-
Epic
-
Resolution: Done
-
Major
-
None
-
None
-
nodeSelector for Egress Firewall
-
BU Product Work
-
False
-
None
-
False
-
Green
-
To Do
-
OCPSTRAT-355 - Enhance EgressFirewall to include a nodeSelector for destinations
-
OCPSTRAT-355Enhance EgressFirewall to include a nodeSelector for destinations
-
0% To Do, 0% In Progress, 100% Done
-
---
-
0
-
0
OCP/Telco Definition of Done
Epic Template descriptions and documentation.
<--- Cut-n-Paste the entire contents of this description into your new Epic --->
Epic Goal
- Add the ability to create egress firewall rules based on nodes to allow host network access to specific nodes
Why is this important?
- There is a difference between SDN and OVN's implementation of Egress Firewall where SDN implicitly allows services to bypass Egress Firewall. Some customers rely on this behavior in order to implicitly allow pods to reach services backed by host network pods. This traffic blocked by default today in OVN, and adding manual rules per host IP can be tedious.
See https://bugzilla.redhat.com/show_bug.cgi?id=1993841 for more info.
Scenarios
- As a user I want to allow pods behind an egress firewall to access host network pods on any master node. Rather than making an egress firewall rule per host IP, I can just configure a node selector label on the egress firewall.
Acceptance Criteria
- CI - MUST be running successfully with tests automated
- Release Technical Enablement - Provide necessary release enablement details and documents.
Dependencies (internal and external)
- None
Previous Work (Optional):
- …
Open questions::
- None
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- is cloned by
-
OCPSTRAT-355 Enhance EgressFirewall to include a nodeSelector for destinations
- Closed
There are no Sub-Tasks for this issue.