Container Firewall Overview

Updated on 2024-09-25 GMT+08:00

A container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.

Constraints and Limitations

  • Only the HSS container edition supports this function.
  • The following container network models can be protected:
    • CCE cluster: container tunnel network model, cloud native network 2.0 model, and VPC network model
    • Other Kubernetes clusters: container tunnel network model
  • In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions:
    • IAM permissions: Tenant Administrator or CCE Administrator.
    • Namespace permissions (authorized by Kubernetes RBAC): O&M permissions.

How It Works

A container firewall controls the access scope of source and destination containers based on the access policies for pods and servers, blocking internal and external malicious accesses and attacks.

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback