From 3a1d24e297fb950956e7f16d50c75d3d5a84ab78 Mon Sep 17 00:00:00 2001
From: Wei Shan Sun <36289669+wei06159@users.noreply.github.com>
Date: Thu, 8 Jun 2023 06:30:04 -0700
Subject: [PATCH] Update doc for internal IP ranges for egress control (#13287)

* clarify the internal IP ranges for IBM Cloud Kubernetes Service

* Trigger Build

* add example of the command output

* paraphrase the text

* update snips.sh
---
 .../egress/egress-control/index.md                  | 13 ++++++++++++-
 .../egress/egress-control/snips.sh                  |  8 ++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
index cbdbfc3f1e..d0d25d1221 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
+++ b/content/en/docs/tasks/traffic-management/egress/egress-control/index.md
@@ -363,7 +363,18 @@ Set the value of `values.global.proxy.includeIPRanges` according to your cluster
 
 #### IBM Cloud Kubernetes Service
 
-Use `--set values.global.proxy.includeIPRanges="172.30.0.0/16\,172.21.0.0/16\,10.10.10.0/24"`
+To see which CIDR is used in the cluster use `ibmcloud ks cluster get -c <CLUSTER-NAME>` and look for the `Service Subnet`:
+
+{{< text bash >}}
+$ ibmcloud ks cluster get -c my-cluster | grep "Service Subnet"
+Service Subnet:                 172.21.0.0/16
+{{< /text >}}
+
+Then use `--set values.global.proxy.includeIPRanges="172.21.0.0/16"`
+
+{{< warning >}}
+On very old clusters, this may not work so you can use `--set values.global.proxy.includeIPRanges="172.30.0.0/16,172.21.0.0/16,10.10.10.0/24"` or use `kubectl get svc -o wide -A` to further narrow down the CIDR value for the setting.
+{{< /warning >}}
 
 #### Google Kubernetes Engine (GKE)
 
diff --git a/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh b/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
index 9d9801d1b5..68d234c534 100644
--- a/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
+++ b/content/en/docs/tasks/traffic-management/egress/egress-control/snips.sh
@@ -194,6 +194,14 @@ grep service_cluster_ip_range cluster/config.yaml
 service_cluster_ip_range: 10.0.0.1/24
 ENDSNIP
 
+snip_ibm_cloud_kubernetes_service_1() {
+ibmcloud ks cluster get -c my-cluster | grep "Service Subnet"
+}
+
+! read -r -d '' snip_ibm_cloud_kubernetes_service_1_out <<\ENDSNIP
+Service Subnet:                 172.21.0.0/16
+ENDSNIP
+
 snip_google_kubernetes_engine_gke_1() {
 gcloud container clusters describe XXXXXXX --zone=XXXXXX | grep -e clusterIpv4Cidr -e servicesIpv4Cidr
 }