openshift-docs/modules/network-observability-create-network-policy.adoc

// Module included in the following assemblies:

// * networking/network_observability/network-observability-network-policy.adoc


:_mod-docs-content-type: PROCEDURE
[id="network-observability-network-policy_{context}"]
= Creating a network policy for Network Observability
You might need to create a network policy to secure ingress traffic to the `netobserv` namespace. In the web console, you can create a network policy using the form view.

.Procedure
. Navigate to *Networking* -> *NetworkPolicies*.
. Select the `netobserv` project from the *Project* dropdown menu.
. Name the policy. For this example, the policy name is `allow-ingress`.
. Click *Add ingress rule* three times to create three ingress rules.
. Specify the following in the form:
.. Make the following specifications for the first *Ingress rule*:
... From the *Add allowed source* dropdown menu, select *Allow pods from the same namespace*.
.. Make the following specifications for the second *Ingress rule*:
... From the *Add allowed source* dropdown menu, select *Allow pods from inside the cluster*.
... Click *+ Add namespace selector*.
... Add the label, `kubernetes.io/metadata.name`, and the selector, `openshift-console`.
.. Make the following specifications for the third *Ingress rule*:
... From the *Add allowed source* dropdown menu, select *Allow pods from inside the cluster*.
... Click *+ Add namespace selector*.
... Add the label, `kubernetes.io/metadata.name`, and the selector, `openshift-monitoring`.

.Verification
. Navigate to *Observe* -> *Network Traffic*.
. View the *Traffic Flows* tab, or any tab, to verify that the data is displayed.
. Navigate to *Observe* -> *Dashboards*. In the NetObserv/Health selection, verify that the flows are being ingested and sent to Loki, which is represented in the first graph.