Container Firewall Overview
A container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.
Constraints and Limitations
- Only the HSS container edition supports this function. For details about how to purchase and upgrade HSS, see Purchasing an HSS Quota and Upgrading Your Edition.
- The following container network models can be protected:
- CCE cluster: container tunnel network model, cloud native network 2.0 model, and VPC network model
- Other Kubernetes clusters: container tunnel network model
- In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions:
- IAM permissions: Tenant Administrator or CCE Administrator.
- Namespace permissions (authorized by Kubernetes RBAC): O&M permissions. For details about how to configure permissions, see Configuring namespace permissions.
How It Works
A container firewall controls the access scope of source and destination containers based on the access policies for pods and servers, blocking internal and external malicious accesses and attacks.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot