Controlling egress traffic from pods using firewalld

Solution Verified - Updated -

Issue

  • One of the methods to control egress traffic from pods according to OpenShift Container Platform documentation is iptables.
  • Egress firewall and/or router are scoped to a single project while iptables rules are global to all projects.
  • Using firewalld allows to add/remove rules dinamically without restarting OpenShift services. Also, while iptables is the default firewall, firewalld is recommended for new installations.

Environment

  • OpenShift Container Platform 3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In