Configure squid-proxy¶
By default squid-proxy
allows an access only to the official RedHat
subscription.rhsm.redhat.com
and .cdn.redhat.com
URLs or to the
CentOS *.centos.org
mirrors.
If you use RedHat Satellite server or if you want to access some specific
yum
repositories of RedHat or CentOS, allow those domains
(or IPs addresses) in the squid-proxy
configuration
on the management or regional cluster.
Note
You can apply the procedure below before or after the management or regional cluster deployment.
To configure squid-proxy for an access to specific domains:
Modify the allowed domains for
squid-proxy
in the regional Helm releases configuration for thevsphere
provider using the example below.For new deployments, modify
templates/vsphere/cluster.yaml.template
For existing deployments, modify the management or regional cluster configuration:
kubectl edit cluster <mgmtOrRegionalClusterName> -n <projectName>
Example configuration:
spec: ... providerSpec: value: ... kaas: ... regional: - helmReleases: ... - name: squid-proxy values: config: domains: rhel: - .subscription.rhsm.redhat.com - .cdn.redhat.com - .centos.org - .satellite.server.org - .custom.centos.mirror.org - 172.16.10.10 provider: vsphere
On a deployed cluster, verify that the configuration is applied properly by verifying
configmap
forsquid-proxy
:kubectl describe configmap squid-proxy -n kaas
The
squid.conf
data should include the provided domains. For example:acl rhel dstdomain .subscription.rhsm.redhat.com .cdn.redhat.com .centos.org .satellite.server.org .custom.centos.mirror.org 172.16.10.10