Bug 1565778
Summary: | [DOCS] egress documentation is focused around multi-tenant | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Ruchika K <rkharwar> |
Component: | Documentation | Assignee: | brice <bfallonf> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Meng Bo <bmeng> |
Severity: | unspecified | Docs Contact: | Vikram Goyal <vigoyal> |
Priority: | unspecified | ||
Version: | 3.9.0 | CC: | aos-bugs, bbennett, jokerman, mmccomas, rkharwar, rpenta |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-07-19 04:14:13 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Ruchika K
2018-04-10 18:56:49 UTC
Ravi: Does the egress firewall work with all three of our SDN plugins? Thanks. Yes, egress network policy is compatible with all three SDN plugins. Keep in mind that networkpolicy plugin provides granular isolation (namespace or pod selector). Currently egress network policy can only be applied at the namespace level with some caveats: only one egress np for namespace allowed, namespace that share network with other namespaces are not allowed and global namespaces are not allowed. Correction to my previous comment, I gave contradicting statement: egress np compatible with all 3 SDN plugins but global namespaces are not allowed. Subnet network plugin only has global namespaces. So the correct answer: egress network policy is compatible with 2 SDN plugins: multitenant and networkpolicy plugins. Thanks, Ben, Rajat I've created a PR for this: https://github.com/openshift/openshift-docs/pull/10421 Most of the caveats Rajat mentions is already there in an admonition, so I extended on that with the rest of the info. Ruchika, can I verify that the information you're requesting is in the PR? I don't think writing the docs as though network policy is the one the reader will be using, because it is not yet the default. Once that happens, then I'd agree the docs would need a rewrite. Hmm looks like Ruchika's account has shut down. I think the information needed is there, so I'll move forward with this BZ, but if anyone watching has thoughts on the PR, please let me know. Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/dd15654b7c12b619bf0d16bd105e2f3fddeb9066 Merge pull request #10421 from bfallonf/egressnetwork_1565778 Bug 1565778 Added caveats about egress policy and networkpolicy plugin Link to released docs: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.9/html-single/cluster_administration/#admin-guide-limit-pod-access-egress The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |