...
Code Block | ||||
---|---|---|---|---|
| ||||
apiVersion: sdewan.akraino.org/v1alpha1 kind: IpsecHost metadata: name: ipsechost-sample namespace: default labels: sdewanPurpose: cnf-1 spec: remote: xx.xx.xx.xx/%any authentication_method: psk pre_shared_key: xxx local_public_cert: local_private_cert: shared_ca: local_identifier: remote_identifier: crypto_proposal: - test_proposal_1 connections: - connection_name: connection_A type: tunnel mode: start local_sourceip: %config remote_sourceip: xx.xx.xx.xx remote_subnet: xx.xx.xx.xx/xx crypto_proposal: - test_proposal_1 status: appliedVersion: "1" appliedTime: "2020-04-12T09:28:38Z" inSync: True |
CR samples of CNF Service:
.spec.fullname - The full name of the target service, with which we can get the service IP
.spec.port - The port exposed by CNF, we will do DNAT for the requests accessing this port of CNF
.spec.dport - The port exposed by target service
Code Block | ||||
---|---|---|---|---|
| ||||
apiVersion: batch.sdewan.akraino.org/v1alpha1
kind: CNFService
metadata:
name: cnfservice-sample
namespace: default
labels:
sdewanPurpose: cnf1
spec:
fullname: httpd-svc.default.svc.cluster.local
port: "2288"
dport: "8080"
|
Sdewan rule CRD Reconcile Logic
...