diff --git a/pkg/kube/cluster_config.go b/pkg/kube/cluster_config.go
index 04ed2383e61..20eea946677 100644
--- a/pkg/kube/cluster_config.go
+++ b/pkg/kube/cluster_config.go
@@ -137,7 +137,10 @@ func NewClusterConfig(inClusterConfig *rest.Config, userToken string, cluster st
 		return config, nil
 	}
 
-	if cluster == clustersConfig.KubeappsClusterName {
+	// We cannot assume that if the cluster is the kubeapps cluster that we simply return
+	// the incluster config, because some users set proxies in front of their clusters in
+	// which case the incluster kubernetes.default will skip the proxy.
+	if cluster == clustersConfig.KubeappsClusterName && clusterConfig.APIServiceURL == "" {
 		return config, nil
 	}
 
diff --git a/pkg/kube/cluster_config_test.go b/pkg/kube/cluster_config_test.go
index 7306e09b2bb..4181a946063 100644
--- a/pkg/kube/cluster_config_test.go
+++ b/pkg/kube/cluster_config_test.go
@@ -44,6 +44,39 @@ func TestNewClusterConfig(t *testing.T) {
 				BearerTokenFile: "",
 			},
 		},
+		{
+			name:      "returns a cluster config with explicit apiServiceURL and cert even for the kubeapps default cluster, when specified",
+			userToken: "token-1",
+			cluster:   "default",
+			clustersConfig: ClustersConfig{
+				KubeappsClusterName: "default",
+				Clusters: map[string]ClusterConfig{
+					"default": {
+						APIServiceURL:                   "https://proxy.example.com:7890",
+						CertificateAuthorityData:        "Y2EtZmlsZS1kYXRhCg==",
+						CertificateAuthorityDataDecoded: "ca-file-data",
+						CAFile:                          "/tmp/ca-file-data",
+					},
+				},
+			},
+			inClusterConfig: &rest.Config{
+				Host:            "https://something-else.example.com:6443",
+				BearerToken:     "something-else",
+				BearerTokenFile: "/foo/bar",
+				TLSClientConfig: rest.TLSClientConfig{
+					CAFile: "/var/run/whatever/ca.crt",
+				},
+			},
+			expectedConfig: &rest.Config{
+				Host:            "https://proxy.example.com:7890",
+				BearerToken:     "token-1",
+				BearerTokenFile: "",
+				TLSClientConfig: rest.TLSClientConfig{
+					CAData: []byte("ca-file-data"),
+					CAFile: "/tmp/ca-file-data",
+				},
+			},
+		},
 		{
 			name:      "returns an in-cluster config when the global packaging cluster token is specified",
 			userToken: "token-1",