Skip to content

#2524 update readme and add api files#2

Merged
micheleRP merged 7 commits into
mainfrom
#2524-update-readme-and-add-api-files
Jun 20, 2024
Merged

#2524 update readme and add api files#2
micheleRP merged 7 commits into
mainfrom
#2524-update-readme-and-add-api-files

Conversation

@micheleRP
Copy link
Copy Markdown
Contributor

@micheleRP micheleRP commented Jun 10, 2024
edited
Loading

Description

Resolves https://github.com/redpanda-data/documentation-private/issues/2524
Review deadline:

Page previews

https://deploy-preview-2--rp-cloud.netlify.app/redpanda-cloud/get-started/cloud-overview/

Checks

  • New feature
  • Content gap
  • Support Follow-up
  • Small fix (typos, links, copyedits, etc)

@micheleRP micheleRP requested a review from a team as a code owner June 10, 2024 22:09
@netlify
Copy link
Copy Markdown

netlify Bot commented Jun 10, 2024
edited
Loading

Deploy Preview for rp-cloud ready!

Name Link
🔨 Latest commit 5c4264d
🔍 Latest deploy log https://app.netlify.com/sites/rp-cloud/deploys/6674a53622ff6e0008766d15
😎 Deploy Preview https://deploy-preview-2--rp-cloud.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@micheleRP micheleRP requested a review from JakeSCahill June 10, 2024 22:23
JakeSCahill
JakeSCahill reviewed Jun 17, 2024
View reviewed changes
Comment thread README.adoc Outdated
Comment on lines 100 to 103
- `redpanda-cloud`: Content for the latest version of Redpanda Cloud.
- `shared`: Content that is shared across all versions (asciidoc attributes and terms)
- `api`: API docs as well as the source OpenAPI spec files.
- `site-search`: The global site search page.
Copy link
Copy Markdown
Contributor

@JakeSCahill JakeSCahill Jun 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This repo only publishes the main branch

@micheleRP micheleRP merged commit 546ba15 into main Jun 20, 2024
@micheleRP micheleRP deleted the #2524-update-readme-and-add-api-files branch June 20, 2024 22:13
@micheleRP micheleRP mentioned this pull request May 20, 2026
Merged
4 tasks
david-yu added a commit that referenced this pull request May 20, 2026
@david-yu @claude
docs(networking): address review from @micheleRP
a91e42e 
Critical #1: Partial is shared across AWS/Azure/GCP — content must be
provider-neutral. Replaced AWS-specifics in the Console verify section:
"PrivateLink endpoint" → "cluster's private endpoint", example IP
172.31.0.97 → 10.0.0.42, "client VPC" → "client network", and dropped
the xref to the AWS-only workstation section. AWS UI page now has a
short forward link to the workstation section immediately after the
partial include.

Critical #2: Cloud API flow's connect_console requirement was silent.
Added a sentence stating that the Cloud API requires connect_console:
true and that the Cloud UI sets it automatically. Removed the now-
obsolete "Confirm with engineering" item from the PR test plan.

Critical #3: "API gateway access PRIVATE/PUBLIC" is not a documented
term anywhere in the repo. Dropped the bullet rather than reintroduce a
verbose explanation of networking_config out of scope for this PR.

Critical #4: Workstation intro contradicted the partial's PUBLIC bullet.
Resolved by Critical #3 (PUBLIC bullet is gone); the workstation intro
already scopes to private clusters.

Suggestion #6: Widened AWS Client VPN client CIDR from "/22 or larger"
to "/22 (minimum) to /12 (maximum)" per AWS's documented constraint.

Suggestion #5: Console URL <id> opaque note clarified.

NOTE block in the partial now also frames inbound rules as cloud-neutral
("AWS security groups, Azure NSGs, or GCP firewall rules") so the
guidance is accurate when the partial renders on non-AWS pages.

Skipped (with rationale in reply): Suggestion #7 (Mermaid — style only)
and Suggestion #8 (page split — bigger refactor for a follow-up).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
micheleRP pushed a commit that referenced this pull request May 21, 2026
@david-yu @claude
docs(networking): document Console access over AWS PrivateLink (#594)
638d73b 
* docs(networking): document Console access over AWS PrivateLink

Adds a Console row to the PrivateLink services table and a new "Access
Redpanda Console" subsection in the shared partial. Engineering confirmed
that DNS for the Console hostname is auto-resolved by the verified
private DNS name on the endpoint service, so consumers do not need to
create a private hosted zone or override DNS.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(networking): add step-by-step verify for Console over PrivateLink

Verified end-to-end against a private BYOC cluster with a PrivateLink
endpoint in a consumer VPC:

- Cluster DNS publicly returns service-side LB IPs (10.0.x.x).
- From inside the consumer VPC, dig returns the endpoint's ENI private
  IP (e.g. 172.31.0.97) via the verified private DNS name
  `*.<cluster_domain>` registered on the endpoint service.
- curl returns HTTP 200 with title "Redpanda Console" served over
  HTTPS through the endpoint.

