docs: Move Cloud Firewall config into Cloud Folder #556
+0
−280
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Currently the network configuration requirements for Cloud are within the Enterprise section as such these have been moved to the Cloud under
enterprise/advanced-topics/firewall-configuration.md
The original content can be viewed at https://docs.seqera.io/platform-enterprise/25.1/enterprise/advanced-topics/firewall-configuration
Further to that for Enterprise customers self-hosting their own installation
licences.seqera.io
on port 443 the ip addresses for this areEnterprise Plugins & Fusion
Seqera Enterprise plugins & fusion have licence checking built-in as such it's not sufficient to only allow outbound traffic to port 443 from the Seqera Enterprise installation , they will also have to allow network traffic from the Compute Environment executing the Nextflow jobs.
Wave
If the customer is using Seqera Cloud hosted Wave and they're using the Mirror or Freeze functionality which requires Wave to store built containers within their container registry then they will have to ensure that the wave-build VPC is allowed to push to their container registry, for most cloud providers this requires additional configuration to lock down as such it's not normally a problem.
These would be the following IP addresses on port 443
If the customer would like to restrict outbound traffic from their installation they would be responsible for ensuring they allow access to Seqera Assets hosted on Cloudflare along with Nextflow assets hosted on Github artifacts along with any code hosting solutions or third party dependancies they're using such as Github / Gitlab / Artifactory.
TODO