 3c5fa979a4
			
		
	
	3c5fa979a4
	
	
	
		
			
			Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com>
		
			
				
	
	
		
			38 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			38 lines
		
	
	
		
			1.0 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 
 | |
| .. rsl1588342741919
 | |
| .. _firewall-port-overrides:
 | |
| 
 | |
| =======================
 | |
| Firewall Port Overrides
 | |
| =======================
 | |
| 
 | |
| Although nginx-ingress-controller is configured by default to listen on
 | |
| ports 80 and 443, for security reasons the opening of these ports is left
 | |
| to be explicitly done by the system installer/administrator.
 | |
| 
 | |
| .. rubric:: |proc|
 | |
| 
 | |
| -   To open these ports you need to edit the existing globalnetworkpolicy
 | |
|     controller-oam-if-gnp, or create another globalnetworkpolicy with your user
 | |
|     overrides. |org| recommends creating a new globalnetworkpolicy.
 | |
| 
 | |
|     For example:
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         apiVersion: crd.projectcalico.org/v1
 | |
|         kind: GlobalNetworkPolicy
 | |
|         metadata:
 | |
|           name: gnp-oam-overrides
 | |
|         spec:
 | |
|           ingress:
 | |
|           - action: Allow
 | |
|             destination:
 | |
|               ports:
 | |
|               - 80
 | |
|               - 443
 | |
|             protocol: TCP
 | |
|           order: 500
 | |
|           selector: has(iftype) && iftype == 'oam'
 | |
|           types:
 | |
|           - Ingress |