Testing CQA bot

Author: EricPonvelle

cloud_experts_osd_tutorials/cloud-experts-osd-create-new-limit-egress.adoc

@@ -8,7 +8,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 toc::[]
 
 [role="_abstract"]
-Use this guide to implement egress restrictions for {product-title} on {GCP} by using {GCP}'s Next Generation Firewall (NGFW). NGFW is a fully distributed firewall service that allows fully qualified domain name (FQDN) objects in firewall policy rules. This is necessary for many of the external endpoints that {product-title} relies on.
+Implement egress restrictions for {product-title} on {GCP} by using Next Generation Firewall (NGFW), which allows fully qualified domain name (FQDN)-based firewall rules required for {product-title} external endpoints.
 
 include::modules/cloud-experts-osd-limit-egress-ngfw-prereqs.adoc[leveloffset=+1]
 
@@ -28,5 +28,4 @@ include::modules/cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster.adoc
 
 include::modules/cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster.adoc[leveloffset=+1]
 
-include::modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc[leveloffset=+1]
-
+include::modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc[leveloffset=+1]

cloud_experts_osd_tutorials/cloud-experts-osd-update-component-routes.adoc

@@ -8,31 +8,29 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 toc::[]
 
 [role="_abstract"]
-This guide demonstrates how to modify the hostname and TLS certificate of the Web console, OAuth server, and Downloads component routes in {product-title} on {GCP} version 4.14 and above.{fn-supported-versions}
-
-The changes that we make to the component routes{fn-term-component-routes} in this guide are described in greater detail in the link:https://docs.openshift.com/container-platform/latest/authentication/configuring-internal-oauth.html#customizing-the-oauth-server-url_configuring-internal-oauth[Customing the internal OAuth server URL], link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-console-route_customizing-web-console[Customing the console route], and link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-download-route_customizing-web-console[Customing the download route] {product-title} documentation.
-
-[id="prerequisites_{context}"]
-== Prerequisites
-* OCM CLI (`ocm`) version 1.0.5 or higher
-* gcloud CLI (`gcloud`)
-* An {product-title} on {GCP} cluster version 4.14 or higher
-// +
-// [NOTE]
-// ====
-// ROSA with HCP is not supported at this time.
-// ====
-// +
-* {oc-first}
-* `jq` CLI
-* Access to the cluster as a user with the `cluster-admin` role.
-* OpenSSL (for generating the demonstration SSL/TLS certificates)
+Modify the hostname and TLS certificate of the Web console, OAuth server, and Downloads component routes in {product-title} on {GCP} version 4.14 and above.{fn-supported-versions}
+
+include::modules/cloud-experts-osd-update-component-routes-prereqs.adoc[leveloffset=+1]
 
 include::modules/cloud-experts-osd-update-component-routes-environment-setup.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-find-current-component-routes.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-create-tls-certificates.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-add-certificates-as-secrets.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-find-lb-hostname.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-add-component-routes-to-dns.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-tls-using-ocm-cli.adoc[leveloffset=+1]
-include::modules/cloud-experts-osd-update-component-routes-reset-component-routes-to-default.adoc[leveloffset=+1]
+
+include::modules/cloud-experts-osd-update-component-routes-reset-component-routes-to-default.adoc[leveloffset=+1]
+
+[role="cloud-experts-osd-update-component-routes-additional-resources"]
+== Additional resources
+
+* link:https://docs.openshift.com/container-platform/latest/authentication/configuring-internal-oauth.html#customizing-the-oauth-server-url_configuring-internal-oauth[Customizing the internal OAuth server URL]
+* link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-console-route_customizing-web-console[Customizing the console route]
+* link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-download-route_customizing-web-console[Customizing the download route]

modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc

@@ -7,7 +7,7 @@
 = Cleaning up resources
 
 [role="_abstract"]
-To prevent ongoing charges, after you delete your cluster you must manually delete the {GCP} networking infrastructure you created as part of this tutorial. Deleting the cluster will not automatically remove these underlying resources. You can clean up these resources using a combination of gcloud CLI commands and actions within the {GCP} console.
+Manually delete the {GCP} networking infrastructure after deleting your cluster to prevent ongoing charges. The cluster deletion does not automatically remove VPC networks, subnets, firewall policies, or DNS zones.
 
 Before you begin the process of cleaning up the resources you created for this tutorial, run the following commands and complete any prompts.
 
