VMware Aria Operations for Networks 6.13

6.14 6.13 6.12 6.11 6.10
简体中文 Deutsch Español Français 日本語 한국어 繁體中文 English

Export and Apply Kubernetes Network Policies

You can export the recommended network policy rules related to Kubernetes objects in the YAML format.
VMware Aria Operations for Networks
 supports exporting to YAML format for the group by Namespace and group by Service topologies only.
  1. To export the recommended rules to YAML format, on the Plan Security model, select your Kubernetes cluster for which you wish to plan security, and perform one of the steps.
    • Expand more options in the Micro-Segments widget and select
      Export Rules as YAML
      , or
    • Select a node on the Micro-Segments wheel view, click on the count of Recommended Firewall Rules, expand more options and select
      Export Rules as YAML
      .
    VMware Aria Operations for Networks
     downloads a ZIP file named with the Kubernetes Network Policies and a timestamp associated with it. When you unzip the file, you see the following five CSV files and also multiple folders depending on the number of clusters. Each folder will contain multiple YAML files for the cluster.
    File Name
    Description
    network-policy-others-ipaddress.csv
    Contains the IP addresses of the physical servers and virtual machine with which the services or namespaces are communicating.
    recommended-namespace-labels-to-add.csv
    Contains the labels to be attached to the pods associated with the namespace.
    Example:
    • Cluster
       - pdk8s
    • Namespace
       - sock-shop
    • Label
       - sock-shop-pdk8s
    recommended-service-labels-to-add.csv
    Contains the labels to be attached to the pods associated with the service.
    Example:
    • Cluster
       - pdk8s
    • Namespace
       - sock-shop
    • Service
       - front-end
    • Label
       - Service:front-sock-shop-pdk8s
    • Cluster
       - pdk8s
    • Namespace
       - sock-shop
    • Service
       - user
    • Label
       - Service:user-sock-shop
    recommended-network-policy.csv
    Contains all the rules recommended by
    VMware Aria Operations for Networks
    .
    exported-network-policy-rule-names.csv
    Lists all the network policies exported based on the recommended rules.
  2. To apply the service labels, perform the following steps:
    1. Run the following Kubernetes CLI command.
      kubectl edit deployment
      service-name
       -n
      namespace-name
      kubectl edit deployment
      redis-primary
       -n
      guestbook
      The deployment file of the service opens.
    2. In the service label list, append the label which has been suggested in the CSV file, to the labels mentioned in the spec section of service deployment.
  3. To apply the namespace labels, perform the following steps:
    1. Run the following Kubernetes CLI command.
      kubectl edit namespace
      namespace-name
      kubectl edit namespace
      guestbook
      The deployment file of the namespace opens.
    2. In the metadata , append the label which has been suggested in the CSV file, to the labels mentioned in the
      spec
       section of namespace deployment.
  4. Run the following command to verify whether the labels are applied to the pods.
    kubectl get pods -n
    namespace-name
    --show-labels
    kubectl get pods
    guestbook
    --show-labels
    See the labels in the result view.
    The labels are not reflected on Pods, when you apply on Namespace.
  5. To create the network policies, copy the YAML files from the respective cluster folder to another folder and run either of the commands:
    • kubectl apply -f <folder-name>/
       - to apply all the firewall rules together.
    • kubectl apply -f <folder-name>/<firewall-rule>.yaml
       - to apply firewall rules one by one

Content feedback and comments