On 12/14/2016 01:03 PM, Srinivas Naga Kotaru (skotaru) wrote: > Does ingress support firewall? We have a use case where tenant have > multiple projects for services segmentation purpose and need ports other > 80/433. We are planning to use ingress and egress features to allocated > pool of IP address to use. Client has strict requirements of controlling > inbound and outbound traffic, like who can allow or deny. > > As per below documentation egress support firewall. Does ingress also > support similar?
Upstream Kubernetes has a NetworkPolicy object that can be used to control ingress traffic, but it's not supported by the default OpenShift networking plugin in 3.4. (Some third-party plugins support it, and it should be supported by OpenShift's networking plugin in 3.5.) However, the current version of NetworkPolicy is focused more on pod-to-pod traffic and doesn't have support for filtering ingress by IP, and it's not clear when it will. > Any ideas how to control ingress control? We are thinking to use > iptables but that seems be dirty or not sure whether even possible. iptables wouldn't be able to implement per-project rules, but if you don't mind having the same restrictions for all pods, then it would work fine. -- Dan _______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
