Accessing your Red Hat OpenShift API Satellite link endpoints
By default, your Red Hat OpenShift on IBM Cloud API Satellite link endpoints are protected to accept traffic from only the IBM Cloud control plane. To access them from other sources, you must configure an access control list (ACL) for your endpoint.
- From the Satellite Locations dashboard, click the name of your location.
- Select the Access control list tab, then click Create rule.
- On the ACL rule page, complete the following steps.
- Enter a Rule name.
- Enter the IP addresses of the clients that are allowed to connect to the endpoint. This value can be a single IP address, a CIDR block, or a comma-separated list. The value must be fully contained in the following CIDRs: 10.0.0.0/8, 161.26.0.0/16, 166.8.0.0/14, 172.16.0.0/12.
- Select the endpoint (or multiple endpoints) this rule should control access to in your location. Network traffic to the destination through the endpoint is permitted only from clients that use an IP address in the range that you specified in the rule. Network traffic from other clients that is sent to the destination resource through the endpoint is blocked.
- Click Create
Alternatively, you can configure an access control list for your endpoint from the CLI using a command similar to the following:
ibmcloud sat acl create --name NAME --location LOCATION --endpoint ENDPOINT --subnet SUBNET [--subnet SUBNET ...]
You can find the Red Hat OpenShift API Satellite link endpoint by looking in the IBM Cloud Log Analysis logs for your Satellite location. To open these logs, click Open Dashboard under Logging for Link. You can
set up a filter in the monitoring instance to filter out the value you need. For example, search for flowlog: rejected by
in the log and you will see an IP. Add a filter with a subnet matching that IP for your endpoint. This IP
is logged when you use oc
commands via link endpoint on the Red Hat OpenShift API. For more information, see Logging for Satellite.