Configuring network policy for ObjectServer ingress
Learn how to configure a network policy for ObjectServer ingress.
If the event source is running in the same cluster but in a different namespace, update the network policy that governs access to the Netcool® Operations Insight® deployment. By default, the deployment creates a default network policy, which prohibits all network traffic from other namespaces. For more information about network policies, see Controlling cluster traffic with network policies.
In the following example, NetworkPolicy allows ingress traffic to the primary and backup
ObjectServer pods on ports 4100 and 4101:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
release: <release-name>
name: <release-name>-objectserver-ingress
namespace: <namespace>
spec:
podSelector:
matchLabels:
release: <release-name>
appClass: objserv
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
project: <source-namespace>
ports:
- protocol: TCP
port: 4100
- protocol: TCP
port: 4101
Where:- <release-name> is the name of the deployment as specified in the NOI operator CR.
- <namespace> is the namespace of the deployment.
- <source-namespace> is the namespace containing the event source.