Major Use network policies to isolate traffic in your cluster network. The OpenShift 4 CNI plugin uses network policies and by default all Pods in a project are accessible from other Pods and network endpoints.
To isolate one or more Pods in a project, create NetworkPolicy objects in that project to indicate the allowed incoming connections.
Project administrators can create and delete NetworkPolicy objects within their own project.
Imported from SD Elements: https://redhat.sdelements.com/bunits/psse-secure-development/group-3-supporting-and-tooling-offering/openshift-zero-trust-workload-identity-manager/tasks/phase/deployment/311-T1999/
How Tos:
OpenShift: How to create a network policy and and add proper NetworkPolicy objects
Create a policy rule:
- Create a <policy-name>.yaml file where <policy-name> describes the policy rule.
- In the file you just created define a policy object, such as in the following example:
**`
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: <policy-name>
spec:
podSelector:
ingress: []
**`-
- Run the following command to create the policy object:
**`
oc create -f <policy-name>.yaml -n <project>
**`
Example: Only accept connections from pods within a project
**`
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-same-namespace
spec:
podSelector:
ingress:
- Run the following command to create the policy object:
-
- from:
- podSelector: {}
**`
For more information, see the OpenShift documentation.
Training Modules
Defending Containers
- is documented by
-
SPIRE-178 Analyze & document to implement strong network policies (OpenShift)
-
- Closed
-
- links to
