$ roxctl netpol [command] [flags]
Commands related to the network policies.
$ roxctl netpol [command] [flags]
Command | Description |
---|---|
|
Connectivity analysis of the network policy resources. |
|
Recommend network policies based on the deployment information. |
The roxctl netpol
command supports the following options inherited from the parent roxctl
command:
Option | Description |
---|---|
|
Specify a custom CA certificate file path for secure connections. Alternatively, you can specify the file path by using the |
|
Set |
|
Set the endpoint for the service to contact. Alternatively, you can set the endpoint by using the |
|
Force the use of HTTP/1 for all connections. Alternatively, by setting the |
|
Enable insecure connection options. Alternatively, by setting the |
|
Skip the TLS certificate validation. Alternatively, by setting the |
|
Disable the color output. Alternatively, by setting the |
|
Specify the password for basic authentication. Alternatively, you can set the password by using the |
|
Use an unencrypted connection. Alternatively, by setting the |
|
Set the TLS server name to use for SNI. Alternatively, you can set the server name by using the |
|
Use the API token provided in the specified file for authentication. Alternatively, you can set the token by using the |
These options are applicable to all the sub-commands of the |
Recommend network policies based on the deployment information.
$ roxctl netpol generate <folder_path> [flags] (1)
1 | For <folder_path> , specify the path to the directory containing your Kubernetes deployment and service configuration files. |
Option | Description |
---|---|
|
Specify the DNS port that you want to use in the egress rules of synthesized network policies. The default value is |
|
Fail on the first encountered error. The default value is |
|
Save generated policies into the target folder. |
|
Save and merge generated policies into a single YAML file. |
|
Remove the output path if it already exists. The default value is |
|
Treat warnings as errors. The default value is |
Commands related to the connectivity analysis of the network policy resources.
$ roxctl netpol connectivity [flags]
Analyze connectivity based on the network policies and other resources.
$ roxctl netpol connectivity map <folder_path> [flags] (1)
1 | For <folder_path> , specify the path to the directory containing your Kubernetes deployment and service configuration files. |
Option | Description |
---|---|
|
Enhance the analysis of permitted connectivity by using exposure analysis. The default value is |
|
Fail on the first encountered error. The default value is |
|
Focus on connections of the specified workload name in the output. |
|
Save the connections list output into a specific file. |
|
Configure the connections list in a specific format. Supported formats include |
|
Remove the output path if it already exists. The default value is |
|
Define whether you want to save the output of the connection list in the default file. The default value is |
|
Treat warnings as errors. The default value is |
Report connectivity differences based on two network policy directories and YAML manifests with workload resources.
$ roxctl netpol connectivity diff [flags]
Option | Description |
---|---|
|
Specify the first directory path of the input resources. This value is mandatory. |
|
Specify the second directory path of the input resources that you want to compare with the first directory path. This value is mandatory. |
|
Fail on the first encounter. The default value is |
|
Save the output of the connectivity difference command into a specific file. |
|
Configure the output of the connectivity difference command in a specific format. Supported formats include |
|
Remove the output path if it already exists. The default value is |
|
Define whether you want to store the output of the connectivity differences in the default file. The default value is |
|
Treat warnings as errors. The default value is |