Configuring network policy for ObjectServer ingress

Learn how to configure a network policy for ObjectServer ingress.

If the event source is running in the same cluster but in a different namespace, update the network policy that governs access to the Netcool® Operations Insight® deployment. By default, the deployment creates a default network policy, which prohibits all network traffic from other namespaces. For more information about network policies, see Controlling cluster traffic with network policies.

In the following example, NetworkPolicy allows ingress traffic to the primary and backup ObjectServer pods on ports 4100 and 4101:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  labels:
    release: <release-name>
  name: <release-name>-objectserver-ingress
  namespace: <namespace>
spec:
  podSelector:
    matchLabels:
      release: <release-name>
      appClass: objserv
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          project: <source-namespace>    
    ports:
      - protocol: TCP
        port: 4100
      - protocol: TCP
        port: 4101
Where:
  • <release-name> is the name of the deployment as specified in the NOI operator CR.
  • <namespace> is the namespace of the deployment.
  • <source-namespace> is the namespace containing the event source.