Network isolation
Firewalls are well known and have been used for a long time in any kind of infrastructure. When it comes to OpenShift, we need to have in mind that we are now working with a software-defined platform and, as such, we have software features to implement some of the same concepts we have had for a long time in a data center—it is no different with a firewall. As we have seen in the previous chapter, Network Policies are nothing more than rules you define to allow or block network communication between pods and projects on OpenShift, similar to what a firewall provides in a physical network.
By default, all pods in a project are accessible from other pods and network endpoints from any project. To isolate pods and projects, you need to create network policies, such as the following:
kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: name: deny-by-default spec: podSelector: {} ingress: []
The previous network...