Skip to content

docs: Move Cloud Firewall config into Cloud Folder #556

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

docs: Move Cloud Firewall config into Cloud Folder #556

wants to merge 4 commits into from

Conversation

gavinelder
Copy link
Contributor

@gavinelder gavinelder commented Apr 22, 2025
edited by llewellyn-sl
Loading

Currently the network configuration requirements for Cloud are within the Enterprise section as such these have been moved to the Cloud under enterprise/advanced-topics/firewall-configuration.md

The original content can be viewed at https://docs.seqera.io/platform-enterprise/25.1/enterprise/advanced-topics/firewall-configuration

Further to that for Enterprise customers self-hosting their own installation

  • Seqera Cloud requires no inbound connectivity to their environment.
  • The customers Seqera Self-Hosted instance should be allowed to communicate with licences.seqera.io on port 443 the ip addresses for this are
    • 35.179.197.5/32
    • 18.175.79.222/32
    • 3.11.38.17/32

Enterprise Plugins & Fusion

Seqera Enterprise plugins & fusion have licence checking built-in as such it's not sufficient to only allow outbound traffic to port 443 from the Seqera Enterprise installation , they will also have to allow network traffic from the Compute Environment executing the Nextflow jobs.

Wave

If the customer is using Seqera Cloud hosted Wave and they're using the Mirror or Freeze functionality which requires Wave to store built containers within their container registry then they will have to ensure that the wave-build VPC is allowed to push to their container registry, for most cloud providers this requires additional configuration to lock down as such it's not normally a problem.

These would be the following IP addresses on port 443

  • "18.135.7.45/32",
  • "18.169.21.18/32",
  • "18.171.4.252/32"

If the customer would like to restrict outbound traffic from their installation they would be responsible for ensuring they allow access to Seqera Assets hosted on Cloudflare along with Nextflow assets hosted on Github artifacts along with any code hosting solutions or third party dependancies they're using such as Github / Gitlab / Artifactory.

TODO

  • Update Sidebar for Enterprise & cloud.
  • Update Cloud language / Contents to ensure it only makes reference to cloud.
  • Create networking document for Enterprise covering the content here.
  • Ensure Wave Networking is documented.

@netlify Netlify
Copy link

netlify bot commented Apr 22, 2025
edited
Loading

Deploy Preview for seqera-docs ready!

Name Link
🔨 Latest commit 198ea77
🔍 Latest deploy log https://app.netlify.com/projects/seqera-docs/deploys/682db560e2013000085025e7
😎 Deploy Preview https://deploy-preview-556--seqera-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@llewellyn-sl llewellyn-sl self-assigned this May 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@llewellyn-sl llewellyn-sl

Labels
draft/WIP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gavinelder @justinegeffen @llewellyn-sl