diff --git a/CHANGELOG.md b/CHANGELOG.md
index b01e6553..f78354ea 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Added
+
+- Add support for configuring outgoing proxy for the cluster.
 - Allow configuration of loadbalancer for Control Plane API (`internet-facing` will be default).
 
 ## [0.8.7] - 2022-08-26
diff --git a/helm/cluster-aws/files/etc/systemd/system/containerd.service.d/http_proxy.conf b/helm/cluster-aws/files/etc/systemd/system/containerd.service.d/http_proxy.conf
new file mode 100644
index 00000000..0d54f54d
--- /dev/null
+++ b/helm/cluster-aws/files/etc/systemd/system/containerd.service.d/http_proxy.conf
@@ -0,0 +1,3 @@
+[Service]
+Environment="HTTP_PROXY={{ .Values.proxy.http_proxy }}"
+Environment="HTTPS_PROXY={{ .Values.proxy.https_proxy }}"
diff --git a/helm/cluster-aws/templates/_control_plane.tpl b/helm/cluster-aws/templates/_control_plane.tpl
index bf09676a..8a0ae1b6 100644
--- a/helm/cluster-aws/templates/_control_plane.tpl
+++ b/helm/cluster-aws/templates/_control_plane.tpl
@@ -112,6 +112,7 @@ spec:
     files:
     {{- include "sshFiles" . | nindent 4 }}
     {{- include "diskFiles" . | nindent 4 }}
+    {{- if .Values.proxy.enabled }}{{- include "proxyFiles" . | nindent 4 }}{{- end }}
     {{- include "kubernetesFiles" . | nindent 4 }}
     initConfiguration:
       localAPIEndpoint:
diff --git a/helm/cluster-aws/templates/_helpers.tpl b/helm/cluster-aws/templates/_helpers.tpl
index 067198f5..1996e82b 100644
--- a/helm/cluster-aws/templates/_helpers.tpl
+++ b/helm/cluster-aws/templates/_helpers.tpl
@@ -58,6 +58,13 @@ room for such suffix.
   encoding: base64
   content: {{ $.Files.Get "files/opt/init-disks.sh" | b64enc }}
 {{- end -}}
+{{- define "proxyFiles" -}}
+- path: /etc/systemd/system/containerd.service.d/http-proxy.conf
+  permissions: "0644"
+  encoding: base64
+  content: {{ tpl ($.Files.Get "files/etc/systemd/system/containerd.service.d/http-proxy.conf") . | b64enc }}
+{{- end -}}
+
 
 {{- define "kubernetesFiles" -}}
 - path: /etc/kubernetes/policies/audit-policy.yaml
diff --git a/helm/cluster-aws/templates/_machine_pools.tpl b/helm/cluster-aws/templates/_machine_pools.tpl
index 33e181da..310a5283 100644
--- a/helm/cluster-aws/templates/_machine_pools.tpl
+++ b/helm/cluster-aws/templates/_machine_pools.tpl
@@ -88,6 +88,9 @@ spec:
   {{- include "sshPostKubeadmCommands" . | nindent 2 }}
   users:
   {{- include "sshUsers" . | nindent 2 }}
+  files:
+  {{- include "sshFiles" $ | nindent 2 }}
+  {{- if $.Values.proxy.enabled }}{{- include "proxyFiles" $ | nindent 2 }}{{- end }}
 ---
 {{ end }}
 {{- end -}}
diff --git a/helm/cluster-aws/values.schema.json b/helm/cluster-aws/values.schema.json
index a744bfd7..4dbd64c9 100644
--- a/helm/cluster-aws/values.schema.json
+++ b/helm/cluster-aws/values.schema.json
@@ -166,6 +166,20 @@
         "organization": {
             "type": "string"
         },
+        "proxy": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "http_proxy": {
+                    "type": "string"
+                },
+                "https_proxy": {
+                    "type": "string"
+                }
+            }
+        },
         "releaseVersion": {
             "type": "string"
         },
diff --git a/helm/cluster-aws/values.yaml b/helm/cluster-aws/values.yaml
index 83d677fd..bc9cc1ac 100644
--- a/helm/cluster-aws/values.yaml
+++ b/helm/cluster-aws/values.yaml
@@ -58,6 +58,11 @@ oidc:
   usernameClaim: ""
   groupsClaim: ""
 
+proxy:
+  enabled: false
+  http_proxy: ""
+  https_proxy: ""
+
 # Used by `cluster-shared` library chart
 includeClusterResourceSet: true
 kubectlImage: