Configure squid-proxy

Note

Consider this section as part of the vSphere-based CLI or web UI bootstrap procedure.

By default squid-proxy allows an access only to the official RedHat subscription.rhsm.redhat.com and .cdn.redhat.com URLs.

If you use RedHat Satellite server or if you want to access some specific yum repositories of RedHat, allow those domains (or IPs addresses) in the squid-proxy configuration on the management cluster.

Note

You can apply the procedure below before or after the management cluster deployment.

To configure squid-proxy for an access to specific domains:

  1. Modify the allowed domains for squid-proxy in the regional Helm releases configuration for the vsphere provider using the example below.

    • For new deployments, modify templates/vsphere/cluster.yaml.template

    • For existing deployments, modify the management cluster configuration:

      kubectl edit cluster <mgmtClusterName> -n <projectName>
      

    Example configuration:

    spec:
      ...
      providerSpec:
        value:
          ...
          kaas:
            ...
            regional:
              - helmReleases:
                ...
                - name: squid-proxy
                  values:
                    config:
                      domains:
                        rhel:
                        - .subscription.rhsm.redhat.com
                        - .cdn.redhat.com
                        - .satellite.server.org
                        - 172.16.10.10
                provider: vsphere
    
  2. On a deployed cluster, verify that the configuration is applied properly by verifying configmap for squid-proxy:

    kubectl describe configmap squid-proxy -n kaas
    

    The squid.conf data should include the provided domains. For example:

    acl rhel dstdomain .subscription.rhsm.redhat.com .cdn.redhat.com .satellite.server.org 172.16.10.10