Network Policy
Workloads created by vCluster are able to communicate with other workloads in the host cluster through their cluster IPs. Configure network policies when you want to isolate namespaces and do not want the pods running inside the virtual cluster to have access to other workloads in the host cluster.
Config reference​
networkPolicy required object pro​
NetworkPolicy specifies network policy options.
networkPolicy required object pro​enabled required boolean false pro​
Enabled defines if the network policy should be deployed by vCluster.
enabled required boolean false pro​fallbackDns required string 8.8.8.8 pro​
fallbackDns required string 8.8.8.8 pro​outgoingConnections required object pro​
outgoingConnections required object pro​ipBlock required object pro​
IPBlock describes a particular CIDR (Ex. "192.168.1.0/24","2001:db8::/64") that is allowed
to the pods matched by a NetworkPolicySpec's podSelector. The except entry describes CIDRs
that should not be included within this rule.
ipBlock required object pro​cidr required string 0.0.0.0/0 pro​
cidr is a string representing the IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
cidr required string 0.0.0.0/0 pro​except required string[] [100.64.0.0/10 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16] pro​
except is a slice of CIDRs that should not be included within an IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
Except values will be rejected if they are outside the cidr range
except required string[] [100.64.0.0/10 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16] pro​platform required boolean true pro​
Platform enables egress access towards loft platform
platform required boolean true pro​annotations required object {} pro​
Annotations are extra annotations for this resource.
annotations required object {} pro​labels required object {} pro​
Labels are extra labels for this resource.
labels required object {} pro​