Keane Lim 3c5fa979a4 Security guide update

Re-organized topic hierarchy

Tiny edit to restart review workflow.

Squashed with Resolved index.rst conflict commit

Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5
Signed-off-by: Keane Lim <keane.lim@windriver.com>
Signed-off-by: MCamp859 <maryx.camp@intel.com>

2021-03-12 15:10:40 -05:00

1.0 KiB

Raw Blame History

Firewall Port Overrides

Although nginx-ingress-controller is configured by default to listen on ports 80 and 443, for security reasons the opening of these ports is left to be explicitly done by the system installer/administrator.

To open these ports you need to edit the existing globalnetworkpolicy controller-oam-if-gnp, or create another globalnetworkpolicy with your user overrides. recommends creating a new globalnetworkpolicy.

For example:

apiVersion: crd.projectcalico.org/v1
kind: GlobalNetworkPolicy
metadata:
  name: gnp-oam-overrides
spec:
  ingress:
  - action: Allow
    destination:
      ports:
      - 80
      - 443
    protocol: TCP
  order: 500
  selector: has(iftype) && iftype == 'oam'
  types:
  - Ingress

1.0 KiB Raw Blame History

Firewall Port Overrides

1.0 KiB

Raw Blame History