[OSDOCS-11353] Document the whitelist IPs required for the ingress access to the API server by mletalie · Pull Request #79139 · openshift/openshift-docs

mletalie · 2024-07-19T17:07:39Z

Version(s):

4.16+
Issue:

https://issues.redhat.com/browse/OSDOCS-11353
Link to docs preview:

https://79139--ocpdocs-pr.netlify.app/openshift-dedicated/latest/security/rh-required-whitelisted-ip-addresses-for-sre-access
https://79139--ocpdocs-pr.netlify.app/openshift-dedicated/latest/osd_planning/gcp-ccs.html#ccs-gcp-requirements-security_gcp-ccs

QE review:

QE has approved this change.

Additional information:

ocpdocs-previewbot · 2024-07-19T17:13:44Z

🤖 Fri Aug 02 20:03:24 - Prow CI generated the docs preview:

https://79139--ocpdocs-pr.netlify.app/openshift-dedicated/latest/osd_planning/gcp-ccs.html
https://79139--ocpdocs-pr.netlify.app/openshift-dedicated/latest/security/rh-required-whitelisted-IP-addresses-for-sre-access.html

ocpdocs-vale-bot · 2024-07-22T20:58:02Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+
+toc::[]
+
+{product-title} users can use an OCM CLI command to obtain the most up-to-date whitelisted IP addresses that are necessary for SRE access to {product-title} clusters.


🤖 [error] RedHat.CaseSensitiveTerms: Use 'Red Hat OpenShift Cluster Manager' rather than 'OCM'. For more information, see RedHat.CaseSensitiveTerms.

ocpdocs-vale-bot · 2024-07-25T16:02:53Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+====
+.Prerequisites
+* You have a Google Cloud account with the proper permissions for access purposes.
+* You installed the link:https://console.redhat.com/openshift/downloads[OpenShift Cluster Manager API command-line interface (`ocm`)].


🤖 [error] RedHat.CaseSensitiveTerms: Use 'Red Hat OpenShift Cluster Manager' rather than 'the OpenShift Cluster Manager'. For more information, see RedHat.CaseSensitiveTerms.

ocpdocs-vale-bot · 2024-07-25T16:02:54Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+====
+.Prerequisites
+* You have a Google Cloud account with the proper permissions for access purposes.
+* You installed the link:https://console.redhat.com/openshift/downloads[OpenShift Cluster Manager API command-line interface (`ocm`)].


🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.

ocpdocs-vale-bot · 2024-07-31T15:14:20Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+These white-listed IP addresses are not permanent and are subject to change. You must continuously review the API output for the most current white-listed IP addresses.
+====
+.Prerequisites
+*  You installed the link:https://console.redhat.com/openshift/downloads[OpenShift Cluster Manager API command-line interface (`ocm`)].


🤖 [error] RedHat.CaseSensitiveTerms: Use 'Red Hat OpenShift Cluster Manager' rather than 'the OpenShift Cluster Manager'. For more information, see RedHat.CaseSensitiveTerms.

ocpdocs-vale-bot · 2024-07-31T15:14:21Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+These white-listed IP addresses are not permanent and are subject to change. You must continuously review the API output for the most current white-listed IP addresses.
+====
+.Prerequisites
+*  You installed the link:https://console.redhat.com/openshift/downloads[OpenShift Cluster Manager API command-line interface (`ocm`)].


🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.

jaybeeunix · 2024-07-31T18:28:47Z

from a technical point-of-view, it looks good to me. i mentioned to @mletalie that we aren't consistent with "whitelist" vs. "allowlist", but that's my only nit.

mletalie · 2024-07-31T20:57:42Z

Hello @xueli181114, May I get a review for this PR when you get a moment? Thanks!

yuwang-RH · 2024-08-02T05:24:24Z

/lgtm

mletalie · 2024-08-02T12:39:06Z

/label peer-review-needed

lpettyjo

Otherwise, LGTM!

lpettyjo · 2024-08-02T15:34:22Z

modules/ccs-gcp-customer-requirements.adoc

+
+[NOTE]
+====
+For information regarding allowlist IP addresses, see Additional resources.


Rewrite as: "For information about allowlist..."

lpettyjo · 2024-08-02T15:34:54Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+[id='required-whitelisted-overview']
+== Overview
+
+In order for Red Hat SREs to troubleshoot any issues within {product-title} clusters, they must have ingress access to the API server through allowlist IP addresses.


Rewrite as: "For Red Hat SREs to troubleshoot any issues within..."

openshift-ci · 2024-08-02T16:54:00Z

New changes are detected. LGTM label has been removed.

mletalie · 2024-08-02T17:00:15Z

/label merge-review-needed

jldohmann

just a couple things before merge

jldohmann · 2024-08-02T18:46:10Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+
+toc::[]
+
+[id='required-whitelisted-overview']


Suggested change

[id='required-whitelisted-overview']

[id="required-whitelisted-overview_{context}"]

jldohmann · 2024-08-02T18:46:44Z

security/rh-required-whitelisted-IP-addresses-for-sre-access.adoc

+
+For Red Hat SREs to troubleshoot any issues within {product-title} clusters, they must have ingress access to the API server through allowlist IP addresses.
+
+[id='required-whitelisted-access']


Suggested change

[id='required-whitelisted-access']

