Installing network policies for foundational services
If you have a deny-all or allow-same-namespace policy in place, import and install network policies for IBM Cloud Pak foundational services.
Import and install network policies for foundational services to work in the following scenarios:
- If you have the
deny-allpolicy in place, the ingress traffic to all pods is not allowed. - If the cluster has
allow-same-namespacepolicy in place, the communication between the pods across namespaces can be blocked.
If you do not use deny-all or allow-same-namespace policy, you do not need to import or install network policies.
For more information, see About network policy in Red Hat® OpenShift® Container Platform documentation.
Installing network policies
You can install the network policies before or after installing foundational services if required.
- Log in to the cluster where you want to install network policies.
- Go to the foundational services GitHub repository.
- Download the repository.
-
Run the
install_networkpolicy.shscript that is located in the repository to install the network policies on the connected cluster.Note: If you install network policies before installing foundational services, the script automatically creates the foundational services namespace. You can also specify a namespace by using the
-nor-zoption. For more information, see Script options.
Script options
The following parameters can be modified while running the install_networkpolicy.sh script.
| Parameter | Description | Default |
|---|---|---|
-n, --namespace |
The name of the namespace where foundational services is installed. | ibm-common-services |
z, --zen |
The name of the namespace where Platform UI (zen-operator) is installed. Usually it is the namespace where the IBM Cloud Pak® is deployed. |
|
-u,--uninstall |
Uninstall foundational services network policies. | Not applicable |
-h, --help |
Print information about usage. | Not applicable |
Example: Installing network policies
The following command runs the install_networkpolicy.sh script, and installs the network policies in ibm-common-services namespace and the cloudpak-namespace for Platform UI.
./install_networkpolicy.sh -n ibm-common-services -z cloudpak-namespace
Example: Uninstalling network policies
The following command runs the install_networkpolicy.sh script, and uninstalls the network policies from ibm-common-services namespace and the cloudpak-namespace for Platform UI.
./install_networkpolicy.sh -n ibm-common-services -z cloudpak-namespace -u