Description:
A customer has raised a concern about the clarity of the firewall rule documentation for ACM and OpenShift environments, specifically regarding the "Outbound and Inbound" traffic descriptions. The customer highlighted that the current documentation lacks a clear specification of source and destination in the rules, which is a standard way of documenting firewall rules.

The customer suggests that the bare minimum information needed for each rule includes:

• Source (e.g., the entity initiating the connection)
• Destination (e.g., the entity receiving the connection)
• Protocol(s)
• Port(s)
• Direction (i.e., inbound or outbound)
• Action (e.g., allow or deny)

Additionally, clarification is needed regarding proxy settings in the documentation. Currently, the note states:

"Registration Agent and Work Agent on the managed cluster do not support proxy settings because they communicate with the apiserver on the hub cluster by establishing an mTLS connection, which cannot pass through the proxy."

However, it's not clear if the managed cluster’s IP needs to be included in the noProxy settings.

Request:

1. Clarify in the documentation that the managed cluster’s IP address should be added to the noProxy settings to ensure proper communication between the Registration Agent/Work Agent and the Hub cluster.

1. Update the firewall rule documentation for ACM and OpenShift to include the following details for each rule:

• • Source: Clearly specify the source of the connection.
  • Destination: Clearly specify the destination of the connection.
  • Direction: Explicitly state whether the traffic is outbound or inbound relative to the source/destination.
  • Protocol and Port(s): Keep the current information but ensure it is linked to the correct source and destination.

Example of improved documentation:

This will ensure that the proxy settings are clarified and provide more context for users configuring their firewall and noProxy settings.