682d17f18f
As in the case for non-DC installations, internal cluster traffic for the platform networks will receive a firewall that allows only packets within the internal networks, by filtering only with source IP address and not using L4 ports. It will restrict traffic between the system-controller and the subclouds to the L4 ports described in: https://docs.starlingx.io/dist_cloud/kubernetes/distributed-cloud-ports-reference.html They also restrict the L4 ports to only the networks involved, the subcloud only accepts traffic from the system controller and in the system-controller from the subclouds. The DC rules are applied in the management network (or the admin network, if used in a subcloud). Test Plan [PASS] Install DC system-controller with firewall active [PASS] Install DC subcloud with firewall active (using management network on both sides) [PASS] Modify subcloud to use admin network during runtime [PASS] Validate that only the registered firewall ports are accessible from system-controller to subcloud [PASS] Validate that only the registered firewall ports are accessible from subcloud to system-controller [PASS] Execute a subcloud rehoming Story: 2010591 Task: 48244 Change-Id: I4d27baa601d7f9b43e6c09e703a548656f8846f4 Signed-off-by: Andre Kantek <andrefernandozanella.kantek@windriver.com>