Controlling cluster traffic with network policies

By default access is blocked to application pods that run on the same cluster but in a different namespace to Netcool® Operations Insight®. You must create a network policy to enable any of those application pods to be able to talk to Netcool Operations Insight pods. An example of this access is where an application such as IBM® Telco Network Cloud Manager is running in a different namespace in the cluster and needs to use the same OpenLDAP installed with Netcool Operations Insight for authentication.

About this task

A network policy controls access, not only to pods but also to namespaces and to blocks of IP addresses. The network policy can explicitly allow or block access to these entities, which are identified by using their labels.


  1. Identify the labels on both the source and the target application that is associated with the grouping of pods to which the policy applies.

    In the example, you must retrieve the labels for the pods in Telco Network Cloud Manager that require access to the Netcool Operations Insight OpenLDAP pod, and the label of the Netcool Operations Insight OpenLDAP pod itself.

    To retrieve pod labels, use a command similar to the following command:
    kubectl get pods --show-labels
  2. Create a network policy, as described in the following Kubernetes documentation topic:
    The following sample code shows a network policy that is defined to enable an ingress controller to access all Netcool Operations Insight pods.
    kind: NetworkPolicy
      name: allow-ingress
        origin: helm-cem
        release: noi
      - Ingress
          release: noi
      - from:
        - namespaceSelector: {}
        - podSelector:
              release: noi
    The podSelector elements select the entities to which the network policy applies.
    • The first podSelector element defines the target entities as all pods that have the label "label=noi".
    • The second podSelector element defines the source entities as all pods that have the label "", in other words, the ingress controllers.
  3. Apply the network policy by running the following command:
    kubectl apply -f name_of_network_policy
    Where name_of_network_policy is the name of the network policy that you created.