mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
63 lines
1.6 KiB
Plaintext
63 lines
1.6 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/configuring_ingress_cluster_traffic/configuring-externalip.adoc
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="example-policy-objects_{context}"]
|
|
= Example policy objects
|
|
|
|
[role="_abstract"]
|
|
Reference the examples in the `Example policy objects` section to understand different `spec.externalIP.policy` configurations.
|
|
|
|
In the following example, the policy prevents {product-title} from creating any service with a specified external IP address.
|
|
|
|
.Example policy to reject any value specified for `Service` object `spec.externalIPs[]`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: config.openshift.io/v1
|
|
kind: Network
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
externalIP:
|
|
policy: {}
|
|
# ...
|
|
----
|
|
|
|
In the following example, both the `allowedCIDRs` and `rejectedCIDRs` fields are set.
|
|
|
|
.Example policy that includes both allowed and rejected CIDR blocks
|
|
[source,yaml]
|
|
----
|
|
apiVersion: config.openshift.io/v1
|
|
kind: Network
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
externalIP:
|
|
policy:
|
|
allowedCIDRs:
|
|
- 172.16.66.10/23
|
|
rejectedCIDRs:
|
|
- 172.16.66.10/24
|
|
# ...
|
|
----
|
|
|
|
In the following example, `policy` is set to `{}`. With this configuration, using the `oc get networks.config.openshift.io -o yaml` command to view the configuration means `policy` parameter does not show on the command output. The same behavior exists for `policy: null`.
|
|
|
|
.Example policy to allow any value specified for `Service` object `spec.externalIPs[]`
|
|
[source,yaml]
|
|
----
|
|
apiVersion: config.openshift.io/v1
|
|
kind: Network
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
clusterNetwork:
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
externalIP:
|
|
policy: {}
|
|
# ...
|
|
----
|