Description

EgressNetworkPolicy describes the current egress network policy for a Namespace. When using the 'redhat/openshift-ovs-multitenant' network plugin, traffic from a pod to an IP address outside the cluster will be checked against each EgressNetworkPolicyRule in the pod's namespace's EgressNetworkPolicy, in order. If no rule matches (or no EgressNetworkPolicy is present) then the traffic will be allowed by default.

Type

object

Required
  • spec

Specification

Property Type Description

.apiVersion

string

APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

.kind

string

Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

.metadata

ObjectMeta meta/v1

Standard object’s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

.spec

object

spec is the specification of the current egress network policy

.spec
Description

spec is the specification of the current egress network policy

Type

object

Required
  • egress

Property Type Description

egress

array

egress contains the list of egress policy rules

egress[]

object

EgressNetworkPolicyRule contains a single egress network policy rule

.spec.egress
Description

egress contains the list of egress policy rules

Type

array

.spec.egress[]
Description

EgressNetworkPolicyRule contains a single egress network policy rule

Type

object

Required
  • to

  • type

Property Type Description

to

object

to is the target that traffic is allowed/denied to

type

string

type marks this as an "Allow" or "Deny" rule

.spec.egress[].to
Description

to is the target that traffic is allowed/denied to

Type

object

Property Type Description

cidrSelector

string

cidrSelector is the CIDR range to allow/deny traffic to. If this is set, dnsName must be unset

dnsName

string

dnsName is the domain name to allow/deny traffic to. If this is set, cidrSelector must be unset