This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 90%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Now you can add proxy to your aks.
https://learn.microsoft.com/en-us/azure/aks/http-proxy
And if you read the article it seems like you are not going to use any other outbound system for your aks.
But when you deploy it using az cli you find that you still have to decide which "--outbound-type" you need. Even if you don't text it it gets its default value.
My question is: proxy? What for? I thought it was an alternative to outbound-type
No matter if I use proxy because I still need other outbound traffic for the whole cluster.
am I wrong?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 35%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @JUFO , has your query been answered?
Hi @JULIOFOR
Thanks for reaching Q & A forum.
Based on your question, Yes if you not declared it will used default values.
HTTP proxy support to AKS clusters, exposing a straightforward interface that cluster operators can use to secure AKS-required network traffic in proxy-dependent environments.
A proxy URL to use for creating HTTPS connections outside the cluster. If this is not specified, then httpProxy is used for both HTTP and HTTPS connections. noProxy: A list of destination domain names, domains, IP addresses or other network CIDRs to exclude proxying.
Create a file and provide values for httpProxy, httpsProxy, and noProxy. If your environment requires it, also provide a trustedCa value. Next, deploy a cluster, passing in your filename via the http-proxy-config flag.
-------
If this answers your query, do click Accept Answer and Up-Vote for the same. And, if you have any further query do let us know.
What I mean is that no matter you use the flag "--http-proxy-config" you have to decide wich "--outbound-type" you are going to use for the whole aks.
If you set only "--http-proxy-config" with the json file it takes the default "--outbound-type" value, wich is loadBalancer. So in turn it creates a public ip in your infra.
I don't want any public ip, and the single option to achive that is to use "--outbound-type userDefinedRouting" but it forces you to use route table to take your trafic to other point like a firewall (no proxy).
I thought that using proxy will evoid to use "--outbound-type" at all.
That is why I don't understand the advantage.
There should be an option like "--outbound-type userDefinedProxy", because "in proxy dependent environments" means that you are not allow to use other outbound in your infra than proxy
Am I wrong or you have to create AKS cluster with nat gateway, route or ip no matter if you use proxy?
I've tried every option and you need to deploy one of them.
Is there any option to set your outbound cluster traffic without using that "--outbound-type". As I mentioned, if you don't explicit "--outbound-type" aks creates a public ip by default.
Anyone who has deployed AKS with proxy option can answer me?