01ba8ebfd6
There are minor changes here, that update the content of some files here is the link to the commit on downstream http://bitbucket.wrs.com/projects/DOCS/repos/ starlingx_upstreaming/commits/3b193cc3aa566b2040c7226a9ed32d08bd91b82f Signed-off-by: Rafael Jardim <rafaeljordao.jardim@windriver.com> Change-Id: I461fce0c81f4605c200572ff71ae52cc889a856b
2.4 KiB
2.4 KiB
Modify OAM Firewall Rules
supports custom firewall rules using Kubernetes Global Network Policies.
These policies are defined using yaml syntax. For example:
~(keystone_admin)]$ kubectl get globalnetworkpolicies.crd.projectcalico.org -o yaml
apiVersion: v1
items:
- apiVersion: crd.projectcalico.org/v1
kind: GlobalNetworkPolicy
metadata:
creationTimestamp: "2019-06-28T17:06:33Z"
generation: 1
name: controller-oam-if-gnp
resourceVersion: "1916"
selfLink: /apis/crd.projectcalico.org/v1/globalnetworkpolicies/controller-oam-if-gnp
uid: 146ec9a4-99c7-11e9-b187-0800275484ef
spec:
applyOnForward: false
egress:
- action: Allow
ipVersion: 4
protocol: TCP
- action: Allow
ipVersion: 4
protocol: UDP
- action: Allow
protocol: ICMP
ingress:
- action: Allow
destination:
ports:
- 22
- 18002
- 4545
- 15491
- 6385
- 7777
- 6443
- 7480
- 9311
- 5000
- 8080
ipVersion: 4
protocol: TCP
- action: Allow
destination:
ports:
- 2222
- 2223
- 123
- 161
- 162
- 319
- 320
ipVersion: 4
protocol: UDP
- action: Allow
protocol: ICMP
order: 100
selector: has(iftype) && iftype == 'oam'
types:
- Ingress
- Egress
kind: List
metadata:
resourceVersion: ""
selfLink: ""For a full description of syntax, see https://docs.projectcalico.org/v3.6/reference/calicoctl/resources/globalnetworkpolicy.
Use the following command to edit the globalnetworkpolicy and modify the Firewall according to the above syntax:
kubectl edit globalnetworkpolicy