search

linode / linode-cloud-controller-manager

Kubernetes Cloud Controller Manager for Linode
Apache License 2.0
81 stars 61 forks source link

Add Firewall ACL Rules as an Annotation #152

Closed luthermonson closed 7 months ago

luthermonson commented 9 months ago

Now that we have firewall support we should add to the story to passing in information for to create the firewall and access rules. Add enough annotations to create a firewall with ACLs, create it and add it to the nodebalancer. Bonus points... due to account limits try to find out a way to reuse firewalls if the ACL rules are identical. This might be easy with config maps? Perhaps the rules are in there and when to service annotations match the same config map you only use the one resource in Linode.

okokes-akamai commented 9 months ago

Bonus points... due to account limits try to find out a way to reuse firewalls if the ACL rules are identical

That sounds a bit dangerous - when we attach a firewall 123 to our NB just because it has the same rules - and somebody then changes said firewall to be completely different, how do we detect that? If we're going this sharing route, all the FWs we use need to be within this controller's control to avoid such an issue.