This is a cache of https://docs.openshift.com/rosa/networking/network_security/network_policy/viewing-network-policy.html. It is a snapshot of the page at 2024-11-23T03:15:42.338+0000.
Viewing a network policy - Network security | Networking | Red Hat OpenShift Service on AWS
×

As a user with the admin role, you can view a network policy for a namespace.

Example NetworkPolicy object

The following annotates an example NetworkPolicy object:

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-27107 (1)
spec:
  podSelector: (2)
    matchLabels:
      app: mongodb
  ingress:
  - from:
    - podSelector: (3)
        matchLabels:
          app: app
    ports: (4)
    - protocol: TCP
      port: 27017
1 The name of the NetworkPolicy object.
2 A selector that describes the pods to which the policy applies. The policy object can only select pods in the project that defines the NetworkPolicy object.
3 A selector that matches the pods from which the policy object allows ingress traffic. The selector matches pods in the same namespace as the NetworkPolicy.
4 A list of one or more destination ports on which to accept traffic.

Viewing network policies using the CLI

You can examine the network policies in a namespace.

If you log in with a user with the cluster-admin role, then you can view any network policy in the cluster.

Prerequisites
  • You installed the OpenShift CLI (oc).

  • You are logged in to the cluster with a user with admin privileges.

  • You are working in the namespace where the network policy exists.

Procedure
  • List network policies in a namespace:

    • To view network policy objects defined in a namespace, enter the following command:

      $ oc get networkpolicy
    • Optional: To examine a specific network policy, enter the following command:

      $ oc describe networkpolicy <policy_name> -n <namespace>

      where:

      <policy_name>

      Specifies the name of the network policy to inspect.

      <namespace>

      Optional: Specifies the namespace if the object is defined in a different namespace than the current namespace.

      For example:

      $ oc describe networkpolicy allow-same-namespace
      Output for oc describe command
      Name:         allow-same-namespace
      Namespace:    ns1
      Created on:   2021-05-24 22:28:56 -0400 EDT
      Labels:       <none>
      Annotations:  <none>
      Spec:
        PodSelector:     <none> (Allowing the specific traffic to all pods in this namespace)
        Allowing ingress traffic:
          To Port: <any> (traffic allowed to all ports)
          From:
            PodSelector: <none>
        Not affecting egress traffic
        Policy Types: ingress

If you log in to the web console with cluster-admin privileges, you have a choice of viewing a network policy in any namespace in the cluster directly in YAML or from a form in the web console.

Viewing network policies using OpenShift Cluster Manager

You can view the configuration details of your network policy in Red Hat OpenShift Cluster Manager.

Prerequisites
  • You logged in to OpenShift Cluster Manager.

  • You created an Red Hat OpenShift Service on AWS cluster.

  • You configured an identity provider for your cluster.

  • You added your user account to the configured identity provider.

  • You created a network policy.

Procedure
  1. From the Administrator perspective in the OpenShift Cluster Manager web console, under Networking, click NetworkPolicies.

  2. Select the desired network policy to view.

  3. In the Network Policy details page, you can view all of the associated ingress and egress rules.

  4. Select YAML on the network policy details to view the policy configuration in YAML format.

    You can only view the details of these policies. You cannot edit these policies.