Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-355

Enhance EgressFirewall to include a nodeSelector for destinations

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 0% To Do, 0% In Progress, 100% Done
    • 0

      Add the ability to create egress firewall rules based on nodes to allow host network access to specific nodes

      Why is this important?

      • There is a difference between SDN and OVN's implementation of Egress Firewall where SDN implicitly allows services to bypass Egress Firewall. Some customers rely on this behavior in order to implicitly allow pods to reach services backed by host network pods. This traffic blocked by default today in OVN, and adding manual rules per host IP can be tedious.

      See https://bugzilla.redhat.com/show_bug.cgi?id=1993841 for more info.

       

              ddharwar@redhat.com Deepthi Dharwar
              trozet@redhat.com Tim Rozet
              Huiran Wang Huiran Wang
              Chris Fields Chris Fields
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: