diff --git a/manifests/cloud-provider-example.yaml b/manifests/cloud-provider-example.yaml index 15c1bbe471..0cda330694 100644 --- a/manifests/cloud-provider-example.yaml +++ b/manifests/cloud-provider-example.yaml @@ -51,3 +51,16 @@ loadBalancer: # Additionally requires the user to mange rules to allow # inbound traffic to load balancers. securityListManagementMode: All + + # Optional specification of which security lists to modify per subnet. This does not apply if security list management is off. + securityLists: + ocid1.subnet.oc1.phx.aaaaaaaasa53hlkzk6nzksqfccegk2qnkxmphkblst3riclzs4rhwg7rg57q: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q + ocid1.subnet.oc1.phx.aaaaaaaahuxrgvs65iwdz7ekwgg3l5gyah7ww5klkwjcso74u3e4i64hvtvq: ocid1.securitylist.oc1.iad.aaaaaaaaqti5jsfvyw6ejahh7r4okb2xbtuiuguswhs746mtahn72r7adt7q + +# Optional rate limit controls for accessing OCI API +rateLimiter: + rateLimitQPSRead: 20.0 + rateLimitBucketRead: 5 + rateLimitQPSWrite: 20.0 + rateLimitBucketWrite: 5 + diff --git a/pkg/oci/load_balancer_security_lists.go b/pkg/oci/load_balancer_security_lists.go index 414a841f5d..e9468caf63 100644 --- a/pkg/oci/load_balancer_security_lists.go +++ b/pkg/oci/load_balancer_security_lists.go @@ -72,7 +72,7 @@ type portSpec struct { } type securityListManager interface { - Update(ctx context.Context, lbSubnets []*core.Subnet, backendSubnets []*core.Subnet, sourceCIDRs []string, actaulPorts *portSpec, desiredPorts portSpec) error + Update(ctx context.Context, lbSubnets []*core.Subnet, backendSubnets []*core.Subnet, sourceCIDRs []string, actualPorts *portSpec, desiredPorts portSpec) error Delete(ctx context.Context, lbSubnets []*core.Subnet, backendSubnets []*core.Subnet, actualPorts portSpec) error } @@ -229,7 +229,7 @@ func (s *defaultSecurityListManager) Update(ctx context.Context, lbSubnets []*co return s.updateBackendRules(ctx, lbSubnets, backendSubnets, actualPorts, desiredPorts) } -// Delete the security list rules associated with the listener & backends. +// Delete the security list rules associated with the listener and backends. // // If the listener is nil, then only the egress rules from the LB's to the backends and the // ingress rules from the LB's to the backends will be cleaned up.