Help Center/
Host Security Service/
User Guide/
Container Protection/
Container Firewalls/
Container Firewall Overview
Updated on 2025-01-07 GMT+08:00
Container Firewall Overview
A container firewall controls and intercepts network traffic inside and outside a container cluster to prevent malicious access and attacks.
Constraints and Limitations
- The container firewall is available only in the HSS container edition. For details about how to purchase HSS, see Purchasing an HSS Quota.
- The following container network models can be protected:
- CCE cluster: container tunnel network model, cloud native network 2.0 model, and VPC network model
- Other Kubernetes clusters: container tunnel network model
- In a CCE cluster, to operate resource objects, you need to obtain either of the following operation permissions:
- IAM permissions: Tenant Administrator or CCE Administrator.
- Namespace permissions (authorized by Kubernetes RBAC): O&M permissions. For details about how to configure permissions, see Configuring namespace permissions.
How It Works
A container firewall controls the access scope of source and destination containers based on the access policies for pods and servers, blocking internal and external malicious accesses and attacks.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
