Container Firewall Overview
A container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.
Constraints
- The container firewall is available only in the HSS container edition. For details about how to purchase HSS, see Purchasing an HSS Quota.
- The following container network models can be protected:
- CCE clusters: container tunnel network model, cloud native network 2.0 model, and VPC network model
- Other Kubernetes clusters: Only the built-in network policy of Kubernetes (the native Kubernetes network) is supported.
- In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions:
- IAM permissions: Tenant Administrator or CCE Administrator.
- Namespace permissions (authorized by Kubernetes RBAC): O&M permissions.
How It Works
A container firewall controls the access scope of source and destination containers based on the access policies for pods and servers, blocking internal and external malicious accesses and attacks.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.