mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
39 lines
1.3 KiB
Plaintext
39 lines
1.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/network_security/configuring-egress-firewall-ovn.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-egress-firewall-policy-create_{context}"]
|
|
= Creating an EgressFirewall custom resource (CR)
|
|
|
|
As a cluster administrator, you can create an egress firewall policy object for a project.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
If the project already has an `EgressFirewall` resource, you must edit the existing policy to make changes to egress firewall rules.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* A cluster that uses the OVN-Kubernetes network plugin.
|
|
* Install the OpenShift CLI (`oc`).
|
|
* You must log in to the cluster as a cluster administrator.
|
|
|
|
.Procedure
|
|
|
|
. Create a policy rule:
|
|
.. Create a `<policy_name>.yaml` file where `<policy_name>` describes the egress
|
|
policy rules.
|
|
.. Define the `EgressFirewall` object in the file.
|
|
|
|
. Create the policy object by entering the following command. Replace `<policy_name>` with the name of the policy and `<project>` with the project that the rule applies to.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <policy_name>.yaml -n <project>
|
|
----
|
|
+
|
|
Successful output lists the `egressfirewall.k8s.ovn.org/v1` name and the `created` status.
|
|
|
|
. Optional: Save the `<policy_name>.yaml` file so that you can make changes later.
|