Configure squid-proxy¶
By default squid-proxy allows an access only to the official RedHat
subscription.rhsm.redhat.com and .cdn.redhat.com URLs or to the
CentOS *.centos.org mirrors.
If you use RedHat Satellite server or if you want to access some specific
yum repositories of RedHat or CentOS, allow those domains
(or IPs addresses) in the squid-proxy configuration
on the management or regional cluster.
Note
You can apply the procedure below before or after the management or regional cluster deployment.
To configure squid-proxy for an access to specific domains:
Modify the allowed domains for
squid-proxyin the regional Helm releases configuration for thevsphereprovider using the example below.For new deployments, modify
templates/vsphere/cluster.yaml.templateFor existing deployments, modify the management or regional cluster configuration:
kubectl edit cluster <mgmtOrRegionalClusterName> -n <projectName>
Example configuration:
spec: ... providerSpec: value: ... kaas: ... regional: - helmReleases: ... - name: squid-proxy values: config: domains: rhel: - .subscription.rhsm.redhat.com - .cdn.redhat.com - .centos.org - .satellite.server.org - .custom.centos.mirror.org - 172.16.10.10 provider: vsphere
On a deployed cluster, verify that the configuration is applied properly by verifying
configmapforsquid-proxy:kubectl describe configmap squid-proxy -n kaas
The
squid.confdata should include the provided domains. For example:acl rhel dstdomain .subscription.rhsm.redhat.com .cdn.redhat.com .centos.org .satellite.server.org .custom.centos.mirror.org 172.16.10.10