Viewing a network policy

• Viewing network policies
• Example NetworkPolicy object

As a user with the admin role, you can view a network policy for a namespace.

Viewing network policies

You can examine the network policies in a namespace.

Prerequisites

• You installed the OpenShift CLI (oc).

• You are logged in to the cluster with a user with admin privileges.

• You are working in the namespace where the network policy exists.

Procedure

• List network policies in a namespace:

  • To view network policy objects defined in a namespace, enter the following command:

    $ oc get networkpolicy

  • Optional: To examine a specific network policy, enter the following command:

    $ oc describe networkpolicy <policy_name> -n <namespace>

    where:

    <policy_name>

    Specifies the name of the network policy to inspect.

    <namespace>

    Optional: Specifies the namespace if the object is defined in a different namespace than the current namespace.

    For example:

    $ oc describe networkpolicy allow-same-namespace

    Output for oc describe command

    Name:         allow-same-namespace
    Namespace:    ns1
    Created on:   2021-05-24 22:28:56 -0400 EDT
    Labels:       <none>
    Annotations:  <none>
    Spec:
      PodSelector:     <none> (Allowing the specific traffic to all pods in this namespace)
      Allowing ingress traffic:
        To Port: <any> (traffic allowed to all ports)
        From:
          PodSelector: <none>
      Not affecting egress traffic
      Policy Types: Ingress

Example NetworkPolicy object

The following annotates an example NetworkPolicy object:

kind: NetworkPolicy
apiVersion: networking.k8s.io/v1
metadata:
  name: allow-27107 (1)
spec:
  podSelector: (2)
    matchLabels:
      app: mongodb
  ingress:
  - from:
    - podSelector: (3)
        matchLabels:
          app: app
    ports: (4)
    - protocol: TCP
      port: 27017