AliCloud Kubernetes SDN connector using access key
When an AliCloud SDN connector is configured, dynamic address objects can support Kubernetes filters based on cluster, service, node, pod, and more.
The following address filters can be applied:
- K8S_Cluster
- K8S_Namespace
- K8S_ServiceName
- K8S_NodeName
- K8S_PodName
- K8S_Region
- K8S_Zone
- K8S_Label
To configure an AliCloud SDN connector with a Kubernetes filter in the GUI:
- Configure the AliCloud SDN connector:
- Go to Security Fabric > External Connectors.
- Click Create New, and select AliCloud.
- Configure the settings as needed and click OK.
- Create a dynamic firewall address with the supported Kubernetes filter:
- Go to Policy & Objects > Addresses.
- Click Create New > Address and enter a name.
- Configure the following settings:
- For Type, select Dynamic.
- For Sub Type, select Fabric Connector Address.
- For SDN Connector, select the connector created in step 1.
- For SDN address type, select Private.
- For Filter, select K8S_Cluster=zhmcluster.
- Click OK.
The corresponding IP addresses are dynamically updated and resolved after applying the Kubernetes filter.
- Confirm that the AliCloud SDN connector resolves dynamic firewall IP addresses using the configured filter:
- Go to Policy & Objects > Addresses.
- In the address table, hover over the address created in step 2 to view which IPs it resolves to:
To configure an AliCloud SDN connector with a Kubernetes filter in the CLI:
- Configure the AliCloud SDN connector:
config system sdn-connector edit "ali1" set type alicloud set access-key "****************" set secret-key xxxxxxxx set region "us-west-1" next end
- Create a dynamic firewall address with the supported Kubernetes filter:
config firewall address edit "ali_add1" set type dynamic set sdn "ali1" set color 10 set filter "K8S_Cluster=zhmcluster1" next end
- Confirm that the AliCloud SDN connector resolves dynamic firewall IP addresses using the configured filter:
config firewall address edit "ali_add1" show config firewall address edit "ali_add1" set uuid c48e4f00-5435-51eb-0547-aced5cf80f1f set type dynamic set sdn "ali1" set color 10 set filter "K8S_Cluster=zhmcluster1" config list edit "10.0.0.28" next edit "10.0.0.29" next edit "10.0.0.30" next ... end next end next end