diff --git a/ansible/inventory/group_vars/all/proxy b/ansible/inventory/group_vars/all/proxy
index eb791bbefa1589064793753f538dca49c822e944..2941e33985ffa2c362f6adf57528f33ee65854b1 100644
--- a/ansible/inventory/group_vars/all/proxy
+++ b/ansible/inventory/group_vars/all/proxy
@@ -19,3 +19,4 @@ no_proxy:
   - "127.0.0.1"
   - "localhost"
   - "{{ ('http://' ~ docker_registry) | urlsplit('hostname') if docker_registry else '' }}"
+  - "{{ kolla_internal_vip_address }}"
diff --git a/etc/kayobe/proxy.yml b/etc/kayobe/proxy.yml
index 714b9dae5c929b70d69fe6e98e4be95740404302..d7df51e52fe79078d7447b03cfe70330274c51f2 100644
--- a/etc/kayobe/proxy.yml
+++ b/etc/kayobe/proxy.yml
@@ -12,8 +12,9 @@
 
 # List of domains, hostnames, IP addresses and networks for which no proxy is
 # used. Defaults to ["127.0.0.1", "localhost", "{{ ('http://' ~
-# docker_registry) | urlsplit('hostname') }}"] if docker_registry is set, or
-# ["127.0.0.1", "localhost"] otherwise. This is configured only if either
+# docker_registry) | urlsplit('hostname') }}","{{ kolla_internal_vip_address
+# }}"] if docker_registry is set, or ["127.0.0.1", "localhost","{{
+# kolla_internal_vip_address }}"] otherwise. This is configured only if either
 # http_proxy or https_proxy is set.
 #no_proxy:
 
diff --git a/releasenotes/notes/adds-internal-vip-to-no-proxy-cbb4db4ea3909185.yaml b/releasenotes/notes/adds-internal-vip-to-no-proxy-cbb4db4ea3909185.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d03f9f5d14a4285d9c36763cf30c4018ee431cc0
--- /dev/null
+++ b/releasenotes/notes/adds-internal-vip-to-no-proxy-cbb4db4ea3909185.yaml
@@ -0,0 +1,17 @@
+---
+features:
+  - |
+    Adds the internal VIP to the NOPROXY/noproxy environment variables.
+security:
+  - |
+    When running API requests from a host configured with kayobe, traffic
+    destined for the internal VIP is sent via the default proxy. This can be a
+    security issue if not using TLS as the proxy will be able to intercept the
+    traffic. If using an untrusted proxy, with TLS disabled on the internal
+    VIP, it is recommended that you run ``kayobe overcloud host configure -t
+    proxy``, ``kayobe seed hypervisor host configure -t proxy``, ``kayobe seed
+    host configure -t proxy``, and ``kayobe infra vm host configure -t proxy``,
+    to add the internal VIP to the no proxy configuration. This is considered a
+    minor issue as traffic between containers will not use the proxy by
+    default.
+    `LP#2087556 <https://launchpad.net/bugs/2087556>`__