Proxy configuration

Proxy configuration is needed only in a connected install through proxy.

  • Note: As a prerequisite, check the following points for proxy limitations:
    • Ensure that there are no restrictions on the maximum file size for download through proxy or that it must be adjusted adequately.
    • Ensure that there is enough bandwidth available, or otherwise installation might run into errors due to download timeouts
    • Ensure that there are no quotas or download limits set or adjusted appropriately, or else pods might get into a crash loop due to download limitations.
    • Do not use special characters in proxy credentials.
  • If you plan to setup Metro-DR and both sites use proxy, then site1 API must be in the allowed list of site2 proxy and site2 API must be in the allowed list of site1 proxy.
  • If you are going to install through your enterprise registry and that is also via your proxy, then add http://<enterprise registry host name>
  • If you plan to use a proxy server for internet access with IBM Fusion HCI for configuration, add the following list to access control list (ACL) on proxy server:
    • registry.redhat.io
    • redhat.com
    • registry.connect.redhat.com
    • console.redhat.com
    • cloud.redhat.com
    • access.redhat.com
    • registry.access.redhat.com
    • api.access.redhat.com
    • quay.io
    • cdn.quay.io
    • cdn01.quay.io
    • cdn02.quay.io
    • cdn03.quay.io
    • cdn04.quay.io
    • cdn05.quay.io
    • cdn06.quay.io
    • sso.redhat.com
    • oauth-openshift.apps.<cluster_name>.<base_domain>
    • canary-openshift-ingress-canary.apps.<cluster_name>.<base_domain>
    • console-openshift-console.apps.<cluster_name>.<base_domain>
    • api.openshift.com
    • infogw.api.openshift.com
    • mirror.openshift.com
    • docker.com
    • docker.io
    • dseasb33srnrn.cloudfront.net
    • rhc4tp-prod-z8cxf-image-registry-us-east-1-evenkyleffocxqvofrk.s3.dualstack.us-east-1.amazonaws.com
    • storage.googleapis.com
    • pkg-containers.githubusercontent.com
    • ghcr.io
    • www.okd.io
  • If your IBM Fusion appliance contains GPU nodes, you must configure the following sites:
    • cloud.openshift.com
    • .nvcr.io
    • .d3c2pjnrr68kpx.cloudfront.net
    • containers.nvcr.io
    • authn.nvcr.io
    • api.ngc.nvidia.com
    • catalog.ngc.nvidia.com
  • The following firewall sites must be configured for IBM Cloud Container registry:
    • icr.io
    • cp.icr.io
    • dd0.icr.io
    • dd2.icr.io
    If you're located in China, you must also allow the following hosts:
    • dd1-icr.ibm-zh.com
    • dd3-icr.ibm-zh.com
  • The following firewall site must be configured for Me tor-DR set up:
    • gcr.io
  • The following firewall sites must be configured to interact with IBM or Red Hat® services:
  • The following firewall sites must be configured for Call Home:
    • www.ecurep.ibm.com
    • esupport.ibm.com
  • The following endpoints must be configured for Remote Support:
    • aosrelay1.us.ihost.com
    • aosback.us.ihost.com
    • aoshats.us.ihost.com