Use network policies to isolate traffic in your cluster network. The OpenShift 4 CNI plugin uses network policies and by default all Pods in a project are accessible from other Pods and network endpoints.
To isolate one or more Pods in a project, create NetworkPolicy objects in that project to indicate the allowed incoming connections.
Project administrators can create and delete NetworkPolicy objects within their own project.

Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-3-supporting-and-tooling-offering/external-secrets-operator-eso/tasks/phase/deployment/318-T1999/

How Tos:

OpenShift: How to create a network policy and and add proper NetworkPolicy objects

Create a policy rule:

• Create a <policy-name>.yaml file where <policy-name> describes the policy rule.
• In the file you just created define a policy object, such as in the following example:
  **`
  kind: NetworkPolicy
  apiVersion: networking.k8s.io/v1
  metadata:
  name: <policy-name>
  spec:
  podSelector:
  ingress: []
  **`
  1. 1. Run the following command to create the policy object:
        **`
        oc create -f <policy-name>.yaml -n <project>
        **`
        Example: Only accept connections from pods within a project
        **`
        kind: NetworkPolicy
        apiVersion: networking.k8s.io/v1
        metadata:
        name: allow-same-namespace
        spec:
        podSelector:
        ingress:
• from:
• podSelector: {}
  **`
  For more information, see the OpenShift documentation.

Training Modules

Defending Containers

• Providing Defense in Depth for Containers