DOC-1336 Document feature Expose NAT Gateway IP in the BYOC cluster UI

[micheleRP]

Description

This pull request adds information about NAT gateway IP addresses for BYOC clusters.

• modules/networking/pages/cloud-security-network.adoc: Added a note explaining how to find the NAT gateway IP address for BYOC clusters in the Redpanda Cloud UI and its usage for allowlisting. Clarified that the NAT gateway IP is unlikely to change but is not guaranteed to remain static.

Terminology updates:

• modules/get-started/pages/cluster-types/byoc/azure/index.adoc: Changed "BYOVPC" to "BYOVNet" in the description to align with updated terminology.
• modules/networking/pages/cloud-security-network.adoc: Updated references from "BYOVPC" to "BYOVNet" in the networking documentation for Azure clusters.

Resolves https://redpandadata.atlassian.net/browse/DOC-1336
Review deadline:

Page previews

https://deploy-preview-361--rp-cloud.netlify.app/redpanda-cloud/networking/cloud-security-network/#nat-gateways

Checks

• New feature
• Content gap
• Support Follow-up
• Small fix (typos, links, copyedits, etc)

[netlify]

✅ Deploy Preview for rp-cloud ready!

Name	Link
🔨 Latest commit	ab802b4
🔍 Latest deploy log	https://app.netlify.com/projects/rp-cloud/deploys/688a8695dfbe350008479730
😎 Deploy Preview	https://deploy-preview-361--rp-cloud.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

The changes update documentation in two areas. The BYOC: Azure cluster type documentation was revised to replace the term "BYOVPC" with "BYOVNet" for accuracy and consistency. Separately, the NAT gateway section in the cloud security networking documentation was rewritten for clarity: it now provides a clearer definition of NAT gateways, specifies their use across different cloud providers and deployment types, introduces a summary table for NAT gateway requirements, and adds guidance on allowlisting NAT gateway IPs for BYOC clusters. Minor rewording and restructuring were made for improved readability and flow.

Estimated code review effort

2 (~15 minutes)

Possibly related PRs

• DOC-1497 update Customer-managed to BYOVPC #352: Updates documentation to clarify BYOVPC/BYOVNet terminology in BYOC cluster setup instructions across cloud providers.
• DOC-1458 rename BYOVPC on Azure to BYOVNet #335: Focuses on updating "BYOVPC" to "BYOVNet" in Azure documentation for consistent cluster type naming.
• DOC-874 details for NAT gateways #262: Previously restructured and detailed the NAT gateway section in cloud-security-network.adoc, which is further revised in this PR.

Suggested reviewers

• david-yu
• kbatuigas

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch DOC-1336-Document-feature-Expose-NAT-Gateway-IP-in-the-BYOC-Cluster-UI

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

modules/networking/pages/cloud-security-network.adoc (1)

177-178: Clarify the Azure bullet (“public IP prefix (31 bits)”).

Readers may not immediately recognise that a /31 prefix is required for the Azure NAT gateway. Consider spelling it out:

-* *BYOC/Dedicated on Azure:* Redpanda provisions one NAT gateway and one public IP prefix (31 bits).
+* *BYOC/Dedicated on Azure:* Redpanda provisions one NAT gateway and a /31 public IP prefix (two usable addresses).

This removes the parenthetical maths and matches Azure terminology.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c815039 and f544bb8.

📒 Files selected for processing (2)

• modules/get-started/pages/cluster-types/byoc/azure/index.adoc (1 hunks)
• modules/networking/pages/cloud-security-network.adoc (1 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.

Learnt from: micheleRP
PR: redpanda-data/cloud-docs#267
File: modules/manage/pages/maintenance.adoc:63-64
Timestamp: 2025-04-25T01:42:09.318Z
Learning: The timeline for major upgrade notifications (180 days in advance) was intentionally removed from the Redpanda Cloud maintenance documentation, even though it was mentioned in the PR objectives.

Learnt from: david-yu
PR: redpanda-data/cloud-docs#338
File: modules/get-started/pages/cluster-types/byoc/azure/vnet-azure.adoc:74-75
Timestamp: 2025-06-24T03:31:29.345Z
Learning: User david-yu indicated that the standard Azure zones format using plain numbers like "1", "2", "3" is not valid for their specific Azure BYOVNet setup, suggesting there may be specific tooling or API requirements that expect region-prefixed zone names like "centralus-az1".

modules/get-started/pages/cluster-types/byoc/azure/index.adoc (1)

Learnt from: david-yu
PR: #338
File: modules/get-started/pages/cluster-types/byoc/azure/vnet-azure.adoc:74-75
Timestamp: 2025-06-24T03:31:29.345Z
Learning: User david-yu indicated that the standard Azure zones format using plain numbers like "1", "2", "3" is not valid for their specific Azure BYOVNet setup, suggesting there may be specific tooling or API requirements that expect region-prefixed zone names like "centralus-az1".

modules/networking/pages/cloud-security-network.adoc (1)

Learnt from: micheleRP
PR: #267
File: modules/manage/pages/maintenance.adoc:91-92
Timestamp: 2025-04-25T01:41:57.162Z
Learning: The notification timeline for Redpanda Cloud deprecations has been deliberately removed from the documentation, even though the PR summary mentioned a 180-day advance notice period.

🔇 Additional comments (1)

modules/get-started/pages/cluster-types/byoc/azure/index.adoc (1)

2-2: Check for lingering “BYOVPC” references inside the page body.

The short-description now says “…BYOVNet…”, which is correct.
Make sure every paragraph, heading, example, and UI screenshot in this page (and any fragments it includes) has also been updated from BYOVPC → BYOVNet to avoid mixed terminology.

[paulohtb6]

costs to where? the provider or redpanda itself?

[micheleRP]

@c4milo is this correct: "Without connectors, NAT-incurred costs from your cloud provider should be relatively low." i.e., the costs come from the cloud provider?

[c4milo]

Let's remove any mention of cost, it creates more questions than what it answers.

[c4milo]

The table is also explaining it well enough. I really liked it!

[micheleRP]

Actionable comments posted: 2

🧹 Nitpick comments (1)

modules/networking/pages/cloud-security-network.adoc (1)> 177-178: Clarify the Azure bullet (“public IP prefix (31 bits)”).

Readers may not immediately recognise that a /31 prefix is required for the Azure NAT gateway. Consider spelling it out:

-* *BYOC/Dedicated on Azure:* Redpanda provisions one NAT gateway and one public IP prefix (31 bits).
+* *BYOC/Dedicated on Azure:* Redpanda provisions one NAT gateway and a /31 public IP prefix (two usable addresses).

This removes the parenthetical maths and matches Azure terminology.

📜 Review details

This was incorporated

[c4milo]

Since we are documenting the feature as NAT Gateway, @andresaristizabal, maybe we should probably rename it in API and UI. NAT Gateway is also more correct since an Internet gateway is a router and also has a public IP but it is not the IP used to reach external services, but to route the NAT gateway traffic to the Internet.

[micheleRP]

@c4milo this did get renamed

[andresaristizabal]

After testing and debugging this, @c4milo found that the public cluster in GCP has multiple gateways and does not behave in the same way as other cloud providers. Therefore, we should add an alert for this case. For example:

Don't use NAT gateway IPs for public clusters in GCP.

While we fix/handle this case.

[micheleRP]

Please check the wording and location of the new Caution note here.

[paulohtb6]

No blockers. Only me being annoying :D