By default, all IP addresses can be used to log in to the IBM Cloud console and access your cluster. In the IBM Cloud Identity and Access Management (IAM) console, you can generate a firewall by creating an allowlist by specifying which IP addresses have access, and all other IP addresses are restricted. If you use an IAM firewall, you must add the CIDRs of the IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud control plane for the zones in the region where your cluster is located to the allowlist. You must allow these CIDRs so that the control plane can create Ingress ALBs and LoadBalancers
in your cluster.
Choose the file for the region that your cluster's zones are located in.
dal
(Dallas, US South, us-south): sao01, sjc03, sjc04, dal10, dal12, dal13fra
(Frankfurt, EU Central, eu-de): ams03, mil01, par01, fra02, fra04, fra05lon
(London, UK South, eu-gb): lon02, lon04, lon05, lon06mad
(Madrid, eu-es): mad02, mad04, mad05osa
(Osaka, jp-osa): osa21, osa22, osa23sao
(São Paulo, br-sao): sao01, sao04, sao05syd
(Sydney, AP South, ap-south): syd01, syd04, syd05tok
(Tokyo, AP North, jp-tok): che01, sng01, tok02, tok04, tok05tor
(Toronto, ca-tor): tor01, tor04, tor05wdc
(Washington DC, US East, us-east): mon01, tor01, wdc04, wdc06, wdc07
NOTE: The policies in the
tor
andsao
directories are meant for use with the Toronto and São Paulo multizone locations. For the Toronto single zone location, use the policies in thewdc
directory instead. For the São Paulo single zone location, use the policies in thedal
directory instead.
For more information, see the IBM Cloud Kubernetes Service or Red Hat OpenShift on IBM Cloud documentation.