Skip to content

Commit 4a70f0e

Browse files
JoeAldingerJoeAldinger
authored
Merge pull request #74520 from JoeAldinger/OSDOCS-10217
OSDOCS-10217:adds OVN-K ACL diagram
2 parents 2676a5c + 0ba847d commit 4a70f0e

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed

images/615_OpenShift_OVN-K_ACLs_0324.png

77.3 KB
Loading

networking/ovn_kubernetes_network_provider/ovn-k-network-policy.adoc

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,9 @@ OVN-Kubernetes CNI in {product-title} implements these network policies using Ac
1717

1818
Tier 1 evaluates `AdminNetworkPolicy` (ANP) objects. Tier 2 evaluates `NetworkPolicy` objects. Tier 3 evaluates `BaselineAdminNetworkPolicy` (BANP) objects.
1919

20-
// <image here to help describe ACLs>
20+
.OVK-Kubernetes Access Control List (ACL)
21+
22+
image::615_OpenShift_OVN-K_ACLs_0324.png[OVN-Kubernetes Access Control List]
2123

2224
If traffic matches an ANP rule, the rules in that ANP will be evaluated first. If the match is an ANP `allow` or `deny` rule, any existing `NetworkPolicies` and `BaselineAdminNetworkPolicy` (BANP) in the cluster will be intentionally skipped from evaluation. If the match is an ANP `pass` rule, then evaluation moves from tier 1 of the ACLs to tier 2 where the `NetworkPolicy` policy is evaluated.
2325

0 commit comments

Comments
 (0)