Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-355

Enhance EgressFirewall to include a nodeSelector for destinations

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-16OpenShift - Kubernetes and Core Platform
    • 100
    • 100% 100%
    • 0
    • 0

      Add the ability to create egress firewall rules based on nodes to allow host network access to specific nodes

      Why is this important?

      • There is a difference between SDN and OVN's implementation of Egress Firewall where SDN implicitly allows services to bypass Egress Firewall. Some customers rely on this behavior in order to implicitly allow pods to reach services backed by host network pods. This traffic blocked by default today in OVN, and adding manual rules per host IP can be tedious.

      See https://bugzilla.redhat.com/show_bug.cgi?id=1993841 for more info.

       

            ddharwar@redhat.com Deepthi Dharwar
            trozet@redhat.com Tim Rozet
            Huiran Wang Huiran Wang
            Chris Fields Chris Fields
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: