mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
100 lines
2.5 KiB
Plaintext
100 lines
2.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/network_security/network_policy/viewing-network-policy.adoc
|
|
// * post_installation_configuration/network-configuration.adoc
|
|
// * networking/multiple_networks/configuring-multi-network-policy.adoc
|
|
|
|
:name: network
|
|
:role: admin
|
|
ifeval::["{context}" == "configuring-multi-network-policy"]
|
|
:multi:
|
|
:name: multi-network
|
|
:role: cluster-admin
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-networkpolicy-view-cli_{context}"]
|
|
= Viewing {name} policies using the CLI
|
|
|
|
You can examine the {name} policies in a namespace.
|
|
|
|
ifndef::multi,microshift[]
|
|
[NOTE]
|
|
====
|
|
If you log in with a user with the `cluster-admin` role, then you can view any network policy in the cluster.
|
|
====
|
|
endif::multi,microshift[]
|
|
|
|
.Prerequisites
|
|
|
|
* You installed the OpenShift CLI (`oc`).
|
|
ifndef::microshift[]
|
|
* You are logged in to the cluster with a user with `{role}` privileges.
|
|
endif::microshift[]
|
|
* You are working in the namespace where the {name} policy exists.
|
|
|
|
.Procedure
|
|
|
|
* List {name} policies in a namespace:
|
|
|
|
** To view {name} policy objects defined in a namespace, enter the following
|
|
command:
|
|
+
|
|
[source,terminal,subs="attributes+"]
|
|
----
|
|
$ oc get {name}policy
|
|
----
|
|
|
|
** Optional: To examine a specific {name} policy, enter the following command:
|
|
+
|
|
[source,terminal,subs="attributes+"]
|
|
----
|
|
$ oc describe {name}policy <policy_name> -n <namespace>
|
|
----
|
|
+
|
|
--
|
|
where:
|
|
|
|
`<policy_name>`:: Specifies the name of the {name} policy to inspect.
|
|
`<namespace>`:: Optional: Specifies the namespace if the object is defined in a different namespace than the current namespace.
|
|
--
|
|
ifndef::multi[]
|
|
+
|
|
For example:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc describe networkpolicy allow-same-namespace
|
|
----
|
|
+
|
|
.Output for `oc describe` command
|
|
[source,text]
|
|
----
|
|
Name: allow-same-namespace
|
|
Namespace: ns1
|
|
Created on: 2021-05-24 22:28:56 -0400 EDT
|
|
Labels: <none>
|
|
Annotations: <none>
|
|
Spec:
|
|
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
|
|
Allowing ingress traffic:
|
|
To Port: <any> (traffic allowed to all ports)
|
|
From:
|
|
PodSelector: <none>
|
|
Not affecting egress traffic
|
|
Policy Types: Ingress
|
|
----
|
|
endif::multi[]
|
|
|
|
ifdef::multi[]
|
|
:!multi:
|
|
endif::multi[]
|
|
:!name:
|
|
:!role:
|
|
|
|
ifndef::microshift[]
|
|
[NOTE]
|
|
====
|
|
If you log in to the web console with `cluster-admin` privileges, you have a choice of viewing a network policy in any namespace in the cluster directly in YAML or from a form in the web console.
|
|
====
|
|
endif::microshift[] |