Browse Source

updates network policy doc

updates the documentation about enabling the network policy
support to include the option to set enforce_sg_rules to false.

Change-Id: Ic7247718d7d179e87ea84bbc21a022791091c439
Closes-Bug: #1901097
changes/54/759554/5
Kafilat Adeleke 6 months ago
parent
commit
3407636c84
1 changed files with 8 additions and 1 deletions
  1. +8
    -1
      doc/source/installation/network_policy.rst

+ 8
- 1
doc/source/installation/network_policy.rst View File

@ -94,12 +94,19 @@ to add the policy, pod_label and namespace handler and drivers with:
If the loadbalancer maintains the source IP (such as ovn-octavia driver),
there is no need to enforce sg rules at the load balancer level. To disable
the enforcement, you need to set the following variable:
the enforcement, you need to set the following variable in DevStack's
local.conf:
.. code-block:: bash
KURYR_ENFORCE_SG_RULES=False
To set that directly in kuryr.conf, the config to be set is:
.. code-block:: ini
[octavia_defaults]
enforce_sg_rules=False
Testing the network policy support functionality
------------------------------------------------


Loading…
Cancel
Save