Skip to content

Commit

Permalink
diff sg with port-secutiry
Browse files Browse the repository at this point in the history
Signed-off-by: bobz965 <[email protected]>
  • Loading branch information
bobz965 committed Apr 7, 2024
1 parent f7ff1fb commit 9f35f31
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
4 changes: 3 additions & 1 deletion docs/advance/security-group.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,9 @@ spec:
The specific meaning of each field of the SecurityGroup can be found in the [Kube-OVN API Reference](../reference/kube-ovn-api.en.md).
Pods bind security-groups by adding annotations, two annotations are used.
- port_security: source address verification. If this function is enabled, only packets with ip addresses assigned by kube-ovn ipam can be exported from the pod network adapter. After this function is disabled, any ip address can be exported
- security_groups: indicates a security group that contains a series of ACL rules
> These two annotations are responsible for functions that are independent of each other.
```yaml
ovn.kubernetes.io/port_security: "true"
ovn.kubernetes.io/security_groups: sg-example
Expand Down
3 changes: 3 additions & 0 deletions docs/advance/security-group.md
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,9 @@ spec:
安全组各字段的具体含义,可以参考 [Kube-OVN 接口规范](../reference/kube-ovn-api.md)。
Pod 通过添加 annotation 来绑定安全组,使用的 annotation 有两个:
- port_security: 源地址校验,如果开启,只能 kube-ovn ipam 分配到的 ip 地址的包可以从 pod 网卡出去,关闭后任意 ip 都可以。
- security_groups: 安全组,包含一系列 ACL 规则。
> 这两个 annotation 负责的功能是互相独立的。
```yaml
ovn.kubernetes.io/port_security: "true"
Expand Down

0 comments on commit 9f35f31

Please sign in to comment.