$ oc get networkpolicy
As a user with the admin
role, you can view a network policy for a namespace.
You can examine the network policies in a namespace.
If you log in with a user with the |
You installed the OpenShift CLI (oc
).
You are logged in to the cluster with a user with admin
privileges.
You are working in the namespace where the network policy exists.
List network policies in a namespace:
To view NetworkPolicy
objects defined in a namespace, enter the following
command:
$ oc get networkpolicy
Optional: To examine a specific network policy, enter the following command:
$ oc describe networkpolicy <policy_name> -n <namespace>
where:
<policy_name>
Specifies the name of the network policy to inspect.
<namespace>
Optional: Specifies the namespace if the object is defined in a different namespace than the current namespace.
For example:
$ oc describe networkpolicy allow-same-namespace
oc describe
commandName: allow-same-namespace
Namespace: ns1
Created on: 2021-05-24 22:28:56 -0400 EDT
Labels: <none>
Annotations: <none>
Spec:
PodSelector: <none> (Allowing the specific traffic to all pods in this namespace)
Allowing ingress traffic:
To Port: <any> (traffic allowed to all ports)
From:
PodSelector: <none>
Not affecting egress traffic
Policy Types: ingress
The following annotates an example NetworkPolicy object:
kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
name: allow-27107 (1)
spec:
podSelector: (2)
matchLabels:
app: mongodb
ingress:
- from:
- podSelector: (3)
matchLabels:
app: app
ports: (4)
- protocol: TCP
port: 27017
1 | The name of the NetworkPolicy object. |
2 | A selector describing the pods the policy applies to. The policy object can only select pods in the project that the NetworkPolicy object is defined. |
3 | A selector matching the pods that the policy object allows ingress traffic from. The selector will match pods in any project. |
4 | A list of one or more destination ports to accept traffic on. |