openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 15:46:57 +01:00
Code Issues Releases Activity
Files
824b9a0a0bd419215da170d9fe193d98c6782eea
openshift-docs/modules/network-observability-deploy-network-policy.adoc

41 lines
2.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
// * networking/network_observability/network-observability-network-policy.adoc
:_mod-docs-content-type: PROCEDURE
[id="network-observability-deploy-network-policy_{context}"]
= Configuring an ingress network policy by using the FlowCollector custom resource
You can configure the `FlowCollector` custom resource (CR) to deploy an ingress network policy for network observability by setting the `spec.NetworkPolicy.enable` specification to `true`. By default, the specification is `false`.
If you have installed Loki, Kafka or any exporter in a different namespace that also has a network policy, you must ensure that the Network Observability components can communicate with them. Consider the following about your setup:
* Connection to Loki (as defined in the `FlowCollector` CR `spec.loki` parameter)
* Connection to Kafka (as defined in the `FlowCollector` CR `spec.kafka` parameter)
* Connection to any exporter (as defined in FlowCollector CR `spec.exporters` parameter)
* If you are using Loki and including it in the policy target, connection to an external object storage (as defined in your `LokiStack` related secret)
.Procedure
. In the web console, go to *Operators* -> *Installed Operators* page.
. Under the *Provided APIs* heading for *Network Observability*, select *Flow Collector*.
. Select *cluster* then select the *YAML* tab.
. Configure the `FlowCollector` CR. A sample configuration is as follows:
+
[id="network-observability-flowcollector-configuring-network-policy_{context}"]
.Example `FlowCollector` CR for network policy
[source, yaml]
----
apiVersion: flows.netobserv.io/v1beta2
kind: FlowCollector
metadata:
name: cluster
spec:
namespace: netobserv
networkPolicy:
enable: true <1>
additionalNamespaces: ["openshift-console", "openshift-monitoring"] <2>
# ...
----
<1> By default, the `enable` value is `false`.
<2> Default values are `["openshift-console", "openshift-monitoring"]`.
View Git Blame Copy Permalink