USHIFT-7346: C2CC upstream user documentation#7015
Conversation
|
@pmtk: This pull request references USHIFT-7346 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository YAML (base), Central YAML (inherited) Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (3)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughThis PR adds a new C2CC user guide, links it from the user docs index, and expands the IPsec guide with verification, nftables enforcement, and updated operational guidance. ChangesC2CC and IPsec documentation
Estimated code review effort: 2 (Simple) | ~10 minutes Suggested labels: Suggested reviewers: 🚥 Pre-merge checks | ✅ 15✅ Passed checks (15 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: pmtk The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@docs/user/howto_c2cc_ipsec.md`:
- Line 221: The MTU guidance in the C2CC IPsec documentation is missing the
reboot requirement, which makes the example misleading. Update the text around
the MicroShift MTU example to state that changing `/etc/microshift/ovn.yaml` for
`mtu` requires a node reboot to take effect, and adjust the instructions near
the IPsec overhead and `mtu: 8900` example so they no longer imply that
restarting MicroShift alone is sufficient.
- Around line 194-202: The CIDR enforcement example in the IPsec how-to uses the
wrong nftables hook; update the rules in the c2cc_ipsec example to use the
forward path instead of input so routed pod/service traffic is actually
filtered. Keep the existing table and chain setup, but adjust the chain
definition and accompanying rule examples in the section around the Host A/Host
B CIDRs so the `enforce` chain is bound to the forwarding hook.
In `@docs/user/howto_c2cc.md`:
- Around line 423-429: The IPsec recommendation in the c2c documentation is too
broad and implies protection is always enforced, even though the Libreswan setup
can stop protecting CIDRs if the service is stopped or a connection definition
is removed. Update the text in the c2cc how-to section to tie the recommendation
to the enforced setup by referencing the IPsec guide’s shunt/connection
requirements and making it clear that IPsec only provides the intended
protection when that enforced configuration remains in place. Use the existing
“howto_c2cc” and “howto_c2cc_ipsec” guidance sections as the anchor points for
the wording.
- Around line 314-316: The fenced block showing
<service>.<namespace>.svc.<domain> is missing a language tag, causing the
markdown lint failure. Update that fenced code block in the howto content to use
a typed fence such as text so it matches the expected markdown style and
resolves MD040.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository YAML (base), Central YAML (inherited)
Review profile: CHILL
Plan: Enterprise
Run ID: 97446b08-c708-4412-91ad-0d37a1b3de70
📒 Files selected for processing (3)
docs/user/README.mddocs/user/howto_c2cc.mddocs/user/howto_c2cc_ipsec.md
|
@pmtk: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Summary by CodeRabbit