A Kubernetes network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. These network policies are configured as YAML files. By looking at these files alone, it’s often hard to identify whether the applied network policies achieve the desired network topology.
The StackRox Kubernetes Security Platform gathers all defined network policies from your orchestrator and provides functionality to make these policies easier to use.
To support network policy enforcement, the StackRox Kubernetes Security Platform provides:
The network graph provides visibility and control over:
- the allowed network connections (defined by Kubernetes network policies), and
- the active communications paths among namespaces and deployments.
In the Network Graph view, you can configure the which type of connections you want to see. In the Connections box (upper left), select:
- Allowed to view only allowed network connections.
- Active to view only active connections (actual network flows).
- All to view both active and allowed network connections.
To view all Kubernetes network policies for your environment, see View network policies.
The network policy simulator allows you to:
- upload new network policy configuration files, and
- preview the network policies visually to confirm their accuracy before applying them in Kubernetes (or OpenShift).
For more information about simulating network policies, see Simulate network policies.
The network policy generator allows you to generate a network policy configuration file (YAML). This configuration is based on the network communication flows in your environment within a specified period.
See Generate network policies for more information about generating network policies.
In this section:
Simulate network policies
Preview connectivity paths across your cluster before applying new network policies.
Generate network policies
Generate network policies based on network traffic flows in your environment.
We're happy to help! Reach out to us to discuss questions, issues, or feature requests.