Merge pull request #78504 from dkwon17/update-wto-docs

mburke5678 · web-flow · commit ce3296b70ea5 · 2024-10-02T10:27:05.000-04:00
Provide example network policies for the web terminal operator
diff --git a/modules/odc-access-web-terminal.adoc b/modules/odc-access-web-terminal.adoc
@@ -23,6 +23,7 @@ The web terminal remains open until you close it or until you close the browser
 +
 [NOTE]
 ====
+* One `DevWorkspace` CR defines the web terminal of one user. This CR contains details about the user's web terminal status and container image components.
 * The `DevWorkspace` CR is created only if it does not already exist.
 ifndef::openshift-rosa,openshift-dedicated[]
 * The `openshift-terminal` project is the default project used for cluster administrators. They do not have the option to choose another project.  The {web-terminal-op} installs the DevWorkspace Operator as a dependency.
diff --git a/web_console/web_terminal/troubleshooting-web-terminal.adoc b/web_console/web_terminal/troubleshooting-web-terminal.adoc
@@ -9,6 +9,44 @@ toc::[]
 [id="troubleshooting-web-terminal-network-policies"]
 == Web terminal and network policies
 
-The web terminal might fail to launch if the cluster has network policies configured. To initialize a web terminal instance, the {web-terminal-op} must communicate with the web terminal's pod to verify it is running, and the {product-title} web console needs to send information to automatically log in to the cluster within the terminal. If either step fails, the web terminal fails to initialize and the terminal panel appears to be in a loading state.
+The web terminal might fail to start if the cluster has network policies configured. To start a web terminal instance, the {web-terminal-op} must communicate with the web terminal's pod to verify it is running, and the {product-title} web console needs to send information to automatically log in to the cluster within the terminal. If either step fails, the web terminal fails to start and the terminal panel is in a loading state until a `context deadline exceeded error` occurs.
 
-To avoid this issue, ensure that the network policies for namespaces that are used for terminals allow ingress from the `openshift-console` and `openshift-operators` namespaces.
+To avoid this issue, ensure that the network policies for namespaces that are used for terminals allow ingress from the `openshift-console` and `openshift-operators` namespaces.
+
+The following samples show `NetworkPolicy` objects for allowing ingress from the `openshift-console` and `openshift-operators` namespaces.
+
+.Allowing ingress from the `openshift-console` namespace
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-openshift-console
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: openshift-console
+  podSelector: {}
+  policyTypes:
+  - Ingress
+----
+
+.Allowing ingress from the `openshift-operators` namespace
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-openshift-operators
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          kubernetes.io/metadata.name: openshift-operators
+  podSelector: {}
+  policyTypes:
+  - Ingress
+----

Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ The web terminal remains open until you close it or until you close the browser`
`23`	`23`	`+`
`24`	`24`	`[NOTE]`
`25`	`25`	`====`
	`26`	+* One `DevWorkspace` CR defines the web terminal of one user. This CR contains details about the user's web terminal status and container image components.
`26`	`27`	* The `DevWorkspace` CR is created only if it does not already exist.
`27`	`28`	`ifndef::openshift-rosa,openshift-dedicated[]`
`28`	`29`	* The `openshift-terminal` project is the default project used for cluster administrators. They do not have the option to choose another project. The {web-terminal-op} installs the DevWorkspace Operator as a dependency.