Skip to content

Commit 4bdf39d

Browse files
kelbrown20kelbrown20
committed
BZ:1942662 - Adding firewall URL sections to point 5 instead of 4
1 parent c0b7f93 commit 4bdf39d

File tree

1 file changed

+16
-6
lines changed

1 file changed

+16
-6
lines changed

modules/configuring-firewall.adoc

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,15 +74,11 @@ CDN hostnames, such as `cdn01.quay.io`, are covered when you add a wildcard entr
7474
|===
7575
|Cloud |URL | Port |Function
7676

77-
.2+|AWS
77+
|AWS
7878
|`*.amazonaws.com`
7979
|443, 80
8080
|Required to access AWS services and resources. Review the link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS Service Endpoints] in the AWS documentation to determine the exact endpoints to allow for the regions that you use.
8181

82-
|`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
83-
|443, 80
84-
|Required to access AWS services and resources when using strict security requirements. Review the link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS Service Endpoints] in the AWS documentation to determine the exact endpoints to allow for the regions that you use.
85-
8682
.2+|GCP
8783
|`*.googleapis.com`
8884
|443, 80
@@ -137,7 +133,6 @@ CDN hostnames, such as `cdn01.quay.io`, are covered when you add a wildcard entr
137133
|443, 80
138134
|Required for `odo` CLI.
139135
|===
140-
+
141136
Operators require route access to perform health checks. Specifically, the
142137
authentication and web console Operators connect to two routes to verify that
143138
the routes work. If you are the cluster administrator and do not want to allow
@@ -148,6 +143,21 @@ the routes work. If you are the cluster administrator and do not want to allow
148143
that is specified in the `spec.route.hostname` field of the
149144
`consoles.operator/cluster` object if the field is not empty.
150145

146+
. Allowlist the following URLs for optional third-party content:
147+
+
148+
[cols="3,2,4",options="header"]
149+
|===
150+
|URL | Port | Function
151+
152+
|`registry.connect.redhat.com`
153+
|443, 80
154+
|Required for all third-party images and certified operators.
155+
156+
|`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
157+
|443, 80
158+
|Required for Sonatype Nexus, F5 Big IP operators.
159+
|===
160+
+
151161
. If you use a default Red Hat Network Time Protocol (NTP) server allow the following URLs:
152162
* `1.rhel.pool.ntp.org`
153163
* `2.rhel.pool.ntp.org`

0 commit comments

Comments
 (0)