Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-2980

Develop bespoke network policies for MAPI namespaces

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 3
    • None
    • None
    • CLOUD Sprint 273, CLOUD Sprint 274, CLOUD Sprint 275

      Background

      Based on the content of this guidance, we must provide network policies in 4.20 that will define pod to pod ingress/egress within particular namespaces.

      We need to evaluate all valid connections between ports and create default deny rules, that then add explicit allowances for the inter-pod traffic that we need to keep the system functioning.

      Valid traffic might be:

      • Webhooks
      • Metrics
      • Requests to API servers

      Note that pods on host networks are not affected by network policies, and so any ports/communication they make will not be affected by the policies.

      Steps

      • Review the network policy guidance documentation
      • Set up network policies for the appropriate namespaces
      • Set up the appropriate rules in the network policies

      Stakeholders

      • Cluster Infra
      • Ben Bennet (networking contact)

      Definition of Done

      • OpenShift deploys network policies for the associated namespaces
      • Docs
      • <Add docs requirements for this card>
      • Testing
      • <Explain testing that will be added>

              huliu@redhat.com Huali Liu
              joelspeed Joel Speed
              None
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: