Skip to content

Commit

Permalink
Merge branch 'master' into release-4-4-b
Browse files Browse the repository at this point in the history
  • Loading branch information
@karl-cardenas-coding
karl-cardenas-coding committed Jul 31, 2024
2 parents d24bcda + 9b1bdbe commit d152e85
Show file tree
Hide file tree
Showing 10 changed files with 91 additions and 82 deletions.
45 changes: 45 additions & 0 deletions _partials/self-hosted/_required-domains.mdx
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
---
partial_category: self-hosted
partial_name: required-domains
---


By default, {props.edition} connects to the internet to download images and packages. If your environment uses a proxy server, ensure the
following domains and ports are accessible. The proxy server should meet the following requirements:

- A proxy used for outgoing connections should support both HTTP and HTTPS traffic.

- If you are deploying {props.edition} to a vSphere environment. Ensure the instance Palette is installed through network has
access to vCenter.

- Allow connectivity to domains and ports in the table.


<!-- prettier-ignore -->
- Review the <VersionedLink text="gRPC and Proxies" url="/architecture/grps-proxy/" /> page to learn more about {props.edition}'s support for gRPC in a proxy environment.

:::info

The statements above are not applicable to air-gapped installations. For air-gapped installations, you must download the required images and packages and make them available to the system.

:::


| **Top-Level Domain** | **Port** | **Description** |
| ------------------------- | -------- | ----------------------------------------------------- |
| ecr.*.amazonaws.com | 443 | AWS ECR Registry |
| spectrocloud.com | 443 | Required content repository and pack registry |
| *.amazonaws.com | 443 | OVA files and other assets generated by us |
| gcr.io | 443 | Assets maintained by us and common third party container images |
| ghcr.io | 443 | Kubernetes VIP images |
| docker.io | 443 | Common third party content |
| googleapis.com | 443 | For pulling images required by our services |
| docker.com | 443 | Common third party container images |
| raw.githubusercontent.com | 443 | Common third party content |
| projectcalico.org | 443 | Calico container images |
| quay.io | 443 | Common third party container images |
| grafana.com | 443 | Grafana container images and manifests |
| github.com | 443 | Common third party content |
| k8s.gcr.io | 443 | Kubernetes images [deprecated] |
| registry.k8s.io | 443 | Kubernetes images |
| docker.pkg.dev | 443 | Common third party content |
3 changes: 3 additions & 0 deletions docs/docs-content/clusters/public-cloud/aws/required-iam-policies.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -692,12 +692,15 @@ VPCs.
"autoscaling:StartInstanceRefresh",
"elasticloadbalancing:DeregisterInstancesFromLoadBalancer",
"elasticloadbalancing:RegisterInstancesWithLoadBalancer",
"elasticloadbalancing:AddTags",
"ssm:UpdateInstanceInformation",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeTags",
"eks:DescribeCluster",
"eks:ListClusters",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:DeleteTags",
"ec2:RevokeSecurityGroupIngress",
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
Expand Down
3 changes: 3 additions & 0 deletions ...ocs-content/enterprise-version/install-palette/install-on-kubernetes/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,9 @@ You can use the Palette Helm Chart to install Palette in a multi-node Kubernetes
certificate file in the base64 format. You will need this to enable Palette to communicate with the network proxy
server.

- Ensure Palette has access to the required domains and ports. Refer to the
[Required Domains](../install-palette.md#proxy-requirements) section for more information.

- Access to the Palette Helm Charts. Refer to the [Access Palette](../../enterprise-version.md#access-palette) for
instructions on how to request access to the Helm Chart

Expand Down
3 changes: 3 additions & 0 deletions docs/docs-content/enterprise-version/install-palette/install-on-vmware/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@ for more information.

- Assigned IP addresses for application workload services, such as Load Balancer services.

- Ensure Palette has access to the required domains and ports. Refer to the
[Required Domains](../install-palette.md#proxy-requirements) section for more information.

- Shared Storage between VMware vSphere hosts.