Corrects the Console URL form from `console.<cluster_domain>` to
`console-<id>.<cluster_domain>` (the random per-cluster id suffix the
control plane assigns), and points to the *How to Connect* section as
the authoritative source.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(networking): add workstation access via AWS Client VPN

Adds a new section to the Cloud UI page describing how to access
Redpanda Console for a private BYOC cluster from a workstation outside
the client VPC. Verified against a real cluster.

Key points captured:
- Cluster Console for a private BYOC cluster is not browsable directly;
  the SPA loads but has no standalone login form. Authentication is
  handed off from Redpanda Cloud Console.
- The cluster Overview page on cloud.redpanda.com is served by the
  control plane and works without a VPN.
- The cluster's left navigation (Topics, Brokers, Consumer groups) is
  served by Redpanda Console behind PrivateLink, so it only loads when
  the workstation has a VPN session into the client VPC.
- AWS Client VPN settings specific to PrivateLink: client CIDR must not
  overlap VPC CIDR, DNS server IPs must point at the VPC's resolver
  (so Console hostnames resolve via the endpoint ENI), split-tunnel
  enabled.

Softens the partial's Console section from "browse to the URL" to a
network-path verification, with a forward reference to the workstation
flow on the Cloud UI page.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(networking): add workstation → cluster network path diagram

ASCII diagram in the workstation access section showing the two-hop
flow: Client VPN puts the laptop into the client VPC, then PrivateLink
carries the connection to the cluster. Clarifies that Client VPN itself
does not use PrivateLink — the VPN is just one of several ways a client
can reach the VPC, and PrivateLink is the constant once you're inside.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(networking): address PR review feedback

- Drop "only" in the workstation intro; Console is reachable through
  other private routes too (VPC peering, transit gateway). Per
  @paulzhang97 review.
- Widen the Client VPN inbound port range from 30000-30999 to
  30000-35999 to cover both seed and per-broker Kafka API and HTTP
  Proxy ports. Per @paulzhang97 review.
- Tighten partial's port 443 SG guidance to scope inbound to client
  workload sources (consumer VPC CIDR or specific client security
  groups) and call out that broad source ranges like 0.0.0.0/0 should
  be avoided. Per @coderabbitai nitpick.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(networking): address review from @micheleRP

Critical #1: Partial is shared across AWS/Azure/GCP — content must be
provider-neutral. Replaced AWS-specifics in the Console verify section:
"PrivateLink endpoint" → "cluster's private endpoint", example IP
172.31.0.97 → 10.0.0.42, "client VPC" → "client network", and dropped
the xref to the AWS-only workstation section. AWS UI page now has a
short forward link to the workstation section immediately after the
partial include.

Critical #2: Cloud API flow's connect_console requirement was silent.
Added a sentence stating that the Cloud API requires connect_console:
true and that the Cloud UI sets it automatically. Removed the now-
obsolete "Confirm with engineering" item from the PR test plan.

Critical #3: "API gateway access PRIVATE/PUBLIC" is not a documented
term anywhere in the repo. Dropped the bullet rather than reintroduce a
verbose explanation of networking_config out of scope for this PR.

Critical #4: Workstation intro contradicted the partial's PUBLIC bullet.
Resolved by Critical #3 (PUBLIC bullet is gone); the workstation intro
already scopes to private clusters.

Suggestion #6: Widened AWS Client VPN client CIDR from "/22 or larger"
to "/22 (minimum) to /12 (maximum)" per AWS's documented constraint.

Suggestion #5: Console URL <id> opaque note clarified.

NOTE block in the partial now also frames inbound rules as cloud-neutral
("AWS security groups, Azure NSGs, or GCP firewall rules") so the
guidance is accurate when the partial renders on non-AWS pages.

Skipped (with rationale in reply): Suggestion #7 (Mermaid — style only)
and Suggestion #8 (page split — bigger refactor for a follow-up).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* docs(networking): convert workstation network-path diagram to Mermaid

Per @micheleRP suggestion #7, switches the ASCII flow diagram to a
Mermaid flowchart using the @sntke/antora-mermaid-extension already
configured in local-antora-playbook.yml.

Preserves the original flow: five top-to-bottom nodes (Workstation →
AWS Client VPN endpoint → Client VPC subnet → PrivateLink VPC endpoint
ENI → Redpanda cluster VPC → Console load balancer → Redpanda Console),
the same edge labels between them, and the two side annotations
("AWS-managed; not PrivateLink" next to the Client VPN endpoint,
"PrivateLink begins here" next to the PrivateLink ENI) as parallelogram
note shapes attached with dashed links.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* Revert "docs(networking): convert workstation network-path diagram to Mermaid"

This reverts commit 7bb3423.

* docs(networking): lowercase descriptor "Client" → "client"

"Client" should not be capitalized in body text when used as a
descriptor (client VPN tunnel, client VPN endpoint, client VPC subnet,
etc.). The capitalized form is reserved for proper nouns:

- "AWS Client VPN" — AWS service name
- "AWS VPN Client" — AWS desktop application name
- "Client IPv4 CIDR" — AWS UI field label

Seven occurrences updated; the three proper-noun forms are preserved.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 21, 2026
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JakeSCahill JakeSCahill JakeSCahill left review comments

+1 more reviewer

@Deflaimun Deflaimun Deflaimun approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cloud separation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@micheleRP @Deflaimun @JakeSCahill