// Module included in the following assemblies:
//
// * networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc

:_mod-docs-content-type: REFERENCE
[id="example-policy-objects_{context}"]
= Example policy objects

[role="_abstract"]
Reference the examples in the `Example policy objects` section to understand different `spec.externalIP.policy` configurations. 

In the following example, the policy prevents {product-title} from creating any service with a specified external IP address.

.Example policy to reject any value specified for `Service` object `spec.externalIPs[]`
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  externalIP:
    policy: {}
# ...
----

In the following example, both the `allowedCIDRs` and `rejectedCIDRs` fields are set.

.Example policy that includes both allowed and rejected CIDR blocks
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  externalIP:
    policy:
      allowedCIDRs:
      - 172.16.66.10/23
      rejectedCIDRs:
      - 172.16.66.10/24
# ...
----

In the following example, `policy` is set to `{}`. With this configuration, using the `oc get networks.config.openshift.io -o yaml` command to view the configuration means `policy` parameter does not show on the command output. The same behavior exists for `policy: null`.

.Example policy to allow any value specified for `Service` object `spec.externalIPs[]`
[source,yaml]
----
apiVersion: config.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  externalIP:
    policy: {}
# ...
----