7c122fabb4
Enable bridge CNI plugin setting port-isolation [1] the interface. When port-isolation is enabled, containers connected to the network cannot communicate with each other over the linux-bridge. Communication will be enable depending on the gateway appliance according to its restrictions / policies. For example: in a scenario the env connected to smart switch, enabling port-isolation ensure traffic will go outbound, allowing the smart-switch routing the traffic according to policies. Add "portIsolation" flag to bridge plugin. When true, configure the node interface with port-isolation [1]. Default is false. [1] https://man7.org/linux/man-pages/man8/bridge.8.html (see "isolated" option) Signed-off-by: Or Mergi <ormergi@redhat.com>
This document has moved to the containernetworking/cni.dev repo.
You can find it online here: https://cni.dev/plugins/current/main/bridge/