Create Nodes Security List
POST https://iaas.{{region}}.oraclecloud.com/20160918/securityLists
Creates a new security list for the specified VCN. For more information about security lists, see Security Lists. For information on the number of rules you can have in a security list, see Service Limits.
For the purposes of access control, you must provide the OCID of the compartment where you want the security list to reside. Notice that the security list doesn't have to be in the same compartment as the VCN, subnets, or other Networking Service components. If you're not sure which compartment to use, put the security list in the same compartment as the VCN. For more information about compartments and access control, see Overview of the IAM Service. For information about OCIDs, see Resource Identifiers.
You may optionally specify a display name for the security list, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.
Request Body
{"compartmentId"=>"{{app_compartment_ocid}}", "egressSecurityRules"=>[{"destination"=>"10.0.10.0/24", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"all", "description"=>"Allow pods on one worker node to communicate with pods on other worker nodes"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>6443, "min"=>6443}}, "description"=>"Access to Kubernetes API Endpoint"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>12250, "min"=>12250}}, "description"=>"Kubernetes worker to control plane communication"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "description"=>"Path discovery"}, {"destination"=>"all-iad-services-in-oracle-services-network", "destinationType"=>"SERVICE_CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>443, "min"=>443}}, "description"=>"Allow nodes to communicate with OKE to ensure correct start-up and continued functioning"}, {"destination"=>"0.0.0.0/0", "destinationType"=>"CIDR_BLOCK", "icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "description"=>"ICMP Access from Kubernetes Control Plane"}, {"destination"=>"0.0.0.0/0", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"all", "description"=>"Worker Nodes access to Internet"}], "ingressSecurityRules"=>[{"isStateless"=>false, "protocol"=>"all", "source"=>"10.0.10.0/24", "sourceType"=>"CIDR_BLOCK", "description"=>"Allow pods on one worker node to communicate with pods on other worker nodes"}, {"icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "source"=>"10.0.0.0/28", "sourceType"=>"CIDR_BLOCK", "description"=>"Path discovery"}, {"isStateless"=>false, "protocol"=>"6", "source"=>"10.0.0.0/28", "sourceType"=>"CIDR_BLOCK", "description"=>"TCP access from Kubernetes Control Plane"}, {"isStateless"=>false, "protocol"=>"6", "source"=>"0.0.0.0/0", "sourceType"=>"CIDR_BLOCK", "tcpOptions"=>{"destinationPortRange"=>{"max"=>22, "min"=>22}}, "description"=>"Inbound SSH traffic to worker nodes"}], "vcnId"=>"{{app_vcn_ocid}}", "displayName"=>"End-to-End API Example - Nodes Security List"}
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
opc-retry-token | string | A token that uniquely identifies a request so it can be retried in case of a timeout or | |
server error without risk of executing that same action again. Retry tokens expire after 24 | |||
hours, but can be invalidated before then due to conflicting operations (for example, if a resource | |||
has been deleted and purged from the system, then a retry of the original creation request | |||
may be rejected). | |||
Content-Type | string | ||
Date | string | (Required) Current Date | |
Authorization | string | (Required) Signature Authentication on Authorization header | |
x-content-sha256 | string | (Required) Content sha256 for POST, PUT and PATCH operations |
RESPONSES
status: OK
{"compartmentId":"est in incididunt","displayName":"voluptate deserunt laboris Excepteur","egressSecurityRules":[{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"},{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"}],"id":"esse tempor","ingressSecurityRules":[{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"},{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"}],"lifecycleState":"TERMINATED","timeCreated":"2002-08-23T08:03:52.569Z","vcnId":"culpa dolore ipsum labore laboris","definedTags":{},"freeformTags":{}}