Uploaded image for project: 'OpenShift SDN'
  1. OpenShift SDN
  2. SDN-3098

Enhance EgressFirewall to include a nodeSelector for destinations

XMLWordPrintable

    • nodeSelector for Egress Firewall
    • BU Product Work
    • False
    • None
    • False
    • Green
    • To Do
    • OCPSTRAT-355 - Enhance EgressFirewall to include a nodeSelector for destinations
    • OCPSTRAT-355Enhance EgressFirewall to include a nodeSelector for destinations
    • 0% To Do, 0% In Progress, 100% Done
    • ---
    • 0
    • 0

      OCP/Telco Definition of Done
      Epic Template descriptions and documentation.

      <--- Cut-n-Paste the entire contents of this description into your new Epic --->

      Epic Goal

      • Add the ability to create egress firewall rules based on nodes to allow host network access to specific nodes

      Why is this important?

      • There is a difference between SDN and OVN's implementation of Egress Firewall where SDN implicitly allows services to bypass Egress Firewall. Some customers rely on this behavior in order to implicitly allow pods to reach services backed by host network pods. This traffic blocked by default today in OVN, and adding manual rules per host IP can be tedious.

      See https://bugzilla.redhat.com/show_bug.cgi?id=1993841 for more info.

      Scenarios

      1. As a user I want to allow pods behind an egress firewall to access host network pods on any master node. Rather than making an egress firewall rule per host IP, I can just configure a node selector label on the egress firewall.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.

      Dependencies (internal and external)

      1. None

      Previous Work (Optional):

      Open questions::

      1. None

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

          There are no Sub-Tasks for this issue.

              trozet@redhat.com Tim Rozet
              trozet@redhat.com Tim Rozet
              Huiran Wang Huiran Wang
              Joe Aldinger Joe Aldinger
              Votes:
              1 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: