Accessing your Red Hat OpenShift API Satellite link endpoints

By default, your Red Hat OpenShift on IBM Cloud API Satellite link endpoints are protected to accept traffic from only the IBM Cloud control plane. To access them from other sources, you must configure a source list for your endpoint. You can configure a source list from the console only.

1. From the Satellite Locations dashboard, click the name of your location.

2. From the User endpoints tab, click Link endpoints, and then click your endpoint.

3. In the Access control list section, click Create rule.

4. Enter a rule name and IP addresses of the clients that will be allowed to connect to the endpoint, and click Add.

   The value for IP addresses can be a single IP address, a CIDR block, or a comma-separated list. The value must be fully contained in the following CIDRs: 10.0.0.0/8, 161.26.0.0/16, 166.8.0.0/14, 172.16.0.0/12.

5. Use the toggle to enable or disable the rule. After you enable a rule, network traffic to the destination through the endpoint is permitted only from clients that use an IP address in the range that you specified in the rule. Network traffic from other clients that is sent to the destination resource through the endpoint is blocked.

6. Repeat these steps for any clients that you want to grant access to.

You can find the Red Hat OpenShift API Satellite link endpoint by looking in the IBM Cloud Log Analysis logs for your Satellite location. To open these logs, click Open Dashboard under Logging for Link. You can set up a filter in the monitoring instance to filter out the value you need. For example, search for flowlog: rejected by in the log and you will see an IP. Add a filter with a subnet matching that IP for your endpoint. This IP is logged when you use oc commands via link endpoint on the Red Hat OpenShift API. For more information, see Logging for Satellite.