Installing network policies for foundational services

If you have a deny-all or allow-same-namespace policy in place, import and install network policies for IBM Cloud Pak foundational services.

Import and install network policies for foundational services to work in the following scenarios:

If you have the deny-all policy in place, the ingress traffic to all pods is not allowed.
If the cluster has allow-same-namespace policy in place, the communication between the pods across namespaces can be blocked.

If you do not use deny-all or allow-same-namespace policy, you do not need to import or install network policies.

For more information, see About network policy in Red Hat® OpenShift® Container Platform documentation.

Installing network policies

You can install the network policies before or after installing foundational services if required.

Log in to the cluster where you want to install network policies.
Go to the foundational services GitHub repository.
Download the repository.
Run the install_networkpolicy.sh script that is located in the repository to install the network policies on the connected cluster.

Note: If you install network policies before installing foundational services, the script automatically creates the foundational services namespace. You can also specify a namespace by using the -n or -z option. For more information, see Script options.

Script options

The following parameters can be modified while running the install_networkpolicy.sh script.

Table 1. Script parameters
Parameter	Description	Default
`-n, --namespace`	The name of the namespace where foundational services is installed.	`<foundational-services>`
`z, --zen`	The name of the namespace where Platform UI (`zen-operator`) is installed. Usually it is the namespace where the IBM Cloud Pak® is deployed.
`-u,--uninstall`	Uninstall foundational services network policies.	Not applicable
`-h, --help`	Print information about usage.	Not applicable

Example: Installing network policies

The following command runs the install_networkpolicy.sh script, and installs the network policies in <foundational-services> namespace and the cloudpak-namespace for Platform UI.

./install_networkpolicy.sh -n <your-foundational-services-namespace> -z cloudpak-namespace

Example: Uninstalling network policies

The following command runs the install_networkpolicy.sh script, and uninstalls the network policies from <foundational-services> namespace and the cloudpak-namespace for Platform UI.

./install_networkpolicy.sh -n <your-foundational-services-namespace> -z cloudpak-namespace -u