NetworkPolicy: A Commodore component to manage NetworkPolicy
NetworkPolicy: A Commodore component to manage NetworkPolicy provides the tooling to manage a set of NetworkPolicies in all the namespaces on a cluster. The intention is to create a safe default. This is done by isolating the network of a namespace. The created policies will allow only traffic from pods within the same network. They will also allow traffic from selected namespaces. The latter is needed for ingress and monitoring to work.
This component assumes that a cluster was set up with a network plugin that supports NetworkPolicies.
An Espejo SyncConfig is used to create the policies.
The SyncConfig is configured to ignore namespaces having the label
network-policies.syn.tools/no-defaults (the value doesn’t matter).
The content of the created NetworkPolicies is enforced. Changes from other sources will be overwritten. If changes to the default policies are required, add the ignore label and create them on your own.
This component also allows to exclude a set of namespaces.
Those namespaces will receive the
network-policies.syn.tools/purge-defaults=true results in the active removal of those default policies.
Removing the NetworkPolicies from namespaces labeled
See also the parameters reference.