Firewall Port Overrides

Although nginx-ingress-controller is configured by default to listen on ports 80 and 443, for security reasons the opening of these ports is left to be explicitly done by the system installer/administrator.

Procedure

• To open these ports you need to edit the existing globalnetworkpolicy controller-oam-if-gnp, or create another globalnetworkpolicy with your user overrides. StarlingX recommends creating a new globalnetworkpolicy.

  For example:

  apiVersion: crd.projectcalico.org/v1
  kind: GlobalNetworkPolicy
  metadata:
    name: gnp-oam-overrides
  spec:
    ingress:
    - action: Allow
      destination:
        ports:
        - 80
        - 443
      protocol: TCP
    order: 500
    selector: has(iftype) && iftype == 'oam'
    types:
    - Ingress