Help Center/
Host Security Service/
User Guide/
Container Protection/
Container Firewalls/
Container Firewall Overview
Updated on 2024-09-25 GMT+08:00
Container Firewall Overview
A container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.
Constraints and Limitations
- Only the HSS container edition supports this function.
- The following container network models can be protected:
- CCE cluster: container tunnel network model, cloud native network 2.0 model, and VPC network model
- Other Kubernetes clusters: container tunnel network model
- In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions:
- IAM permissions: Tenant Administrator or CCE Administrator.
- Namespace permissions (authorized by Kubernetes RBAC): O&M permissions.
How It Works
A container firewall controls the access scope of source and destination containers based on the access policies for pods and servers, blocking internal and external malicious accesses and attacks.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
