Create Nodes Security List

POST https://iaas.{{region}}.oraclecloud.com/20160918/securityLists

Creates a new security list for the specified VCN. For more information about security lists, see Security Lists. For information on the number of rules you can have in a security list, see Service Limits.

For the purposes of access control, you must provide the OCID of the compartment where you want the security list to reside. Notice that the security list doesn't have to be in the same compartment as the VCN, subnets, or other Networking Service components. If you're not sure which compartment to use, put the security list in the same compartment as the VCN. For more information about compartments and access control, see Overview of the IAM Service. For information about OCIDs, see Resource Identifiers.

You may optionally specify a display name for the security list, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.

Request Body

{"compartmentId"=>"{{app_compartment_ocid}}", "egressSecurityRules"=>[{"destination"=>"10.0.10.0/24", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"all", "description"=>"Allow pods on one worker node to communicate with pods on other worker nodes"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>6443, "min"=>6443}}, "description"=>"Access to Kubernetes API Endpoint"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>12250, "min"=>12250}}, "description"=>"Kubernetes worker to control plane communication"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "description"=>"Path discovery"}, {"destination"=>"all-iad-services-in-oracle-services-network", "destinationType"=>"SERVICE_CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>443, "min"=>443}}, "description"=>"Allow nodes to communicate with OKE to ensure correct start-up and continued functioning"}, {"destination"=>"0.0.0.0/0", "destinationType"=>"CIDR_BLOCK", "icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "description"=>"ICMP Access from Kubernetes Control Plane"}, {"destination"=>"0.0.0.0/0", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"all", "description"=>"Worker Nodes access to Internet"}], "ingressSecurityRules"=>[{"isStateless"=>false, "protocol"=>"all", "source"=>"10.0.10.0/24", "sourceType"=>"CIDR_BLOCK", "description"=>"Allow pods on one worker node to communicate with pods on other worker nodes"}, {"icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "source"=>"10.0.0.0/28", "sourceType"=>"CIDR_BLOCK", "description"=>"Path discovery"}, {"isStateless"=>false, "protocol"=>"6", "source"=>"10.0.0.0/28", "sourceType"=>"CIDR_BLOCK", "description"=>"TCP access from Kubernetes Control Plane"}, {"isStateless"=>false, "protocol"=>"6", "source"=>"0.0.0.0/0", "sourceType"=>"CIDR_BLOCK", "tcpOptions"=>{"destinationPortRange"=>{"max"=>22, "min"=>22}}, "description"=>"Inbound SSH traffic to worker nodes"}], "vcnId"=>"{{app_vcn_ocid}}", "displayName"=>"End-to-End API Example - Nodes Security List"}

HEADERS

KeyDatatypeRequiredDescription
opc-retry-tokenstringA token that uniquely identifies a request so it can be retried in case of a timeout or
server error without risk of executing that same action again. Retry tokens expire after 24
hours, but can be invalidated before then due to conflicting operations (for example, if a resource
has been deleted and purged from the system, then a retry of the original creation request
may be rejected).
Content-Typestring
Datestring(Required) Current Date
Authorizationstring(Required) Signature Authentication on Authorization header
x-content-sha256string(Required) Content sha256 for POST, PUT and PATCH operations

RESPONSES

status: OK

{"compartmentId":"est in incididunt","displayName":"voluptate deserunt laboris Excepteur","egressSecurityRules":[{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"},{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"}],"id":"esse tempor","ingressSecurityRules":[{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"},{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"}],"lifecycleState":"TERMINATED","timeCreated":"2002-08-23T08:03:52.569Z","vcnId":"culpa dolore ipsum labore laboris","definedTags":{},"freeformTags":{}}