Open kumarm2024 opened 1 month ago
Hello @kumarm2024, in the group resource, you have the option to define member_type
arguments that are specific to Kubernetes
and Antrea
: https://registry.terraform.io/providers/vmware/nsxt/latest/docs/resources/policy_group#member_type
Would this satisfy your ask or is there anything else missing?
@annakhm thanks for reply, I guess you are taking about "policy group" resource which I know we can create Antrea group with the "member_type" argument. My question is how we going to create security policy resource which will target to Antrea Cluster itself:
So I was talking about "nsxt_policy_security_policy" resource. What to define in "scope" argument so that it apply to Antrea Container Cluster (Rather than group) - I want to target Antrea Container Cluster not group
Let me give you example:
I have created two group group1 and group2 as below : resource "nsxt_policy_group" "group1" { display_name = "group1" description = "Terraform provisioned Group" group_type = "ANTREA"
criteria { condition { key = "Name" member_type = "Namespace" operator = "EQUALS" value = "test1" } } }
resource "nsxt_policy_group" "group2" { display_name = "group2" description = "Terraform provisioned Group" group_type = "ANTREA"
criteria { condition { key = "Name" member_type = "Namespace" operator = "EQUALS" value = "test2" } } }
Now I want to create policy and rule which will drop traffic from group1 to group2:
resource "nsxt_policy_security_policy" "test-policy" { display_name = "test-policy" description = "Terraform provisioned Security Policy" category = "Application" locked = false stateful = true tcp_strict = false scope = ?????????????? What to define here so that it apply to Antrea Container Cluster ?
rule { display_name = "drop" source_groups = [nsxt_policy_group1.path] destination_groups = null # empty destination refers to all scope = [nsxt_policy_group2.path] action = "DROP" logged = true } }
Is your feature request related to a problem? Please describe.
I wanted to apply security policy to Antrea Container Cluster. At present there is no option available to apply this by using terraform.
Describe the solution you'd like
There should be option to apply security policy to Container Cluster. At the moment we can apply security policy to the policy groups using scope argument.
Solution I would like to have, there should be a way where l can define Antrea cluster in the policy scope
Describe alternatives you've considered
No response
Additional context
No response