Document URL: https://docs.openshift.com/container-platform/4.1/installing/install_config/configuring-firewall.html Section Number and Name: Configuring your firewall Describe the issue: The current doc only describes 3 URLs for Insights and there's no other URLs to be whitelisted. Also I'm wondering if these 3 URLs are actually used: > cert-api.access.redhat.com:443 > api.access.redhat.com:443 > infogw.api.openshift.com:443 The infogw is used by telemetry but I'm not sure the other 2 URLs. Suggestions for improvement: At least we need to list all mandatory outbound URLs, and it would be great if it has some major optional outbound URLs section. It think registry.redhat.io and quay.io are mandatory. There may be others, we need a double check by engineering team. Additional information: We have basic knowledge article but it's not clear if each item are mandatory or optional, and what for. OpenShift Outbound URLs to Whitelist https://access.redhat.com/solutions/2998411
At the moment the docs outline the urls need to be whitelisted for the insights rules, and for this is probably correct. The problem is that more endpoints need to be opened up to a) Complete an install or b) Use different aspects of openshift after. At the minimum the docs should be amended to outline the endpoints required to complete an install, this would include where container images or other artefacts are hosted. Links to the FW page [1] such as (install pre-reqs) [2] also need to be checked to ensure it is obvious to the reader that FW ports need to be opened for more than just insights [2]. [1] https://docs.openshift.com/container-platform/4.1/installing/installing_vsphere/installing-vsphere.html [2] https://docs.openshift.com/container-platform/4.1/installing/install_config/configuring-firewall.html
*** Bug 1735694 has been marked as a duplicate of this bug. ***
*** Bug 1734045 has been marked as a duplicate of this bug. ***
Closing. This update was QE approved and is live: https://docs.openshift.com/container-platform/4.2/installing/install_config/configuring-firewall.html