Comments (2)
Hello @kumarm2024, in the group resource, you have the option to define member_type
arguments that are specific to Kubernetes
and Antrea
: https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_group#member_type
Would this satisfy your ask or is there anything else missing?
from terraform-provider-nsxt.
@annakhm thanks for reply, I guess you are taking about "policy group" resource which I know we can create Antrea group with the "member_type" argument.
My question is how we going to create security policy resource which will target to Antrea Cluster itself:
So I was talking about "nsxt_policy_security_policy" resource. What to define in "scope" argument so that it apply to Antrea Container Cluster (Rather than group) - I want to target Antrea Container Cluster not group
Let me give you example:
I have created two group group1 and group2 as below :
resource "nsxt_policy_group" "group1" {
display_name = "group1"
description = "Terraform provisioned Group"
group_type = "ANTREA"
criteria {
condition {
key = "Name"
member_type = "Namespace"
operator = "EQUALS"
value = "test1"
}
}
}
resource "nsxt_policy_group" "group2" {
display_name = "group2"
description = "Terraform provisioned Group"
group_type = "ANTREA"
criteria {
condition {
key = "Name"
member_type = "Namespace"
operator = "EQUALS"
value = "test2"
}
}
}
Now I want to create policy and rule which will drop traffic from group1 to group2:
resource "nsxt_policy_security_policy" "test-policy" {
display_name = "test-policy"
description = "Terraform provisioned Security Policy"
category = "Application"
locked = false
stateful = true
tcp_strict = false
scope = ?????????????? What to define here so that it apply to Antrea Container Cluster ?
rule {
display_name = "drop"
source_groups = [nsxt_policy_group1.path]
destination_groups = null # empty destination refers to all
scope = [nsxt_policy_group2.path]
action = "DROP"
logged = true
}
}
from terraform-provider-nsxt.
Related Issues (20)
- Cannot add virtual_server condition based on Client SSL
- Possibility to configure DHCP relay on tier1-gateway interface level
- Can not find VM with the ID xxxxxxxxx HOT 13
- Incomplete documentation on how to configure static IP for TEP interfaces HOT 3
- nsx_edge_transport_node deploy failures (crash on syslog port + root object absent) HOT 1
- SNI certificates fail to be configured on the remote resource for nsxt_policy_lb_virtual_server HOT 3
- Add possibility to pass pre negociated token for authentification
- data nsxt_policy_vm fails to find VM in large (1k+) VM environment HOT 1
- Add the ability to create pollicy groups that are of the "IP Address Only" type.
- nsx_edge_transport_node deploy failure (root object absent) HOT 6
- nsxt_policy_tier0_inter_vrf_routing bgp_route_leaking in_filter and out_filter HOT 2
- nsxt_policy_project short_id is not marked ForceNew HOT 6
- Beta resource nsxt_policy_security_policy_rule misses certain configuration changes made outside of Terraform HOT 1
- visibility not set on creation of nsxt_policy_ip_block HOT 5
- Error: PolicyUplinkHostSwitchProfile with name 'uplink-profile-edge' was not found HOT 4
- MIssing resources for policy loadbalancers (profiles and monitors) HOT 3
- nsxt_policy_group member_type policy evolve HOT 2
- Custom Context Profiles with custom attributes HOT 2
- Add 'nat_type' in resource 'nsxt_policy_nat_rule' (INTERNAL, USER, DEFAULT) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-provider-nsxt.