Updated on 2024-09-03 GMT+08:00

Container Firewall Overview

A container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.

Constraints and Limitations

  • Only the HSS container edition supports this function. For details about how to purchase and upgrade HSS, see Purchasing an HSS Quota and Upgrading Your Edition.
  • The following container network models can be protected:
    • CCE cluster: container tunnel network model, cloud native network 2.0 model, and VPC network model
    • Other Kubernetes clusters: container tunnel network model
  • In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions:
    • IAM permissions: Tenant Administrator or CCE Administrator.
    • Namespace permissions (authorized by Kubernetes RBAC): O&M permissions. For details about how to configure permissions, see Configuring namespace permissions.

How It Works

A container firewall controls the access scope of source and destination containers based on the access policies for pods and servers, blocking internal and external malicious accesses and attacks.