Configuring a Network Defense Policy (for a Cluster Using the Cloud Native Network 2.0 Model)
For clusters using the cloud native network 2.0 model, you can configure network defense policies to limit the traffic that accesses the servers where containers are deployed. If no security group policies are configured, all incoming and outgoing traffic of the servers is allowed by default.
This chapter describes how to create a network defense policy for a cluster using the cloud native network 2.0 model.
Creating a Network Defense Policy
- Log in to the management console.
- In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
- In the navigation pane on the left, choose Container Firewalls.
- (Optional) If you have enabled the enterprise project, select the enterprise project where the target server resides from the drop-down list.
- Click Synchronize above the cluster list to synchronize the policies created on clusters.
The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.
Figure 1 Synchronizing CCE Cluster policies
- Click Manage Policy in the Operation column of a cluster using the cloud native network 2.0 model.
- Click Create above the policy list. The Create a Security Group Policy dialog box is displayed.
Figure 2 Policy management
- Enter the policy information as prompted. For details about related parameters, see Table 1.
Figure 3 Create a security group policy
Table 1 Parameters for creating a security group policy Parameter
Description
Policy
Enter a policy name.
Namespace
A namespace to be selected.
Workload Type
Select a load type. The following types are supported:
- Deployment
- StatefulSets
- DaemonSets
Workload
Select the target workload.
Associate a Security Group
Select a security group to be associated. Each policy can be associated with a maximum of five groups.
The existing security groups in the list are those you have created in the VPC service. To create a security group, click Create a Security Group to go to the VPC console. For details, see Create a Security Group.
- After entering the policy information, click OK.
Related Operations
Modifying or deleting a network defense policy
- Go to the HSS console.
- In the navigation pane on the left, choose Container Firewalls.
- (Optional) If you have enabled the enterprise project, select the enterprise project where the target server resides from the drop-down list.
- Click Manage Policy in the Operation column of a cluster using the cloud native network 2.0 model.
- Click Synchronize above the policy list to synchronize cluster policy information.
The synchronization takes about 1 to 2 minutes. Wait for a while and click in the upper right corner of the list to refresh and view the latest data.
- Select the operation to be performed on the policy.
Figure 4 Managing policies
- View policy content.
In the Operation column of a policy, click View YAML. In the displayed dialog box, you can select YAML or JSON to view the policy details. Click Download in the upper left corner of the dialog box.
- Update policy content.
- Locate a target policy and click Update in the Operation column. The Update a Security Group Policy dialog box is displayed.
- Add or delete an associated security group.
- Click OK.
- Delete a policy.
- Locate a target policy and click Delete in the Operation column. The Delete Policy dialog box is displayed.
- Ensure that all information is correct and click OK.
- View policy content.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot