The default export policy is wild open to all hosts (0.0.0.0/0), if a rule is created under this policy with specified clients, then we should be alright, this is how I understood.
My question is, should we ever use the default policy, or in what situation, it could be used. I would say we should not use it.
What would you say?
Default policy does not contain any rule, so access is denied by default. There no universal answer whether you should add rules to default policy or define your own - it all depends on your specific requirements.
OK. Would it cause any issues if I use one volume - one policy, which means everytime I create a volume I will assigned a new policy specifically to the volume?
The idea behind having central policies is to enable easier administration by reusing policies.
In my opinion adding one policy per volume would defeat that purpose and would make your system cumbersom to administrate.
Just as a side note: There is a limit to the maximum number of export policies you can create depending on the cluster size:
I think there is no one answer fits it all, as already posted.
hope that helps.
Understand that there is no one answer fits it all.
However, I am looking for a rule of thumb in creating exporting policy, if there is such. For instance, may be one policy for all related applications / projects /clients? Would that be a common rule?
Thanks for sharing.
Yes I think your suggestion is great.
Create an export-policy per Client / Application