diff --git a/modules/configuring-firewall.adoc b/modules/configuring-firewall.adoc index 4322ccc44cd5..117855fba4ab 100644 --- a/modules/configuring-firewall.adoc +++ b/modules/configuring-firewall.adoc @@ -46,14 +46,9 @@ There are no special configuration considerations for services running on only c |443, 80 |The `https://console.redhat.com/openshift` site uses authentication from `sso.redhat.com` -|`rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com` -|443, 80 -|Provides {op-system-first} images - |=== + -You can use the wildcards `\*.quay.io` and `*.openshiftapps.com` instead of `cdn0[1-3].quay.io` and `rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com` in your allowlist. -When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a hostname such as `cdn01.quay.io`. +You can use the wildcard `\*.quay.io` instead of `cdn0[1-3].quay.io` in your allowlist. When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard entry, such as `*.quay.io`, to your denylist. In most cases, image registries use a content delivery network (CDN) to serve images. If a firewall blocks access, then image downloads are denied when the initial download request is redirected to a hostname such as `cdn01.quay.io`. . Allowlist any site that provides resources for a language or framework that your builds require. @@ -122,7 +117,7 @@ When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard . Allowlist the following URLs: + -[cols="3,2,4",options="header"] +[cols="8,2,4",options="header"] |=== |URL | Port | Function @@ -146,7 +141,8 @@ When you add a site, such as `quay.io`, to your allowlist, do not add a wildcard |443, 80 |Required both for your cluster token and to check if updates are available for the cluster. -|`art-rhcos-ci.s3.amazonaws.com` +|`rhcos-redirector.apps.art.xq1c.p1.openshiftapps.com`, + +`rhcos.mirror.openshift.com` |443, 80 |Required to download {op-system-first} images.