Create Nodes Security List

POST https://iaas.{{region}}.oraclecloud.com/20160918/securityLists

Creates a new security list for the specified VCN. For more information about security lists, see Security Lists. For information on the number of rules you can have in a security list, see Service Limits.

For the purposes of access control, you must provide the OCID of the compartment where you want the security list to reside. Notice that the security list doesn't have to be in the same compartment as the VCN, subnets, or other Networking Service components. If you're not sure which compartment to use, put the security list in the same compartment as the VCN. For more information about compartments and access control, see Overview of the IAM Service. For information about OCIDs, see Resource Identifiers.

You may optionally specify a display name for the security list, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.

Request Body

{"compartmentId"=>"{{app_compartment_ocid}}", "egressSecurityRules"=>[{"destination"=>"10.0.10.0/24", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"all", "description"=>"Allow pods on one worker node to communicate with pods on other worker nodes"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>6443, "min"=>6443}}, "description"=>"Access to Kubernetes API Endpoint"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>12250, "min"=>12250}}, "description"=>"Kubernetes worker to control plane communication"}, {"destination"=>"10.0.0.0/28", "destinationType"=>"CIDR_BLOCK", "icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "description"=>"Path discovery"}, {"destination"=>"all-iad-services-in-oracle-services-network", "destinationType"=>"SERVICE_CIDR_BLOCK", "isStateless"=>false, "protocol"=>"6", "tcpOptions"=>{"destinationPortRange"=>{"max"=>443, "min"=>443}}, "description"=>"Allow nodes to communicate with OKE to ensure correct start-up and continued functioning"}, {"destination"=>"0.0.0.0/0", "destinationType"=>"CIDR_BLOCK", "icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "description"=>"ICMP Access from Kubernetes Control Plane"}, {"destination"=>"0.0.0.0/0", "destinationType"=>"CIDR_BLOCK", "isStateless"=>false, "protocol"=>"all", "description"=>"Worker Nodes access to Internet"}], "ingressSecurityRules"=>[{"isStateless"=>false, "protocol"=>"all", "source"=>"10.0.10.0/24", "sourceType"=>"CIDR_BLOCK", "description"=>"Allow pods on one worker node to communicate with pods on other worker nodes"}, {"icmpOptions"=>{"code"=>4, "type"=>3}, "isStateless"=>false, "protocol"=>"1", "source"=>"10.0.0.0/28", "sourceType"=>"CIDR_BLOCK", "description"=>"Path discovery"}, {"isStateless"=>false, "protocol"=>"6", "source"=>"10.0.0.0/28", "sourceType"=>"CIDR_BLOCK", "description"=>"TCP access from Kubernetes Control Plane"}, {"isStateless"=>false, "protocol"=>"6", "source"=>"0.0.0.0/0", "sourceType"=>"CIDR_BLOCK", "tcpOptions"=>{"destinationPortRange"=>{"max"=>22, "min"=>22}}, "description"=>"Inbound SSH traffic to worker nodes"}], "vcnId"=>"{{app_vcn_ocid}}", "displayName"=>"End-to-End API Example - Nodes Security List"}

HEADERS

RESPONSES

status: OK

{"compartmentId":"est in incididunt","displayName":"voluptate deserunt laboris Excepteur","egressSecurityRules":[{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"},{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"}],"id":"esse tempor","ingressSecurityRules":[{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"},{"value":"\u003cError: Too many levels of nesting to fake this schema\u003e"}],"lifecycleState":"TERMINATED","timeCreated":"2002-08-23T08:03:52.569Z","vcnId":"culpa dolore ipsum labore laboris","definedTags":{},"freeformTags":{}}