- Red Hat OpenShift Container Platform (RHOCP)
- To what URLs does an OpenShift cluster need to access?
- Which URLs need to be allowed on the OCP HTTP proxy?
For OpenShift 4, review Configuring your firewall section in addition to this article.
The outbound depends on the language and frameworks used in OpenShift.
OpenShift depends on the Red Hat registry, which provides the basic pod images, registry image, and router image.
Below is the list of the recommended URLs to be allowed on firewall or proxy:
- registry.access.redhat.com (provides pod, registry, router, s2i, jboss and etc images) - registry.redhat.io - registry.connect.redhat.com (provides third-party images) - quay.io - *.quay.io - storage.googleapis.com/openshift-release - sso.redhat.com - docker.io (images not in Red Hat's registry) - docker.com - hub.docker.com - index.docker.io
- Depending on your firewall you may need to add this to be able to download image blobs:
- oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com (CNAME) - s3-us-west-2-r-w.amazonaws.com
- Source code repositories (allow the ones that apply):
- github.com - gitlab.com - Internal git repository hostnames
- Language/framework related resources (allow the ones that apply)
*.maven.org *.apache.org *.npmjs.com *.openshift.io *.openshift.org *.docker.io *.docker.org *.rubygems.org *.cpan.org *.githubusercontent.com *.githubapp.com *.cloudfront.net *.fabric8.io *.codehaus.org *.sonatype.org *.jboss.org *.jenkins-ci.org *.jenkins.io *.bintray.com *.spring.io *.eclipse.org *.fusesource.com *.eclipse.org *.quay.io
- When registering RHEL hosts with subscription manager, it needs to access the subscription url  and has to have access the redhat repos atomic-openshift-* and docker-*. The OpenShift could be installed without connection to the internet, but pod, registry, and router images must be available in the custom registry or available on hosts.
- Red Hat OpenShift Container Platform
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.