Configure squid-proxy

By default squid-proxy allows an access only to the official RedHat subscription.rhsm.redhat.com and .cdn.redhat.com URLs or to the CentOS *.centos.org mirrors.

If you use RedHat Satellite server or if you want to access some specific yum repositories of RedHat or CentOS, allow those domains (or IPs addresses) in the squid-proxy configuration on the management or regional cluster.

Note

You can apply the procedure below before or after the management or regional cluster deployment.

To configure squid-proxy for an access to specific domains:

  1. Modify the allowed domains for squid-proxy in the regional Helm releases configuration for the vsphere provider using the example below.

    • For new deployments, modify templates/vsphere/cluster.yaml.template

    • For existing deployments, modify the management or regional cluster configuration:

      kubectl edit cluster <mgmtOrRegionalClusterName> -n <projectName>
      

    Example configuration:

    spec:
      ...
      providerSpec:
        value:
          ...
          kaas:
            ...
            regional:
              - helmReleases:
                ...
                - name: squid-proxy
                  values:
                    config:
                      domains:
                        rhel:
                        - .subscription.rhsm.redhat.com
                        - .cdn.redhat.com
                        - .centos.org
                        - .satellite.server.org
                        - .custom.centos.mirror.org
                        - 172.16.10.10
                provider: vsphere
    
  2. On a deployed cluster, verify that the configuration is applied properly by verifying configmap for squid-proxy:

    kubectl describe configmap squid-proxy -n kaas
    

    The squid.conf data should include the provided domains. For example:

    acl rhel dstdomain .subscription.rhsm.redhat.com .cdn.redhat.com .centos.org .satellite.server.org .custom.centos.mirror.org 172.16.10.10