NetworkRuleConfig

NetworkRuleConfig is a network firewall rule config document.


apiVersion: v1alpha1
kind: NetworkRuleConfig
name: ingress-apid # Name of the config document.
# Port selector defines which ports and protocols on the host are affected by the rule.
portSelector:
    # Ports defines a list of port ranges or single ports.
    ports:
        - 50000
    protocol: tcp # Protocol defines traffic protocol (e.g. TCP or UDP).
# Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.
ingress:
    - subnet: 192.168.0.0/16 # Subnet defines a source subnet.

Field	Type	Description
`name`	string	Name of the config document.
`portSelector`	RulePortSelector	Port selector defines which ports and protocols on the host are affected by the rule.
`ingress`	[]IngressRule	Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.

portSelector

RulePortSelector is a port selector for the network rule.

Field	Type	Description	Value(s)
`ports`	PortRanges	Ports defines a list of port ranges or single ports. The port ranges are inclusive, and should not overlap. Show example(s) `ports: - 80 - 443` `ports: - 1200-1299 - 8080`
`protocol`	Protocol	Protocol defines traffic protocol (e.g. TCP or UDP).	`tcp` `udp` `icmp` `icmpv6`

ingress[]

IngressRule is a ingress rule.

Field	Type	Description	Value(s)
`subnet`	Prefix	Subnet defines a source subnet. Show example(s) `subnet: 10.3.4.0/24` `subnet: 2001:db8::/32` `subnet: 1.3.4.5/32`
`except`	Prefix	Except defines a source subnet to exclude from the rule, it gets excluded from the `subnet`.

Last modified December 5, 2023: docs: rework machine config documentation generation (46121c9fe)