Configuring network policy for ObjectServer ingress

Learn how to configure a network policy for ObjectServer ingress.

If the event source is running in the same cluster but in a different namespace, update the network policy that governs access to the Netcool® Operations Insight® deployment. By default, the deployment creates a default network policy, which prohibits all network traffic from other namespaces. For more information about network policies, see Controlling cluster traffic with network policies.

In the following example, NetworkPolicy allows ingress traffic to the primary and backup ObjectServer pods on ports 4100 and 4101.
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    release: <release-name>
  name: <release-name>-objectserver-ingress
  namespace: <namespace>
spec:
  podSelector:
    matchLabels:
      release: <release-name>
      appClass: objserv
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          project: <source-namespace>    
    ports:
      - protocol: TCP
        port: 4100
      - protocol: TCP
        port: 4101
Where:
  • <release-name> is the name of the deployment as specified in the NOI operator CR.
  • <namespace> is the namespace of the deployment.
  • <source-namespace> is the namespace containing the event source. Replace <source-namespace> with the namespace of the pods that need to access the primary and backup ObjectServers.
The NetworkPolicy resource that is defined in this configuration allows traffic from pods in the <source-namespace> namespace to the following ports on the primary and backup ObjectServers.
  • Port 4100 (TCP)
  • Port 4101 (TCP)
To use this network policy, create a NetworkPolicy resource in your cluster with the provided YAML file. The following command creates the network policy in the default namespace.
oc apply -f objectserver-networkpolicy.yaml