openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-16177 [NETOBSERV] Update network policy content

Browse Source
This commit is contained in:
Gwynne Monahan
2025-09-29 11:10:07 -05:00
committed by openshift-cherrypick-robot
parent 5f765ebc5e
commit ca07a69d71
2 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
modules/network-observability-deploy-network-policy.adoc
View File

@@ -5,11 +5,14 @@
:_mod-docs-content-type: PROCEDURE
[id="network-observability-deploy-network-policy_{context}"]
= Configuring an ingress network policy by using the FlowCollector custom resource
= Configuring network policy by using the FlowCollector custom resource
You can configure the `FlowCollector` custom resource (CR) to deploy an ingress network policy for network observability by setting the `spec.NetworkPolicy.enable` specification to `true`. By default, the specification is `false`.
[role="_abstract"]
You can set up ingress and egress network policies to control pod traffic. This enhances security and collects only the network flow data you need. This reduces noise, supports compliance, and improves visibility into network communication.
If you have installed Loki, Kafka or any exporter in a different namespace that also has a network policy, you must ensure that the Network Observability components can communicate with them. Consider the following about your setup:
You can configure the `FlowCollector` custom resource (CR) to deploy an egress and ingress network policy for network observability. By default, the `spec.NetworkPolicy.enable` specification is set to `true`.
If you have installed Loki, Kafka or any exporter in a different namespace that also has a network policy, you must ensure that the network observability components can communicate with them. Consider the following about your setup:
* Connection to Loki (as defined in the `FlowCollector` CR `spec.loki` parameter)
* Connection to Kafka (as defined in the `FlowCollector` CR `spec.kafka` parameter)
@@ -33,9 +36,9 @@ metadata:
spec:
namespace: netobserv
networkPolicy:
enable: true <1>
enable: true <1>
additionalNamespaces: ["openshift-console", "openshift-monitoring"] <2>
# ...
----
<1> By default, the `enable` value is `false`.
<1> By default, the `enable` value is `true`.
<2> Default values are `["openshift-console", "openshift-monitoring"]`.

4
observability/network_observability/network-observability-network-policy.adoc
View File

@@ -7,12 +7,10 @@ include::_attributes/common-attributes.adoc[]
toc::[]
As a user with the `admin` role, you can create a network policy for the `netobserv` namespace to secure inbound access to the Network Observability Operator.
As a user with the `admin` role, you can create a network policy for the `netobserv` namespace to secure inbound and outbound access to the Network Observability Operator.
include::modules/network-observability-deploy-network-policy.adoc[leveloffset=+1]
include::modules/network-observability-create-network-policy.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* xref:../../networking/network_security/network_policy/creating-network-policy.adoc#nw-networkpolicy-object_creating-network-policy[Creating a network policy using the CLI]