updates network policy doc

updates the documentation about enabling the network policy
support to include the option to set enforce_sg_rules to false.

Change-Id: Ic7247718d7d179e87ea84bbc21a022791091c439
Closes-Bug: #1901097
This commit is contained in:
Kafilat Adeleke 2020-10-24 00:01:59 -07:00
parent ba12753374
commit 3407636c84
1 changed files with 8 additions and 1 deletions

View File

@ -94,12 +94,19 @@ to add the policy, pod_label and namespace handler and drivers with:
If the loadbalancer maintains the source IP (such as ovn-octavia driver),
there is no need to enforce sg rules at the load balancer level. To disable
the enforcement, you need to set the following variable:
the enforcement, you need to set the following variable in DevStack's
local.conf:
.. code-block:: bash
KURYR_ENFORCE_SG_RULES=False
To set that directly in kuryr.conf, the config to be set is:
.. code-block:: ini
[octavia_defaults]
enforce_sg_rules=False
Testing the network policy support functionality
------------------------------------------------