The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
If you want all Kubernetes services to be able to access all
externalIPs, you can disable this feature
using the --restrict-service-externalip=false
option of the olcnectl module create command.
Disabling this feature means that all Kubernetes services have
access to all externalIPs in the cluster.
If you disable this feature, the
externalip-validation-webhook-service
Kubernetes service is not deployed to the cluster, which means
no validation of external IP addresses is performed for
Kubernetes services, and access is allowed for all CIDR blocks.
For example, when you create a Kubernetes module,
include the
--restrict-service-externalip=false option:
$ olcnectl --api-server 127.0.0.1:8091 module create \
--environment-name myenvironment \
--module kubernetes \
--name mycluster \
...
--restrict-service-externalip=false
You can disable this feature in a Kubernetes cluster by using
the --restrict-service-externalip=false
option of the olcnectl module update command.
Modifying a Kubernetes module in this way removes
the externalip-validation-webhook-service
Kubernetes service from the cluster, so validation is not
performed. For example:
$ olcnectl --api-server 127.0.0.1:8091 module update \
--environment-name myenvironment \
--name mycluster \
--restrict-service-externalip=false
Conversely, if you enable this feature in a Kubernetes cluster
by using the
--restrict-service-externalip=true option of
the olcnectl module update command, the
externalip-validation-webhook-service
Kubernetes service is deployed to the cluster, so validation is
then performed. For example:
$ olcnectl --api-server 127.0.0.1:8091 module update \
--environment-name myenvironment \
--name mycluster \
--restrict-service-externalip=true