[id="required-whitelisted-access_{context}"]

jldohmann · 2024-08-02T18:55:24Z

feel free to ping me on slack to merge when it's ready 👍

openshift-ci · 2024-08-02T20:04:57Z

@mletalie: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

mletalie · 2024-08-02T20:12:02Z

feel free to ping me on slack to merge when it's ready 👍

All good, thanks!
Pinged you via Slack.

jldohmann · 2024-08-05T15:04:01Z

/cherrypick enterprise-4.17

jldohmann · 2024-08-05T15:04:06Z

/cherrypick enterprise-4.16

openshift-cherrypick-robot · 2024-08-05T15:04:52Z

@jldohmann: new pull request created: #79990

Details

In response to this:

/cherrypick enterprise-4.17

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-cherrypick-robot · 2024-08-05T15:04:55Z

@jldohmann: new pull request created: #79991

Details

In response to this:

/cherrypick enterprise-4.16

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

openshift-ci bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 19, 2024

mletalie changed the title ~~IP Whitelist for OSD~~ [OSDOCS-11353] Document the whitelist IPs required for the ingress access to the API server Jul 19, 2024

openshift-ci bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jul 22, 2024

ocpdocs-vale-bot reviewed Jul 22, 2024

View reviewed changes

openshift-ci bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Jul 25, 2024

ocpdocs-vale-bot reviewed Jul 25, 2024

View reviewed changes

mletalie force-pushed the OSDOCS-11353 branch 4 times, most recently from 4c381ab to f174b39 Compare July 31, 2024 15:07

ocpdocs-vale-bot reviewed Jul 31, 2024

View reviewed changes

mletalie force-pushed the OSDOCS-11353 branch from 119c945 to 878f52b Compare July 31, 2024 15:16

mletalie force-pushed the OSDOCS-11353 branch from 4448674 to 44dc307 Compare July 31, 2024 20:24

openshift-ci bot assigned yuwang-RH Aug 2, 2024

openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024

openshift-ci bot added the peer-review-needed Signifies that the peer review team needs to review this PR label Aug 2, 2024

lpettyjo added peer-review-in-progress Signifies that the peer review team is reviewing this PR and removed peer-review-needed Signifies that the peer review team needs to review this PR labels Aug 2, 2024

lpettyjo self-requested a review August 2, 2024 15:33

lpettyjo added branch/enterprise-4.16 branch/enterprise-4.17 labels Aug 2, 2024

lpettyjo added this to the Continuous Release milestone Aug 2, 2024

lpettyjo reviewed Aug 2, 2024

View reviewed changes

lpettyjo added peer-review-done Signifies that the peer review team has reviewed this PR and removed peer-review-in-progress Signifies that the peer review team is reviewing this PR labels Aug 2, 2024

openshift-ci bot removed the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2024

mletalie force-pushed the OSDOCS-11353 branch from 65ea2cf to edebd70 Compare August 2, 2024 16:54

openshift-ci bot added the merge-review-needed Signifies that the merge review team needs to review this PR label Aug 2, 2024

jldohmann added the merge-review-in-progress Signifies that the merge review team is reviewing this PR label Aug 2, 2024

jldohmann reviewed Aug 2, 2024

View reviewed changes

jldohmann removed merge-review-in-progress Signifies that the merge review team is reviewing this PR merge-review-needed Signifies that the merge review team needs to review this PR labels Aug 2, 2024

IP Whitelist for OSD

da9023c

mletalie force-pushed the OSDOCS-11353 branch from ee8b7b9 to da9023c Compare August 2, 2024 19:58

jldohmann merged commit 8744fe7 into openshift:main Aug 5, 2024

openshift-cherrypick-robot mentioned this pull request Aug 5, 2024

[enterprise-4.17] [OSDOCS-11353] Document the whitelist IPs required for the ingress access to the API server #79990

Merged

openshift-cherrypick-robot mentioned this pull request Aug 5, 2024

[enterprise-4.16] [OSDOCS-11353] Document the whitelist IPs required for the ingress access to the API server #79991

Merged


		toc::[]

		{product-title} users can use an OCM CLI command to obtain the most up-to-date whitelisted IP addresses that are necessary for SRE access to {product-title} clusters.

	[id='required-whitelisted-overview']
	[id="required-whitelisted-overview_{context}"]


		For Red Hat SREs to troubleshoot any issues within {product-title} clusters, they must have ingress access to the API server through allowlist IP addresses.

		[id='required-whitelisted-access']

	[id='required-whitelisted-access']
	[id="required-whitelisted-access_{context}"]

Conversation

mletalie commented Jul 19, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

ocpdocs-previewbot commented Jul 19, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

jaybeeunix commented Jul 31, 2024

Uh oh!

mletalie commented Jul 31, 2024

Uh oh!

yuwang-RH commented Aug 2, 2024

Uh oh!

mletalie commented Aug 2, 2024

Uh oh!

lpettyjo left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

openshift-ci bot commented Aug 2, 2024

Uh oh!

mletalie commented Aug 2, 2024

Uh oh!

jldohmann left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

jldohmann commented Aug 2, 2024

Uh oh!

openshift-ci bot commented Aug 2, 2024

Uh oh!

mletalie commented Aug 2, 2024

Uh oh!

jldohmann commented Aug 5, 2024

Uh oh!

jldohmann commented Aug 5, 2024

Uh oh!

openshift-cherrypick-robot commented Aug 5, 2024

Uh oh!

openshift-cherrypick-robot commented Aug 5, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

8 participants

mletalie commented Jul 19, 2024 •

edited

Loading

ocpdocs-previewbot commented Jul 19, 2024 •

edited

Loading