Parameters
The parent key for all of the following parameters is networkpolicy.
labels
| type |
dictionary |
| default |
|
Name of the labels to be used in other components.
allowNamespaceLabels
| type |
list of tuples |
| default |
empty list |
A list of labels matching namespaces to allow traffic from.
Each list item can contain several key value pairs.
They result in an AND condition.
Individual list items will result in an OR condition.
allowNamespaceLabels:
- my-label-a: true
my-label-b: true
- my-label-c: trueIn the above example, traffic will be allowed if a namespaces has the label my-label-a=true AND my-label-b=true.
Traffic will also be allowed if a namespace is labeled my-label-c.
ignoredNamespaces
| type |
list of strings |
| default |
empty list |
A list of namespace names where no default NetworkPolicies will be created. Default NetworkPolicies will be purged for all namespaces in this list.
networkPlugin
| type |
string |
| default |
|
The network plugin installed on the cluster.
|
This needs to be set when using the Cilium network plugin. Otherwise some policies might not be applied correctly. |
Example
# Allow traffic from ingress and monitoring
allowNamespaceLabels:
- network.openshift.io/policy-group: monitoring
- network.openshift.io/policy-group: ingress
# Do not create the default policies in the OpenShift namespaces.
ignoredNamespaces:
- openshift
- openshift-apiserver
- openshift-apiserver-operator
- …