Configuring network policy for ObjectServer ingress
Learn how to configure a network policy for ObjectServer ingress.
If the event source is running in the same cluster but in a different namespace, update the network policy that governs access to the Netcool® Operations Insight® deployment. By default, the deployment creates a default network policy, which prohibits all network traffic from other namespaces. For more information about network policies, see Controlling cluster traffic with network policies.
In the following example,
NetworkPolicy
allows ingress traffic to the primary
and backup ObjectServer pods on ports 4100 and 4101.apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
release: <release-name>
name: <release-name>-objectserver-ingress
namespace: <namespace>
spec:
podSelector:
matchLabels:
release: <release-name>
appClass: objserv
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
project: <source-namespace>
ports:
- protocol: TCP
port: 4100
- protocol: TCP
port: 4101
Where:- <release-name> is the name of the deployment as specified in the NOI operator CR.
- <namespace> is the namespace of the deployment.
- <source-namespace> is the namespace containing the event source. Replace
<source-namespace>
with the namespace of the pods that need to access the primary and backup ObjectServers.
The
NetworkPolicy
resource that is defined in this configuration allows traffic
from pods in the <source-namespace>
namespace to the following ports on the
primary and backup ObjectServers.- Port 4100 (TCP)
- Port 4101 (TCP)
To use this network policy, create a
NetworkPolicy
resource in your cluster with
the provided YAML file. The following command creates the network policy in the default
namespace.oc apply -f objectserver-networkpolicy.yaml