@@ -141,3 +141,8 @@ $ gcloud compute networks subnets delete ${prefix}-psc --region=${region}
 ----
 $ gcloud compute networks delete ${prefix}-vpc
 ----
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/sdk/gcloud/reference[`gcloud` command-line tool reference ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-create-a-cloud-router.adoc

@@ -7,12 +7,11 @@
 = Creating a Cloud Router and a Cloud Network Address Translation gateway
 
 [role="_abstract"]
-The Network Address Translation (NAT) gateway enables internet connectivity for your private VMs by masquerading all their traffic under a single public IP address. As the designated exit point, it translates their internal IPs for any outbound requests, such as fetching updates. This process effectively grants them access to the internet without ever exposing their private addresses.
+Create a Cloud Router and Network Address Translation (NAT) gateway to enable internet connectivity for private VMs without exposing their internal IP addresses.
 
 .Procedure
 . Reserve an IP address for Cloud NAT by running the following command:
 +
-
 [source,terminal]
 ----
 $ gcloud compute addresses create ${prefix}-${region}-cloudnatip \
@@ -36,4 +35,21 @@ $ gcloud compute routers nats create ${prefix}-cloudnat-${region} \
     --router=${prefix}-router --router-region ${region} \
     --nat-all-subnet-ip-ranges \
     --nat-external-ip-pool=${prefix}-${region}-cloudnatip
-----
+----
+
+.Verification
+
+* Verify the Cloud Router and NAT gateway were created by running the following command:
++
+[source,terminal]
+----
+$ gcloud compute routers describe ${prefix}-router --region=${region}
+----
++
+The output shows the router configuration including the NAT gateway you created.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/nat/docs/overview[Cloud NAT overview ({GCP})]
+* link:https://cloud.google.com/network-connectivity/docs/router[Cloud Router overview ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-create-firewall-rules.adoc

@@ -7,7 +7,7 @@
 = Creating the firewall rules
 
 [role="_abstract"]
-You need to create some firewall rules to allow your cluster to access the Web.
+Create firewall rules to allow egress traffic to private IP ranges and required {product-title} domains while blocking unauthorized external access.
 
 .Procedure
 . Create a blanket allow rule for private IP (RFC 1918) address space by running the following command:
@@ -43,4 +43,21 @@ $ gcloud compute network-firewall-policies rules create 600 \
 [IMPORTANT]
 ====
 If there is not a matching rule that allows the traffic, it will be blocked by the firewall. To allow access to other resources, such as internal networks or other external endpoints, create additional rules with a priority of less than 1000. For more information on how to create firewall rules, see  link:https://cloud.google.com/firewall/docs/use-network-firewall-policies[Use global network firewall policies and rules].
-====
+====
+
+.Verification
+
+* Verify the firewall rules were created by running the following command:
++
+[source,terminal]
+----
+$ gcloud compute network-firewall-policies rules list --firewall-policy=${prefix} --global-firewall-policy
+----
++
+The output shows the two rules you created with priorities 500 and 600.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/firewall/docs/firewalls[VPC firewall rules overview ({GCP})]
+* link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/preparing_your_cloud_provider_infrastructure/cloud-experts-configuring-your-gcp-project-osd#osd-aws-privatelink-firewall-prerequisites_cloud-experts-configuring-your-gcp-project-osd[Firewall prerequisites for {GCP}]

modules/cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster.adoc

@@ -4,7 +4,11 @@
 
 :_mod-docs-content-type: REFERENCE
 [id="cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster_{context}"]
-= Creating your cluster
+= Cluster creation
 
 [role="_abstract"]
-You are now ready to create your {product-title} on {GCP} cluster. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a cluster on {GCP} with Workload Identity Federation authentication].
+Create your {product-title} cluster on {GCP} using the configured VPC network and subnets with egress firewall restrictions.
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a cluster on {GCP} with Workload Identity Federation authentication]

modules/cloud-experts-osd-limit-egress-ngfw-create-private-dns.adoc

@@ -7,7 +7,7 @@
 = Creating private Domain Name System records for Private Google Access
 
 [role="_abstract"]
-The private Domain Name System (DNS) zone optimizes how your resources connect to Google APIs by ensuring traffic never travels over the public internet. It functions by intercepting DNS requests for Google services and resolving them to private IP addresses, forcing the connection onto Google's internal network for a faster, more secure data exchange.
+Create a private Domain Name System (DNS) zone to route Google API traffic through Google's internal network for faster and more secure connections.
 
