Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[wip] service reject acl on portgroups #233

Closed
wants to merge 2 commits into from
Closed

[wip] service reject acl on portgroups #233

wants to merge 2 commits into from

Commits on Aug 11, 2020

  1. ovn: create cluster-wide Port Group for pods and management ports 

    Signed-off-by: Dan Williams <dcbw@redhat.com>
    @dcbw
    dcbw committed Aug 11, 2020
    Configuration menu
    Copy the full SHA
    b3e3c05 View commit details
    Browse the repository at this point in the history

  2. ovn: add empty Service reject ACLs to cluster port group, not switches 

    Adding an ACL-per-service-per-node switch doesn't scale. OVN team instead
suggested adding the ACL-per-service to a Port Group which all logical
switch ports are members of.

Note that this does now deny multicast traffic across the management port,
but I can't think of a good reason why that should be allowed or even work
today anyway.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1855408
Signed-off-by: Dan Williams <dcbw@redhat.com>
    @dcbw
    dcbw committed Aug 11, 2020
    Configuration menu
    Copy the full SHA
    b2b462e View commit details
    Browse the repository at this point in the history