add firewall reqs to helm install

Author: paigecalvert

docs/vendor/install-with-helm.md renamed to docs/vendor/install-with-helm.mdx

@@ -10,6 +10,35 @@ Before you install, complete the following prerequisites:
 
 <Prerequisites/>
 
+## Firewall Openings Requirements
+
+The domains for the services listed below need to be accessible from servers performing online (internet-connected) installations:
+
+:::note
+No outbound internet access is required for air gap installations.
+:::
+
+<table>
+  <tr>
+      <th>Domain</th>
+      <th>Description</th>
+  </tr>
+  <tr>
+      <td>`proxy.replicated.com`</td>
+      <td><p>Private Docker images are proxied through `proxy.replicated.com`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `proxy.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L52-L57) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`registry.replicated.com` </td>
+      <td><p>Some applications host private images in the Replicated registry at this domain. The on-prem docker client uses a license ID to authenticate to `registry.replicated.com`. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA.</p><p> For the range of IP addresses for `registry.replicated.com`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L20-L25) in GitHub.</p></td>
+  </tr>
+  <tr>
+      <td>`replicated.app` &#42;</td>
+      <td><p>Upstream application YAML and metadata is pulled from `replicated.app`. The current running version of the application (if any), as well as a license ID and application ID to authenticate, are all sent to `replicated.app`. This domain is owned by Replicated, Inc., which is headquartered in Los Angeles, CA.</p><p>For the range of IP addresses for `replicated.app`, see [replicatedhq/ips](https://github.com/replicatedhq/ips/blob/main/ip_addresses.json#L60-L65) in GitHub.</p></td>
+  </tr>
+</table>
+
+&#42; Required only if the Replicated SDK if included as a dependency of the application Helm chart. For more information, see [About the Replicated SDK](/vendor/replicated-sdk-overview).
+
 ## Install
 
 To install a Helm chart:

docs/vendor/security-firewall-openings.mdx

@@ -0,0 +1,5 @@
+import FirewallOpenings from "../partials/install/_firewall-openings.mdx" 
+
+# Firewall Openings for Online Installations with Replicated
+
+<FirewallOpenings/>

sidebars.js

@@ -833,6 +833,7 @@ const sidebars = {
       },
       'enterprise/sbom-validating',
       'vendor/replicated-sdk-slsa-validating',
+      'vendor/security-firewall-openings',
     ],
   },