2025-01-17 15:02:40 +00:00
// Module included in the following assemblies:
//
// * networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
:_mod-docs-content-type: REFERENCE
[id="example-policy-objects_{context}"]
= Example policy objects
2025-12-18 15:49:51 +00:00
[role="_abstract"]
Reference the examples in the `Example policy objects` section to understand different `spec.externalIP.policy` configurations.
In the following example, the policy prevents {product-title} from creating any service with a specified external IP address.
2025-01-17 15:02:40 +00:00
.Example policy to reject any value specified for `Service` object `spec.externalIPs[]`
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
externalIP:
policy: {}
# ...
----
2025-12-18 15:49:51 +00:00
In the following example, both the `allowedCIDRs` and `rejectedCIDRs` fields are set.
2025-01-17 15:02:40 +00:00
.Example policy that includes both allowed and rejected CIDR blocks
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
externalIP:
policy:
allowedCIDRs:
- 172.16.66.10/23
rejectedCIDRs:
- 172.16.66.10/24
# ...
----
2025-12-18 15:49:51 +00:00
In the following example, `policy` is set to `{}`. With this configuration, using the `oc get networks.config.openshift.io -o yaml` command to view the configuration means `policy` parameter does not show on the command output. The same behavior exists for `policy: null`.
2025-01-17 15:02:40 +00:00
.Example policy to allow any value specified for `Service` object `spec.externalIPs[]`
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Network
metadata:
name: cluster
spec:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
externalIP:
policy: {}
# ...
----
