExternalAuth                  ExternalAuthConfigProfile `json:"externalAuth,omitempty"                  visibility:"read create"`
@@ -67,15 +66,6 @@ type APIProfile struct {
 	Visibility Visibility `json:"visibility,omitempty" visibility:"read create" validate:"required_for_put,enum_visibility"`
 }
 
-// ProxyProfile represents the cluster proxy configuration.
-// Visibility for the entire struct is "read create update".
-type ProxyProfile struct {
-	HTTPProxy  string `json:"httpProxy,omitempty"  validate:"omitempty,url,startswith=http:"`
-	HTTPSProxy string `json:"httpsProxy,omitempty" validate:"omitempty,url"`
-	NoProxy    string `json:"noProxy,omitempty"`
-	TrustedCA  string `json:"trustedCa,omitempty"  validate:"omitempty,pem_certificates"`
-}
-
 // PlatformProfile represents the Azure platform configuration.
 // Visibility for the entire struct is "read create".
 type PlatformProfile struct {

@@ -242,38 +242,6 @@ func TestClusterValidateTags(t *testing.T) {
 				},
 			},
 		},
-		{
-			name: "Bad startswith=http:",
-			tweaks: &HCPOpenShiftCluster{
-				Properties: HCPOpenShiftClusterProperties{
-					Proxy: ProxyProfile{
-						HTTPProxy: "ftp://not_an_http_url",
-					},
-				},
-			},
-			expectErrors: []arm.CloudErrorBody{
-				{
-					Message: "Invalid value 'ftp://not_an_http_url' for field 'httpProxy' (must start with 'http:')",
-					Target:  "properties.proxy.httpProxy",
-				},
-			},
-		},
-		{
-			name: "Bad url",
-			tweaks: &HCPOpenShiftCluster{
-				Properties: HCPOpenShiftClusterProperties{
-					Proxy: ProxyProfile{
-						HTTPProxy: "http_but_not_a_url",
-					},
-				},
-			},
-			expectErrors: []arm.CloudErrorBody{
-				{
-					Message: "Invalid value 'http_but_not_a_url' for field 'httpProxy' (must be a URL)",
-					Target:  "properties.proxy.httpProxy",
-				},
-			},
-		},
 		{
 			name: "Bad enum_managedserviceidentitytype",
 			tweaks: &HCPOpenShiftCluster{