OCPBUGS-42243:updating firewall list

Author: brendan-daly-red-hat

modules/configuring-firewall.adoc

@@ -42,9 +42,9 @@ If your environment has a dedicated load balancer in front of your {product-titl
 |443
 |Hosts a signature store that a container client requires for verifying images pulled from `registry.access.redhat.com`. In a firewall environment, ensure that this resource is on the allowlist.
 
-|`registry.access.redhat.com` 
+|`registry.access.redhat.com`
 |443
-|Hosts all the container images that are stored on the Red Hat Ecosystem Catalog, including core container images. 
+|Hosts all the container images that are stored on the Red Hat Ecosystem Catalog, including core container images.
 
 |`quay.io`
 |443
@@ -305,6 +305,7 @@ Alternatively, if you choose to not use a wildcard for AWS APIs, you must includ
 Operators require route access to perform health checks. Specifically, the authentication and web console Operators connect to two routes to verify that the routes work. If you are the cluster administrator and do not want to allow `*.apps.<cluster_name>.<base_domain>`, then allow these routes:
 +
 * `oauth-openshift.apps.<cluster_name>.<base_domain>`
+* `canary-openshift-ingress-canary.apps.<cluster_name>.<base_domain>`
 * `console-openshift-console.apps.<cluster_name>.<base_domain>`, or the hostname
 that is specified in the `spec.route.hostname` field of the
 `consoles.operator/cluster` object if the field is not empty.