38 lines
1.0 KiB
ReStructuredText
38 lines
1.0 KiB
ReStructuredText
|
|
||
|
|
.. rsl1588342741919
|
||
|
|
.. _firewall-port-overrides:
|
||
|
|
|
||
|
|
=======================
|
||
|
|
Firewall Port Overrides
|
||
|
|
=======================
|
||
|
|
|
||
|
|
Although nginx-ingress-controller is configured by default to listen on
|
||
|
|
ports 80 and 443, for security reasons the opening of these ports is left
|
||
|
|
to be explicitly done by the system installer/administrator.
|
||
|
|
|
||
|
|
.. rubric:: |proc|
|
||
|
|
|
||
|
|
- To open these ports you need to edit the existing globalnetworkpolicy
|
||
|
|
controller-oam-if-gnp, or create another globalnetworkpolicy with your user
|
||
|
|
overrides. |org| recommends creating a new globalnetworkpolicy.
|
||
|
|
|
||
|
|
For example:
|
||
|
|
|
||
|
|
.. code-block:: none
|
||
|
|
|
||
|
|
apiVersion: crd.projectcalico.org/v1
|
||
|
|
kind: GlobalNetworkPolicy
|
||
|
|
metadata:
|
||
|
|
name: gnp-oam-overrides
|
||
|
|
spec:
|
||
|
|
ingress:
|
||
|
|
- action: Allow
|
||
|
|
destination:
|
||
|
|
ports:
|
||
|
|
- 80
|
||
|
|
- 443
|
||
|
|
protocol: TCP
|
||
|
|
order: 500
|
||
|
|
selector: has(iftype) && iftype == 'oam'
|
||
|
|
types:
|
||
|
|
- Ingress
|