-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix documentation for FQDN based policies which use Service DNS names #2667
Fix documentation for FQDN based policies which use Service DNS names #2667
Conversation
LGTM. Thanks for fixing this. BTW did you want to set reviewers instead of assinees? |
that's right :), thanks |
docs/antrea-network-policy.md
Outdated
endpoint backing the Service. For headless Services, a ClusterIP is not | ||
allocated and, assuming the Service has a selector, the DNS server returns A / | ||
AAAA records that point directly to the endpoints. In that case, FQDN based | ||
policies can be used successfully. For example, the following policy will drop |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
policies can be used successfully. For example, the following policy will drop | |
policies can be used successfully. For example, the following exact name matching policy will drop |
?
FQDN based policies cannot be used with "normal" (non headless Services) as the DNS records point to the ClusterIP, yet policies are enforced after AntreaProxy LB. Reported by @GraysonWu Signed-off-by: Antonin Bas <abas@vmware.com>
Signed-off-by: Antonin Bas <abas@vmware.com>
d75b39e
to
f2c52f8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
/skip-all |
…cies (#2679) FQDN based policies cannot be used with "normal" (non headless Services) as the DNS records point to the ClusterIP, yet policies are enforced after AntreaProxy LB. Reported by @GraysonWu Signed-off-by: Antonin Bas <abas@vmware.com>
FQDN based policies cannot be used with "normal" (non headless Services)
as the DNS records point to the ClusterIP, yet policies are enforced
after AntreaProxy LB.
Reported by @GraysonWu
Signed-off-by: Antonin Bas abas@vmware.com