Manage network policies

A full guide on how to visualize existing network policies, simulate proposed policies, and generate new policies based on actual traffic.

1 minute read

A Kubernetes network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoints. These network policies are configured as YAML files. By looking at these files alone, it’s often hard to identify whether the applied network policies achieve the desired network topology.

The StackRox Kubernetes Security Platform gathers all defined network policies from your orchestrator and provides functionality to make these policies easier to use.

To support network policy enforcement, the StackRox Kubernetes Security Platform provides:

  1. Network graph
  2. Network policy simulator
  3. Network policy generator

Network graph

The network graph provides visibility and control over:

  • the allowed network connections (defined by Kubernetes network policies), and
  • the active communications paths among namespaces and deployments.

In the Network Graph view, you can configure the which type of connections you want to see. In the Connections box (upper left), select:

To view all Kubernetes network policies for your environment, see View network policies.

Network policy simulator

The network policy simulator allows you to:

  • upload new network policy configuration files, and
  • preview the network policies visually to confirm their accuracy before applying them in Kubernetes (or OpenShift).

For more information about simulating network policies, see Simulate network policies.

Network policy generator

The network policy generator allows you to generate a network policy configuration file (YAML). This configuration is based on the network communication flows in your environment within a specified period.

See Generate network policies for more information about generating network policies.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.