Giter VIP home page Giter VIP logo

Comments (2)

annakhm avatar annakhm commented on August 11, 2024

Hello @kumarm2024, in the group resource, you have the option to define member_type arguments that are specific to Kubernetes and Antrea: https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_group#member_type
Would this satisfy your ask or is there anything else missing?

from terraform-provider-nsxt.

kumarm2024 avatar kumarm2024 commented on August 11, 2024

@annakhm thanks for reply, I guess you are taking about "policy group" resource which I know we can create Antrea group with the "member_type" argument.
My question is how we going to create security policy resource which will target to Antrea Cluster itself:

So I was talking about "nsxt_policy_security_policy" resource. What to define in "scope" argument so that it apply to Antrea Container Cluster (Rather than group) - I want to target Antrea Container Cluster not group
image

Let me give you example:

I have created two group group1 and group2 as below :
resource "nsxt_policy_group" "group1" {
display_name = "group1"
description = "Terraform provisioned Group"
group_type = "ANTREA"

criteria {
condition {
key = "Name"
member_type = "Namespace"
operator = "EQUALS"
value = "test1"
}
}
}

resource "nsxt_policy_group" "group2" {
display_name = "group2"
description = "Terraform provisioned Group"
group_type = "ANTREA"

criteria {
condition {
key = "Name"
member_type = "Namespace"
operator = "EQUALS"
value = "test2"
}
}
}

Now I want to create policy and rule which will drop traffic from group1 to group2:

resource "nsxt_policy_security_policy" "test-policy" {
display_name = "test-policy"
description = "Terraform provisioned Security Policy"
category = "Application"
locked = false
stateful = true
tcp_strict = false
scope = ?????????????? What to define here so that it apply to Antrea Container Cluster ?

rule {
display_name = "drop"
source_groups = [nsxt_policy_group1.path]
destination_groups = null # empty destination refers to all
scope = [nsxt_policy_group2.path]
action = "DROP"
logged = true
}
}

from terraform-provider-nsxt.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.