:::info
Expand Down
28 changes: 1 addition & 27 deletions docs/docs-content/enterprise-version/install-palette/install-palette.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,33 +64,7 @@ active nodes and pods at any given time.

## Proxy Requirements

Palette connects to the internet to download images and packages. If your environment uses a proxy server, ensure the
following domains and ports are accessible. The proxy server should meet the following requirements:

- A proxy used for outgoing connections should support both HTTP and HTTPS traffic.

- Allow connectivity to domains and ports in the table.

- Review the [gRPC and Proxies](../../architecture/grps-proxy.md) page to learn more about Palette's support for gRPC in
a proxy environment.

| **Top-Level Domain** | **Port** | **Description** |
| ------------------------- | -------- | ----------------------------------------------------- |
| spectrocloud.com | 443 | Spectro Cloud content repository and pack registry |
| s3.amazonaws.com | 443 | Spectro Cloud VMware OVA files |
| gcr.io | 443 | Spectro Cloud and common third party container images |
| ghcr.io | 443 | Kubernetes VIP images |
| docker.io | 443 | Common third party content |
| googleapis.com | 443 | For pulling Spectro Cloud images |
| docker.com | 443 | Common third party container images |
| raw.githubusercontent.com | 443 | Common third party content |
| projectcalico.org | 443 | Calico container images |
| quay.io | 443 | Common third party container images |
| grafana.com | 443 | Grafana container images and manifests |
| github.com | 443 | Common third party content |
| k8s.gcr.io | 443 | Kubernetes images [deprecated] |
| registry.k8s.io | 443 | Kubernetes images |
| docker.pkg.dev | 443 | Common third party content |
<PartialsComponent category="self-hosted" name="required-domains" edition="Palette" />

## Resources

Expand Down
40 changes: 20 additions & 20 deletions docs/docs-content/user-management/palette-rbac/tenant-scope-roles-permissions.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,26 +163,26 @@ The table enlists the role wise resourceKeys and Operations that are predefined
</table>
<hr />

| | **Create** | **Get** | **Delete** | **List** | **Update** | **Import** | **Publish** | **Backup** | **Restore** |
| ------------------ | ---------- | ------- | ---------- | -------- | ---------- | ---------- | ----------- | ---------- | ----------- |
| **apiKey** | | | || | | | | |
| **audit** | | | || | | | | |
| **cloudaccount** ||| ||| | | | |
| **cloudconfig** ||| ||| | | | |
| **cluster** ||| |||| | | |
| **clusterProfile** ||| ||| || | |
| **clusterRbac** ||| ||| | | | |
| **dnsMapping** ||| ||| | | | |
| **edgehost** ||| ||| | | | |
| **location** ||| ||| | | | |
| **machine** ||| ||| | | | |
| **macro** ||| ||| | | | |
| **packRegistry** ||| ||| | | | |
| **privateGateway** ||| ||| | | | |
| **project** ||| ||| | | | |
| **sshKey** ||| ||| | | | |
| **tag** | | | | || | | | |
| **workspace** ||| ||| | |||
| | **Create** | **Delete** | **Get** | **List** | **Update** | **Import** | **Publish** | **Backup** | **Restore** |
| ------------------ | ---------- | ---------- | ------- | -------- | ---------- | ---------- | ----------- | ---------- | ----------- |
| **apiKey** | | | || | | | | |
| **audit** | | | || | | | | |
| **cloudaccount** || | ||| | | | |
| **cloudconfig** || | ||| | | | |
| **cluster** || | |||| | | |
| **clusterProfile** || | ||| || | |
| **clusterRbac** || | ||| | | | |
| **dnsMapping** || | ||| | | | |
| **edgehost** || | ||| | | | |
| **location** || | ||| | | | |
| **machine** || | ||| | | | |
| **macro** || | ||| | | | |
| **packRegistry** || | ||| | | | |
| **privateGateway** || | ||| | | | |
| **project** || | ||| | | | |
| **sshKey** || | ||| | | | |
| **tag** | | | | || | | | |
| **workspace** || | ||| | |||

</TabItem>
</Tabs>
Expand Down
3 changes: 3 additions & 0 deletions docs/docs-content/vertex/install-palette-vertex/install-on-kubernetes/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,9 @@ has the necessary network connectivity for VerteX to operate successfully.
- A custom domain and the ability to update Domain Name System (DNS) records. You will need this to enable HTTPS
encryption for VerteX.

