Controlling egress traffic from pods using firewalld
Issue
- One of the methods to control egress traffic from pods according to OpenShift Container Platform documentation is iptables.
- Egress firewall and/or router are scoped to a single project while iptables rules are global to all projects.
- Using firewalld allows to add/remove rules dinamically without restarting OpenShift services. Also, while iptables is the default firewall, firewalld is recommended for new installations.
Environment
- OpenShift Container Platform 3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.