Fix Network Policy documentation
Adds additional configuration needed to fully enable Network Policy functionality. Closes-Bug: #1811370 Change-Id: I785e703dcd83201ffa3e9cc92c31466087770890
This commit is contained in:
parent
d4929ef243
commit
d490b08cb7
|
@ -1,13 +1,13 @@
|
||||||
Enable network policy support functionality
|
Enable network policy support functionality
|
||||||
===========================================
|
===========================================
|
||||||
|
|
||||||
Enable the policy handler to respond to network policy events. As this is not
|
Enable policy, pod_label and namespace handlers to respond to network policy events.
|
||||||
done by default you'd have to explicitly add that to the list of enabled
|
As this is not done by default you'd have to explicitly add that to the list of enabled
|
||||||
handlers at kuryr.conf (further info on how to do this can be found at
|
handlers at kuryr.conf (further info on how to do this can be found at
|
||||||
:doc:`./devstack/containerized`)::
|
:doc:`./devstack/containerized`)::
|
||||||
|
|
||||||
[kubernetes]
|
[kubernetes]
|
||||||
enabled_handlers=vif,lb,lbaasspec,policy,pod_label
|
enabled_handlers=vif,lb,lbaasspec,policy,pod_label,namespace
|
||||||
|
|
||||||
After that, enable also the security group drivers for policies::
|
After that, enable also the security group drivers for policies::
|
||||||
|
|
||||||
|
@ -15,6 +15,22 @@ After that, enable also the security group drivers for policies::
|
||||||
service_security_groups_driver = policy
|
service_security_groups_driver = policy
|
||||||
pod_security_groups_driver = policy
|
pod_security_groups_driver = policy
|
||||||
|
|
||||||
|
Enable the namespace subnet driver by modifying the default pod_subnet_driver
|
||||||
|
option::
|
||||||
|
|
||||||
|
[kubernetes]
|
||||||
|
pod_subnets_driver = namespace
|
||||||
|
|
||||||
|
Select the subnet pool from where the new subnets will get their CIDR::
|
||||||
|
|
||||||
|
[namespace_subnet]
|
||||||
|
pod_subnet_pool = SUBNET_POOL_ID
|
||||||
|
|
||||||
|
Lastly, select the router where the new subnet will be connected::
|
||||||
|
|
||||||
|
[namespace_subnet]
|
||||||
|
pod_router = ROUTER_ID
|
||||||
|
|
||||||
Note you need to restart the kuryr controller after applying the above step.
|
Note you need to restart the kuryr controller after applying the above step.
|
||||||
For devstack non-containerized deployments::
|
For devstack non-containerized deployments::
|
||||||
|
|
||||||
|
@ -26,10 +42,11 @@ Same for containerized deployments::
|
||||||
$ kubectl -n kube-system delete pod KURYR_CONTROLLER_POD_NAME
|
$ kubectl -n kube-system delete pod KURYR_CONTROLLER_POD_NAME
|
||||||
|
|
||||||
For directly enabling the driver when deploying with devstack, you just need
|
For directly enabling the driver when deploying with devstack, you just need
|
||||||
to add the policy handler and drivers with::
|
to add the policy, pod_label and namespace handler and drivers with::
|
||||||
|
|
||||||
KURYR_ENABLED_HANDLERS=vif,lb,lbaasspec,policy,pod_label
|
KURYR_ENABLED_HANDLERS=vif,lb,lbaasspec,policy,pod_label,namespace
|
||||||
KURYR_SG_DRIVER=policy
|
KURYR_SG_DRIVER=policy
|
||||||
|
KURYR_SUBNET_DRIVER=namespace
|
||||||
|
|
||||||
Testing the network policy support functionality
|
Testing the network policy support functionality
|
||||||
------------------------------------------------
|
------------------------------------------------
|
||||||
|
|
Loading…
Reference in New Issue