mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
60 lines
1.5 KiB
Plaintext
60 lines
1.5 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/network_policy/creating-network-policy.adoc
|
|
// * networking/configuring-networkpolicy.adoc
|
|
// * post_installation_configuration/network-configuration.adoc
|
|
|
|
[id="nw-networkpolicy-create_{context}"]
|
|
|
|
= Creating a NetworkPolicy object
|
|
|
|
To define granular rules describing Ingress network traffic allowed for projects
|
|
in your cluster, you can create NetworkPolicy objects.
|
|
|
|
.Prerequisites
|
|
|
|
* Your cluster is using a default CNI network provider that supports NetworkPolicy objects, such as the OpenShift SDN network provider with `mode: NetworkPolicy` set. This mode is the default for OpenShift SDN.
|
|
* You installed the OpenShift CLI (`oc`).
|
|
* You are logged in to the cluster with a user with `cluster-admin` privileges.
|
|
|
|
.Procedure
|
|
|
|
. Create a policy rule:
|
|
.. Create a `<policy-name>.yaml` file where `<policy-name>` describes the policy
|
|
rule.
|
|
.. In the file you just created define a policy object, such as in the following
|
|
example:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
kind: NetworkPolicy
|
|
apiVersion: networking.k8s.io/v1
|
|
metadata:
|
|
name: <policy-name> <1>
|
|
spec:
|
|
podSelector:
|
|
ingress: []
|
|
----
|
|
<1> Specify a name for the policy object.
|
|
|
|
. Run the following command to create the policy object:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f <policy-name>.yaml -n <project>
|
|
----
|
|
+
|
|
In the following example, a new NetworkPolicy object is created in a project
|
|
named `project1`:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f default-deny.yaml -n project1
|
|
----
|
|
+
|
|
.Example output
|
|
[source,terminal]
|
|
----
|
|
networkpolicy "default-deny" created
|
|
----
|