From 0a269153a6e34ff7602ca81e0680c1c3e701e403 Mon Sep 17 00:00:00 2001
From: addetz <43963729+addetz@users.noreply.github.com>
Date: Fri, 18 Oct 2024 15:59:42 +0100
Subject: [PATCH] docs: undo accidental text deletion

---
 .../clusters/data-center/maas/architecture.md | 68 +++++++++++++++++++
 1 file changed, 68 insertions(+)

diff --git a/docs/docs-content/clusters/data-center/maas/architecture.md b/docs/docs-content/clusters/data-center/maas/architecture.md
index eef1787518..1c8d3fb94f 100644
--- a/docs/docs-content/clusters/data-center/maas/architecture.md
+++ b/docs/docs-content/clusters/data-center/maas/architecture.md
@@ -32,6 +32,74 @@ using Canonical MAAS. Refer to the PCG deployment options section below to learn
 
   <br />
 
+## PCG Deployment Options
+
+Palette can communicate with MAAS using the following deployment options.
+
+<br />
+
+- **Private Cloud Gateway**
+
+- **System Private Gateway**
+
+### Private Cloud Gateway
+
+When a user wants to deploy a new cluster on a bare metal cloud using MAAS with Palette, Palette needs connectivity to
+MAAS. Often, MAAS is behind a firewall or a Network Address Translation (NAT) gateway, and Palette needs help to reach
+MAAS directly.
+
+To address these network challenges, you can deploy a PCG. The PCG will maintain a connection to Palette and directly
+connect to MAAS. The direct communication channel allows Palette to create clusters using the PCG to facilitate
+communication with MAAS. The PCG also supports using a proxy server to access the internet if needed.
+
+Once Palette deploys clusters, the clusters require connectivity to Palette. The clusters communicate with Palette
+directly via an internet gateway, or if a proxy has been configured on the PCG, the clusters will inherit the proxy
+configuration. Deployed and active clusters maintain their connectivity with Palette. Any actions taken on these
+clusters using Palette will not require PCG's participation. This means that if the PCG becomes unavailable, any
+clusters that are currently deployed will remain operational and still be managed by Palette.
+
+All Palette deployed clusters will use the PCG cluster during the creation and deletion phase. Once a host cluster is
+available, the internal Palette agent will communicate with Palette directly. The Palette agent inside each cluster is
+the originator of all communication, so the network requests are outbound toward Palette. The exception is a host
+cluster creation or deletion request, where the PCG must be involved because it needs to acquire and release machines
+provided by MAAS.
+
+Typically, the PCG is used with Palette SaaS. However, a PCG is also required if you have a self-hosted Palette instance
+and it does not have direct access to the MAAS environment. You can utilize the System Private Gateway if there is
+direct network connectivity access with the MAAS environment. Refer to the
+[System Private Gateway](#system-private-gateway) section to learn more.
+
+<br />
+
+### System Private Gateway
+
+A System Private Gateway can be used if a self-hosted Palette instance can communicate directly with a MAAS
+installation. A System Private Gateway is a PCG service that is enabled inside the self-hosted Palette instance.
+
+<br />
+
+:::warning
+
+Only self-hosted Palette instances support the option of using the System Private Gateway. Use the default
+[PCG deployment](#private-cloud-gateway) option if you have NAT gateways or network firewalls between Palette and MAAS.
+
+:::
+
+<br />
+
+When registering a MAAS cloud account with Palette, toggle on **Use System Private Gateway** to enable direct
+communication between Palette and MAAS. Refer to the
+[Register and Manage MAAS Cloud Account](register-manage-maas-cloud-accounts.md) guide to learn more.
+
+The following table explains the different use cases for when a PCG and System Private Gateway are eligible.
+
+<br />
+
+| Scenario                                                        | Use Private Cloud Gateway | Use System Private Gateway |
+| --------------------------------------------------------------- | ------------------------- | -------------------------- |
+| Firewall or NAT between MAAS and a self-hosted Palette instance | ✅                        | ❌                         |
+| Direct connectivity between MAAS and a Palette instance         | ✅                        | ✅                         |
+
 ## Custom API Server Endpoint for MAAS Clusters
 
 By default, Palette registers a DNS record in MAAS for the deployed cluster and links it to the IP addresses of the