Skip to content

Commit f8c6fed

Browse files
lpettyjolpettyjo
authored
Merge pull request #37792 from kelbrown20/additional-url-needed-in-firewall-1942662
BZ:1942662 - Adding firewall URL sections to point 5 instead of 4
2 parents 3e48e82 + 4bdf39d commit f8c6fed

File tree

1 file changed

+16
-6
lines changed

1 file changed

+16
-6
lines changed

modules/configuring-firewall.adoc

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -74,15 +74,11 @@ CDN hostnames, such as `cdn01.quay.io`, are covered when you add a wildcard entr
7474
|===
7575
|Cloud |URL | Port |Function
7676

77-
.2+|AWS
77+
|AWS
7878
|`*.amazonaws.com`
7979
|443, 80
8080
|Required to access AWS services and resources. Review the link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS Service Endpoints] in the AWS documentation to determine the exact endpoints to allow for the regions that you use.
8181

82-
|`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
83-
|443, 80
84-
|Required to access AWS services and resources when using strict security requirements. Review the link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS Service Endpoints] in the AWS documentation to determine the exact endpoints to allow for the regions that you use.
85-
8682
.2+|GCP
8783
|`*.googleapis.com`
8884
|443, 80
@@ -145,7 +141,6 @@ CDN hostnames, such as `cdn01.quay.io`, are covered when you add a wildcard entr
145141
|443, 80
146142
|Required for `odo` CLI.
147143
|===
148-
+
149144
Operators require route access to perform health checks. Specifically, the
150145
authentication and web console Operators connect to two routes to verify that
151146
the routes work. If you are the cluster administrator and do not want to allow
@@ -156,6 +151,21 @@ the routes work. If you are the cluster administrator and do not want to allow
156151
that is specified in the `spec.route.hostname` field of the
157152
`consoles.operator/cluster` object if the field is not empty.
158153

154+
. Allowlist the following URLs for optional third-party content:
155+
+
156+
[cols="3,2,4",options="header"]
157+
|===
158+
|URL | Port | Function
159+
160+
|`registry.connect.redhat.com`
161+
|443, 80
162+
|Required for all third-party images and certified operators.
163+
164+
|`oso-rhc4tp-docker-registry.s3-us-west-2.amazonaws.com`
165+
|443, 80
166+
|Required for Sonatype Nexus, F5 Big IP operators.
167+
|===
168+
+
159169
. If you use a default Red Hat Network Time Protocol (NTP) server allow the following URLs:
160170
* `1.rhel.pool.ntp.org`
161171
* `2.rhel.pool.ntp.org`

0 commit comments

Comments
 (0)