Skip to content

Commit

Permalink
Document ingressControllerConfigs
Browse files Browse the repository at this point in the history
  • Loading branch information
@orishoshan
orishoshan committed Jul 8, 2024
1 parent 141196f commit 60e1e7c
Show file tree
Hide file tree
Showing 11 changed files with 7 additions and 5 deletions.
2 changes: 1 addition & 1 deletion docs/reference/api/README.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_position: 3
sidebar_position: 11
title: API
---

Expand Down
2 changes: 1 addition & 1 deletion docs/reference/cli/README.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_position: 2
sidebar_position: 10
title: CLI
---

Expand Down
0 ...iguration/credentials-operator/README.mdx → ...reference/credentials-operator/README.mdx
View file
File renamed without changes.
0 ...ation/credentials-operator/helm-chart.mdx → ...rence/credentials-operator/helm-chart.mdx
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...configuration/intents-operator/README.mdx → docs/reference/intents-operator/README.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_position: 2
sidebar_position: 1
title: Intents operator
---

Expand Down
0 ...ration/intents-operator/configuration.mdx → ...erence/intents-operator/configuration.mdx
View file
File renamed without changes.
1 change: 1 addition & 0 deletions ...iguration/intents-operator/helm-chart.mdx → ...reference/intents-operator/helm-chart.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ If you would like to deploy it on its own, add the Otterize Helm chart repositor
| `operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to `ClientIntents` of type Kafka. | `true` |
| `operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to `ClientIntents`. | `true` |
| `operator.allowExternalTraffic` | `ifBlockedByOtterize`, `off` or `always` (this option is **experimental**). Specify how the operator handles external traffic for Ingress/Service resources: `ifBlockedByOtterize` automatically create network policies to enable internet traffic for services that would be blocked by Otterize network policies when protecting a server. Choosing `off` may necessitate manual network policy creation to allow external traffic, while `always` automatically creates policies for all such resource that are visible to the operator. | `ifBlockedByOtterize` |
| `operator.ingressControllerConfigs` | Restricts the automatically created external traffic network policies to only allow access to an ingress controller within the cluster. Only relevant if you use an in-cluster ingress controller, such as nginx or HAProxy. A list of objects with keys `name`, `namespace` and `kind`, such as `ingress-nginx-controller`, `nginx` and `Deployment`. | `(none)` |
| `operator.autoCreateNetworkPoliciesForExternalTraffic` | (deprecated, use `allowExternalTraffic` instead) Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| `operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | (deprecated, use `allowExternalTraffic` instead) **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` |
| `operator.resources` | Resources override. | |
Expand Down
2 changes: 1 addition & 1 deletion ...e/configuration/network-mapper/README.mdx → docs/reference/network-mapper/README.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_position: 4
sidebar_position: 2
title: Network mapper
---

Expand Down
0 ...nfiguration/network-mapper/helm-chart.mdx → docs/reference/network-mapper/helm-chart.mdx
View file
File renamed without changes.
0 ...guration/network-mapper/kafka-watcher.mdx → ...eference/network-mapper/kafka-watcher.mdx
View file
File renamed without changes.
3 changes: 2 additions & 1 deletion ...e/configuration/otterize-chart/README.mdx → docs/reference/otterize-chart/README.mdx
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
sidebar_position: 1
sidebar_position: 4
title: Otterize OSS Helm chart
---

Expand Down Expand Up @@ -69,6 +69,7 @@ Further information about intents-operator parameters can be found [in the inten
| `intentsOperator.operator.enableNetworkPolicyCreation` | Whether the operator should create network policies according to `ClientIntents`. | `true` |
| `intentsOperator.operator.enableKafkaACLCreation` | Whether the operator should create Kafka ACL rules according to `ClientIntents` of type Kafka. | `true` |
| `intentsOperator.operator.enableIstioPolicyCreation` | Whether the operator should create Istio authorization policies according to `ClientIntents`. | `true` |
| `intentsOperator.operator.ingressControllerConfigs` | Restricts the automatically created external traffic network policies to only allow access to an ingress controller within the cluster. Only relevant if you use an in-cluster ingress controller, such as nginx or HAProxy. A list of objects with keys `name`, `namespace` and `kind`, such as `ingress-nginx-controller`, `nginx` and `Deployment`. | `(none)` |
| `intentsOperator.operator.allowExternalTraffic` | `ifBlockedByOtterize`, `off` or `always` (this option is **experimental**). Specify how the operator handles external traffic for Ingress/Service resources: `ifBlockedByOtterize` automatically create network policies to enable internet traffic for services that would be blocked by Otterize network policies when protecting a server. Choosing `off` may necessitate manual network policy creation to allow external traffic, while `always` automatically creates policies for all such resource that are visible to the operator. | `ifBlockedByOtterize` |
| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTraffic` | (deprecated, use `allowExternalTraffic` instead) Automatically allow external traffic, if a new ClientIntents resource would result in blocking external (internet) traffic and there is an Ingress/Service resource indicating external traffic is expected. | `true` |
| `intentsOperator.operator.autoCreateNetworkPoliciesForExternalTrafficDisableIntentsRequirement` | (deprecated, use `allowExternalTraffic` instead) **experimental** - If `autoCreateNetworkPoliciesForExternalTraffic` is enabled, do not require ClientIntents resources - simply create network policies based off of the existence of an Ingress/Service resource. | `false` |
Expand Down

0 comments on commit 60e1e7c

Please sign in to comment.