 .Procedure
 . Create a private DNS zone for the googleapis.com domain by running the following command:
@@ -56,3 +56,20 @@ $ gcloud dns record-sets transaction add 199.36.153.4 199.36.153.5 199.36.153.6
 $ gcloud dns record-sets transaction execute \
     --zone=$prefix-googleapis
 ----
+
+.Verification
+
+* Verify the private DNS zone and records were created by running the following command:
++
+[source,terminal]
+----
+$ gcloud dns record-sets list --zone=${prefix}-googleapis
+----
++
+The output shows the DNS zone with CNAME and A records for googleapis.com.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/vpc/docs/configure-private-google-access[Configure Private Google Access ({GCP})]
+* link:https://cloud.google.com/dns/docs/zones[DNS zones overview ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-create-subnets.adoc

@@ -7,7 +7,7 @@
 = Creating the VPC and subnets
 
 [role="_abstract"]
-Before you can deploy a {GCP} NGFW, you must first create the Virtual Private Cloud (VPC) and subnets that you will use for {product-title}:
+Create the Virtual Private Cloud (VPC) and subnets required for deploying {GCP} Next Generation Firewall (NGFW) with {product-title}.
 
 .Procedure
 . Create the VPC by running the following command:
@@ -52,4 +52,21 @@ $ gcloud compute networks subnets create ${prefix}-psc \
 
 ----
 +
-These examples use the subnet ranges of 10.0.2.0/23 for the worker subnet, 10.0.0.0/25 for the control plane subnet, and 10.0.0.128/29 for the PSC subnet. Modify the parameters to meet your needs. Ensure the parameter values are contained within the machine CIDR you set earlier in this tutorial.
+These examples use the subnet ranges of 10.0.2.0/23 for the worker subnet, 10.0.0.0/25 for the control plane subnet, and 10.0.0.128/29 for the PSC subnet. Modify the parameters to meet your needs. Ensure the parameter values are contained within the machine CIDR you set earlier in this tutorial.
+
+.Verification
+
+* Verify the VPC and subnets were created by running the following command:
++
+[source,terminal]
+----
+$ gcloud compute networks subnets list --network=${prefix}-vpc
+----
++
+The output shows the three subnets you created with their IP ranges and regions.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/vpc/docs/create-modify-vpc-networks[Create and manage VPC networks ({GCP})]
+* link:https://cloud.google.com/vpc/docs/subnets[Subnets overview ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster.adoc

@@ -4,7 +4,11 @@
 
 :_mod-docs-content-type: REFERENCE
 [id="cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster_{context}"]
-= Deleting your cluster
+= Cluster deletion
 
 [role="_abstract"]
-To delete your cluster, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-deleting-a-cluster[Deleting an OpenShift Dedicated cluster on {GCP}].
+Delete your {product-title} cluster from {GCP} when you no longer need it, before cleaning up the network infrastructure.
+
+[role="_additional-resources"]
+.Additional resources
+* link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-deleting-a-cluster[Deleting an OpenShift Dedicated cluster on {GCP}]

modules/cloud-experts-osd-limit-egress-ngfw-deploy-policy.adoc

@@ -7,7 +7,7 @@
 = Deploying a global network firewall policy
 
 [role="_abstract"]
-You can use the `gcloud` CLI tool to create network firewall policies for your cluster.
+Create global network firewall policies to control egress traffic from your {product-title} cluster and associate them with your VPC network.
 
 .Procedure
 . Create a global network firewall policy by running the following command:
@@ -28,4 +28,21 @@ $ gcloud compute network-firewall-policies associations create \
     --firewall-policy ${prefix} \
     --network ${prefix}-vpc \
     --global-firewall-policy
-----
+----
+
+.Verification
+
+* Verify the firewall policy was created and associated by running the following command:
++
+[source,terminal]
+----
+$ gcloud compute network-firewall-policies describe ${prefix} --global
+----
++
+The output shows the firewall policy configuration and its association with your VPC.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/firewall/docs/about-firewalls[Firewall overview ({GCP})]
+* link:https://cloud.google.com/firewall/docs/use-network-firewall-policies[Use global network firewall policies and rules ({GCP})]