chapinb
commented
1 year ago Though this issue is a bit stale, I wanted to share this resource in case you (or others) haven't seen it yet: https://docs.openshift.com/container-platform/4.11/installing/install_config/configuring-firewall.html
It suggests that cdn0[1-3].quay.io can be used in the allowlist.
Hi all.
In our on prem network we have to request access to technical URLs like quay.io via change requests to the internet proxy team to be able to reach them with tools like Docker or Podman.
I have requested to quay.io which is working fine, but a Docker pull is suddenly ending up in 407 proxy auth errors. Analysis with our proxy team figured out that a redirect is happening to cdn.quay.io and furthermore to cdn02.quay.io etc.
Is there a stable list of URLs which we could add to our rules? The proxy team and internal security will most likely not accept wildcard rules like *.quay.io if there is no good reason.
Thanks for your hints.
Regards Sergei