openstack
/
kuryr-kubernetes
Code Issues Proposed changes

updates network policy doc 

updates the documentation about enabling the network policy
support to include the option to set enforce_sg_rules to false.

Change-Id: Ic7247718d7d179e87ea84bbc21a022791091c439
Closes-Bug: #1901097
This commit is contained in:
Kafilat Adeleke 2020-10-24 00:01:59 -07:00
parent ba12753374
commit 3407636c84
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/source/installation/network_policy.rst
View File

@ -94,12 +94,19 @@ to add the policy, pod_label and namespace handler and drivers with:
If the loadbalancer maintains the source IP (such as ovn-octavia driver), If the loadbalancer maintains the source IP (such as ovn-octavia driver),
there is no need to enforce sg rules at the load balancer level. To disable there is no need to enforce sg rules at the load balancer level. To disable
the enforcement, you need to set the following variable: the enforcement, you need to set the following variable in DevStack's
local.conf:
.. code-block:: bash .. code-block:: bash
KURYR_ENFORCE_SG_RULES=False KURYR_ENFORCE_SG_RULES=False
To set that directly in kuryr.conf, the config to be set is:
.. code-block:: ini
[octavia_defaults]
enforce_sg_rules=False
Testing the network policy support functionality Testing the network policy support functionality
------------------------------------------------ ------------------------------------------------