- Get a machine to run
mitmproxy
. Anything that can get an IP will work. - Download
mitmproxy
:wget https://snapshots.mitmproxy.org/5.0.1/mitmproxy-5.0.1-linux.tar.gz
- Unpack:
tar -xf mitmproxy-5.0.1-linux.tar.gz
- Just run mitmproxy:
./mitmproxy --set block_global=false
. Disablingblock_global
is important to allow any traffic. - Get the relevant certificate:
cat ~/.mitmproxy/mitmproxy-ca-cert.pem
- Try out it works:
curl --proxy $IP:8080 --cacert mitmproxy-ca-cert.pem https://www.canihazip.com/s
Create a ConfigMap containing the certificate from above:
apiVersion: v1
data:
ca-bundle.crt: |
<MY_PEM_ENCODED_CERTS>
kind: ConfigMap
metadata:
name: user-ca-bundle
namespace: openshift-config
Configure the global proxy object to talk to our setup proxy using the specified cert:
apiVersion: config.openshift.io/v1
kind: Proxy
metadata:
name: cluster
spec:
httpProxy: http://$IP:8080
httpsProxy: http://$IP:8080
noProxy: example.com
trustedCA:
name: user-ca-bundle
Apply a Knative Service and observe how the request goes via the Proxy, even if it's HTTPS:
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: helloworld-go
namespace: default
spec:
template:
spec:
containers:
- image: gcr.io/knative-samples/helloworld-go # The URL to the image of the app
env:
- name: TARGET # The environment variable printed out by the sample app
value: "Go Sample v1"
> 08:14:15 GET HTTPS gcr.io /v2/ 401 ~plication/json 84b 108ms
08:14:15 GET HTTPS gcr.io /v2/token?scope=repository%3Aknative-samples%2Fhelloworld-go%3Apull&service=gcr.~ 200 ~plication/json 408b 130ms
08:14:16 GET HTTPS gcr.io /v2/knative-samples/helloworld-go/manifests/latest 200 ~nifest.v2+json 2.16k 326ms
For Privoxy see