Merge pull request #69898 from dfitzmau/OCPBUGS-24859

ShaunaDiaz · web-flow · commit 71bd0c2cf6fb · 2024-01-15T08:50:09.000-05:00
OCPBUGS-24589: Updated Config firewall for OCP section in Install config
diff --git a/modules/configuring-firewall.adoc b/modules/configuring-firewall.adoc
@@ -61,7 +61,7 @@ If your environment has a dedicated load balancer in front of your {product-titl
 1. In a firewall environment, ensure that the `access.redhat.com` resource is on the allowlist. This resource hosts a signature store that a container client requires for verifying images when pulling them from `registry.access.redhat.com`.
 --
 +
-You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, image downloads are denied when the initial download request redirects to a hostname such as `cdn01.quay.io`.
+You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn.quay.io` and `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, image downloads are denied when the initial download request redirects to a hostname such as `cdn01.quay.io`.
 
 . Allowlist any site that provides resources for a language or framework that your builds require.
 

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ If your environment has a dedicated load balancer in front of your {product-titl`
`61`	`61`	1. In a firewall environment, ensure that the `access.redhat.com` resource is on the allowlist. This resource hosts a signature store that a container client requires for verifying images when pulling them from `registry.access.redhat.com`.
`62`	`62`	`--`
`63`	`63`	`+`
`64`		-You can use the wildcards `\.quay.io` and `.openshiftapps.com` instead of `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, image downloads are denied when the initial download request redirects to a hostname such as `cdn01.quay.io`.
	`64`	+You can use the wildcards `\.quay.io` and `.openshiftapps.com` instead of `cdn.quay.io` and `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, image downloads are denied when the initial download request redirects to a hostname such as `cdn01.quay.io`.
`65`	`65`
`66`	`66`	`. Allowlist any site that provides resources for a language or framework that your builds require.`
`67`	`67`