Skip to content

Commit 601f450

Browse files
johnmarcojohnmarco
committed
initial draft
1 parent 78b64a7 commit 601f450

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

articles/openshift/concepts-egress-lockdown.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ A well-known subset of domains (that the Azure Red Hat OpenShift clusters need t
3030

3131
## Enable egress lockdown
3232

33-
In order to function, egress lock down relies on the Server Name Indication (SNI) extension to the Transport Layer Security (TLS). All customer workloads that communicate with the well-known subset of domains must have SNI enabled.
33+
In order to function, egress lockdown relies on the Server Name Indication (SNI) extension to the Transport Layer Security (TLS). All customer workloads that communicate with the well-known subset of domains must have SNI enabled.
3434

3535
Egress lockdown is enabled by default for new cluster creation. However, to enable egress lockdown on existing clusters, you must have SNI enabled on the customer workloads. To enable egress lockdown on your existing clusters, submit a support case to either [Microsoft Support](https://support.microsoft.com) or [Red Hat Support](https://www.redhat.com/en/services/support).
3636

articles/openshift/howto-restrict-egress.md

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,16 @@ ms.author: joharder
66
ms.service: azure-redhat-openshift
77
ms.custom: devx-track-azurecli
88
ms.topic: article
9-
ms.date: 02/16/2023
9+
ms.date: 04/03/2023
1010
---
1111
# Control egress traffic for your Azure Red Hat OpenShift (ARO) cluster
1212

1313
This article provides the necessary details that allow you to secure outbound traffic from your Azure Red Hat OpenShift cluster (ARO). With the release of the [Egress Lockdown Feature](./concepts-egress-lockdown.md), all of the required connections for a private cluster are proxied through the service. There are additional destinations that you may want to allow to use features such as Operator Hub, or Red Hat telemetry. An [example](#private-aro-cluster-setup) is be provided at the end showing how to configure these requirements with Azure Firewall. Keep in mind, you can apply this information to Azure Firewall or to any outbound restriction method or appliance.
1414

15+
> [!IMPORTANT]
16+
> Do not attempt these instructions on older ARO clusters if those clusters don't have the Egress Lockdown feature enabled. To enable the Egress Lockdown feature on older ARO clusters, see [Enable Egress Lockdown](./concepts-egress-lockdown.md#enable-egress-lockdown).
17+
18+
1519
## Before you begin
1620

1721
This article assumes that you're creating a new cluster. If you need a basic ARO cluster, see the [ARO quickstart](./tutorial-create-cluster.md).

0 commit comments

Comments
 (0)