Browse Source

Fix Network Policy documentation

Adds additional configuration needed to fully enable Network Policy
functionality.

Closes-Bug: #1811370
Change-Id: I785e703dcd83201ffa3e9cc92c31466087770890
tags/0.6.1^0
Maysa Macedo 5 months ago
parent
commit
d490b08cb7
1 changed files with 22 additions and 5 deletions
  1. 22
    5
      doc/source/installation/network_policy.rst

+ 22
- 5
doc/source/installation/network_policy.rst View File

@@ -1,13 +1,13 @@
1 1
 Enable network policy support functionality
2 2
 ===========================================
3 3
 
4
-Enable the policy handler to respond to network policy events. As this is not
5
-done by default you'd have to explicitly add that to the list of enabled
4
+Enable policy, pod_label and namespace handlers to respond to network policy events.
5
+As this is not done by default you'd have to explicitly add that to the list of enabled
6 6
 handlers at kuryr.conf (further info on how to do this can be found  at
7 7
 :doc:`./devstack/containerized`)::
8 8
 
9 9
     [kubernetes]
10
-    enabled_handlers=vif,lb,lbaasspec,policy,pod_label
10
+    enabled_handlers=vif,lb,lbaasspec,policy,pod_label,namespace
11 11
 
12 12
 After that, enable also the security group drivers for policies::
13 13
 
@@ -15,6 +15,22 @@ After that, enable also the security group drivers for policies::
15 15
     service_security_groups_driver = policy
16 16
     pod_security_groups_driver = policy
17 17
 
18
+Enable the namespace subnet driver by modifying the default pod_subnet_driver
19
+option::
20
+
21
+    [kubernetes]
22
+    pod_subnets_driver = namespace
23
+
24
+Select the subnet pool from where the new subnets will get their CIDR::
25
+
26
+    [namespace_subnet]
27
+    pod_subnet_pool = SUBNET_POOL_ID
28
+
29
+Lastly, select the router where the new subnet will be connected::
30
+
31
+    [namespace_subnet]
32
+    pod_router = ROUTER_ID
33
+
18 34
 Note you need to restart the kuryr controller after applying the above step.
19 35
 For devstack non-containerized deployments::
20 36
 
@@ -26,10 +42,11 @@ Same for containerized deployments::
26 42
     $ kubectl -n kube-system delete pod KURYR_CONTROLLER_POD_NAME
27 43
 
28 44
 For directly enabling the driver when deploying with devstack, you just need
29
-to add the policy handler and drivers with::
45
+to add the policy, pod_label and namespace handler and drivers with::
30 46
 
31
-    KURYR_ENABLED_HANDLERS=vif,lb,lbaasspec,policy,pod_label
47
+    KURYR_ENABLED_HANDLERS=vif,lb,lbaasspec,policy,pod_label,namespace
32 48
     KURYR_SG_DRIVER=policy
49
+    KURYR_SUBNET_DRIVER=namespace
33 50
 
34 51
 Testing the network policy support functionality
35 52
 ------------------------------------------------

Loading…
Cancel
Save