The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
If you want to restrict Kubernetes services from accessing any
externalIPs
, do not you set any CIDR blocks
that are allowed when you create the
Kubernetes module. That is, do not use the
--restrict-service-externalip-cidrs
option of
the olcnectl module create command. The
externalip-validation-webhook-service
Kubernetes service is deployed, but does not allow access to any
externalIPs
. For example:
$ olcnectl --api-server 127.0.0.1:8091 module create \
--environment-name myenvironment \
--module kubernetes \
--name mycluster \
...
--restrict-service-externalip-ca-cert=/etc/olcne/configs/certificates/restrict_external_ip/production/ca.cert \
--restrict-service-externalip-tls-cert=/etc/olcne/configs/certificates/restrict_external_ip/production/node.cert \
--restrict-service-externalip-tls-key=/etc/olcne/configs/certificates/restrict_external_ip/production/node.key
If you have an existing Kubernetes module and you
want to remove access to all CIDR blocks that may have been
configured, update the module and set the
--restrict-service-externalip-cidrs
option to
null as shown in Section 4.8.2, “Modifying Access to CIDR Blocks”.