summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaysa Macedo <maysa.macedo95@gmail.com>2019-01-11 11:20:42 +0000
committerMaysa de Macedo Souza <maysa.macedo95@gmail.com>2019-01-11 11:42:02 +0000
commitd490b08cb7e0a0f4fa71d080226f8aa6ef0637c9 (patch)
treeaf4353a09becbd0f576624cdc43ba810ff535e03
parentd4929ef243cbad83979bbe2417dc6deed45a81fd (diff)
Fix Network Policy documentation0.6.1
Adds additional configuration needed to fully enable Network Policy functionality. Closes-Bug: #1811370 Change-Id: I785e703dcd83201ffa3e9cc92c31466087770890
Notes
Notes (review): Code-Review+2: MichaƂ Dulko <mdulko@redhat.com> Code-Review+2: Daniel Mellado <dmellado@redhat.com> Workflow+1: Daniel Mellado <dmellado@redhat.com> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Fri, 11 Jan 2019 12:36:25 +0000 Reviewed-on: https://review.openstack.org/630158 Project: openstack/kuryr-kubernetes Branch: refs/heads/master
-rw-r--r--doc/source/installation/network_policy.rst27
1 files changed, 22 insertions, 5 deletions
diff --git a/doc/source/installation/network_policy.rst b/doc/source/installation/network_policy.rst
index 25a7e74..ae5257d 100644
--- a/doc/source/installation/network_policy.rst
+++ b/doc/source/installation/network_policy.rst
@@ -1,13 +1,13 @@
1Enable network policy support functionality 1Enable network policy support functionality
2=========================================== 2===========================================
3 3
4Enable the policy handler to respond to network policy events. As this is not 4Enable policy, pod_label and namespace handlers to respond to network policy events.
5done by default you'd have to explicitly add that to the list of enabled 5As this is not done by default you'd have to explicitly add that to the list of enabled
6handlers at kuryr.conf (further info on how to do this can be found at 6handlers at kuryr.conf (further info on how to do this can be found at
7:doc:`./devstack/containerized`):: 7:doc:`./devstack/containerized`)::
8 8
9 [kubernetes] 9 [kubernetes]
10 enabled_handlers=vif,lb,lbaasspec,policy,pod_label 10 enabled_handlers=vif,lb,lbaasspec,policy,pod_label,namespace
11 11
12After that, enable also the security group drivers for policies:: 12After that, enable also the security group drivers for policies::
13 13
@@ -15,6 +15,22 @@ After that, enable also the security group drivers for policies::
15 service_security_groups_driver = policy 15 service_security_groups_driver = policy
16 pod_security_groups_driver = policy 16 pod_security_groups_driver = policy
17 17
18Enable the namespace subnet driver by modifying the default pod_subnet_driver
19option::
20
21 [kubernetes]
22 pod_subnets_driver = namespace
23
24Select the subnet pool from where the new subnets will get their CIDR::
25
26 [namespace_subnet]
27 pod_subnet_pool = SUBNET_POOL_ID
28
29Lastly, select the router where the new subnet will be connected::
30
31 [namespace_subnet]
32 pod_router = ROUTER_ID
33
18Note you need to restart the kuryr controller after applying the above step. 34Note you need to restart the kuryr controller after applying the above step.
19For devstack non-containerized deployments:: 35For devstack non-containerized deployments::
20 36
@@ -26,10 +42,11 @@ Same for containerized deployments::
26 $ kubectl -n kube-system delete pod KURYR_CONTROLLER_POD_NAME 42 $ kubectl -n kube-system delete pod KURYR_CONTROLLER_POD_NAME
27 43
28For directly enabling the driver when deploying with devstack, you just need 44For directly enabling the driver when deploying with devstack, you just need
29to add the policy handler and drivers with:: 45to add the policy, pod_label and namespace handler and drivers with::
30 46
31 KURYR_ENABLED_HANDLERS=vif,lb,lbaasspec,policy,pod_label 47 KURYR_ENABLED_HANDLERS=vif,lb,lbaasspec,policy,pod_label,namespace
32 KURYR_SG_DRIVER=policy 48 KURYR_SG_DRIVER=policy
49 KURYR_SUBNET_DRIVER=namespace
33 50
34Testing the network policy support functionality 51Testing the network policy support functionality
35------------------------------------------------ 52------------------------------------------------