Skip to content

Commit 9fd88db

Browse files
npinaevanpinaeva
committed
Remove "SCTP support" section, move plugin support note to the
"Network traffic filtering" section Signed-off-by: Nadia Pinaeva <[email protected]>
1 parent 3082727 commit 9fd88db

File tree

1 file changed

+6
-15
lines changed

1 file changed

+6
-15
lines changed

content/en/docs/concepts/services-networking/network-policies.md

Lines changed: 6 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -262,27 +262,18 @@ ingress or egress traffic.
262262
NetworkPolicy is defined for [layer 4](https://en.wikipedia.org/wiki/OSI_model#Layer_4:_Transport_layer)
263263
connections (TCP, UDP, and optionally SCTP). For all the other protocols, the behaviour may vary
264264
across network plugins.
265-
When a `deny all` network policy is defined, it is only guaranteed to deny TCP, UDP and SCTP
266-
connections. For other protocols, such as ARP or ICMP, the behaviour is undefined.
267-
The same applies to allow rules: when a specific pod is allowed as ingress source or egress destination,
268-
it is undefined what happens with (for example) ICMP packets. Protocols such as ICMP may be allowed by some
269-
network plugins and denied by others.
270-
271-
### SCTP support
272-
273-
{{< feature-state for_k8s_version="v1.20" state="stable" >}}
274-
275-
As a stable feature, this is enabled by default. To disable SCTP at a cluster level, you (or your
276-
cluster administrator) will need to disable the `SCTPSupport`
277-
[feature gate](/docs/reference/command-line-tools-reference/feature-gates/)
278-
for the API server with `--feature-gates=SCTPSupport=false,…`.
279-
When the feature gate is enabled, you can set the `protocol` field of a NetworkPolicy to `SCTP`.
280265

281266
{{< note >}}
282267
You must be using a {{< glossary_tooltip text="CNI" term_id="cni" >}} plugin that supports SCTP
283268
protocol NetworkPolicies.
284269
{{< /note >}}
285270

271+
When a `deny all` network policy is defined, it is only guaranteed to deny TCP, UDP and SCTP
272+
connections. For other protocols, such as ARP or ICMP, the behaviour is undefined.
273+
The same applies to allow rules: when a specific pod is allowed as ingress source or egress destination,
274+
it is undefined what happens with (for example) ICMP packets. Protocols such as ICMP may be allowed by some
275+
network plugins and denied by others.
276+
286277
## Targeting a range of ports
287278

288279
{{< feature-state for_k8s_version="v1.25" state="stable" >}}

0 commit comments

Comments
 (0)