split up the firewalls table

Author: paigecalvert

docs/enterprise/installing-embedded-requirements.mdx

@@ -1,6 +1,7 @@
 import EmbeddedClusterRequirements from "../partials/embedded-cluster/_requirements.mdx"
 import EmbeddedClusterPortRequirements from "../partials/embedded-cluster/_port-reqs.mdx"
-import FirewallOpenings from "../partials/install/_firewall-openings.mdx"
+import FirewallOpenings from "../partials/install/_firewall-openings-ec.mdx"
+import FirewallOpeningsIntro from "../partials/install/_firewall-openings-intro.mdx"
 
 # Embedded Cluster Installation Requirements
 
@@ -16,4 +17,6 @@ This topic lists the installation requirements for Replicated Embedded Cluster.
 
 ## Firewall Openings for Online Installations
 
+<FirewallOpeningsIntro/>
+
 <FirewallOpenings/>

docs/enterprise/installing-general-requirements.mdx

@@ -1,6 +1,7 @@
 import DockerCompatibility from "../partials/image-registry/_docker-compatibility.mdx"
 import KubernetesCompatibility from "../partials/install/_kubernetes-compatibility.mdx"
-import FirewallOpenings from "../partials/install/_firewall-openings.mdx"
+import FirewallOpenings from "../partials/install/_firewall-openings-kots.mdx"
+import FirewallOpeningsIntro from "../partials/install/_firewall-openings-intro.mdx"
 
 # KOTS Installation Requirements
 
@@ -268,4 +269,6 @@ KOTS has been tested for compatibility with the following registries:
 
 ## Firewall Openings for Online Installations
 
+<FirewallOpeningsIntro/>
+
 <FirewallOpenings/>

docs/enterprise/installing-kurl-requirements.mdx

@@ -1,4 +1,5 @@
-import FirewallOpenings from "../partials/install/_firewall-openings.mdx"
+import FirewallOpenings from "../partials/install/_firewall-openings-kurl.mdx"
+import FirewallOpeningsIntro from "../partials/install/_firewall-openings-intro.mdx"
 
 # kURL Installation Requirements
 
@@ -35,4 +36,6 @@ You must meet the additional kURL system requirements when applicable:
 
 ## Firewall Openings for Online Installations
 
+<FirewallOpeningsIntro/>
+
 <FirewallOpenings/>

docs/partials/install/_firewall-openings-ec.mdx

@@ -0,0 +1,20 @@
+<table>
+  <tr>
+      <th width="50%">Domain</th>
+      <th>Description</th>
+  </tr>
+  <tr>
+      <td>`proxy.replicated.com`</td>
+      <td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`replicated.app`</td>
+      <td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`registry.replicated.com` &#42;</td>
+      <td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
+  </tr>
+</table>
+
+&#42; Required only if the application uses the [Replicated proxy registry](/vendor/private-images-about).

docs/partials/install/_firewall-openings-helm.mdx

@@ -0,0 +1,20 @@
+<table>
+  <tr>
+      <th width="50%">Domain</th>
+      <th>Description</th>
+  </tr>
+  <tr>
+      <td>`replicated.app` &#42;</td>
+      <td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`registry.replicated.com`</td>
+      <td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`proxy.replicated.com`</td>
+      <td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
+  </tr>
+</table>
+
+&#42; Required only if the [Replicated SDK](/vendor/replicated-sdk-overview) if included as a dependency of the application Helm chart.

docs/partials/install/_firewall-openings-intro.mdx

@@ -0,0 +1,5 @@
+The domains for the services listed in the table below need to be accessible from servers performing online installations. No outbound internet access is required for air gap installations.
+
+For services hosted at domains owned by Replicated, the table below includes a link to the list of IP addresses for the domain at [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json) in GitHub. Note that the IP addresses listed in the `replicatedhq/ips` repository also include IP addresses for some domains that are _not_ required for installation.
+
+For any third-party services hosted at domains not owned by Replicated, consult the third-party's documentation for the IP address range for each domain, as needed. 

docs/partials/install/_firewall-openings-kots.mdx

@@ -0,0 +1,34 @@
+<table>
+  <tr>
+      <th width="50%">Domain</th>
+      <th>Description</th>
+  </tr>
+  <tr>
+      <td>Docker Hub</td>
+      <td><p>Some dependencies of KOTS are hosted as public images in Docker Hub. The required domains for this service are `index.docker.io`, `cdn.auth0.com`, `*.docker.io`, and `*.docker.com.`</p></td>
+  </tr>
+  <tr>
+      <td>`proxy.replicated.com` &#42;</td>
+      <td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`replicated.app`</td>
+      <td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`registry.replicated.com` &#42;&#42;</td>
+      <td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`kots.io`</td>
+      <td><p>Requests are made to this domain when installing the Replicated KOTS CLI. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p></td>
+  </tr>
+  <tr>
+     <td>`github.com`</td>
+     <td>Requests are made to this domain when installing the Replicated KOTS CLI. For information about retrieving GitHub IP addresses, see [About GitHub&#39;s IP addresses](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses) in the GitHub documentation.</td>
+  </tr>
+</table>
+
+&#42; Required only if the application uses the [Replicated proxy registry](/vendor/private-images-about).
+
+&#42;&#42; Required only if the application uses the [Replicated registry](/vendor/private-images-replicated).

