From 537eaa1e9f89e96ccb7874e725f911330d8830ea Mon Sep 17 00:00:00 2001 From: Nathan Sullivan Date: Wed, 26 Apr 2023 08:19:40 +1000 Subject: [PATCH] Update system-requirements.md - kURL Firewall Openings (#962) I just did a test kURL installation, and found we're pulling the packages down from s3.kurl.sh also. We should reference this on the list of domains for people adding firewall/proxy exceptions etc. picked up as part of replicated-collab/bigid-kots#149 (comment) ------------ thanks to @jonquil2002 for noticing I need to update this here also - ref https://github.com/replicatedhq/replicated-docs/pull/1089#issuecomment-1516272096 :) --- src/markdown-pages/install-with-kurl/system-requirements.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/markdown-pages/install-with-kurl/system-requirements.md b/src/markdown-pages/install-with-kurl/system-requirements.md index 64f47297..513db0af 100644 --- a/src/markdown-pages/install-with-kurl/system-requirements.md +++ b/src/markdown-pages/install-with-kurl/system-requirements.md @@ -120,7 +120,7 @@ IP addresses for these services can be found in [replicatedhq/ips](https://githu |---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | amazonaws.com | tar.gz packages are downloaded from Amazon S3 during embedded cluster installations. The IP ranges to allowlist for accessing these can be scraped dynamically from the [AWS IP Address](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html#aws-ip-download) Ranges documentation. | | k8s.gcr.io, registry.k8s.io | Images for the Kubernetes control plane are downloaded from the [Google Container Registry](https://cloud.google.com/container-registry) repository used to publish official container images for Kubernetes. Starting March 20, 2023, these requests are proxied to the new address `registry.k8s.io`. Both of these URLs must be allowed network traffic using firewall rules. For more information on the Kubernetes control plane components, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/overview/components/#control-plane-components). | -| k8s.kurl.sh | Kubernetes cluster installation scripts and artifacts are served from [kurl.sh](https://kurl.sh). Bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA. | +| k8s.kurl.sh, s3.kurl.sh | Kubernetes cluster installation scripts and artifacts are served from [kurl.sh](https://kurl.sh). Bash scripts and binary executables are served from kurl.sh. This domain is owned by Replicated, Inc which is headquartered in Los Angeles, CA. | No outbound internet access is required for airgapped installations. ### Host Firewall Rules