Comments (7)
I actually have it fixed I believe but am in the final testing stage (accidentally submitted PR then cancelled.) The same also seems to be true for ingress config
from ingress-node-firewall.
ah, I simply meant the ingress is the same, CRD shows MinItem:1
kubebuilder:validation shows 1 but we can still deploy with no ingress definition, which can be confusing to end user/admin
// ingress is a list of ingress firewall policy rules.
// +kubebuilder:validation:Required
// +kubebuilder:validation:MinItems:=1
Ingress []IngressNodeFirewallRules `json:"ingress,omitempty"
from ingress-node-firewall.
Thanks @pbmoses for opening this issue I will investigate and fix
from ingress-node-firewall.
/assign @msherif1234
from ingress-node-firewall.
early on we were thinking of using empty list to enable on all interfaces but we decided half way to be very specific and include all involved interfaces to avoid any harm with that having omitempty
in this field is not valid
from ingress-node-firewall.
for the config I think you are referring to rule like this which is valid
ingress:
- sourceCIDRs:
- 172.16.0.0/12
rules:
- order: 10
action: Deny
pls confirm is this what u were referring to ?
from ingress-node-firewall.
additional info: related issues
from ingress-node-firewall.
Related Issues (20)
- remove ebpf generated .o files from github HOT 1
- webhook overlapping order is broken HOT 3
- Should we have a INF status that identifies obj application is pending? HOT 10
- user should be able to configure 0.0.0.0/0 deny all rule
- Mixing ICMP v4 and v6 config causes a panic HOT 2
- On OCP, controller reports bad certificate for webhook HOT 6
- I saw "could not attach XDP program: create link: device or resource busy" once HOT 2
- SCTP tests dont execute due to unknown issue capturing netcat stdout HOT 12
- Incorrect spec.interface name defined causes daemon to stop applying additional INF policies HOT 1
- Daemon doesnt remove INF policy HOT 2
- recent failures when running E2E on KinD HOT 6
- Test improvement: switch bpf-mounter daemonset image to a smaller image HOT 1
- PR #238 is continuously failing e2e HOT 1
- RFE: allow blocking the SSH port HOT 5
- e2e ci on OCP is recently broken need investigation KinD run is fine
- sync OWNERS HOT 1
- ci e2e test is very flaky HOT 1
- Support for setting rules to specific routes/namespaces? HOT 11
- Future Release Branches Frozen For Merging | branch:release-4.17 branch:release-4.18
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ingress-node-firewall.