docs/partials/install/_firewall-openings-kurl.mdx

@@ -0,0 +1,34 @@
+<table>
+  <tr>
+      <th width="50%">Domain</th>
+      <th>Description</th>
+  </tr>
+  <tr>
+      <td>Docker Hub</td>
+      <td><p>Some dependencies of KOTS are hosted as public images in Docker Hub. The required domains for this service are `index.docker.io`, `cdn.auth0.com`, `*.docker.io`, and `*.docker.com.`</p></td>
+  </tr>
+  <tr>
+      <td>`proxy.replicated.com` &#42;</td>
+      <td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`replicated.app`</td>
+      <td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`registry.replicated.com` &#42;&#42;</td>
+      <td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
+  </tr>
+  <tr>
+     <td><p>`k8s.kurl.sh`</p><p>`s3.kurl.sh`</p></td>
+     <td><p>kURL installation scripts and artifacts are served from [kurl.sh](https://kurl.sh). An application identifier is sent in a URL path, and bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `k8s.kurl.sh`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L34-L39) in GitHub.</p><p> The range of IP addresses for `s3.kurl.sh` are the same as IP addresses for the `kurl.sh` domain. For the range of IP address for `kurl.sh`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L28-L31) in GitHub.</p></td>
+  </tr>
+  <tr>
+     <td>`amazonaws.com`</td>
+     <td>`tar.gz` packages are downloaded from Amazon S3 during installations with kURL. For information about dynamically scraping the IP ranges to allowlist for accessing these packages, see [AWS IP address ranges](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download) in the AWS documentation.</td>
+  </tr>
+</table>
+
+&#42; Required only if the application uses the [Replicated proxy registry](/vendor/private-images-about).
+
+&#42;&#42; Required only if the application uses the [Replicated registry](/vendor/private-images-replicated).

docs/partials/install/_firewall-openings.mdx

@@ -54,7 +54,7 @@ For third-party services hosted at domains not owned by Replicated, the table be
         <td>Requests are made to this domain when installing the Replicated KOTS CLI. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</td>
     </tr>
     <tr>
-        <td>`github.com `</td>
+        <td>`github.com`</td>
         <td>Not Required</td>
         <td>Not Required</td>
         <td>Required</td>
@@ -79,8 +79,8 @@ For third-party services hosted at domains not owned by Replicated, the table be
     </tr>
 </table>
 
-&#42; Required only if the application uses the Replicated proxy registry. Contact your software vendor for more information.
+&#42; Required only if the application uses the [Replicated proxy registry](/vendor/private-images-about).
 
-&#42;&#42; Required only if the application uses the Replicated registry. Contact your software vendor for more information.
+&#42;&#42; Required only if the application uses the [Replicated registry](/vendor/private-images-replicated).
 
-&#42;&#42;&#42; Required only if the Replicated SDK if included as a dependency of the application Helm chart. For more information, see [About the Replicated SDK](/vendor/replicated-sdk-overview).
+&#42;&#42;&#42; Required only if the [Replicated SDK](/vendor/replicated-sdk-overview) if included as a dependency of the application Helm chart.

docs/vendor/install-with-helm.mdx

@@ -1,4 +1,6 @@
 import Prerequisites from "../partials/helm/_helm-install-prereqs.mdx"
+import FirewallOpenings from "../partials/install/_firewall-openings-helm.mdx"
+import FirewallOpeningsIntro from "../partials/install/_firewall-openings-intro.mdx"
 
 # Installing with Helm
 
@@ -10,34 +12,11 @@ Before you install, complete the following prerequisites:
 
 <Prerequisites/>
 
-## Firewall Openings Requirements
-
-The domains for the services listed below need to be accessible from servers performing online (internet-connected) installations:
-
-:::note
-No outbound internet access is required for air gap installations.
-:::
-
-<table>
-  <tr>
-      <th>Domain</th>
-      <th>Description</th>
-  </tr>
-  <tr>
-      <td>`proxy.replicated.com`</td>
-      <td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
-  </tr>
-  <tr>
-      <td>`registry.replicated.com` </td>
-      <td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
-  </tr>
-  <tr>
-      <td>`replicated.app` &#42;</td>
-      <td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
-  </tr>
-</table>
-
-&#42; Required only if the Replicated SDK if included as a dependency of the application Helm chart. For more information, see [About the Replicated SDK](/vendor/replicated-sdk-overview).
+## Firewall Openings for Online Installations
+
+<FirewallOpeningsIntro/>
+
+<FirewallOpenings/>
 
 ## Install