- Ensure VerteX has access to the required domains and ports. Refer to the
[Required Domains](../install-palette-vertex.md#proxy-requirements) section for more information.

- If you are installing VerteX behind a network proxy server, ensure you have the Certificate Authority (CA) certificate
file in the base64 format. You will need this to enable VerteX to communicate with the network proxy server.

Expand Down
3 changes: 3 additions & 0 deletions docs/docs-content/vertex/install-palette-vertex/install-on-vmware/install.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,9 @@ for more information.

- Assigned IP addresses for application workload services, such as Load Balancer services.

- Ensure Palette has access to the required domains and ports. Refer to the
[Required Domains](../install-palette-vertex.md#proxy-requirements) section for more information.

- Shared Storage between VMware vSphere hosts.

:::info
Expand Down
28 changes: 1 addition & 27 deletions docs/docs-content/vertex/install-palette-vertex/install-palette-vertex.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,33 +66,7 @@ number of active nodes and pods at any given time.

## Proxy Requirements

VerteX connects to the internet to download images and packages. If your environment uses a proxy server, ensure the
following domains and ports are accessible. The proxy server should meet the following requirements:

- A proxy used for outgoing connections should support both HTTP and HTTPS traffic.

- Allow connectivity to domains and ports in the table.

- Review the [gRPC and Proxies](../../architecture/grps-proxy.md) page to learn more about VerteX's support for gRPC in
a proxy environment.

| **Top-Level Domain** | **Port** | **Description** |
| ------------------------- | -------- | ----------------------------------------------------- |
| spectrocloud.com | 443 | Spectro Cloud content repository and pack registry |
| s3.amazonaws.com | 443 | Spectro Cloud VMware OVA files |
| gcr.io | 443 | Spectro Cloud and common third party container images |
| ghcr.io | 443 | Kubernetes VIP images |
| docker.io | 443 | Common third party content |
| googleapis.com | 443 | For pulling Spectro Cloud images |
| docker.com | 443 | Common third party container images |
| raw.githubusercontent.com | 443 | Common third party content |
| projectcalico.org | 443 | Calico container images |
| quay.io | 443 | Common third party container images |
| grafana.com | 443 | Grafana container images and manifests |
| github.com | 443 | Common third party content |
| k8s.gcr.io | 443 | Kubernetes images [deprecated] |
| registry.k8s.io | 443 | Kubernetes images |
| docker.pkg.dev | 443 | Common third party content |
<PartialsComponent category="self-hosted" name="required-domains" edition="VerteX" />

## Resources

Expand Down
17 changes: 9 additions & 8 deletions docusaurus.config.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,14 +251,15 @@ const config = {
themeConfig:
/** @type {import('@docusaurus/preset-classic').ThemeConfig} */
{
announcementBar: {
id: "docs_announcement_bar",
content:
'The 2024 State of Production Kubernetes report is now available and it\'s full of insights and goodies. Click <a target="_blank" rel="noopener noreferrer" href="https://www.spectrocloud.com/news/2024-state-of-production-kubernetes">here to get your own copy.</a>',
backgroundColor: "#FBB117",
textColor: "#091E42",
isCloseable: false,
},
// announcementBar: {
// id: "docs_announcement_bar",
// content:
// REPLACE MESSAGE BELOW
// 'The 2024 State of Production Kubernetes report is now available and it\'s full of insights and goodies. Click <a target="_blank" rel="noopener noreferrer" href="https://www.spectrocloud.com/news/2024-state-of-production-kubernetes">here to get your own copy.</a>',
// backgroundColor: "#FBB117",
// textColor: "#091E42",
// isCloseable: false,
// },
colorMode: {
respectPrefersColorScheme: true,
},
Expand Down

0 comments on commit d152e85

Please sign in to comment.