From 3407636c84e7d2dc4364d736136ffbc6cf1d9c54 Mon Sep 17 00:00:00 2001 From: Kafilat Adeleke Date: Sat, 24 Oct 2020 00:01:59 -0700 Subject: [PATCH] updates network policy doc updates the documentation about enabling the network policy support to include the option to set enforce_sg_rules to false. Change-Id: Ic7247718d7d179e87ea84bbc21a022791091c439 Closes-Bug: #1901097 --- doc/source/installation/network_policy.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/doc/source/installation/network_policy.rst b/doc/source/installation/network_policy.rst index 6412b0cd1..285200829 100644 --- a/doc/source/installation/network_policy.rst +++ b/doc/source/installation/network_policy.rst @@ -94,12 +94,19 @@ to add the policy, pod_label and namespace handler and drivers with: If the loadbalancer maintains the source IP (such as ovn-octavia driver), there is no need to enforce sg rules at the load balancer level. To disable - the enforcement, you need to set the following variable: + the enforcement, you need to set the following variable in DevStack's + local.conf: .. code-block:: bash KURYR_ENFORCE_SG_RULES=False + To set that directly in kuryr.conf, the config to be set is: + + .. code-block:: ini + + [octavia_defaults] + enforce_sg_rules=False Testing the network policy support functionality ------------------------------------------------