Important firewall changes for customers pulling container images

The Red Hat container image registries are changing, and you may need to adjust firewall settings. Please be sure to make this adjustment by May 1, 2023, or you could lose access to Red Hat container content.

Currently all image manifests and filesystem blobs are served directly from registry.redhat.io and registry.access.redhat.com. The coming change will mean filesystem blobs are served from Quay.io instead. To avoid problems pulling container images, you will need to allow outbound connections to these hostnames:

cdn.quay.io
cdn01.quay.io
cdn02.quay.io
cdn03.quay.io

After making this change you will be able to continue pulling images from registry.redhat.io and registry.access.redhat.com as before. You do not need a Quay.io login, or to interact with the Quay.io registry directly in any way, in order to continue pulling Red Hat container images.

Outbound connections to these hosts may already be allowed in your firewall configuration as a result of having previously followed the OpenShift installation instructions, or due to otherwise needing to use the Quay.io registry.

For more detailed information, please review this Knowledgebase article. Your Red Hat account team or Red Hat partner is also available for guidance.